Slashdot Mirror
Microsoft to Focus on Security
Anonymous Minion writes: "The Associated Press is reporting that Bill Gates announced to employees Wednesday a major strategy shift across all its products to emphasize security and privacy over new capabilities. In e-mail to employees, Gates referred to the new philosophy as "Trustworthy Computing" and called it the "highest priority". Gates said the new emphasis was "more important than any other part of our work."" People criticized Microsoft for treating security breaches as a public relations problem, so Bill Gates sent this email out to the Associated Press to prove them wrong. (rimshot!) Meanwhile, Richard Smith notes that the Globally Unique Identifier in every installation of Windows Media Player allows websites to universally track users, and Microsoft does not consider it a security problem.
for anyone who avoids M$ because of their lack of security, i think this will be seen as too little, way way too late.
They didn't release it to the press.
...
In e-mail to employees obtained by The Associated Press, Gates referred to the new philosophy as ``Trustworthy Computing''
Now, of course, they may have deliberately leaked it
Hogsback
Security over function. That makes sense. I already love it everytime windows warns me that I am about to do something dangerous, restricts me from seeing files I shouldn't touch by default, and dumbs down everything to the point where it takes me 45 minutes to make the machine useful after a clean installation.
Now they are going to focus on security instead of function.
I have a pocket calculator that adds, subtracts, multiplies and divides. The square root button is broken. I just jammed an RJ-45 cable into the slot where the battery normally goes. It appears to be doing nothing.
I'm certain that my calculator now meets Bill's new objectives. It does nothing, but is entirely secure. Particularly since it is behind a firewall.
Good idea Bill.
-Rothfuss
How did this old story manage to make the front page of Slashdot when this new story with far greater implications didn't?
Right. This is not a security problem. This is a privacy issue.
And speaking of which. Many of us have fixed IP addresses. Web sites already track our actions with cookies. Telcos sell information about us to anyone who wants to pay for it. Get over it. We have no privacy to begin with.
Just because it's possible to fix the hole doesn't make it "Normal slashdot staff overreacting again." Not only does the original report contain the information for how you can turn off the ID, it makes some good arguments for why that isn't good enough.
So no, not an overreaction at all.
Last time I installed Mandrake 8.1, it automatically partitioned my drive, and auto-detected and properly configured every piece of hardware in my laptop (including my 802.11b card). There are still applications out there that could use some usability enhancements, but the major obstacle (installation) is pretty much out of the way. The only thing Linux needs to be a true competitor on the desktop is applications. These days, the desktop-oriented Linux distros are just as easy, if not easier, to install as Windows. It is the lack of applications that is holding back any progress Linux might make on the desktop.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
" Time to uninstall Media Player. I'm just tired of companies sneakily trying to track my browsing/purchasing habits without disclosing it. Enough."
Why not try unchecking the big friendly "Allow media sites to uniquely identify my player" box instead?
graspee
Uh....what are you talking about? Windows NT, which Windows XP is based on, has had userids and file system permissions for years.
Now I'm someone who will cherily click past a click-through license agreement without reading it, but Microsoft still managed to draw my attention to the existance of this ID, then told me what benifits it gave, and then how to disable it (which I did).
(They didn't mention the supercookie privacy bug tho
When you install WMP7 it brings up a Privacy Policy dialog (and those words immediately make anyone who would actually care [about web pages being able to collate info about them etc] decide 'this is something I should read') which explains pretty much in bullet points every aspect of WMP that might violate your privacy, what advantge you get by having it on, and how you can turn it off (including the Content Rights Management). You then have to tick an "I have read the privacy policy" checkbox before you can continue the install.
In that sense "an obscure option in WMP which is barely documented" is complete bollox. However, I imagine it's possible (now or soon) that you could buy a machine preconfigured from the store with WMP7, and not be provided with any information, or warning.
Windows2000 (SP2) comes bundled with a much earlier version of WMP so no worries there, but I've not looked at XP.
My question for anyone who has bothered to read this far...
(I'll word the same question it 3 different ways)
Is this just a bug, or would the only way to fix this bug defeat the entire purpose of the ID? / Can this feature exist without the side-effect? / Is it a side-effect or just the other side of a double edged sword?
here
< feed the troll ... must feed the troll ... >
The first versions of Windows were released in the late 80's. Not very many people saw those, because they were sold alongside the first versions of Excel (which not very many people saw either). There was some serious MacOS copying going on in those Windows-es IIRC, except they didn't work very well. Then there was Windows 3.11 (3.1 was so buggy it was quickly replaced by a much needed upgrade version; I doubt anyone here actually used Win 3.1 proper). Then 95 and the (usable, if unstable) upgrades for that. At the same time, MS experimented with a DOS-free OS as well (NT), which, in its 5th incarnation, actually turned into a usable, stable system (Win2K). Windows XP marks the end of the DOS-based 9x series; the consumer friendly aspects of these OSes got bolted onto the Win2k (=NT 5) kernel. By most accounts, it's a pretty decent OS. A resource hog and riddled with security holes, but pretty much as stable as Linux or any other decent OS. I had to use it for a month or so, and it never crashed on me once during that time.
So there.
News and bla for computer musicians: http://lomechanik.net/