Comment Re:I know why. (Score 1) 338
I'd say that's off by at least 5 years and it didn't take the ubiquity of home broadband to bring it about (although it certainly helped)
Yeah, there wasn't some magic point where it started. It was probably the first big worms when the mass audience became aware of the threat.
I was a callow MacOS 9 hipster video nerd back then, so it wasn't something I was that focused on myself.
But that doesn't leave Microsoft with a spotless record. Most of the products you've listed have had (or in some cases continue to have) issues. That isn't necessarily a criticism in itself; it depends on context.
Yep, pretty much any OS is going to get at least one security patch a month, it seems. And it's a lot harder to harden after the fact than it is to have security a clear focus and mandate before the first dry-erase marker hits whiteboard. Plus we have the benefit of the scarred veterans of many exploits to help us avoid making old mistakes with new products.
That entire list of products were developed with the full knowledge of the hostile environments in which they'd operate. Yet vulnerabilities came to light in many cases. With that in mind, claiming that Silverlight is OK because it's new and developed for a hostile environment sounds a little too much like marketing - and a line that we've all heard before, at that.
Sure. Nothing is ever provably secure. But code heritage matters, and so does track record. It's no guarnatee of future security, but it's something.
It does not address the fact that Silverlight does present another potential attack vector.
Yep. It's always a matter of relative security versus importance of features. If users are going to be watching vidoe in browsers, the question is Silverlight's relative security compared to other plugins, players, and now browsers available. Comparing both architectural design and breech history between those is probably useful.