Love me, love my virus

Bill Gates, that paragon of love, has suggested that people show their affection for each other this Valentine’s Day by purchasing Microsoft software. Which, thinking about it, makes sense. After all, this is the company whose applications enabled the wonderful “I Love You” virus a couple of years ago. Nothing says “undying love” like wiping out your hard drive.

Of course, considering his audience (developers at a keynote announcing Visual Studio.net), it’s very possible software is exactly what their significant others want. Assuming they have significant others.

And speaking of things that’ll never happen, looks like Microsoft’s push to secure their software is taking its time getting off the ground. Yet another flaw was found, and, in an Alanis Morissette-ish stroke of irony, it was in a software option meant to prevent a common problem: a new version of their Visual C++.Net compiler may be responsible for creating buffer overflows instead of eliminating them.

Of course, Microsoft being the consumer-friendly company it is, immediately halted the release of the product until the flaw could be fixed.

Ha ha! No, of course not. Just having a bit of the fun. What they really did, of course, is attack the company that brought the issue to the public’s attention, insinuating that they did it because a competitor got a Microsoft contract instead.

At least they didn’t outright deny the problem, which can be considered an improvement.

Microsoft, those cuddly teddy-bears, care so much about the public, they’ve requested that people who find security breaches in their software contact Microsoft and give them 30 days before talking about it.

Supposedly in that month, Microsoft will release a fix, and no one will be vulnerable to an attack in the meantime because no one knows the problem exists.

This is what techies call “Security through Obscurity”. Regular folks call it “Sticking your head in the sand”, otherwise known as “la la la I can’t hear you!”.

Any reasonable person knows that by announcing a problem, you give people the opportunity assess their risk and take what they consider to be appropriate action. I’m guessing Microsoft is concerned that “appropriate action” might include wiping your drive and forswearing all things Windows.