Ballmer said that, since most virus and worm attacks come only after vulnerabilities have been disclosed by the company or by security researchers, Microsoft is working with computer-security firms to make sure that they do not announce vulnerabilities before Microsoft has designed a fix.I'm all for worms and viruses. Without them, security holes remain and you're unknowningly vulnerable. I'd rather bugs were super public, rather than known to only a few evil people.
"I wish those people just would be quiet," he said of computer researchers who publish vulnerabilities in Microsoft's products. "It would be best for the world. That's not going to happen, so we have to work in the right fashion with these security researchers."
And we all know Microsoft doesn't fix bugs unless there's a dire need. Damn, this page is temporarily down. It's a great listing of security bugs Microsoft hasn't yet fixed.