Couldnt they solve their security problems by switching to Macs?

So, even if other MS products are 10 times worse that QT they don't make the list because those applications are known to be that way????????? What a farce this whole security industry is!!!!!

"The reason most Microsoft software doesn’t make the list is because by now most companies have a pretty good process in place for identifying, patching, and fixing vulnerable Microsoft software."

translates to: "we're not counting MS software because people are pretty used to the fact that it's full of holes and they have to devote a significant amount of time and effort to constantly patching it."

or, "we can't afford to piss off Microsoft so we're peddling this FUD."

what a joke.

"represent unexpected and unquantified vulnerabilities in an enterprise IT environment."

what does that mean???

by that definition, of course MS doesn't make the list. MS software is expected to be vulnerable, with great quantities of security holes.

idiots.

Outlook has to be Public Enemy Number One when it comes to security issues, with ActiveX vying for the title.

But because they're well known threats, they get cut out of the list?

"represent unexpected and unquantified vulnerabilities in an enterprise IT environment."

what does that mean???

It means exactly what it says. The point of the article/release was to document the unknown/unexpected, not the known. As they say, MS is a known quantity. IT departments know all about it, MS knows all about it, everybody knows all about it. And whether you like it or not, MS has a much better framework for dealing with issues then Apple or a lot of other vendors do.

by that definition, of course MS doesn't make the list. MS software is expected to be vulnerable, with great quantities of security holes.

That's correct. Again, this is to inform the IT departments of what they might NOT know, not what they already know. Talk about a waste of time. "Hey, let's list all the MS software that's got security issues with it!" (a shorter waste of time would be to detail the ones that don't).

idiots.

Only to those who don't know what the mission statement of this item was supposed to be. Oh, I'm sorry, that would be you. Ooops.

I can understand Quicktime being on the list, but I've got a problem with iTunes. One, I don't recall security warnings for the software itself (although one must admit the software is a pain, being that its update cycle is like monthly). Two, and more importantly, what IT departments are spending their time installing iTunes on work computers? The way most IT people are, they only want to install what is necessary, not just any ol' app because Fred in Finance wants to listen to some online music...

Sounds to me like a bunch of MCSE's (Microsoft Certified System Engineers) working to ensure job security by stating that MS products are more secure if you continue to pay us to maintain your systems for you.

so move to a more open product. It will pay to not lock your entire enterprise to "windows only" update and patch management solutions, since microsoft can't compete in every software channel.

I doubt wsus (Windows Software Update Server) can adequately handle most 3rd party patch management adequately (not to mention other platforms), so since most enterprises have a need to employ these products, it behooves IT to broaden its scope.

LANDesk, or a similar very-nearly enterprise product would cover most companies. LANrev would cover the nearly all the rest.

Nothing pisses a user off more than a whiney I.T. department. >:|

iTunes is becoming an integral visual media product for both .edu, and .com spaces. It is undeniably popular with the general user space, and certainly handles the bulk of disparate protocols, so why wouldn't I.T. support it?

On the other hand, I am also unaware of iTunes attack vectors/vulnerabilities. Doesn't mean it can't/won't/hasn't happened, but I do try to stay abreast of such things in general...