« WinFS may still be Vista-only | Main | Microsoft hoards bad-Web site info for its own profit »
Corporations reject .Net runtime because of security fears
Adam Cogan, a MIcrosoft regional director (independent developer) from Australia, told a PDC press briefing today that he's glad Microsoft hasn't forced the .Net Framework runtime on all Windows users, essentially because it would increase the attack surface for security breaches.
How ironic, considering the whole idea of promulgating the runtime was to provide the installed base necessary for ISVs to rewrite their apps in .Net and thus abandon insecure unmanaged code.
Windows XP Media Center PC ships with the .Net runtime, and someone else at the briefing thought most of Dell's systems shipped to homes also includes .Net. I wonder if ISVs are writing more Windows managed code for homes than for businesses.
Technorati tag: PDC05
Posted on September 15, 2005 at 04:11 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/5659/3193888
Listed below are links to weblogs that reference Corporations reject .Net runtime because of security fears:
Comments
Thanks for posting this...
Actually what I said was that I was *very* disappointed Microsoft decided not to include the .NET Framework in SP2. I believe in rich clients.
I dont know the reasons it was not included (as I dont work for Microsoft) however I know that a lot of network administrators that I know, did not want it included.
To me it was just fear, with worries like....
"What if there is a vunerability found in the .NET Framework down the line - it is going to get every PC in our organisation - not just the ones that have the .NET Framework".
I am assuming Microsoft listened to this group.
FYI in my opinion this FUD it is unjustified
Cheers Adam
www.ssw.com.au
Posted by: Adam Cogan at Sep 19, 2005 12:58:39 PM
i was sitting right next to Adam on that press panel and i interpreted his comments completely differently. and i now know i interpreted them correctly becuase i talked to him after this post. Adam was referencing the ignorant fears of some IT folks as the reason for not manually rolling out the .net framework in their shops.
Your title and statements are out of context and misleading.
Posted by: Tim Huckaby at Sep 19, 2005 1:41:51 PM
I'll stand by my post and my headline. It's not ignorance to be concerned about the attack surface size.
The situation is a vexing one to be sure. But with even Microsoft continuing to write unmanaged code in Vista and Office 12, and not shipping .Net runtime with every copy of Windows, it's hard for them to preach "writing secure code" to ISVs and enterprises.
Posted by: Scott Mace at Sep 20, 2005 8:28:14 AM
