Culp: "Elves Are To Blame"

14 October 2001, 17:37 GMT

Microsoft Security Chief Scott Culp astonished security experts last Wednesday, when he announced in an angrily worded speech that poor security is not caused by flaky MS patchware after all.

The first twenty minutes or so of Culp's speech were taken up by a discussion of Microsoft's security track record to date. This was tied in with his reasoning that complex software is bound to be buggy, ergo there's no point paying too much attention to security as your software is bound to have security holes, regardless of how much effort you put into making it watertight.

"I think if we all try really hard to ignore this problem," Culp reasoned, "then it should hopefully just disappear. It'll go the way of the 640K memory limitation, human rights, awareness of the dangers of Activex, all that pain-in-the-neck stuff."

"The best way to ensure that there is no problem," he explained, "is simply to make sure no-one knows there is a problem. See, we're really not the bad guys here. Sure, we may eventually release a security patch and charge lots of money for it, calling it a 'new version' or something. But if we can spend less time concentrating on all that boring old maintenance and upgrade stuff, then we can spend more time hacking out new things that we know the World cannot possibly do without - like XML web services."

"It's high time the security community stopped providing blueprints for building these weapons," such as Code Red, Nimda or the Ramen worm, Culp writes. "And it's high time computer users insisted that the security community live up to its obligation to protect them. This means ignoring security and hushing up all the problems, starting NOW. I mean Christ, it works for Novell!"

His speech then meandered into a description of how this eradication of security issues would "help our nation's children fight global terrorism for us" (or something like that).

"The War Against Security will not be won in our lifetime," he maintained. "Therefore, I propose a change to the way that we go about our daily lives. In particular, if we remove the need for logins and user profiles, then identity ceases to be an issue. I think I see a way forward here, people."

"And as for where all these security problems keep coming from," he argued. "Well, we're not the ones writing the worms, the Trojans, the Office macro viruses or the Activex controls that download to your web browser and format your hard drive. Whose goddamned idea was Activex, anyway?"

"I have it on good authority," he continued, "that a small company of renegade elves in Outer Sardinia are to blame for all this. They brainwash the security experts into creating new flaws in our software, and then showing people how to exploit them. Well, if they just stopped making these flaws public knowledge, then we wouldn't have to waste our time fixing them. It could be just like in the old days when we did exactly what we wanted. Sort of like we still do today."

Elsewhere on the Web - Related Stories:

MS Says "Stop Discussing Hack Exploits"

Related Rumour Mill Stories:

Microsoft Teams Up With Music Biz to Blast Disagreeing Sites off the Internet October 21, 2001

Back to The Rumour Mill