_xeno_'s Journal: Amusing Bit about Microsoft's Security Initiative

I recently attended a talk on Microsoft's Security Development Lifecycle. I'm going to skip the usual Microsoft bashing, and most of the stuff talked about (if you really want to know more about Microsoft's SDL, read the book) and jump straight to the amusing statement made by the presenter.

One of Microsoft's biggest security problems has historically been Internet Explorer. People are well used to Internet Explorer having flaws, with some people going as far as to tell Windows users to use alternative webbrowsers.

One of the aspects of the SDL is that if a product hasn't successfully passed their security tests, they should delay the launch. With the release of Windows Server 2003 almost ready, Internet Explorer still hadn't passed Microsoft's internal security tests. So they had to make a decision. Looking at the target audience for Windows 2003 Server, they realized that the people using Internet Explorer on a server likely wouldn't need to be able to, as the presenter put it, "browse porn," and therefore set the default security permissions such that most websites would break (since scripting was disabled).

So, keep this in mind. If you plan on browsing for porn on Windows Server 2003, you aren't in Microsoft's target audience. You'll have to use a third-party solution for your porn browsing needs on Windows Server 2003.

Also makes me wonder what happened to allow Windows XP to be released if they considered Internet Explorer to be too broken to enable "unnecessary features" on for the launch of Windows 2003, but I said I'd skip the Microsoft bashing...