[rescue] (Offtopic) X-Message-Flag fun for Outlook users

Devin L. Ganger devin at thecabal.org
Sat Jul 29 16:18:36 CDT 2006

At Saturday, July 29, 2006 6:41 AM:, der Mouse wrote:

> For me, at least, it's less "Outlook users" than "Microsoft users";
> the former is just the only available approximation to the latter.
> Every Microsoft customer who continues to be so is one more reason
> for Microsoft to do nothing about their disastrous software.  (If it
> affected only their customers, I wouldn't care.  But the effects of
> their insecurity are spewing all over everyone else's net as well.)

In the last three years of my day job (which involves a fair bit of
working with Microsoft on a variety of topics, most of which have to do
with security), I've come to realize that the problem isn't just with
Microsoft. Yes, they have a crappy history of dealing with security
issues. Yes, earlier versions of their software have been horribly
insecure. At the same time, though, I've seen companies that still
insist on using Windows NT 4.0, Exchange 5.5, and Windows 98 -- because
the vendor of some specific application they need refuses to certify
that application on anything more modern.

I haven't seen any other company doing nearly as much as Microsoft has
in the last three years to offer training, solutions, and guidance to
its customers on how security impacts every level of computing, from
design to deployment to operations. I've helped write some of that
guidance. I've worked with a lot of talented and passionate people at
Microsoft who are all too aware that history has not judged them well
and that they're working to play catchup. There are still people there
who don't Get It...but the people who do are being given more and more
leverage to ensure that security really is a top priority for any
product release. The corporate culture there is definitely changing.

There are far, far too many users out there who would be insecure and
spewing crap out onto the rest of the net no matter what operating
system they were using. The nature of that crap would almost certainly
be different, but I've seen people using Solaris or Linux or whatever
who were riddled with rootkits and whose mailers happily forwarded on
spam, trojans, and worms.

Lusers are lusers, regardless of the flavor of OS they run, because they
will actively work to subvert security for the sake of their
convenience. Microsoft software, in the hands of people who know what
they're doing, can be used very successfully by people who are
determined to be good net neighbors.

> I'm not sure what I think of the request itself, yet.

Fair enough.

Devin L. Ganger                    Email: deving at 3sharp.com
3Sharp LLC                         Phone: 425.882.1032 x 109
15311 NE 90th Street                Cell: 425.239.2575
Redmond, WA  98052                   Fax: 425.702.8455
(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/

More information about the rescue mailing list