Slashdot Mirror
Interview With Microsoft's Chief of Security
Paul Coe Clark III writes: "I interviewed Howard Schmidt, Microsoft's head of security, questioning him about, among other things, cyberterrorism and Redmond's responsibility for insecure features in the wake of many virus attacks.
/. readers might find it interesting. They can find it here."
Microsoft does focus a lot of effort towards securing their products. Unfortunately the effort is more reactive than proactive. It's a basic flaw in the capitalist model that allows the Marketing and Accounting people to determine release dates--instead of the Developers. The attitude can be paraphrased like this: "As long as the app fires up, it can be released. We'll let the customers be beta testers."
If they were in the car business insted of the O/S business, a lot of people would be dead or mangled.
"What is the sound of one belly slapping?"
(When asked about full disclosure, and publishing of exploits)
In some cases, it's tantamount to screaming "fire!" in a crowded movie theater.
Yeah, except there really IS a fire.
So when there is a fire in a movie theatre, he's suggesting the person who notice it just quietly go and tell the management (who will wait to see if it's really a big fire, and then assign some staff to attempt to put it out), instead of telling the people whose lives are in danger?
Yeah, GREAT analogy.
But there is a fire. Its only irresponsible to shout "fire!" in a crowded movie theater if there isn't on, just like it would be irresponsible to post non-existent exploits to bugtraq.
Mr. Schmidt is suggesting:
Geez... They must have cut their spin budget recently.
Classic Microsoft... standards bad, embrace and extend good... we do it for security reasons, not because we're trying to leverage our monopoly power into yet-another market. I can almost understand the "don't tell anyone about the exploit until we have a chance to fix it" stance, but this makes me sick to my stomache.
I would be in favor of government standards of security. And not just because it would force more open standards, but because it's a good idea. Yes, it will probably not be easy to implement, and it might force MS to ship a product or two late, but at least it will enforce some needed checks from a company who's concept of security is identifying problems after product release.
Those who fail to understand communication protocols, are doomed to repeat them over port 80.
I will have to disagree with your statement, "Apparently MS realizes they made a wrong decision in their approach to security (trusting the sysadmin's dilligence), and they are making strong strides to change this now, and in the future."
Microsoft's approach to security has/had nothing to do with trusting sysadmins and everything to do with gaining market share. The marketing department drives development plain and simple. You really should open your eyes when you are working on them NT servers, do they look like servers?
Microsoft's products should install out of the box as secure as possible, not with a blank SA password for SQL.
I am forced to work in an NT world and I hate it. I have worked with many other server OS's like Novell and Linux distros, and MS stuff sucks.
People who NT is easy are wrong, NT is high maintenance really high.
Speaking of high...I gotta go cough cough
The only good thing I can say about MS is that Windows 2000 works better then 95/98/ME every did, but that's it.
LoRider
I say that Linux and Windows cannot be directly compared (IMHO)
.doc files to contain machine level code. They're paying the price for that now. Many email services just outright BLOCK .doc files now. I bet that interferes with functionality.
I never compared the two. I just made a simple anology, much akin to the one posted in the interview. I just happen to think mine is more correct.
But nevertheless, in terms of functionality, Linux is not very user friendly (you have to do lots of steps) in order to reduce the faults in the system (whether security or stability.)
Strictly speaking, your average Linux OOB(out of box) experience is safer than your average Windows OOB experience. I recieve daily trojan emails, but see nothing in my ftpd logs.
Microsoft on the other hand wants every user will be able to use a PC even though it is their first time to use one. In the process of doing that, if you disable all features (because of security) then nobody will buy their OS since I believe their support call center will be full 100% of the time.
Be able to, be forced to, what's the difference, right? There has to be a certain expectation of knowledge.
Also, there's a difference between useful and secure. M$ may have done a bad thing when they allowed
It's funny you mention that nobody would buy their OS if it were secure.
The previous has been a secret message to my comrades.
Absolutely. I remember when a recent (not too serious) hole was found *by* SuSE's security team (I don't remember the package, sorry). One of the primary reasons I run SuSE is because of their awesome security team. They borrow a ton of stuff from OpenBSD, and that's a good thing. I also highly recommend their security mailing list no matter what distro you use, and their security scripts are deliberately distro-blind (I've installed them on critical Red Hat servers at work, and they work beautifully).
I ran YOU (YaST Online Update) manually and I looked through all of the updates. They submitted the patch to the original developers before sticking new packages on their servers. The new version of that package from the original developers (ie: they applied SuSE's patch) was released three days later.
But that's not the most important thing. Am I screwed if SuSE dies? Hell, no. My number one reason for preferring open source is that I can get *anybody* to do the work for me, including myself.
I've said it many times before: price is not the issue, control is. Sure, I can get SuSE for free all I want, but I pay for it just so their packagers and bug-fixers get to stay on board.
1) As Multics taught us, security with significant hardware support is significantly easier to do than without. A result of this is that we need to be asking Intel (etal) about help (like tagged memory blocks) in hardware. It really is time that we got away from just the stale VonNeuman ideas that Mr Cray graciously gave us in the 1960s and 1970s.
2) Once the hardware exists, then we can move to implement better O/Ses that are significantly more robust. Everyone will win, even MS.
-- Multics
For instance. Even with all the security patches Microsoft has provided with IIS, their FTP server is still insecure. How do I know this. Because some warez dudez managed to use my server, even though I had applied all the patches and set the FTP directory to be read only.
Now, if this ever happens to you, let me tell you, these guys play a dirty trick so you can't easily delete their directory. They name their folders with names that cannot be deleted the normal way, names like COM1 or DEL, names that are reserved somehow when you try to delete the files and folders.
The amusing thing about this is that the only way to get rid of these files is to install the posix utilities and use rm to get rid of them.
Now here's the kicker. If you use rm -r CO* to get rid of a directory called COM1 you might find out that this directory is really called "COM1\
Yes, I perform backups, so I proceeded to restore the files. But insidiously, SQL Server on the same machine refused to run, because it felt the installation had been corrupted. I basically had to figure out how to trick it into running again, because(another hideous design fault) you can't just uninstall SQL server and reinstall it and hope your data directory is OK. I had no way of doing an up to date backup of my data on this machine. So I had to trick it into believing it wasn't a corrupt installation, or I would have lost data.
Now, how many things can you count that would have never happened with an open source system. You certainly wouldn't have files with the latter part hidden. You can back up data directories to completely different servers by simply copying the directory. Its very easy to drop in other FTP servers without loss of functionality. And there is certainly nothing that will stop a program from running if all its files are there and the execute permission is set.
All, in all, I had a very frustrating experience that never would have happened with a Linux system. With Microsoft, its their way or the highway, and you can't change things or fix them when the design is bad. Rather than the user dictating what the software does, Microsoft dictates to you how their software will work. Because of that, closed source is less flexible and configureable, is less managable and nimble, and therefore cannot respond nearly as well to any number of problems, including security.
No, Thursday's out. How about never - is never good for you?