As Microsoft works on security flaws, some researchers take matters into own hands

When Microsoft Corp. researchers learned recently that a software flaw had been made public and could prompt Internet attacks, the company ordered a team to devote all its time to fixing the flaw and making the repair work with other products.

Microsoft argues that's the approach customers want and expect, but some security experts complained that the software company's traditional method, which could take days or weeks, wouldn't help people fast enough.

So for the second time in three months, outside programmers took matters into their own hands by quickly releasing their own fixes, days ahead of the official Microsoft patch for its market-dominant Internet Explorer browser.

Microsoft doesn't endorse such third-party fixes, warning it can't vouch for whether they will work smoothly with Microsoft products and other applications. But those providing them argue they have a responsibility to protect users from attacks.

"It's kind of like having the cure and not sharing it with anybody," said Marc Maiffret, chief hacking officer with eEye Digital Security Inc. of Aliso Viejo, California, which earlier this week released such a fix.

Rather than replacing Microsoft's own patch, Maiffret says he is hoping to provide a bandage for the interim.

The security expert also doesn't fault Microsoft for taking time to finalize an official patch because it can be difficult to make sure that repairing one part of the complex Windows operating system, which includes Internet Explorer, doesn't cause problems elsewhere.

He also realizes that a patch like this can cause any of the thousands of non-Microsoft applications running on Windows machines to stop working, crippling businesses and frustrating home users, reports AP.


Subscribe to Pravda.Ru Telegram channel, Facebook, RSS!

Author`s name Editorial Team