Microsoft is all about making Windows 'more secure' because they see a potential revenue stream. Note that their approach is NOT "Let's make the OS more secure so that this crap can't get installed to start with"; rather, it is "Let's graft more crap onto the system and then sell people a subscription so that they can be protected from the problems we have created, at least most of the time".
To be sure, I like Apple's approach even less. "We want to help the customer protect their computer"?! I realize that security requires the cooperation of the user, but providing the typical user with a readily available list of the processes running in the system isn't going to do anything but confuse the poor user. We need to remember that users are generally illiterate when it comes to the details of how their computer functions. That's why they are USERS. They don't know (or care) how or why their computer works. All they care about is that it does what they need for it to do. Quite frankly, that is all they really SHOULD have to care about. It is not necessary for me to understand all the gory intimate details of how my car works in order for me to use it in a safe fashion. The same should be true of my computer. I dunno, maybe I'm way off base and just too cynical for my own good, but that's the way I see it. Later, Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kenneth R. van Wyk Sent: Tuesday, May 10, 2005 6:37 AM To: Secure Coding Mailing List Subject: [SC-L] "Tech News on ZDNet" -- OS makers: Security is job No. 1 FYI, somewhat interesting story today on ZDNet (see http://news.zdnet.com/2100-1009_22-5697133.html?tag=st.prev) about operating system makers paying more attention to security. Note the differing (public) statements by Microsoft and Apple... Being fundamentally a "glass half full" sort of person, I think that it's refreshing to hear that OS vendors are making their products' security a higher priority than it's typically been in the past. There's also an implicit message here regarding a proactive software security posture vs. "firewall and IDS it" after the product is released. Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com