back to article MS wipes out 23 flaws in October's Patch Tuesday

As foreshadowed last week, this month’s round of Microsoft patches focuses on critical vulnerabilities in Internet Explorer, .NET and Silverlight. The IE patch covers eight vulnerabilities that reach all the way up to remote code execution from malicious web pages, and has to be applied to all supported versions from IE6 to IE9 …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

After this patching-up...

... will IE9 suddenly score 5 out of a possible 4 on that COMPLETELY OBJECTIVE AND ENTIRELY IMPARTIAL new redmondian browser scoring website, leaving chrome and firefox even farther in the dust?

Inquiring commentards want to know.

5
4
Anonymous Coward

Why?

Why don't they just write decent software to begin with and then the patches wouldn't be needed?

3
11
Bronze badge
Holmes

Well, put simply, it's because.....

....it's bloody difficult to get it right all the time, every time.

Other OS's ship patches all the time. Feel pleased that these problems are found and patched, it would be far worse if they pretended it was all fine or indeed tried to make the software perfect before it shipped in which case Windows 1.0 would still be awaiting QA clearance.

2
0
Stop

...because - having obviously never written any software - you wouldn't know that what you are suggesting is impossible.

3
0
Coat

Secure is possible.

Unlike other commentards here I think it is perfectly possible to write secure code. So I could agree with you in principle. However, if you are suggesting that MS is the only one that has insecure code, then you are simply mistaken.

Anyway, secure code is simply not written for consumers because the difficulty of making secure systems is exponentially linked to the complexity of the system. Then you have the features that users demands (or the developers try to push) that are inherently insecure. For instance, most applications on my computer that can access Internet, and thus be accessed by it, has no bloody need to do so, or the fact that e-mails allow more than plain text. So in a system that is meant to be used by idiots, is vastly complex and includes inherently insecure features you will have security holes. You can remove a lot of these holes before you release the code, but the cost to discover each hole is inverse proportional to the amount of holes left. So basically you can double to development time and cost and remove half of the bugs left.

But if you are willing to strip away a lot of features, reduce program cross-overs (one program for each task), spend ten times for the license and be happy with ten year old hardware, sure you can have something that is almost, but not entirely secure.

0
0
Anonymous Coward

FFS

I am sick to the back teeth of .NET patches. There seem to be half a dozen every month, all huge.

4
2
This topic is closed for new posts.

Forums