Interview With Microsoft's Chief of Security

Paul Coe Clark III writes: "I interviewed Howard Schmidt, Microsoft's head of security, questioning him about, among other things, cyberterrorism and Redmond's responsibility for insecure features in the wake of many virus attacks. /. readers might find it interesting. They can find it here."

Contrary to popular belief

[Zen+Mastuh]

Microsoft does focus a lot of effort towards securing their products. Unfortunately the effort is more reactive than proactive. It's a basic flaw in the capitalist model that allows the Marketing and Accounting people to determine release dates--instead of the Developers. The attitude can be paraphrased like this: "As long as the app fires up, it can be released. We'll let the customers be beta testers."

If they were in the car business insted of the O/S business, a lot of people would be dead or mangled.

Re:Contrary to popular belief

[Bonker]

If they were in the car business insted of the O/S business, a lot of people would be dead or mangled.


That's ultimately the only thing that can change the corporate machine... Death. Either the death of members of the machine or members of the public.

Look at the recent Ford/Firestone screwover: Sure, there have been reports about how unsafe SUV's were for years, but Ford was able to rationalize those deaths away as just part of the 'acceptable highway fatality level' that Americans seem to be comfortable with.

It wasn't until people were able to say with proof positive that Ford SUV's and/or Firestone tire were directly responsible for human deaths that Ford was forced to change its practices.

Microsoft is in the same boat. It won't be until the Blue Screen of Death is really, provably responsible for human fatalities (Think saftey control at a power plant, or a crash aboard a military vehicle of some kind) that Microsoft will start being more responsible about their security and program design.

I Loved this bit...

[schon]

(When asked about full disclosure, and publishing of exploits)

In some cases, it's tantamount to screaming "fire!" in a crowded movie theater.

Yeah, except there really IS a fire.

So when there is a fire in a movie theatre, he's suggesting the person who notice it just quietly go and tell the management (who will wait to see if it's really a big fire, and then assign some staff to attempt to put it out), instead of telling the people whose lives are in danger?

Yeah, GREAT analogy.

Re:Damning with faint praise

[jfunk]

If the author of ProgramX doesn't fix a security hole, then debian might, or redhat might, or suse might, and as soon as one does the others can grab their fix and incorporate in their distribution.

Absolutely. I remember when a recent (not too serious) hole was found *by* SuSE's security team (I don't remember the package, sorry). One of the primary reasons I run SuSE is because of their awesome security team. They borrow a ton of stuff from OpenBSD, and that's a good thing. I also highly recommend their security mailing list no matter what distro you use, and their security scripts are deliberately distro-blind (I've installed them on critical Red Hat servers at work, and they work beautifully).

I ran YOU (YaST Online Update) manually and I looked through all of the updates. They submitted the patch to the original developers before sticking new packages on their servers. The new version of that package from the original developers (ie: they applied SuSE's patch) was released three days later.

But that's not the most important thing. Am I screwed if SuSE dies? Hell, no. My number one reason for preferring open source is that I can get *anybody* to do the work for me, including myself.

I've said it many times before: price is not the issue, control is. Sure, I can get SuSE for free all I want, but I pay for it just so their packagers and bug-fixers get to stay on board.

Closed source can never be as secure

[Pinball+Wizard]

...as an open source system. There's more to it than just "lots of eyeballs".

For instance. Even with all the security patches Microsoft has provided with IIS, their FTP server is still insecure. How do I know this. Because some warez dudez managed to use my server, even though I had applied all the patches and set the FTP directory to be read only.

Now, if this ever happens to you, let me tell you, these guys play a dirty trick so you can't easily delete their directory. They name their folders with names that cannot be deleted the normal way, names like COM1 or DEL, names that are reserved somehow when you try to delete the files and folders.

The amusing thing about this is that the only way to get rid of these files is to install the posix utilities and use rm to get rid of them.

Now here's the kicker. If you use rm -r CO* to get rid of a directory called COM1 you might find out that this directory is really called "COM1\ /" The command line actually hides the last three characters. And rm gets fed the first directory, and then the "/" separately. Yeah. You do the math. Needless to say, it wiped out quite a few of my files before I killed it.

Yes, I perform backups, so I proceeded to restore the files. But insidiously, SQL Server on the same machine refused to run, because it felt the installation had been corrupted. I basically had to figure out how to trick it into running again, because(another hideous design fault) you can't just uninstall SQL server and reinstall it and hope your data directory is OK. I had no way of doing an up to date backup of my data on this machine. So I had to trick it into believing it wasn't a corrupt installation, or I would have lost data.

Now, how many things can you count that would have never happened with an open source system. You certainly wouldn't have files with the latter part hidden. You can back up data directories to completely different servers by simply copying the directory. Its very easy to drop in other FTP servers without loss of functionality. And there is certainly nothing that will stop a program from running if all its files are there and the execute permission is set.

All, in all, I had a very frustrating experience that never would have happened with a Linux system. With Microsoft, its their way or the highway, and you can't change things or fix them when the design is bad. Rather than the user dictating what the software does, Microsoft dictates to you how their software will work. Because of that, closed source is less flexible and configureable, is less managable and nimble, and therefore cannot respond nearly as well to any number of problems, including security.