On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker <asbz...@gmail.com> wrote: > Changing that decision more recently (via OS upgrade or patch) > would have a debilitating impact on compatibility ...
My beef is not that Microsoft valued compatibility, but that they didn't take this vulnerability seriously until it was attacked. As has been demonstrated, it is possible to change the default behavior to be more secure while still allowing exceptions on case-by-case basis. That's all I would ask for. But Microsoft ignored the problem until it became an emergency. I do hold them accountable for that. I do wonder just how many programs will break if the default behavior is changed. Of course, apparently Outlook relies on the "DLL in CWD" behavior, so that's pretty significant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~