Software security != security software

[Greenarrow1 at msn.com (Greenarrow 1)]

Hi Gem,

Microsoft still suffers from the lack of properly correcting flaws within 
their operating systems in a mannerly fashion.  Myself, I feel until 
Microsoft proves to me that they can safe guard the system I would never 
allow them to secure my computer(s).  I have tested Vista, Window Defender 
and other security programs MS has created, and while Vista I applaud the 
lock down of the kernel I have found Defender to be lacking in security. 
Creating a program like this must protect against all malware and not what 
Microsoft decides is malware, ie, some third party partner programs which 
garner information which would be considered spy ware are not blocked by 
Defender.  This is one illustration of guarding the henhouse.  I could name 
a few more but that still would not deter the inevitable.

Regards,
George
Greenarrow1
InNetInvestigations-Forensic


----- Original Message ----- 
From: "Gary McGraw" <gem at cigital.com>
To: <SC-L at securecoding.org>
Sent: Monday, December 11, 2006 11:02 AM
Subject: [SC-L] Software security != security software


> Hi all,
>
> The furvor over Microsoft's entry into the security software business is
> confusing some people about their software security designs.   Or maybe
> people who know better are trying to confuse the market??!  Note word
> order.
>
> I wrote about this in my latest darkreading column that you can find
> here:
> http://www.darkreading.com/document.asp?doc_id=112402
>
> gem
>
> company www.cigital.com
> podcast www.cigital.com/silverbullet
> book www.swsec.com
>
>
>
> ----------------------------------------------------------------------------
> This electronic message transmission contains information that may be
> confidential or privileged.  The information contained herein is intended
> solely for the recipient and use by any other party is not authorized.  If
> you are not the intended recipient (or otherwise authorized to receive 
> this
> message by the intended recipient), any disclosure, copying, distribution 
> or
> use of the contents of the information is prohibited.  If you have 
> received
> this electronic message transmission in error, please contact the sender 
> by
> reply email and delete all copies of this message.  Cigital, Inc. accepts 
> no
> responsibility for any loss or damage resulting directly or indirectly 
> from
> the use of this email or its contents.
> Thank You.
> ----------------------------------------------------------------------------
>
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L at securecoding.org
> List information, subscriptions, etc - 
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php