Sunday, October 08, 2006

Please Write Vulnerable Code

OK, I'm no big fan of Symantec and their sloppily written, resource intensive, bug ridden rubbish they call code. You probably all know, or are about to learn, that we don't support their software as we know how much grief it causes on computers. You know that when we approach a potential client who is running Symantec software on their network that if the client doesn't agree to have those machines formatted and rebuilt (servers, workstations, whatever) then we'll shake hands and walk away. We do not support Symantec software because we know that there's nothing we can do to make it work well, and that our clients will be unimpressed with the results of our work, purely because of this crap called Symantec software that they are running. So, we say no.

Same goes for McAfee - their products, too, are sub par. We don't support any of their crap, either.

Now, as you may have read in Jesper's blog, both Symantec and McAfee are bitching and moaning at Microsoft because Microsoft is closing some of the more insidious holes in their OS - they are disallowing 3rd party vendors access to the kernel. Well, at least in Vista x64, they still (stupidly) allow this access in the 32-bit version of Vista. What these two "security" vendors want is for Microsoft to continue writing vulnerable code.

What Symantec and McAfee have asked of Microsoft is that Microsoft writes vulnerable code.

Yes, that's right. They want to have a vulnerable OS so that they can be seen as the saviours of the modern OS. Well, guess what? Its not going to happen. Microsoft doesn't write the most secure code on the planet - I think that's common knowledge. But Symantec and McAfee are nowhere near as good at coding as Microsoft's programmers are. I know who I'd rather have writing the security in my OS - the guys who write the OS, not some 3rd party who has not yet shown they have a clue.

Any Judge who's asked to make a decision on whether Microsoft should be allowed to write secure code, or to have to open holes into the most critical parts of their OS to be exploited by virus writers, 3rd party developers with no OS kernel level experience whatsoever and all other malware authors will have a "no brainer" decision to make.

Who here wants to vote for yet another insecure OS from Microsoft, just because some other "security" company wants it to be left open to hackers where Microsoft wants to tighten the security?

Ooh, the silence is deafening!

Regards,

The Outspoken Wookie

No comments: