On July 2, 2003 at 17:55 tthomson(_at_)neosinteractive(_dot_)com (Tom Thomson)
wrote:
Jeem was first detected Nov 15 2002. So you can't measure a span of years
from discovery. *nix buffer overruns were first detected long before that
and many remained unfixed for years.
Buffer overruns have been rampant over the years in all vendors'
software (and freeware, etc.) MS is also forever releasing patches,
particularly in IIS, to fix buffer-overrun coding bugs.
It's a vague and broad description of a generalized problem in coding
quality, a true bug, not an architecture or design strategy such as
allowing any mail macro to add system software and update the
registry.
The problem is finding them all in millions and millions of lines of
code. Occasionally they sneak in somewhat subtly. No one (here anyhow)
is complaining about a true oversight or bug.
Unfortunately for your puff piece, this is not comparable to
tolerating a set of very specific viruses/trojans/worms exploiting the
same (mis-)feature in a family of operating systems released over a
period of several years.
That's just refusing to fix a problem.
Anyhow, you do your cause no good, maybe you should let Microsoft
defend Microsoft, I doubt they need cheerleaders defending them in a
technical forum.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg