If there’s a problem with some product which puts you at risk, you’d expect news bulletins to explain your safest options, yeah? But is that possible when the media outlet is a key business partner of the product’s manufacturer?
Yesterday’s zero-day exploit for Microsoft’s Internet Explorer is a real risk. But Channel Nine’s story last night didn’t include options like using a non-Microsoft web browser. Was this just the journalist’s ignorance of computers? Or is it because of Nine’s 50/50 business partnership with Microsoft in one of Australia’s busiest websites, NineMSN?
That’s what I ask in Crikey today. The article isn’t behind their paywall, so it’s free for all to read.
From the “software company” Microsoft perspective, the background on this vulnerability:
http://www.microsoft.com/technet/security/advisory/961051.mspx
And the Bulletin, and link:
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
From the dates on the bottom of the advisory; from us being aware until shipping a fix for 8 browsers across x operating systems is 7 days.
Competition from other browsers in the market makes Microsoft; and the other vendors for that matter, more responsive. This is a good thing.
It is difficult to explain multiple pages of technical documents, background information and “zero pointers” to a non-tech public: let alone squeezing that into the sound-bytes required by TV and Radio.
Yet another reason by traditional MSM fails in providing appropriate reportage for complex technology issues.
The question of transparency and being seen to be transparent in regards to ownership of NineMSN etc is one that requires an answer; one that will come from beyond my paygrade.
@Nick Hodge: Yes, this was suitably fast job by Microsoft in fixing such a zero-day exploit.
With Crikey‘s typical article length being just 400-ish words, it’s very hard to give much context. I was going to explain more about all software being buggy and needed close attention, about the challenge of fixing zero-day exploits in (this case) 7 days when the bad guys can produce automated tools in 4. About everything else… but the public’s background knowledge is so poor that maybe we need to have a long-term strategy for bringing them up to speed.
It’s not good enough for mainstream media to treat “computer stuff” as something only for the geeks when the vast majority of people do have a computer of their own. Another case of mainstream media disconnect.
Just to complete the loop on this for posterity
http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx
This link contains a deep explanation of why this particular vulnerability was missed, where it was found. Good resource for internet facing software developers.