Do you really think that programmers do our job "so badly" and make "so many mistakes" that we cause the thousands of vulnerabilities that the Windows operating system has had, has, and will have?
As a fact, I affirm that all "legal" antiviruses ask Microsoft for various "entry and interception points" where to put their "legally added" programming to the operating system. For example, how do you think an antivirus "checks" every file before being "opened" by Windows Explorer? Because this "check" is not alien to Windows itself, and for security and compartmentalization it gives each and every one of those who "check" different "points of entry and interception" including government organizations such as the NSA, the CIA, and the rest.
Another example is the MINIX operating system that the company INTEL incorporated (and incorporates?) into the hardware of its processors, undetectable even for kernel level zero, and that when discovered by a Google employee immediately "created" the campaign of the "vulnerabilities" they named "Spectre" and "Meltdwon".
For all the above, I also affirm that the "vulnerabilities" will never end, since when Microsoft sends a patch to revert it, it also sends how to use another "point of entry and interception" of use by the third party in question that used the way that "closes".
I'm not saying that all Windows vulnerabilities respond to this mechanism, but the vast majority do.
The fact is that the most basic training for programmers includes thinking and testing all possible causes of errors, failures, and I include "vulnerabilities" of the programs to be made.
I hope at least to provoke a reflection in you and not "blame" us so much ...
Octavio Báez Hidalgo.
Leave your comment