Okay, so yes, it’s easy to pick on Microsoft. They’re a big target. And by that I actually don’t mean that they’re a big company, even though they are. Or that they have a large user base, which obviously, they do. I mean that they screw up a lot. There’s pretty much always a Microsoft bug or “feature” threatening computer security. They’re a big target. And perhaps it is because they’re a big company with a lot of users, meaning they have all sorts of resources that most companies don’t, and yet still put out such faulty software, that makes them so fun to poke a stick at.
But to be fair, other companies have problems too.
Take Mozilla for example. They just released update version 3.5.8 for their popular web browser, Firefox. It fixes a memory corruption hole, a heap corruption vuln, and a bug in their HTML parser. As well as some minor performance tweaks and stability updates. Which is good. But they were also just hit with the exploit of a critical vulnerability that triggers a heap corruption in Firefox version 3.6. It is known to work on Windows XP and Windows Vista. It is not the same heap corruption flaw that was just fixed by version 3.5.8. And it is indeed being used in the wild by hackers. Let’s see how long it takes Mozilla to close this hole.
And then we come around to Adobe. The Adobe Download Manager ActiveX control to be specific, which is used to install Adobe software such as Flash and their ever popular Reader for viewing PDF files. (We’ll overlook that this ActiveX control is only used when you download Adobe products using Internet Explorer.) This Adobe Download Manager suffers from a nasty security hole in which it theoretically allows a hacker to download and install any bit of software that they like onto your PC. Umm … with one little caveat. You, the user, have to click on a malicious link on the Adobe.com webpage to make it happen. And considering how likely Adobe.com is going to be hacked to create these malicious links to lure you in… Oh, and don’t forget, the Adobe Download Manager also removes itself from your computer once your official Adobe install has completed and you reboot your PC. But still, it’s potentially dangerous. If you overlook those mitigating factors anyway.
So, um, yeah. Other software companies also occasionally have bugs in their code. Or features that aren’t as secure as they should be. Microsoft isn’t the only security offender in the world.
But even with that said, and fairness shown, it’s still pretty hard to compete with Microsoft, no?