On Tue, 2010-05-11 at 04:08 -0700, Elazar Leibovich wrote: > Not at all! > Google for "Microsoft SDL", it was not always the case, but nowadays > they have excellent security awareness. > For example, see evidence for the change here: > http://blogs.msdn.com/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx >
I rather not go into this argument, but a company the officially has an policy of "patch Tuesday" and still believes in security by obscurity can not (and must not) be considered as security aware. Plus, even if MS truly changed its colors (and I -really-, -really- doubt it), considerable parts of the Win32/WinNT basic design was never designed with security in mind, and breaking them will force MS to drop backward compatibility with previous releases (such as XP/2K3/etc) - something that MS simply cannot do. But, feel free to think otherwise. Hopefully (for you), you are right and I'm wrong. - Gilboa _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
