Right, Doc. By now you should have read about the MS Java virus. You will hopefully have checked the Computing story if you wanted corroboration. If you have done both of these and have any sense, you will have gone to Microsoft's web site and downloaded the relevant patch to secure yourself against attacks through MS Java applets.Then consider this; would have you heard about the hole if I hadn't told you? How many people have been informed about this hole; and how many non-technical users are dialling into the 'net from home and know nothing about security fixes and patches; people like Frenchy...
Companies like Microsoft practise "security through obscurity"; that is, they keep quiet about security flaws and hope people don't notice; they also make reverse-engineering Windows a civil offense (that is, de-compiling the binaries and looking through the source code). Any company which stands to lose money from making security flaws public will generally practice "security through obscurity" in an effort to protect their revenues.
I can think of some four or five such holes in Windows 95 and a similar number in Windows NT. However, I'll leave the finding of them out to you; it's time Windows users learnt that "security" isn't just something that applies to other people...
Farinata.
