Microsoft does it again with SP3 and Vista

Ahm ahm.

We suppose Microsoft may have good reasons for what we discuss below and attribute to malice, but we don’t care. We are a satirical rumour-mongers column. Word.

“Never attribute to malice what can be adequately explained by stupidity.”
We are not sure if that is doubly true with Microsoft, or the exact reverse. We lost all faith in them.

SP2 brought many good additions and changes to help make Windows XP more secure. It is still Windows and inherently insecure on many levels but in our opinion the update was yummy (except for slowing down our machines and demanding an upgrade, yuck. The nerve).

Well, one amazing feature with XP service pack 2 was that it mostly was not effected by vulnerabilities released and patched by Microsoft for quite some time after it was released.
There was no special feature or fix in SP2 to warrant that success. True, SP2 brought on many changes but these could be disabled, put on a lower level (many times by default) or not be related to certain problems.

SP2 was not vulnerable to Microsoft released vulnerabilities because most of these have been stuck in MS’s queue for a long time, sometimes even more than a year.
What we (and pretty much most of the fscking industry, including several of our bloggers) understand from that is that patching was delayed on purpose so that a year or so after coming out, SP2 will not be “vulnerable”. That idea was quickly shot down by an unexpected vulnerability but generally held true.
And now… history repeats itself. Whatever other reasons MS may have for delaying SP3, marketing, technological, logistical or otherwise they delay it until Vista comes out.

That stinks of the same trick.

We are not quite sure how far Vista is different from older Windows versions but we doubt it is that different. Patching times stay long (very).

Stimpy put 50 bucks on a wager:
When Vista Comes Out (and SP3) It Will Not Be Vulnerable To Most “New” Vulnerabilities MS Releases. For about a year is his best bet.

This comes to show that no matter what Microsoft invests in security, they simply don’t get it.
Microsoft: its is not about how many vulnerabilities or PR (good or bad) you get from it. It’s about being serious and securing your users and operating system.

How can they expect us to take them seriously when they keep doing things such as these, whatever other reasons they had?

Prophecy was given to fools. We are fools but we will be proven right or wrong when Vista comes out.

Provided we are wrong, it is up to Microsoft to prove us so, as we just watch them and see what they do. Microsoft always acts the same way so learning from history is usually a safe bet.

You wanna show us SP3 is different from SP2? Just do it (unless that means you will delay patching even more).

GO GO GO Microsoft.

(got anything to tell Ren&Stimpy? Email us: rennstimpy@securiteam.com)

Share
  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    The line should read:

    “Never attribute to malice what can easily be explained by profit motive.”