On the one hand MS has:
Implement proper security!
On the other hand
MS has:
Implement more customer lockin.
Implement more EULA
enforcement.
Implement more anti-competition.
When proper security
prevents you from being able to properly implement (to the level wanted) the
rest.... guess which direction MS always leans.
Consider as a test case
MS' implementation of Kerberos security.... was there really a security reason
to change it? Or was that more just to make the MS implementation less
compatible and therefore try and push others to MS' implementation? And when
all was said and done, was it less, equal to, or more secure then the industry
standard that was in use for a couple decades?
Under such conflicting
priorities, we can always expect MS to implement any security method poorly. At
least until the Corporate mentality surrounding business practices
changes.
RAS[ Reply to This | Parent | # ]
|