WWPC and security

Hit the floor doing booth duty today for the company and InfoPath. Very nice crowd. Half the questions were wondering what the heck InfoPath is (and actually, these are the people excited about a forms package) and the other half were following up on issues / questions they had from using the product.

The Ballmer keynote had a very odd moment when the crowd kinda got quite: SteveB showed this video interviewing some of our partners and what their needs are. And boy, were they ever lighting into MSFT! Too many patches, too confusing, hard to manage, why don’t you get it right the first time! And then Ballmer came on stage, acknowledging the shortcomings we’ve provided, and then going over the plan to address this and get better security.

It’s going to be great to have the simple firewall on by default.

I just wish we could put some kind of defensive technology together: every time you have a security patch, also have code to detect when an assualt is attempted to exploit that exploit. Now I’m not saying fight back (though you could: the infected machine that’s attacking you probably still has the original vulnerability: you could re-infect it with code to patch the exploit and remove the worm). No, I’d just like the patch code to log the machine that’s attacking you and be able to securely distribute this to appropriate ISPs, who’d be able to get that computer off the Net and help their user clean up the infection.


Leave a Reply