Saturday, October 14, 2006

Legally forced to write vulnerable code? You're kidding?

With the backing of the EU - and probably ONLY because of the backing of the EU did these two even start bitching and moaning about this - McAfee and Symantec have won their battle to have Microsoft allow kernel access to non-kernel developers, malware authors and anyone who can understand how to download an SDK and use an API to give them access to the core part of Windows Vista x64.

This is one of the most brain numbingly stupid decisions Microsoft has been forced to make in the history of Microsoft's brain numbingly stupid decisions.

I DO NOT want malware authors to have easy access to the kernel in Vista x64. I don't even want them to have easy access to a Vista x86 kernel! I'd prefer malware authors learned how to fill their baths with hot, fuming sulfuric acid before their next... oh, that's probably no good as they would be unlikely to bathe in quite a while.

Now, in addition to this idiocy, the EU is insisting on making their annual budget deficit up by direct debiting Microsoft's bank account. Know an easy way to stop this madness? yup - you guessed it. Microsoft should simply not make Vista or Office 2007 available for sale in any EU countries. They should add a bit to their EULA stating that if anyone in the EU is purchasing Microsoft software from a foreign country then they are under the jurisdiction of that foreign country's legal system when it comes to complying with Licensing. They should also add a bit that states something like "EU residents may only purchase this software from a US based reseller - purchase from anywhere else is not permitted and the EULA transfers no rights of usage, installation, copying or anything else unless a EU resident has bought this software from a US reseller" to make sure that this jurisdiction is something that Microsoft completely agrees with.

Then they could close the gaping wound they have just made to the safety of my computers, my network and most importantly my data by allowing malware authors (and I include McAfee and Symantec in that class - have you seen their software lately) and start making decisions based on "Secure by design" instead of "Holes added to save us billions in litigation".

McAfee, Symantec and the EU have a LOT to answer for! Can I sue them when some 14 year old script kiddie uses the holes they forced Microsoft to open to invade my privacy?

Regards,

The Outspoken Wookie

1 comment:

Steve said...

I totaly agree with you...

I don't understand why Microsoft does stupid things like that?

I don't understand why they don't just share kernel access with selected companies?

Then again, the code for the Linux kernel as always been available, but it's just not as appealing to the little scum that writes malicious software.

I guess that when it comes to money, rational decisions are just a minor factor.

Thanks for sharing your thought,
I've bookmarked your blog, it's great.