Microsoft is reliving old times by claiming that problems with its software aren't problems but legitimate features.

Twice in the past few days, the software giant has disputed claims by security experts that they have found security holes. Instead, it says, the experts have mistaken perfectly normal processes for vulnerabilities.

An advistory on an unpatched hole in Explorer - found on Friday by security consultant Rafel Ivgi - was "inaccurate and misleading" according to Microsoft. Ivgi said the browser fails to warn a user about the installation of malicious code on their system. Microsoft says it does.

Microsoft then went on to acknowledge that while attackers were actively exploiting an anti-piracy feature in its Windows Media Player to install malicious code on users' systems, the attacks were the result of "social engineering" rather than a software flaw.

Two Trojan horses discovered by Panda Software disguise themselves as media files, and pretend to download a licence via WMP's new Digital Rights Management (DRM) feature, while in fact downloading dozens of spyware and adware programs.

Microsoft said it doesn't consider the problem a software vulnerability, and argued that Windows XP Service Pack 2 should help to prevent such attacks from succeeding. "Users who have installed Windows XP SP2 and turned on the pop-up blocker have an added layer of defence from this Trojan's attempt to deliver malicious software," it said.

Such comments will delight and depress seasoned Microsoft observers. Back in the 90s, when Microsoft was growing increasingly sensitive to the accusation that its software was buggy, it confidently told anyone that would listen that the people claiming to have found a "bug" had actually mistaken a useful aspect of the product as an error. A surprisingly large number of people went for it.

Now with Microsoft equally touchy about the accusation that its security is sub-standard, it would seem the old approach has been dusted down and given a new lease of live. Expect to hear a bewildering selection of techno-babble in the coming months as the software giant seeks to redefine what exactly a security hole is.


Find your next job with techworld jobs