Beyond the fact that the problems I described I have observed in large corporate environments in the last 5 years, some of which were using NT, there must be something missing if these "locked down" large corporate environments can still be nailed by software exploiting embedded Basic or ActiveX.
The answer to the latter issue is simple: re-architect the software. A solution similar to the Java sandbox might break a few existing desktop apps, but the payoff in overall system integrity could be considerable were the job done well. The fact that this has not happened after all these years leads to the conclusion that either MS is hopelessly stuck in the 80s or they believe that their customers are hopelessly addicted to their products, can be abused without limit, and will still come back wanting more. FWIW, this "Windows User as Addled Crackhead" customer model does seem to be valid in many venues.
Sites which implement Windows tend to not leave it in the best and brightest hands, although I have seen some notable exceptions to this. Windows is perceived as "easy" and supportable by "low-cost" staff, and gets short shrift in terms of technical deployment strategy most places. This problem is particular acute with respect to security, which is perceived as "hard". After all, if you wanted something that was perceived as "hard", you could just use Unix and have a few skilled administrators run it centrally, instead of deploying hordes of flying monkeys to try to keep water in what amounts to an enormous sieve. ;-)
We started out on the subject of whether MS could be sued for damages resulting from reliance on their software. The answer is that of course they could. As to whether they would ultimately be found liable, that can only be decided in a courtroom. |
