Symantec's Sour Grapes About Vista

by Preston Gralla

Symantec has just come out with a report claiming that Vista may introduce a host of network security holes with Vista, even as Microsoft labors to make the operating system more secure than XP. But this is just an instance of sour grapes on Symantec's part.

10 Comments

Adrian Sutton
2006-07-18 16:50:14
Actually, it's almost always true that newly written code, at least in the short term, contains more bugs than legacy code. This is purely because the legacy code has had so much testing and so much time fixing corner cases. Rewriting the code from scratch loses a large amount of the knowledge that is gained from all that maintenance work on the legacy code and it is rarely documented accurately or completely enough to avoid the loss.


So Symantec is completely right in this case, the new networking stack in Vista will initially contain more bugs and be less secure. Over time, the benefits of a better design will hopefully result in fewer bugs and a more secure networking stack. There is of course the risk that the "better design" won't be better and will wind up becoming just as messy as the old codebase because of all the extra little corner cases that need to be handled.


This is a process that has been played out a number of times in software and it's a fairly well understood risk of rewriting code. I've previously written about this in some detail:
When Should You Rewrite

Ed
2006-07-18 19:30:29
The logic of your last paragraph escapes me. You obviously believe that Vista will be more secure than XP. Fine. You think Symantec should believe that, as you do. Fine. But then you say that instead of focusing on a need to make better security apps, (which would come from a less secure OS on the way) that they should instead... focus on building better security apps - which according to you, will not be necessary b/c of Vista.


I have an idea. Instead of bashing the people in the keep-windows-from-exploding-business, why don't the pro-microsoft people like yourself somehow make windows more secure? Then it won't matter what kind of statements anyone makes, right?

JJoyce
2006-07-21 09:35:40
Preston,


While it's fair to point out that Symantec is an interested party and any statements/claims should be carefully evaluated, depending on what they actually did say (I have not read the original report), part of the purpose of beta code is to identify flaws and fix them. Therefore, part of the point of releasig beta code is to have everyone help identify these bugs.


Actually, what caught my attention most was your blanket statement "Vista, when released, will be clearly more secure than XP". While Vista may well be more secure than XP when released, based on past Microsoft releases, this is no where near as certain as you state. Whether intentionally or unintentionally, Microsoft has done some very strange things in the past. It is quite conceivable that if faced with passing another release date, they would pull the problem code and replace it with something else, which may appear fine, but only because it was not tested as thoroughly as the original code.


I appreciate when you reveal new facts or help interpret various actions, but please stay away from unsupported statements. When you do so, your credibility is devalued to that of a typical flamer. Some people enjoy the flame wars that discussion boards all to frequently deteriorate into, I personally prefer rational discussion supported by facts.


John

tiffany lamp
2006-12-15 01:16:36
Daragarrd: What you say is true only for attacks targeting IE vulnerabilities such as the one used on the blog in question. Thse are certainly not the only vulnerabilities Windows users face.


Microsoft has always had a rather cavalier attitude towards security and honestly appeared to be pretty clueless when it came to security in general until Server 2003 came out. In general a UNIX/Linux environment, if configured properly and kept updated, will offer superior security to Windows. For the desktop user life is just plain easier from a security standpoint running a modern, user friendly Linux distribution


http://www.tiffany-lamp-lighting.org

tiffany
2006-12-15 06:38:35
Lisp Integration Vista Smalltalk is descended from a Lisp interpreter that I started working on several years ago. I switched to Smalltalk syntax when the kernel was finally able to support messaging and dynamic object creation. Now, I have begun
http://www.xanga.com/tiffanylamp
thank you
tiffanycn
2006-12-15 06:42:43
Lisp Integration Vista Smalltalk is descended from a Lisp interpreter that I started working on several years ago. I switched to Smalltalk syntax when the kernel was finally able to support messaging and dynamic object creation. Now, I have begun
http://www.xanga.com/tiffanylamp
thank you
kopper
2006-12-19 18:36:21
Actually, it's almost always true that newly written code, at least in the short term, contains more bugs than legacy code. This is purely because the legacy code has had so much testing and so much time fixing corner cases. Rewriting the code from scratch loses a large amount of the knowledge that is gained from all that maintenance work on the legacy code and it is rarely documented accurately or completely enough to avoid the loss.


glass
2006-12-21 17:40:39
http://www.glass-products.org/ test how to link from here
网上灯城
2007-05-28 21:24:00
I like your article, contact with me through http://www.china-lamp.org
ceramic-lamps
2007-09-10 02:48:49
I like your idea.
http://www.ceramic-lamps.com