Microsoft gets a lot of crap for having software that is often compromised. Some say it’s due to weak security inherent in their applications while others counter that since they’re the #1 operating system and browser, hackers concentrate their efforts on them. Whatever is the cause for the frequent security holes in Microsoft’s products, the company isn’t doing all it can to remedy the situation.
I was notified about the last two security holes in IE via their security-minded technet site and list. Last time, while patching a hole in IE, I remember not seeing the update at windows update (the automatic OS update service built into win98 and up), and for the newest IE 6 browser hole, the same holds true. I was emailed about this new patch only because I’m on their security bulletin lists. The patch fixes a very serious problem in IE 6; without it, anyone can create a virus and fool your browser into thinking it is a harmless html file. Just to be clear how serious this is: there exists a bug in IE 6 that allows people to run any code they want on your system, by you just browsing to their site. Before I downloaded it, I did a quick check at windows update and scanned for new files. None were offerred and my system was given a clean bill of health.
If Microsoft is serious about protecting their customers and their brand image, I can’t see any reason why they would neglect to inform customers specifically looking to update their software from the very latest and safest software updates. Why would they not help their customers? Is it arrogance? The monopoly thing? Or do they not trust their own patches?