Print
Category: Information Security

 

Do you think that this is a good idea or a bad idea?  Personally any OS company that blatantly leaves old vulnerable code in place and just adds new versions to their OS is asking for trouble.  Ridicule? maybe. But doesn't this also play in line with people who have been complaining that MS OS's are bloated ?  Like a company that never removes old Firewall rules/ACLs and just adds more in place. 

So what, the ACL's get a little large, no big deal. Just add more memory for the OS to use. Right ? That's how we fixed things 10 years ago! Wait isn' this already a problem with many companies?  How do you manage 100,000  (1 hundred thousand) ACLs when  three quarters of them are outdated?

Right, just leave the rules and outdated software/protocols/objects/ etc.  in there, no one will notice.  Puh LEEEZE !  We in the Cyber Security industry are asked to audit Security Rules, Protocols, ability to break into things both physical an internal wise and various other things to  ensure that our client is secure. But how about OS vendors ?  With Linux, things are fixed rapidly (based upon the Vendor) with MS?  Well how do you get an over bloated behemoth to scour it's own bread and butter software to fix these sort of things ahead of time?  We can throw comments and hissy fits, but an iceberg still moves at it's own speed.

Anyway, enough of standing on a soapbox, it hurt the feet after a while.  Here is a link to an article that states that Microsoft will actually be fixing a vulnerability by removing old code. Amazing.  So in a way, it is a good thing.  What worries me is how much other older codes can be made vulnerable within megalith OS's ?

Article from The Hacking News