Slashdot Mirror
Security Community Reacts to Microsoft Announcement
A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.
When I see it. So far Microsofts security focus has been like looking through beer goggles.
~.Evanrude
It would be nice if Windows, in addition to being the world's most popular/used OS, also happened to be *secure*. I look forward to that day, but until then... Well, let's just leave it at I won't be holding my breath.
I watch that MSFT3K all the time and they never talk about computer stuff... I am suspicious of the validity of this reference...
It seems to me like MS are doing this just to counteract the recent bad press they have got in the security area.
I have said it in the past, and I'll spew it backup now for those who missed it, MS do not make the best software - bu they do have the best marketing department and business sense.
It will be good if they succeed; we hope they try as hard as their PR says they will.
Have a nice day.
It seems that the various tones of the above mentioned pieces reflect a Microsoft good or Microsoft bad attitude. Unfortunately, the problem being discussed transcends the usual polemics of such a debate. Good security, whether from Microsoft, Sun, Novell, Cisco or others, is in everyone's best interest. If Microsoft has finally awoken to this fact, good for them. Their previous security through obfusication was a travesty and insulting. If my personal information is going to be stored on a computer that is linked to a network, I want the best damn security money can buy. For that computer, for the database software, for the firewall, for the remote machine at the local insurance agency that is accessing the info, et. all.
True Names are important for a reason.
...says:
But we're still in the early years of the computer revolution, and there are many technological, social and regulatory hurdles we must overcome before computers truly become a ubiquitous--and essential--technology.
The early years? No. When you've got one person on top who can't get their sh*t together...
I mean, we could be farther along in this 'revolution' he speaks of. Why aren't we? Because the Big Guys [read:Microsoft] are doing what they want to do. Why are they now only focusing on security?
Oh! Pick me! I know! --- Because they do what they want to do, and that's it. They don't give in to customer demand; most of their product is cooked up by visions that Bill and others have.
Get your Unix fortune now!
Cringley has a good piece up on this as well.
How very fascinating!
Visit the new Troll site!
Separate Data and Control Paths
Use Secure Default Configurations
Separate Protocols and Products
Choose for Security over Features
Make it Transparent and Auditable
Give advance notice of Protocols and Designs
Engage the community
All that stuff sounds great, but I can say the same thing in far fewer words:
Start from scratch. Do it right this time.
MS is NOT a security driven developemnt enviroment.
;)
This kills me every time I read it, almost as much as the Linux sales memo, Can you see all the MS developers huddling around saying Ok were going to tighten the security up here,..... HA, they obviously didnt have a clue on the security side of things to begin with, the MS project managers preaching security over all. this is the blind leading the blind and the deaf.
Its great for marketing, well that is if it dosent backfire, if theeir stuff dosent get a whole lot tighter a whole lot quicker its going to make them look yet worse, they (MS) acts as if secuity didnt need to be a main goal. Shit, the Govt has judges ordering other govt websites down because of inadequite security on MS servers (Dept Interior?)
MS is going to push now, more than ever to limit disclosure, through this they can APPEAR to be accomplising their lofty goal set by BG.
This should be a funny story to watch , as they say it aint over till the fat lady sings
GOTT MIT LINUX
Sig went tro...aahemmm.....fishing........
Considering the amazing amount of interest at hammering away on MS products, this new "shift in focus" will either wind up producing one of the most sercure set of products ever(highly doubtful, IMO) or it will be a long, drawn out, yet abysmal failure as each new change becomes defeated as fast as its implemented.
Either way, its going to take quite a while to tell.
The first thing Microsoft is going to do under their new "security first" paradigm will be to announce that due to security concerns, they can't tell us what any of their security upgrades actually are.
Ok, I think we can all agree that M$ has been making life hard on Linux advocates. First off they come out with Windows 2000 which doesn't crash and then they follow it up with Windows XP which also doesn't crash.
Of course, this hasn't stopped us from complaining about Windows stability (a true zealot is never deterred by facts), but it has made us look a bit ridiculous.
So what happens when Windows becomes secure (assuming this happens). It'll be a sad day for Linux advocates everywhere is what will happen. Window will then join VMS, OSX and FreeBSD in being basically superiour to Linux. Thank god for BeOS going extinct, because, as a Linux advocate I jsut don't think I could bear that.
Anyway, Micro$haft (he he, aren't I original), please don't make a secure product. Please, I'm begging you.
Your former employee,
--Shoeboy
I mostly think it's advertising. XP didn't sell nearly as well as they had hoped, and a bunch of people flying around with Madonna playing in the background didn't seem to send their message. And I'd be willing to bet that security concerns were most of the reason-they WERE the reason with my employer.
The tech world is full of reviewers and publishers who will publish Gates' statements as thought they were spoken from the burning bush. God only knows, they shill for advertisers just as bad as gun magazines.
Windows is too backwards compatible, IMO. Too much building off of old stuff. Microsoft needs to make a new version more or less from scratch, like Apple's transition from the old Mac OS to OS X. It isn't a quick or easy transition, but it will pay off in the long run.
I guess that's the problem when you are a huge software company trying to appeal to everyone. You end up supporting everything and it turns into a big mess.
mark
If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
Let's wait and see, announcement are just words, let's see how they will react when there's going to be another big security hole (because there always are going to be, and that on just about any platforms, but especially with Microsoft), if they've really changed philosophy, they will react more quickly (as in programmer-wise and not PR-marketting-wise), and not handle this as a press release taking their customers for complete idiots and reacting immaturely blaming people that finds the bugs as "terrorists".
And anyways, for those of us that are on some security mailing lists like NTbugtraq, we'll see how the people got their discovery handled by Microsoft, if they change for real, maybe we won't read as many "We notified microsoft 3 weeks ago about this matter and nothing was done, now it's time to bring it public" and then having the Microsoft PR and legal team on their back.
I think they are starting to feel the heat of people that are really not satisfied and claiming that buisness damage due to insecure OS should be fined to the creator of the OS, especially when they claim it's secure. Heh.. good thing.
--- Metamoderating abusive downgraders since my 300th post.
Someone brought this up in another article, so I can't take credit.
The settlement with the DOJ specifically allows Microsoft to exclude documentation of APIs that relate to security. This new initiative makes damn near anything in some way relate to security. Gotta love it.
I would look for MS to make at least two major acquisitions in order to shore up their security offerings - they have used acquisitions in the past to shore up problem areas.
Of course the caveat is that they are not so much concerned with security as an intrinsic value but in the selling of security, and there is an important distinction here. As with any growing software market, you can't underestiamte Microsoft's efforts, and I think it is largely naive for the readership here to snicker and write off MS in this regard.
oxymoron: (def) A two word phrase in which the meaning of the first word contraditions the meaning of the second word.
... All Pig Flight Training School Opens
First off they come out with Windows 2000 which doesn't crash
It doesn't crash as often, and is a vast improvement over 98, but it does crash. Of course, this is a bog-standard Professional install with Service Packs 1 and 2 and a few fixes from Windows update applied, used mostly to play games, so YMMV. (In fact, once every few boots, it boots to a black screen and sits there indefinitely (this defined as being "beyond the limit of my patience", ie significantly longer than on a successful boot.)
To say that it doesn't crash at all, however, is as inaccurate as saying that Linux never crashes.
Cheers,
Tim
It's official. Most of you are morons.
Microsoft has no plans of beefing up security; they just wanted to give slashdot-users some more stories to submit and things to flame about.
Given what seems to be a backroom deal with the current administration designed to protect a convicted monopoly, the main chink in Microsofts armor is its lack of security. Hopefully this latest rhetoric will be seen as the hot air it is and in the least, remembered so as to hold them accountable at a later date.
Here's a memo leaked to me from Bill Gates himself:
-- We live in a world where lemonade is artificial and soap has real lemon.
Obligatory Simpson's quote:
"You're charming the pants off of me"
"What did you say Aunt Selma"
"I said take thos damn glasses off!"
I'm the big fish in the big pond bitch.
www.theregister.co.uk also covered this with editorial this week.
My stance is that if they dont treat security seriously then it WILL only be a matter of time until more secure operating systems erode their market share. Pure lower cost of ownership and reduced administration hassles will drive this.
However they have a HUGE problem in that current versions of windows are so riddled with holes of one shape, size or form so much so that they realistically should be providing free upgrades to every user to make their systems secure.
Microsoft give a free upgrade though? Lol choke - wheres the ambulance?
Step 1. Disconnect the phone line, ethernet cable or whatever other device you use to connect to the internet.
Step 2. Drag all documents that you consider a risk to exposure to the recycling bin, recycle them, then use a disk utility to cover up all traces.
Step 3. Delete IE, MS Office, Outlook Express, and the Windows operating system from your computer.
Step 4. Take a large can of gasoline, a sledgehammer, and a match, and tape a photo of Bill Gates to the side of your machine.
Step 5. Follow your instincts.
I stole this Sig
They have always gotten people to upgrade software for the newest features. This will be the way they can get people to buy the latest software. Their products are so bloated with useless features that no one sees a reason to upgrade what they have, but to stay secure? People might buy that "feature"
The revenue stream has to stay flowing and this will force IT people to upgrade. If they don't and they get hit by some nasty bug/virus/worm the CEOs will have their heads.
But does this leave MS open to lawsuits...nah not likely what with their EULA
Oh well
Usually, Bruce Schnier writes good stuff, and I enjoy reading it. This time, though, the piece is riddled with misinformation and poor advice. I'm surprised.
SOAP isn't just a Microsoft protocol, for one, but the main problem with that paragraph is that SOAP was not designed to elude firewalls, any more than RPC was. SOAP is just an RPC mechanism that happens to flow over HTTP, mostly because Dave Winer only knows one protocol -- HTTP. Mr. Winer didn't try to evade protocols, he just couldn't conceive of creating a different protocol for this application -- an error of omission, not commission.
In terms of file and media distribution, the function of a HTTP server, FTP server and gopher server are very similar, so there's actually some sense in bundling the three together (and MS isn't the only group to do this). The security problems come when dynamic execution is added to the mix in HTTP. Mssrs. Schnier and Shostack desperately want to undo this, but they don't have the right answer -- the problem isn't stocking the three protocols together; it's that the Internet gave us three ways to do the same thing. To really address the security issue here, we should probably go back and redo the protocols so that dynamic content and media content flow over separate protocols, but there's no chance of this happening -- HTTP didn't kill FTP, and even gopher is making a mild comeback, so we're stuck with this mess for a long time.
There's some good advice regarding security in that article, but the authors' notions of product design are off-target, and contrary to the direction a lot of folks (even those beyond MS) are taking.
when MS wanted to take advantadge of the Internet, they bullied their way in to the browser market. Now they are going to bully their way into the security market, in orde to provide an integrated solution?
Sounds good on paper, for them. another step towards a microsoft world, which things security by obscurity is the pattern, etc.
feh
the thought of microsoft salemen becoming the thought police sickens me.
"It is a greater offense to steal men's labor, than their clothes"
Bottom line is, words are easy. I'm going to wait to see the action.
Chris Beckenbach
Microsoft's new focus on security will not help them sell any upgrades. If their customers were worried about security, why would they have started using Microsoft in the first place?
If it ain't broke, you need more software.
Words are cheap. Results are what counts here!
Of course Bill Gates called for increased security. His announcement, in addition to happening while everybody is trying to settle a multitude of lawsuits against Microsoft, coincided with an announcement from (I believe) the National Academy of Sciences which called for legislation to punish companies who sell buggy, insecure software. He was just trying to protect himself...
Now, I know he's also sending thousands of employees into security training for a while. But the training doesn't mean they'll be perfectly secure anyway - think of all the "trained" MCSEs who are supposed to be networking experts but stlil get mocked for their incompetence by supposedly more experienced Unix admins. Getting a pretty certificate at the end of some training course doesn't guarantee that you've truly learned from it...
No, I use Win2k right now. I make damn sure to preemptively reboot. Last time there was a great deal of work (and I use mainly DOS boxes), I kept it up for days, and it took the filesystem down with it.
The sysadmins smiled and shook their heads at my naiveté.
Mac OS X does not do this. *nix does not do this.
How can a company hope to achieve "a whole new level of Trustworthiness in computing" if they don't have an ounce of trustworthiness in their own business and political practices? Some may argue that this is a whole other subject, but personally I think that a company with real ethics will perform leagues above in the field of security, bug-fixes and general product improvement.
Wow! This must be a PERSONAL letter, just for me!
I still have frequent lockups and stalls with XP. Granted, this is due to a buggy video driver, but even without that, it's not exactly "there" yet. My Linux partition on the same machine NEVER goes down. And I'm running the video and sound drivers from CVS. XP is a HUGE step up from 9X(especially ME... that's on my laptop for work *shudder*) but to say it's as stable as Linux is laughable.
:)
I'd trust it for light loads, or higher if I spent a LOT of time configuring it. But I don't have to worry too much, since my company uses Linux anyway
- Free tabletop fantasy gaming! Grey Lotus
- Speed. Linux does more with less. On my Athlon XP 1500+,
Windows XP lags noticibly on many operations, but there are virtually zero
delays using Linux.
- Usability. I'll take open source desktop tools any day over the
Windows equivalent. The GNOME desktop is better than that of Windows,
BeOS, KDE, and NeXT combined. It is designed by people who actually
know what the users need from a desktop, rather than people intent
on writing a desktop that integrates Passport and spyware into every single
applet.
- Web browsing. Mozilla 0.9.7 is so compatible, reliable, and
quick that I have uninstalled IE on all of my 80 Windows clients' machines
and replaced it with Mozilla. The users loved the tabbed browsing and have
probably never even looked back.
- Accessibility. Linux supports such accessibility features as
sticky modifier keys, text to speech support (even for images, using
OCR), and many other things that make life easier for users with
disabilities. Windows has limited support, at best, for these things.
- Standardization. Linux supports all of the latest standards
that Microsoft flouts. It supports open document formats, open web page
formats, and many other encodings that are not patented or non-free. Truly
Linux sets the bar for other OSes to live up to.
Given these many reasons, it is hard to imagine that Windows will be able to offer more to the desktop user than Windows anytime soon.-all dead homiez
It's not problems with the security APIs that cause exploits. It's the bugs in other APIs, like XP's recent plug and play exploit.
Even despite the fact that security through obscurity is no security, how does closing the security API make the system more secure? Surely all this achieves is to allow Microsoft to put backdoors in Windows' security features.
Microsoft certainly has alot of work to do to improve the security of their products, but I think Shneier and Shostack go too far in some of their recommendations. Here's the worst offender:
First of all, SOAP is an industry standard, not a Microsoft protocol. Secondly, the need for security shouldn't prevent the development of web services over SOAP. I think the demand for these sort of services will mushroom over the next few years. Web services can be secured via the SOAPAction header attribute.
In general, we can't let security concerns prevent the development of useful new technology. Rather, we should make sure that such technology is secure prior to deployment.
-- Brian
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
Huh, I must not be running Windows 2000 because my machine still crashes an average of once/week. My co worker has a brand new Dell with XP and it's definitely far more stable than 98, but it has still crashed at least twice that I know of in the past month.
this is getting old and so are you
blog
I once heard a story about the Denny's restaurant chain. I'm not sure if it's true but the moral is. The story goes like this.
Apparently, Denny's had intended to be a 24x365 operation, never closing its doors. Therefore, when they built the restaurants, they didn't bother putting locks on the doors.
One year, they decided to give their employees Christmas day off. In order to close the restaurants, they needed to be able to lock the doors. Therefore, they had locksmiths go out to all of the stores and install locks.
Now, instead of having spent about $10 per door when the store was built to have locks installed, they needed to send locksmiths to all of the stores and pay them for a couple of hours work resulting in a cost of a few hundred thousand dollars to give their employees a day off.
The moral: It's a lot easier to design security into a system in the first place than to try to add it on later.
Microsoft has their work cut out for them.
.. the cnet article by mundie was part of a pair of pro/con articles. Mundie wrote the pro, Bruce Schneir the con.
I find it just facicinating that CNet had to go with Microsoft in order to find someone willing to write an article for the "pro" half of the article pair.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
The ability to act over plain HTTP DOES have a use.
Now, I know one camp will say it's not necessary to wrap protocol within protocol, that it is a bad practice... but here's the thing.
To build really successful network apps for the mass market, you can no longer rely on network transparency.
What does that mean?
Back in the day, you could assume that every computer on the internet had an IP address, and could deal with unfiltered TCP/IP. That's how it was designed.
Nowadays.. we have NAT everywhere. Yes, NAT is a kludge to get more machines online.. but it's here to stay.
Example: I live in Costa Rica. The local cable company uses NAT. (yes, lame, I know).
My office also uses NAT.
Lots of home gateways use it.
And stuff like video, voice, remote desktops, VPN, etc will just plain not work over nat. Some things, I can hack up to work.. and I'm a real hacker type guy. What can my mom do? Nothing.
I'm all for MS paying more attention to security, separation of code and data, absolutely.
But bitching at them for SOAP, or for (not mentioned here) implementing raw sockets in XP is plain bunk... it's GOOD for them to support a full, flexible machine.
Designed from scratch, to do it right and drop all the backwards compatible cruft. They had their clean break and blew it.
You DO know that Microsoft is EVIL?
VMS? I'm interested in purchasing some of whatever it is you're smoking.
Step 1: Embrace some technology.
Step 2: Extend it in proprietary ways, locking the users in to Microsoft.
How long before we hear,
How long before the security protocols used are known only to Microsoft (for security reasons, naturally)?Three months—at the most!
Lately on /. when there is a headline about linux on the desktop, the M$ trolls come out of the wood work Linux isn't ready for the desktop, by a long shot, stop pretending that it is. This isn't news.
OK in the same light, call it trolling if you want, let me say M$ isn't secure. Not by a long shot, please stop pretending that it is or will be soon. Thank you.
Probably MS's next step... Doing exactly what they did to the browser market, but now their going for the Security market. They'll integrate their own security site and antivirus software with their OS. Then they'll buy up mailing lists and security sites (hey they have the money and anyone can be bought for a price).
Then all we have for security is what MS tells us and gives us!
www.slightlycrewed.com - Because aren't we all?
But like all MSFT software, it won't be till they reach version 3 that it will actually be workable. Will it be acceptable to their corporate customers? Yes - Bill G is many things, but "stupid" ain't one of them. ("Criminally arrogant" might be :))
Just look at their history of innovative products:
Windows: Sure they were caught a bit off guard by that fruity company down south of Redmond, but Bill G. made a GUI the main priority and they invented FUD (or did they license it from IBM?) to confuse and delay the corporate world for the years it took to get up to Windows 3.1
Similarly, when the Internet torpedoed Bill's fledgling MSN, he made the internet the company priority. It took a few years, but just look at the market share of MS IE nowadays. Even AOL uses IE as their main browser (and they own Netscape - why don't they "eat their own dog food"?)
So I think that MSFT will be able to bring about this shift to secure their OS and applications. 40 billion dollars in actual cash on hand is only chump change for a first world government. It can finance one heck of a lot of spin doctoring (Just the interest off that would come to more than all the US Congress - House and Senate races plus what Bush and Gore spent combined in the 2000 election campaigns). And of course, however much various folks like to grumble, MSFT actually does spend some money on programming as well as marketing. Heck, they might just make their own version hyper secure version of BSD (given how much BSD code they have alrady borrowed) and call it MS Fortress 2005.
You either believe in rational thought or you don't
This reads alot like the dilbert where dogbert is a consultant and says something to the effect of "I'm going to make a bunch of recommendations that I know you are too cowardly to implement. Later, when you fail, I'll laugh at you for ignoring my advice."
25% Funny, 25% Insightful, 25% Informative, 25% Troll
register has been following this pretty closely. .net until the security implications are thought through)
m l
they have a good editorial on what it would cost to ms to implement this as well (like dropping
here is the link -
http://www.theregister.co.uk/content/4/23791.ht
Ahhh but we can always come up with new reasons for linux being better
And in addition to these reasons there are always the old standbys like "Microsoft is evil" and "I am 3733+3 cuz I use Linux."
The thing about being a zealot is that you can always find ways to justify your position. Although I think the Linux zealots are closer to the truth than the microsofties, I'm somewhere in between.
The real problem is default configurations. Exploits aside, the NT OS is very securable. However, when the software for it, like IIS, is installed virtually open wide for the world, it's a picnic for hackers and crackers alike. From what I've read about the next Windows server line, a lot of this is being changed. IIS is no longer installed by default, and must be installed explicitly by the admin. Even then it will only be capable of serving static pages from a single directory, and every method of dynamic content processing will have to be abled explicitly. This, coupled with the excruciating combing of code for buffer overflows (and various implements that will prevent their execution, such as a SEH handler in VC7 which can kill the thread that has it's buffer overflowed,) I think Microsoft will be able to pull themselves out of this spotlight.
It is important to realise who can trust what here. Is this so that I can trust my computer is safe, or so other people can trust me with their content? MS is in the business of makeing money, after all. Do they make more money if I trust them or if the entertainment industry trusts them?
The significant problems we face cannot be solved by the same level of thinking that created them. -Einstein
Face it, W will shake Bill down until he writes a big fat check and then M$ will get a pass. Just look at how W and his VP delt with Enron and other big energy. Money Talks and then MicroSoft Walks. THat's just the kind of boy W is.
In case you haven't noticed, DOS, Win16, and Win9x are all dead with the advent of Windows XP, which uses a purely NT kernel. NT security is awesome if you know how to close the open doors.
I wonder if their security method will end up in Passport being forced on every Windows user? Now, let's assume for a second that it eventually becomes 100% secure (hypothetical, I know). How am I going to be able to have full privacy in that scenario? Have you ever thought about "the new meaning of privacy" in "the face of security?". Somehow I feel that optimum security and optimum privacy are not achievable simultaneously? [Please comment -- I might have confused myself]
Of course, one can turn the tables around and think about dealing with privacy first and think about "the new meaning of security" in "the face of privacy". Huh?
Case in point: Intel's chip ID. Customers protested because it can be used for privacy violation -- although it really CAN be used for security. So which priority is it for you? Privacy? Security?
What really scares me about this is the talk about taking desktop control away from users, the one thing MS has always been good about in the past.
Billg says:
"Security: The data our software and services store on behalf of our customers should be protected from harm and used or modified only in appropriate ways...It should be easy for users to specify appropriate use of their information including controlling the use of email they send."
Of course, this new "secure" email won't work on those unamerican Linux computers.
Am I the only one nervous about that?
All thoughts of their past products aside, who really is going to trust Microsoft? They are a convicted monopolist; we've seen from the evidence how their mental level does not exceed the school yard bully, beating up weaker kids for their lunch money. This attitude locks them into a win/lose philosophy (when we win, you lose).
It doesn't matter what sort of clothes they wear or how pretty they smile, when the bully comes around the next day, the kids run and sream in terror. They know the bully only wants to get them backed into a corner; what makes us treat Microsoft any different?
Do you like Japanese imports?
"...they've helped transport people to the moon and back safely, they manage critical aircraft systems for thousands of flights every day, they support business operations at companies of all sizes, and they move trillions of dollars around the world to keep the global economy"
It's a shame that none of these run Microsoft software. MS didn't exist in the 60's (moon landing), has nothing to do with aircraft systems (most still in use run on late 70's mainframes and mini's), and god help the bank/brokerage who runs their mission critical software on an Wintel platform. End flame.
Mundie does have one idea right though; make it ubiqutous (sp?). He indicates computers should have the same reliability that requires no thought. I agree whole-heartedly. However I don't believe MSFT can do it without rewriting the whole damn thing over. I cannot count the amount of times an NT server had to be manually power cycled because a service hung and wouldn't restart. This wasn't some oddball, third party service; this was IIS ("WWW Publishing Service" I believe) Until simple things like the separation between kernel and application (EVERY application, no exceptions for the ones you need to tweak for benchmarks) is complete, NT will have problems
Toodles
Toodles D. Clown
The idea is unfortunately short sighted, and will result in holes to be opened in what was previously a manageable service port. This was for expediency, not security. The SOAP spec team followed along as the adoption would be accelerated, but again, this was done without any real eye towards security.
I seriously hope MSFT takes these comments to heart and at least begins to adjust their practice and products to be more secure.
Being quite the 'nix afficionado myself, I understand some of the rather hateful sentiments expressed toward MS. I take issue with some of Mr. Schneier's (whom I greatly respect) comments, however, as being opposed to the mindset of progress.
For instance, Implementation of Microsoft SOAP, a protocol running over HTTP precisely so it could bypass firewalls, should be withdrawn.
strikes me as an ill-conceived statement. SOAP, for the uninformed, is just an XML-based protocol carried through HTTP. It doesn't BYPASS the firewall, it passes through the port generally held open for the use of web servers. We're packaging an XML envelope that a SOAP implementation can open and use, not passing some magic packet that your web server can use to format its harddrives. Firewalls can be made to use SOAP information to block SOAP packets, and servers don't have to respond to ill-formed, ill-conceived, or ill-meanings SOAP calls. How the heck can removing SOAP all-together be considered a practical security measure, anymore than simply removing the web server from the net entirely? Sure, you might get your C-2 rating, but is it worthwhile?
MS has attempted to create a high-functionality server platform, one that installs with the purpose of usability as its default. This simplifies the installation process, creating a process that relies less on the intelligence and experience of the user and more on the good nature of MS itself (as the one who created the installation system). MS does not necessarily have YOUR interests in mind, but the interests of a non-specific "user" in mind - a user whose needs profile may or may not fit your own. Microsoft needs to expand their thinking to include the needs of secure-minded individuals, granted, but the needs of ALL users should still be taken into account, and documentation created that explains the differences.
I'll be the first to admit that Windows has security issues, however, I contend that the nature of networking imposes security problems on ALL operating systems. I doubt too many persons could implement a secure 'nix OR a secure Win box. Intelligence and experience are required in both.
What'dya mean there's no BLINK tag!?
I know most people will assume such a statement by Microsoft is just response to the bad PR they've endured after stating XP was their most stable OS and then a major hole was found in it. But, when you think about it, it really would seem plausible for MS to finally get serious about security.
Take all the factors that normally influence major business decisions - especially IT decisions - and you start seeing really compelling cases against MS.
First, there's cost. We all know Linux wins that one hands-down, since it's hard to compete with free. Next, consider stability. We all know Win95/98/Me are horrible when it comes to this, but let's remember that most businesses are running at least NT - which is mostly stable - and many have now upgraded to Win 2k, which is very stable (IMHO). XP is as stable as Win 2k, but I don't think most businesses have an interest in upgrading to XP from 2k, so I'm mostly ignoring XP.
Then comes the big one: support. Many IT people that manage MS-centric offices and networks will tell you that they don't trust the availability or amount of support for Linux. Linux gurus, on the other hand, call MS support a joke. This one, IMHO, is more or less a draw since both sides see it differently.
But after all that, you can mention the factor that makes even the non-tech execs cringe: security. If the CEO - now matter how technologically uneducated said CEO is - reads in the Wall Street Journal that there's a major security hole in Windows version Blah and the hole is large enough to present danger to critical corporate systems, said CEO is going to make damned sure the IT people either get the hole patched or ditch Windows version Blah to avoid security problems. In the past, the IT people could shoot down such directives because going from MS to Linux could present too many problems. But now we have Lindows and Wine to help support any critical Win32 apps and KDE and Gnome to make the desktop transition easier.
Again, this could just be MS lip service. But with all the current pressures combined with the future potential of Windows replacements, it wouldn't be all that surprising to see MS start trying to produce a product that deserves the corporate mega-bucks.
My sigs always suck.
with words Security and Microsoft is Taliban and Democracy
I thought that looking at these two articles provided an interesting comparison. Mundie's idea of "trustworthy computing" is a world in which people don't think about the technology that makes their computing devices work. This seems to me to be pretty much the same philosophy that Microsoft has followed for a while now, ie lowering the level of knowledge required to operate computers.
By constrast, in the Schneir article, the viewpoint expressed seems to me to advocate people getting involved in the operation of technology. More configurability, plus more modular components, more transparent auditing/logging of OS functions etc. In the author's view, users should be aware of what their computer is doing.
This is the fundamental problem with Microsoft's view of security. Their focus on making things transparent to the lowest common denominator is at the root of all the architectural problems from lack of logging to Outlook viruses arising from scriptable email. They need to change their view that people should just view their computers as mysterious black boxes before their security record will ever improve.
... that they used slide rules on the trip to the moon, too :P
I cannot count the amount of times I've heard NT blamed by ignorant users. On the resource kit, and also on the 2000 Server install CD is a pair of tools called tlist and kill. I thought every NT admin knew about those?
Do you reboot Linux when a userland process hangs too?
Yours,
--Shoeboy
Prediction: Microsoft introduces a platform, hardware and software, that will essentially block the user from doing many things that we take for granted. Sure, it'll essentially be a PC, but with crypto built into the hardware so that users can't work with "insecure" binaries. Or unauthorized ones, for that matter.
That last statement that Mundie makes in the news.com article is kind of chilling:
Yet the way we build computers, and the way that we now build services around those computers, hasn't really changed that much in the last 30 or 40 years. But it will need to. At a time when computers are starting to find their way into just about every aspect of our lives, we must build trust into these systems from the ground up.
What we're going to see is Microsoft collude with the hardware manufacturers to strip users of complete access to their own computers, in the name of "security". Hey, it worked for the US government time and time again...
Its only a matter of time before this 'leaked' memo, the associated press release, etc, will have the average person thinking that Microsoft is now secure.
Go around your office and start asking people, "Have any security holes been fixed on YOUR computer since Microsoft made those annoucements?" Educate people that the average Windows installation has something like 10 KNOWN security problems, and countless unknown (except to your worst nightmare).
Security holes do not get fixed by press releases. Unfortunately, people's perceptions do. Don't let that happen.
Putting security into a system that lacks it in the first place is a hurclean task. (This has been said here by others already)
Putting together a team that really "values" security, and structures the programming and QA and testing of software, is a long and difficult task too.
Sure, I don't doubt that MS _could_ impliment these things. But they're not flashy - you don't get to "sell" anything based on this strategy for a _long_ time, and it doesn't really help you beat any competitor until you can show it works.
Thus, I predict that if MS isn't just using a marketing play and claiming that security is the next big thing - we'll have it "real soon now", it will be hard to stay the course. Thus, if I were a betting man, I woudn't bet on MS actually pulling it off successfully. Sure they might, but I'm not holding my breath, or waiting for MS to provide a secure solution, as opposed to anyone else that already is...
Actually, it's a Frank Zappa tune.
But yes, the "G3" did do it justice.
New products and upgrades based on increased security have a certain appeal. After all, you can never have too much security, so users can be convinced to upgrade over and over almost forever (just look at Mcafee). But there is a downside, too, which is that security and security performance are now firmly on the table. If Microsoft says it is going to make its products trustworthy and they aren't, then customers can rightly be upset. To this point, remember, Microsoft has pretty much disclaimed security, saying that all operating systems and applications are vulnerable. "It's not our fault." Well in the age of Trustworthy Computing, it WILL be their fault, though the cost to us will probably be continual and expensive upgrades.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Bad security practices can be expensive - I know I've lost a few hours of work due to not having an up-to-date-and-scanning virus program. This has to have a definate impact on MS's operational budget, trying to figure out how to spin the latest virus while testing solutions against the entire MS suite. On top of that, there has to be some managers and employees that still believe the old lines, that customers pay for new features, not bug fixes, that interoperability and ease of use sell, not security.
Microsoft knows that it has won the Desktop OS wars, that it's closest competators are Apple's OSX (only runs on expensive hardware, so it will have a minimal impact on business sales) and Linux (still playing catch-up with MS). Now it needs to figure out how to sell upgrade units to existing customers, and has to think about the eventual multi-computer households with home servers, where it is currently losing to Linux. Most reviewers that tried XP loved it's stability, and I've even been tempted to upgrade my 98 desktop (which runs fine once you get all the programs working together).
Extra bells and whistles aren't doing it anymore - customers are tired of gaining ease of use at the cost of patches and bugs. Customers want an invisible operating system, which makes easy things easy, and they almost don't care about making hard things possible. This will require MS to transition from a company focused on beating competators by innovation (by whatever means) to beating competators by having a better product (more stable, less supprises, better cooked).
To make a change in basic philosophy requires a redirection of management. The Gates memo is the first step, and I think we can take it at face value. Sure, it's a strategy to further MS's competative edge, but I really don't think that there's anything underhanded going on here. I think Bill is giving the lowest guy on the totem pole a weapon to tell his boss - Here, I want to work this bug out before we release it; if you have a problem, take it up with Bill. That a Good Thing, and I'm planning to be suprised by what the folks at MS can do when they have the will to make a secure product.
SOAP is designed to use HTTP/HTTPS as the most common implementation of transport and protocol underneath. Schnier and Shostack touch on how poor a decision this is. I think this goes a lot further than many developers and companies are realizing.
You just removed your firewall.
The idea of SOAP is to allow IT services to be exposed as remotely addressable and usable procedures. Essentially with every web service or SOAP receiver, you have written a brand new server that parses XML protocol messages to decide on action. Thus every web service you create may have overrun, DoS and other exploits inherent in it, in your code, as you are executing paths based on a message from the outside. Just like a web server, ftp server or any other available server.
So now, everyone has to become better at security, to the point that the web services are safe. Ideally they should all run within a sandbox environment with restricted permissions, but considering SOAP authentication is based on HTTP authentication, the models may or may not match up properly.
Most importantly is that the SOAP specification team, including MSFT and the .NET portions pertaining to web services have basically increased the difficulty of every network administrator's job by stuffing all this over port 80.
Now if there is a vulnerability in a web service, the network admin has to take out port 80, probably taking down the web service, the web server, and who knows what else that's been tunnelled through there. They can't simply block a set port. UDDI could have advertised a port for the service as well, and stateful inspection could be implemented at some level on each service port to increase security and leverage off of the firewalls. Instead, a rat's nest of information is getting funnelled through http/https. The firewalls aren't designed for this, and the inspection task is only going to get more difficult as SOAP grows in popularity.
MSFT is always looking at first to market, and I can almost assure you that for that reason, SOAP was designed around port 80 and into the web server engines. I can also say with a fair bit of confidence that the first time MSFT gets beat to market due to a security review, that the security priority is going to get thrown right out the window of the executive windows at Microsoft if it causes the stock to slip.
> I think it is largely naive for the readership here to snicker and write off MS in this regard.
And I find it rather naive (if not down right ignorant, to resort to name calling so this can be a troll) to believe this won't be more than a marketing ploy. Remember "scalability days"? I still don't see any form of 64 processor nt servers. Not that I'm looking, nor would I really want to.....
Like any of their other "oh, shiney" *cough*inovations*cough*, it will at best require SP's breaking other features, or a whole new release requiring brand new hardware.
Why am I continually reminded of VMS?
Microsoft has already made at least one of these crucial acquisitions in acquiring Colusa Software and turning Colusa's virtual machine technology into the .NET Common Language Runtime. The way the CLR makes buffer overflows impossible can be credited directly to Colusa's work. Microsoft's new programming language COOL, now called C# and branded with .NET, also was influenced by Colusa.
The irony in the ZDNet article: Microsoft was going to demonstrate their new virtual machine a while back, but "decided to cancel its presentation, claiming it did not fit with the show's 'visionary' theme." Now with Bill's latest "visionary email", it's back in the spotlight again as the technology that Microsoft is betting its future reputation for security on. They've been sitting on this one for quite a while now, and it has received the most extensive pre-release beta testing a Microsoft product has ever been subjected to, so they may actually have a chance.
If the past is any indication:
MS will do a barely useful job of improving security, and the press will proclaim that they invented it.
It will be just like multi-tasking in Windows 95 (i.e., "Users can now run two or more programs at the same time!!").
So it has been less then two weeks since BG made the announcement. We can't expect mountain shaking changes from them in this short a time. If they are serious about making their products more secure then we shall have to wait and see. I know that within the IT community they pretty much have no trust as far as their word goes. I say give them the chance to earn it again. Let their actions speak for them not their words. If they do manage to make a reliable and secure product then that is a good thing. If not then we continue viewing them the same way we do now. As a company that can not be taken seriously to produce a reliable product.
In any event for their revenue streams it will be good. I can almost guarantee that the new secure MS Windows, and any app for that matter, will require a fresh install, no upgrades.
Female Prison Rape in NY
...is yet another marketing effort to alter the existing perception that MS lacks security. It is perception that really matters to Microsoft, not reality. Very typical of them to create a new word when one already exists. It's not about security, it about "Trustworthy Computing".
I remember some MS propaganda stating that Linux and other Unix based OS's inherited 30 years of vunerabilities, yet NT was wonderfully secure because it was a much more modern OS. NOW they're making security a priority? Don't tell me M$ has been lying to me!
MS may now be trying to move into to a different market, one that values security above point-and-click.
The BBC sums it up nicely.
Lies about crimes
When I read the first article (Schneier et. al)
I had to congratulate myself and our company for
chosing Java as our development platform.
Buffer Overflows? - Gone.
Dangling Pointers? - Gone.
Uncontrollable access to host computer? - Gone.
Sure the security gaps, shoddy Q/A (i.e. let the customer do this) and worms have made interesting press (including Gartner Groups suggestion business dump IIS, you may disagree with Gartner, but PHB's everywhere listen to them, not you) and is probably costing them a few bucks, but there's still an army of people out there who still buy M$ only, because "nobody ever got fired for choosing Microsoft."
I'm too jaded to accept this as a genuine effort by Microsoft, which has left the security worry squarely on the shoulders of the client, to clean up their own mess and stop making them. I think there's an ulterior motive which we'll see later, like waiting for the other shoe to drop.
A feeling of having made the same mistake before: Deja Foobar
Or you could look at that act as proof that they want to own the security. Not necessarily create it.
Backwards compatibility sells MS products. Losing it will open the floodgates. MS won't do it.
Apple is a very different animal. They can sell anything. Just not to everybody.
In any case, "going back and rewriting everything" always sounds like a good idea, but seldom is.
"Going back and rewriting the worst stuff" is probably a much better idea.
Let's not stir that bag of worms...
Doing that to the protocol was before Bill's memo, but it's indicative of at least a few people involved in security interoperability that really don't get it.
Microsoft will have to drop its spyware and its insane licensing policies before I will try Windows again. Microsoft will have to drop the Globally Unique Identifier before I will use Windows Media Player.
In short, this is a good move for MS, but for me it is too little, too late. I have switched to Mac OS X and will never go back to Windows.
I'll probably be modded down as troll or flaimbait, but then it just shows the /. mentality.
/. mentality: pretending that you're some poor put-upon soul preaching the truth while everyone else around you refuses to listen to reason.
If I had modpoints, I would definitely mod you down. Not because of the article you link to (in fact, I'd mod that +1 informative otherwise) but because of the perfect example of
For every one '-1 Troll' mod that a genuinely informative or interesting pro-Microsoft piece gets, it generally gets +3 or 4 from the 99% of moderators who aren't out just to get you. You're really not being hunted down because you like MS... it's not worth our time. Pretending to be some sort of karma martyr is getting fscking old.
- fader
To me that's where MS is going to have a problem. I don't think any sort of aquisition will help. Security is a mindset. To MS security has always been an after thought after everything else is done. More money isn't the solution. More programmers isn't the solution. The programmers they already have need to "see the light" first. Then they have to do is fix all their stuff, and some of it i imagine couldn't really be made secure unless they rebuilt it from the ground up. Can MS really do this considering their applications tie into just about everything else on the OS? That remains to be seen.
The manager was Joel Spolsky, the article is here, and his site is Joel on software which has a lot of good articles. Since he's a manager with (it appears) a proven track record, bosses might just listen if programmers go to them with his articles. By the way: the place I work at now gets 0/10 on his software development methods test.
czth
Given Microsoft's business success record (legal or not, they make a lot of money) if Microsoft says they are going to focus on security, that should be taken seriously. I have no doubts that if Microsoft wants to, they can make products as secure as their competitors' software. (After all, when Microsoft decided to kill Netscape, they did so fairly well. If they decide to be secure, they can do that too.)
The question is, how badly do they want security? Their new focus on security may require them to make their new software and OS less backwards-compatible, or not quite as user-friendly. Microsoft may have trouble seeing their products' ease of use drop in the short run--they've put a lot of work into making Windows easy to use. So basically it comes down to this: are they willing to sacrifice some ease of use (and beef up their technical support) in order to produce more secure products? If so, great. If not, then it's all just propaganda.
See for example this eweek article:
We're all gonna die anyway, so there's no point in trying to put off the inevitable!
Let's smoke and drink and eat nothing but onion blossoms and have unprotected sex with gutter-crawlers. We're all gonna die anyway!
And we can't forget about Joe - ate well, exercised, etc., and he still got cancer and died at 24. Why bother?....
What will it take to kill this damn "all software has bugs" crap? Of course it's possible to write bug-free software - look up "formal methods" or "correctness proofs" on goggle. It's just very expensive and isn't used unless a bug will result in death.
But more practically, I've been at few shops (maybe one in almost 20 years) that couldn't eliminate the vast majority of their bugs with some simple changes. Things like TURNING ON COMPILER WARNINGS - you would be shocked how many times I've come into a site (as a troubleshooting consultant) with a flaky code base, turned on compiler warnings (which are inevitably disabled), made sure every variable was initialized and functions were called with the right types of arguments and the code was immediately described as "more reliable," "less fragile," etc. Yet this rarely takes more than a week to complete.
If I were security czar at Microsoft (and pigs could fly....) my first order would be that every developer drop everything else to turn on compiler warnings and eliminate these warnings. (Some warnings are acceptable, but not uninitialized variables, wrong number of arguments or wrong types of arguments.) Shouldn't take more than a week, even if function prototypes have to be defined from scratch, and the code will be a lot more solid.
Then there's the buffer overflow issue - "grep" is wonderful at locating sprintf(), strcpy(), strcat(), scanf(), and other problematic code. It's normally easy to convert them to the safer functions. "grep" can also find snprintf(), strncpy(), memcmp(), strncmp() etc with hardcoded array sizes - too easy for the size of a buffer and the function calls to get out of sync if you don't use a manifest constant or sizeof().
Overall, there's about a dozen simple steps you can do that will eliminate essentially all of your serious bugs. Some of these steps can be done quickly, others can be painful if a shop has been sloppy (e.g., 'programming by contract' and adding assertion checking to existing libraries.)
To be sure a nontrivial application will still have bugs, but they're much less likely to be ones that an attacker can exploit and there's no justification for a site not following these practices. Yet we keep hearing the fatalistic "all code has bugs, we're all gonna die anyway!" chants and nobody takes the simple first steps to fix bugs or eliminate the worst of their personal habits.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Dear Bill
It saddens me to see Microsoft exiting the highway of consumer satisfaction into the dirt road of security.
As a long time fan and appreciator the Microsoft way, i feel i must stand up and ask:
Why?
Microsoft has done more than any other company to turn Desktop Computing into a thriling adventure. From the very moment i turn on my PC, i feel i'm entering a world of wonder and surprise, where new adventures can happen at any moment:
- Maybe Windows will not start-up and i end with a black screen.
- Maybe it will start in VGA mode
- Maybe clicking in the explorer toolbar wil result in a blue screen
- Maybe Word will crash when i'm editing an important document.
- Maybe installing the newest IE will make half my applications stop working.
- Maybe after installing the newest DirectX Windows will stop working.
- Maybe i'll open an e-mail an my PC starts acting funny.
- Maybe i'll get a phone call from my ISP saying a Denial of Service attack to the Whitehouse site has been detected from my machine.
- Maybe the mouse pointer will start moving by itself
- Maybe all my files are deleted.
Why? Why do you want to remove all the thrill and adventure from my life???
*What* security problems?
Think about it, if the industry plays dumb the way that Microsoft has for the past 10 years, then they will have to enumerate their history and how they might address the problems. Speculation on my part, sure, but they sure don't deserve all of these free ideas.
I'm an MCSE, and while Microsoft's lameness has provided me with a nice career for the past several years, but I still have nerdy idealism governing my attitude. :) It's been many years that my standards of quality have been much higher than Microsoft's, and now we see that they want to "lead" into the future. Well, start by catching up.
When I was a kid, we only had one Darth.
I agree in principle, but bundling services together is still a bad idea, and in fact Adam and Bruce state that rather clearly at the outset. The ability of the firewall to separate, manage and in some cases via stateful inspection assist in the security of each service separately is still a desirable methodology.
Microsoft's clean break is their new "virtual machine" which is about to be unleashed on the world, AKA the Common Language Runtime [PDF]. It's basically a whole new platform riding on top of Windows (and maybe others if things like Mono pan out), and this time security is supposedly built into the architecture from the ground up.
Sir, I salute you. However, a secure Windows won't appear overnight. At least it's good knowing that Bill Gates had an epiphany.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
The whole idea of 'disable non-secure features by default' is crap. How about just making the features secure to begin with?
Is anyone concerned that M$' new focus on security could really mean that they're getting into the firewall/router market? If M$ says "to be truly secure," you must run our firewalls and routers, and businesses follow suit, that puts them in a good position to displace TCP/IP as the standard networking protocol and replace it with a M$-proprietary protocol.
An acquisistion can't fix their problems. It's not like they can buy some 3rd party program, and then Word and Excel macros suddenly won't work any more. Buying a product won't fix Outlook's "click here to execute virus" user interface. The only way an acquisition could fix their problems is if they use acquired products to replace existing products. (e.g. buy a new word processor and sell it instead of Word.)
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Take all of these things which you mentioned and in X years MS can and will bring it to their OS.
The only thing that MS won't copy of Linux is price. But then again, MS has alot of advantages (non techincal) which Linux will not have. (Professional sales force, mindshare of upper management, closed source digital rights management, premeire gaming software etc)
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
In your story, the problem could have been that the money was simply not available (or some other logistic issue existed) to initially put in locks. But maybe, a lesser (but still perhaps more than no implementation) preporatory 'middle ground' could have been put in.
For example, many doors have no cut out section along side the knobs. (doors where no locking is anticipated) However, why not buy normal doors and frames, but no lockable knobs. Or as I have seen before, have a door pre cut for any cipher locks or such, but put a plate on that section for the later time when the cipher will be needed.
Another aspect of this, is that when security and vulnerability methods change (which they will), it is cheaper/easier to convert.
Or I could be nuts... I have drugs in my right now (no, not that kind) that could be making me rather loopy!
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
They are securing the operating sytem from "attacks" by authorized users.
They patented Digital Rights Management Operating Systems.
Any increased security against unauthorized attackers would be accidental.
If you read the patent you'll see they plan to keep the user locked down with an iron fist. It appears to require a special RightsManagement CPU and continous internet access for validation. Patent has 24 claims (new "security" features), condensed below:
2 refusing to load the untrusted program into memory
3 removing the rights-managed data from memory before loading the untrusted program
4 terminating the execution of the trusted program
5 renouncing the trusted identity before loading the untrusted program when the untrusted program executes at the operating system level
6 securing the rights-managed data written to a page file
7 prohibiting raw access to the page file
8 erasing the page file before allowing raw access to the page file
9 terminating the execution of the trusted application
10 encrypting the rights-managed data prior to writing it
11 protecting the trusted application from modification
12 refusing to attach the untrusted process to the trusted application
13 preventing the untrusted process from accessing memory
14 restricting a user to a subset of available functions
15 restricting a user to a subset of functions available for modifying the trusted application
16 (nothing)
17 operating system causes the processor to create a trusted identity (Requires RightsManagement CPU?)
18 operating system further causes the processor to protect the rights-managed data
19 secure the rights-managed data on the page file from access
20 causes the processor to erase the rights-managed data
21 revoke the trusted identity and terminate the trusted application prior to loading an untrusted program
22 obtaining, from a computer processor, a first value for a monotonic counter (Requires RightsManagement CPU!)
-22a receiving, from the trusted time server, a certificate
-22b determining whether to load the trusted component
23 [presenting] the monotonic counter occurs on a pre-determined schedule (Requires continous internet checks!)
24 date and time at which the trusted component becomes invalid
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Schneier and Shostack are trying to pull one of the oldest tricks in the book. They agree with and welcome Microsoft's new intentions. Then they set out what they think Microsoft will need to do to put it into practise. The trouble is, the very things they list as the first vital steps are exactly the things that are most abhorrent to Microsoft. If Microsoft are going to change anything, these are the last things they would ever consider.
It may be that Schneier and Shostack are trying to pull a very old trick, but they are also very right.
Consider:
Amusingly, in these recommendations, which are anathema to Microsoft, Schneier and Shostack seem to have rather neatly told us what Linux looks like. (I particularly liked the bit about scrapping the monolithic Registry...)
from certain geek types.
I am playing the pragmatic approach with this whole thing. Windows IS in need of a rewriting some parts of it. One example is e-mail (Outlook and Outlook Express) as mentioned in the article. One thing that is mentioned in some posts here is they need to drop the compatablity stuff. I don't really think this is the cause of their problems. If that was true, then Linux and other UNICE's should have a problem as well and we know they don't have a problem running old stuff either. They DO need to drop the DOS kernel which is unsecure in the first place (everything runs as root.....EVERYTHING!). The also need to start dropping support, slowly, for 95 (already done so)/98/98se and ME. Remember these suckers above have no security essentially. The auto download thing never worked right anyway. If they want to notify folkd of these, the should have a automatic check for updates thing ala AOL/Winamp and several other apps and not automatically download stuff and install it. Nothing should be installed unless a admin is at the console. That is a good suggestion. Granted, Debian users can automatically setup a cron job to apt-get update; apt-get upgrade;, but do they do this? No! EVERYONE who uses Sid (or previously the unstable Woody, now in testing) knows what it's like to have working Xfree86 one day and then apt-getting a new version and it friggin breaking things! That's not only a security risk running these automagically update things, but it also can break things causing a server to need a reboot or whatever to fix it. That's why these things MUST be attended when running.
:) ) or to reboot to play games/use something in Windows. If I had VMware, only reason for this kind of a reboot would be for games (until someone figures out a way to run DirectX games under Linux or VMware....). Reboots are bad. Not necessarily for security, but for general uptime. Figure out a way to install and update software without needing this step. Both the changes in security and the reboot thing need ot be handled to increase reliability of these systems.
Microsoft also needs to STOP THE INSANITY with reboots. On Linux, the only four times I had to reboot after updating something or just using a linux system was once when it was a kernel, and again after making a change from HW_cursor to a SW_cursor on Permedia 2v graphics card because if you didn't X would go all wonky, and even then the only reason it needed a reboot was to get rid of the dead mouse pointer (rebooting resetted some clocks or something that made the hardware one go away), if something locked up (beta/alpha code can do this!
Gorkman
Comment removed based on user account deletion
In some ways, Windows is still based on DOS, which was crippled to begin with. It was never intended to do multitasking or run servers.
Besides, when Windoze people note that my unix box is 'obsolete', the best word I can reply with is 'evolution'.
--
The Cap is nigh. Time to get a fresh new account.
Comment removed based on user account deletion
Best troll in a while (in terms of people biting). Modded to +4 and a shit load of comments.
Well done!
quoted from http://www.securityfocus.com/columnists/54
"Regardless, the memo comes at a good time. As the sun sets on Howard Schmidt's days as Microsoft's chief security officer, and he prepares for his new role as the number two man at the United States' Critical Infrastructure Protection Board,"
anyone want to tell me how some one responsible for the most insecure software releases on the market is promoted into a government security role ? wasn't there a joke about microsoft postponing their antitrust settlement until they had a controlling interest in the united states ?
at least we'll have a settlement soon eh ?
- tensions in our lives that are attacking our minds, unite themselves together to make our consciousness blind - op'ivy
Of course you were using NTFS so it recovered within a few minutes.
If you weren't they should pull your OS license.
Microsoft who?
Linux=OpenSource=Freedom
I've written a fair amount of software that uses the NT security facilities.
The NT4 security APIs are totally useless. (read: they've left them half-_BROKEN_ and pretty much unfixed through all of NT4 through W2K through XP)
If you want to manipulate security objects you have to use the NT3 APIs and build the security structures yourself "by hand".
I realize this sounds kind of incredible, but don't take my word for it. Search comp.os.ms-windows.programmer.misc, comp.os.ms-windows.programmer.win32, or even microsoft.public.win32.programmer.kernel for "EXPLICIT_ACCESS" and/or either "GetNamedSecurityInfo" or "GetSecurityInfo".
In this light it's not surprising most Windows software (Microsoft and otherwise) doesn't take advantage of this security infrastructure. It's a maddening pain to actually use.
DNA just wants to be free...
Spot on, my dear old boy! Spot on!
In general, there are three categories of security problems.
The first category is user complacency. The most common example of user complacency is when a user opens an unknown email attachment.
Ummm...how do you open email without an email system?
I bet Roger Sessions of objectwatch.com is enjoying his nice (M$) bonus; that is, if the whole company is not a Microsoft stooge...
-- www.globaltics.net
Political discussion for a new world
Is built in and has been since NT3.1. Each 16bit app can start in it's own NTVDM or you can run them all in one NTVDM -- your choice on an app by app basis.
It works, it doesn't bring down the OS and many apps actually run better in an NTVDM.
... why Microsoft (I say Microsoft and not Bill Gates because I am sure it was a well planned publicity stunt) made this announcement was to assure people that their .NET initiative is going to be a reliable and secure platform.
.NET (the toolkit used to build .NET applications) was released to MSDN subscribers.
If you look at the timing of Bill's letter, it was released on the very same day Visual Studio
You mean the company that was such a major D party contributor? You mean the company that usually had an employee on each presidential plane?
Ahh -- the one who found they could not bribe W as easily as Clinton and was exposed?
Without a doubt MS is now playing the political game. Kinda like the internet -- they didn't create it, they didn't play in it at the beginning and they will probably own it within a few years.
The business of MS is business and they know it well.
As an example, we wrote a test app with a different foundation class library that was bug- and memory-leak free in all of the major WinXX OS's up through 98 and NT 4), and even compilable and bug free back into Win 3.XX. The whole app was a total of 123K: the Microsoft Foundation Class (MFC) [version 3.2, IIRC] test app as created by the wizard came in at just over 1 Meg, riddled with memory leaks, logical errors, etc. Our determination was that it wasn't just a bad wizard -- the MFC itself was causing many of the leaks and problems.
Now then, if you look at the Win API set now (Y2002), it is just that much more massive than when I last actively coded to it -- but the underlying code classes look much the same. [I haven't done a diff, so I can't prove it.]
So accurate or inaccurate, I don't think Microsoft has the corporate will to change from a company built on FUD (fear uncertainty doubt) to a company whose software is something I can trust because it doesn't even look to me like they have fixed all of their original problems in the foundational code classes from the early days of Windows 95.
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
FROM M$:
In order to secure your PC while having a Micorsoft product installed, unplug the power cord from the wall AC outlet.
My other car is a motorcycle!
M$ now offers COMPLETE security and stability for all there products - simply shutdown your system, unplug all cables, disconnect your modem/dsl from the wall and instantly be amazed at how theres no more CRASHES or HACKS in this totally secure and stable environment!
Warning: stability and security may be compromised if machine is operable.
Ave Molech Setting
At least get your facts straight.
You do not need the internet to activate your product. A simple phone call to the number provided will get you your key.
Please, no FUD, it's not becoming of you as an individual, or linux users as a group.
Sounds like you're just another bitter Windows user.
The problem is that an alarmingly large number of people cannot distinguish between the following:
What has happened to the software industry in general is exactly what has happened to the American political process. If you make promises and then cash the check, it doesn't really matter if you deliver. The reason is that people are gullible.
So you think, "gosh, wouldn't it be great if they've finally decided to do it right." But they haven't done it; they've just said that they are going to do it. Any support for mere words on the hope that it might come to pass will remove any incentive for actually doing it.
Most people get off so much on the hope and the promises that they don't realize how they're encouraging integrity-challenged behavior with their actions. It takes a real cynical bastard not to get caught up in this, and then we get told, "Oh, you Microsoft Bad Religious Types."
> Bruce Schneier and Adam Shostack have written a
> piece, while Crag Mundie of MSFT has also chimed
> in, along with some commentary from ZD folks.
> SecurityFocus has other words, as does
> InfoWarrior.
Do you guys ever read the shit you post?
Troll me if you will, but...
.net strategy is to really take off the way they plan. I do not want MS to succeed any longer. I despise their business practices and moral choices: destroy competition to the detrement of an industry, lie in federal court, put politics and PR above software quality. They don't deserve any more chances to change their ways, and so I hope they fail miserably while I stay as far away from their products as possible.
I sincerely hope they fail. Unfortunately, if they succeed they'll only strengthen their monopoly. They need a better image in the area of security if the
If they keep making a mess of their software's security, it'll help convince my company to move away from their products.
Developers: We can use your help.
About the Denny's story. Has to be an urban legend. I think it unlikely that you could save any money on outside doors by leaving out the locks -- it's a standard feature on a mass-produced item. And even if the story is true, the locksmith bit has to be bogus. I once worked in another 24-7 operation -- a 7-11. Front door lock was there, but not functional. (Propably rusted solid from disuse.) And 24-7 or not, we did sometimes have to lock up. Solution is available at any hardware store and does not require a locksmith to install.
I find it funny that you, a reporter for Business 2.0 as you proudly proclaim on your website, would call "bullshit" without doing your research. For shame!
Also, the parent post included a disclaimer stating that even if the story wasn't true (and it was), the moral of it was true.
how can you all be such idiots?
I guess because we weren't privledged enough to go to Cal.
ps Since I'm in a pissy mood I'll ask the following: Do you get to submit your articles without any capitalization?
END OF WEENIE BASHING RANT
Lasers Controlled Games!
6 years ago, MS did an about face on their views of the Internet. Like it or not the big company acted pretty nimble , changed direction and stayed focused.
.NET
While IE sucked at first it is now a pretty good browser. Most of their products seem to follow this pattern. I would predict their security will suck as it has been, slowly getting better until it's quite good. 2-3 years.
OR this is a complete PR move to help
It will be interesting to watch.
This one kills me. From Craig Mundie:
"Many people today are still reluctant to trust computers with their personal information, such as financial and medical records, and few people would knowingly entrust their lives to them"
Every time you fly on a plane your life is in the 'hands' of computers. Every time someone gets an x-ray or a CT scan or any one of many now normal medical procedures you are entrusting your life and health to computers. Most (if not all) medical and financial records are entrusted to computers.
We do it everyday and the reason we do it is because these devices are designed and built by companies that have earned our trust by building quality products to very strict specifications for safety. These companies have good track records of safety and if they have problems then they are reported.
What Mr. Mundie should have said is:
"Many people today are still reluctant to trust Microsoft with their personal information, such as financial and medical records, and few people would knowingly entrust their lives to Microsoft."
--
-- Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
The one thing that I found interesting in Schneier's article was that Gates's memo says that pay will be tied to a product's security. If this is actually implemented as a policy internally (and is not just for public consumption) then this could actually changes things. People will go to great lengths to get their bonuses - I've seen this in real life.
I'm still skeptical about Gates's commitment to this, but it wouldn't be the first time the company was turned on a dime by the BG (Bill Gates or Big Guy - whichever you prefer) - remember that they did this for the Internet as well, which they originally missed the boat on.
Sigh. My id isn't prime. 2 2 2 2 2 3 5 313
Please accept my humble apologies.
Lasers Controlled Games!
msft secure is more of a long shot.
Why does no one in America talk about the Softimage case? You know, the French couple who mortgaged their business, lives, and home just to defend their rights against Micro$oft... and WON! 'Course, M$ still has yet to pay up the piddly amount of cash. This column has links to and explains the reasons why fighting M$ is a death knell for any company (or perhaps Supreme Court Judge *snark*)
Oh yea, Slashdot rejected this story. Hmmm...
Cyberia by Jack Kapica
I was going to do exactly what this fellow did, but he beat me to it. Clever. Let's hope this URL gets around: http://www.trustworthycomputing.com
He who refuses to do arithmetic is doomed to talk nonsense.
who uses the word trustworthyness when dealing with computers? It's not like they can lie to you, or decieve you... they do what you tell them... or laugh at you and seg fault
This is a good post. You are taking the opposing side from one of the replies I posted above.
I pointed out that the weak security characteristic of Microsoft is a direct result of them making everything so damned easy to do. They strip away the limitations of the software architecture, enabling more powerful apps but at the same time opening a great number of security vulnerabilities. You are suggesting it is worth it. Obviously Schneier and Shostak disagree with you.
As someone who works in the security industry, I can't agree. The more we tear down those boundaries the more vulnerable we leave ourselves. If the Internet is ever to live up to its full potential, especially in economic terms, we have to protect ourselves. Unless we start admitting such tight software restrictions are necessary, things like Internet fraud and web worms will keep increasing in frequency and severity.
I think you are right that it is impossible to "go back". You can't turn back the clock, and while I may think Microsoft did it wrong, it is unreasonable to think they will do it over again.
See #3 and #5, if that doesn't convince you, you probably think the Lincoln/Kennedy thing is coincidence too.
Top 5 G.W. Bushisms
1. "If I'm the president, we're going to have emergency-room care, we're going to have gag orders."
2. "It's one thing about insurance, that's a Washington term."
3. "Well, I think if you say you're going to do something and don't do it, that's trustworthiness."
4. "We cannot let terrorists and rogue nations hold this nation hostile or hold our allies hostile."
5. "I'm gonna talk about the ideal world, Chris. I've read -- I understand reality. If you're asking me as the president, would I understand reality, I do."
3 versions, 4 versions.. next year it'll probably be 12 versions according to some people :)
Win 3.1 was the version that marked it as "arrived" - We don't hear about the earlier versions very much - they were there but nobody would buy them. There was Interface Manager (original Windows), then there was Windows 286.
In IE, can you give me the release dates for versions 1.0 and 2.0? I don't remember them at all. It was when Win '95 came out that version numbering became a marketing function. And since by then it was common knowledge that MSFT never "gets it right" until version 3, guess where the marketroids started the version numbers? Of course, then they pretty much gave up on version numbers...(Pop quiz: how many versions of Win '95 were there? Win '98? Win ME? With NT/2K, you just needed service packs to be up to date. (Oh yeah, why Win 2K and not NT 5? marketing not engineering - and pretty darn stupid marketing - it caused a bunch of the same versionhecking problems that the change from Win 4 to Win 95 did)
If you consider the ability to play games as the criteria for workability, then Linux still ain't there for me. I have to exit it completely to play the games I like.
I've played with several browsers myself, and I like Opera 6 best. Competition is GOOD. But both MSFT and AOL want to make it illegal - it is easier to make your marketing forecasts when there is no mechanism for change that can upset your applecart. AOL really bought Netscape as a weapon to use in a legal battle - the same way Caldera used DR DOS. They will not bundle it into their AOL environment for technical merit.
You either believe in rational thought or you don't
"So now, when we face a choice between adding features and resolving security issues, we need to choose security." -Gates memo.
I.E. we can't think of anything new to cram into windows that anybody would actually WANT (and it's getting harder to copy stuff since all our remaining competition is a Unix variant and can address things like latency that we'd have to throw windows out and start over to address) so we're going to stop doing new things and put a happy face on it. Heck, you're all going to a rental model anyway, we don't HAVE to do new stuff anymore. You'll keep paying us anyway or you desktop will stop working.
Rob
Sorry... a lot of software written third parties for Windows may use MFC, but Microsoft definitely does not use it in anything larger than a toy application. There are a number of "consumer-grade" technologies (MFC, VSS, etc.) that are marketed by Microsoft as developer tools, but which are avoided internally.
Sigh. Let me guess - you linked statically, right? Aside from being a silly thing to do, it's (traditionally) the way that *nix folks blame VC for "software bloat"... they jump up and down saying "See? See? BLOAT!" until you point out to them that you get the same "bloat" under *nix if you link to the static version of glibc. But I guess that's different.
apparently this editorial about Trustworthy Computing was missed.
it's a dog & pony show to make jim & betty average feel better. and the settlement/security API loophole sounds right, too.
trust me, if anything tumbles out of bill g.'s mouth in public, it's very likely to have been premeditated, and very unlikely to be benevolent.
www.pixelectric.com
The first few suggestions - e.g. separate code and data, use secure default configurations - sound great, but I think Schneier and Shostack go a little bit too far when they get to this point:
One year? One year?!? Does Linux do that? Does anyone? I'm sorry, but a year is a damn long time, and this is a time-based business. Making their protocols public at all is a big pill for Microsoft to swallow; expecting them to develop a protocol -which might define much of a new product's functionality - and then sit on their hands for a full year while security experts diddle and competitors get a head start implementing Microsoft's ideas is just ridiculous.
The next part is almost as bad:
Translation: "We feel left out, and the dot-bomb has left us destitute. Send some money our way to make us feel better, and maybe we'll change our tune." Shameless. Constructive engagement with the security community is well and good, but Schneier and Shostak's "suggestion" as given is little short of demanding protection money. Thought experiment: substitute "government" for "Microsoft" in the above and consider whether such an arrangement would qualify as corruption.
Really, if those last few paragraphs had been left out it would have been an excellent article, but they got kind of carried away there at the end. What a shame that an opportunity for a truly constructive dialog was pissed away out of greed like that.
Slashdot - News for Herds. Stuff that Splatters.
One year? One year?!? Does Linux do that? Does anyone?
Besides the point that "Linux" doesn't create standards, one year isn't a huge amount of time to wait before making changes.
expecting them to develop a protocol
Re-read what you're responding to. Where does it say that MS has to wait for a year before they implement a protocol?
Once a protocol (which might also include file formats) is published, waiting a year before extending-and-embracing it sounds like a good idea to me.
Or have I just been trolled?
Reading Mundie's article made it crystal clear what all of this Microsoft security stuff is about. It has nothing to do with increasing security of their products, per se. It's all about engineering a market perception that Microsoft is a single entity that has the ability to make announcements like this, to offer commitments (empty or not), and be a focus of trust. Read the article -- note the implications that in order to have trust in software, you need some corporate entity in which to place your trust.
Guess what competition will be easy for their marketing machine to paint as being lacking in the trustable big established multi-billion-dollar company department? Sure there's IBM, but experience suggests that Microsoft are fully up to the challenge of out-marketing IBM.
I read my security logs like other people read the newspaper. Without all of the hits coming in from hacked Microsoft platforms, what am I suppose to do with the first half of my day?
The race isn't always to the swift... but that's the way to bet!
Do you see that if everyone had the same mentality as MS, using any kind of electronics would be a hassle of a ridiculous order and nobody would do it. There are only a few apps that require this kind of nonsense and I truly hate them for it.
Dyolf Knip
I'd have to double check that. But we ran a code stripper (which removes all code which is uncallable) to pull out the bloat ... and the app dropped to 763K. Still leaked like a sieve, but this was admittedly a wizard app. My point is that the problems with memory leaks, etc. were in the MFC, not in the linked in code.
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
It would be good if the people who spend so much time attacking Microsoft's security issues considered that UNIX generally and Linux in particular are not exactly fault free.
How can anyone who runs sendmail throw stones at Microsoft? sendmail is a textbook case in how to write software that can never be secure. The program breaks every single one of the rules Bruce and Adam set out. There are plenty of better alternatives, yet sendmail remains the default through sheer inertia (you might want to route some bang path UUCP or OSI mail sometime you know).
UNIX only became secure as a result of trial and error. There never was a security architecture worth a damn. For many years the main contribution to the security world from the UNIX security architecture folk was discouraging people from using shaddow password files.
The security model of all modern operating systems is based on the security model of MULTICS and comes from the age of the Multiple Access Computer. The security problem is defined in terms of a single machine that has multiple concurrent users. The addition of the network is an afterthought.
What this means is that very few of the security features in a modern O/S are actually of the slightest relevance to a machine running a Web server. In effect we end up with two parallel permissions structures, the one managed by the O/S and the one managed by the Web server.
Win2K and XP have Kerberos and PKI integrated into their core. The standard condfiguration supports IPSEC, S/MIME, SSL, Kerberos, Smartcard login, Encrypted File system. Measuring security in terms of cryptographic features Microsoft wins hands down (Microsoft are good on features).
Linux on the other hand is not in anywhere near such a good position. Security packages are available but it is left to the end user to integrate them. Linux also lacks anything that resembles the 'Security Administration Guide' mentioned in the rainbow series books.
Security is not a binary condition. The problem I see for Linux is complacency. There are too many weenies out there whose knowledge of security is actually minimal who tell people Linux is secure because that is what they have been told. None of the O/S on the market are particularly secure. Windows has a great security architecture that the crappy applications completely bypass. UNIX has a crappy architecture and some very well tested applications whose security bugs have been largely eliminated by trial and error.
People in the OSS community can go arround telling each other that Linux will always be more secure than Windows if they like, but that won't make it true. Gates has essentially served notice that Microsoft is going to be upping the ante here. That does not mean that they will win, but a lot of work is going to have to be done if Linux is going to keep up. Fotunately it is not necessary to integrate PKIX into Linux as Microsoft did with Windows, the OSS community could skip a PKI generation and move straight to using new technology such as XKMS and SAML.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I mean, even if this does work out, I'm not ready to forgive them for the decade of trash software they've been releasing.
But that's just me. Forgiveness should come with a penance, and somehow I doubt Microsoft is ever gonna pay.
Magius_AR
i cant belive i got modded down for trying to be funny?!
Ave Molech Setting
SOAP traffic is actually quite easy to detect in HTTP, just examine the Content-Type field.
Uh-huh. "SOAP is easy to detect, just throw away your simple, efficient packet filter, and install something that examines every stream, which of course requires a ton more horsepower."
Sorry, this is nothing more than an attempt to sidestep the issue.
Re the black screen at bootup -- this happens (on rare occasions) with ALL versions of Windows (back at least thru Win3.1 that I know of) and sometimes (equally rarely) with DOS apps that put the screen in graphics mode, like DOOM or PrintMaster Gold.
The point where Windows will sometimes just die (and I've had it happen in linux too!!) is *exactly* where it switches to graphics mode. It happens on all manner of hardware, not just on some specific video card (and is not specific to VESA 1.2 or 2.0, nor whether 2.0 is real or faked) or motherboard or whatever.
I've become suspicious that it's something fundamental to how the mode switch is handled at the lowest level, therefore not unique to any particular app or OS. I don't know enough about video coding to speak intelligently about it , but I do know on machines where it's a regular problem, if Win32 startup is slowed down, it's less likely to happen. Makes me think some video memory write is sometimes unexpectedly delayed during the mode switch, doesn't get its ass out of the way in time, and gets clobbered, thus the black screen (usually for good). Ooops!
~REZ~ #43301. Who'd fake being me anyway?
You are reading them all wrong. Microsoft has shifted focus several times in its history. From the DOS-type environment to Windows. To the LAN. To the Internet. And now Security. Yup, Security with a capital S because it will, of course, be MS-style security. They have played the games differently with everything else (LAN, Internet, all kinds of standards), and they will set the rules here as well.
Realize that it will take them three or four tries to get this Security thing down though. It has with everything else:
- How many incarnations has MSN had?
- Do you even remember Windows 1 or 2 -- or even 3.0? (I'm sure someone will reply in the affirmative, but most of you haven't)
- those stupid e-book tablets (haven't won here yet) or palm computing (same here)
- What was the first version of IE that didn't completely suck? (You want to say that IE is different, but it isn't. They basically play all their games this way.)
And with $20b in the bank, they can afford to have an army of coders comb through existing libraries looking for defects. They can afford to have scores of UI designers and HCI evaluators to see exactly how much security people are willing to deal with. Better yet, they can afford to screw up two, three, maybe even four or five times before they finally get it right. And the world will just have to live with it.
They will screw up someday. It might be Security that does it. It might be something else that brings them down. But don't just dismiss the new Security focus as FUD. Pay attention.
The Daily Build
Microsoft is extremely concerned about security. That is why we are launching the new "MicroSafe" program. Simply register with us online and submit your credit card and bank account numbers. Follow-up by sending us all of your money, jewelry and sensitive dosuments. We will safeguard these for you free of charge. You'll never have to worry about security again!
Privacy Policy: Microsoft will only share your MicroSafe assets with licensed partners and affiliates.
ActiveX should eliminate all controls that are marked "safe for scripting."
Doesn't he mean:
ActiveX should eliminate all controls that are not marked "safe for scripting."
????? I'm confused here.
If you remember the last big Memo Bill Gates Sent out was about changing Microsoft over to be an Internet Company and how long did it take for them to become an Internet Company? Not very long, so I think this Memo will be a big step for them. I think they will seriously Focus now on security since the Core of their Features are in. .NET to survive they have to make sure they can be secure along with having an easy to use OS.
If they want
....Microsoft will now begin implementing the MS Global Lock. The Global Lock will provide world security by sending all data, personal, corpoate or otherwise, to Microsoft HQ. This is designed to ensure that no company can implement any products which might subvert the MS Global Lock. Politicians will no longer be able to cover up data,and private citezens will no longer be able to take part in private discussions (this ofcourse designed to make life more secure for everyone). This data will be availible to no one except Microsoft. Trust us.
The scary thing is, I don't know if I'm being sarcastic or not here as this sounds like something M$ could implement. Makes me glad I own a mac.
T Money
World Domination with a plastic spoon since 1984
1 memo = 2 slashdot articles.
I mean come on. This is why MS can do whatever they want, even opponents focus entirely to much on MS. Great Billy writes an email and the world wants to analyse it. Please less MS news unless really needed. To hear all the MS shit I could simply go to MSN.
Sorry I am just getting real tired of one or two MS stories a day. Most of which don't seem to be very thought provoking. Yeah sure MS cares about trust and safety. Right after $$$$$$$$$$$.
I see a story on a Linux distro what three times a week? Yet MS get day after day of their name in headlines. Has Redhat, Mandrake, Suse released no news?! More balance would be nice is all I am saying.
You bitch and moan like women about Microsoft not being worried about security. Then when they plan on doing something about it you bitch and moan about that.
You stupid motherfuckers.
From the bbc...
The report by the computer and telecommunications board of the NAS said that currently software makers do not have enough incentive to ensure their products are secure.
It recommended that the US Government consider amending laws so that software makers can be held liable if their products put the public and businesses at risk.
--congress could also be afraid of viruses containing political messages, hmm..
Considering the fact that most all software is hackable, until secured, only those with deep pockets would be left standing.
I wonder if those doing the reports aren't predispositioned for desired conclusions by lawmakers. On it's surface, this looks like it would be good for the industry and it seems like a sell with the linux crowd as many linux people complain about msft's weak security, however this could be a poison pill for free software distributors. I feel peer review is the only for sure way to get code secure, so any legislation should EXEMPT software makers who release their source code AND allows for modifications and sharing of those modifications; otherwise, if the east coast code fails to make this exemption, take it for what it is; an attempt to squash everyone but those with big pockets, ie msft!
It seems that he confuses the real issue here, Security, with another, Safety. These are different trust acts. If I believe in the safety of my car I may drive it. If I trust the security of it I would leave my laptop in it, but of course I would never do that and I dought if the auto industry has the motivation to make a more secure vehicle ever. I also really dought that MS has that motivation either, beyond a simple PR game. As long as the OS doesn't get used for things like airplanes or nuclear plants safety is not an issue for MS OS's. If OS crash caused death...well then we would know were most Windows users would be.
I worry that the industry on all levels, (vendor, developers, admins) will never gain that leave of trust because security is not the priority for us and we often drop the ball, just MS drops it the most and in very big ways. But still this issue is important for everyone in the industry not just the vendors, though considering their position they play their role is the most important. Lets face it all OS and Apps have security issues, some a lot more than other, and even the most secure system is made moot if the admin or developer is not awaire of security issues relating to their jobs.
On another note there were some very good suggestion on how to improve security in the other articles. The one that caught my eye is using the most secure default settings. I work in a MS world and a lot of my development work is web based Enterprise apps, so I have a IIS box on my home machine to play with and learn on. One of my favorite games is to expose my box to the internet and see how secure I can make it. In the case of default setting in IIS and NT this is a lot of work. The funny thing is that I started this game prior to the release of code red. My box survived it, much to my suprise. So MS made all these fancy patches to address security problems that partically could have been avoided by better default settings. Of course that would not address the fact that many of these feature had/have huge security holes, but the effect of code red and friends would have been greatly reduced with better default settings. From looking at the log that I keep on HTTP requests I recieve, Perl and REG EX are a wonderful things, the majority of infected requests at my door come from @home installs. Of course the percentage is due more to the nature of how these worms scan the net (start local then go more global).
Back at the start of the 1990s the general consensus in the computing industry was that UNIX could never succeed outside academia because it was chronically insecure.
...UNIX generally and Linux in particular are not exactly fault free. ...How can anyone who runs sendmail throw stones at Microsoft?
...sendmail is a textbook case in how to write software that can never be secure.
... yeah.
Citations, please? By most accounts, Unix had already penetrated far outside academia by the time the 1990's rolled around.
So what? Does one sin excuse the other? Is there any lack of focus on Unix and Linux security issues? If I run IIS do I give up the right to criticize Apache?
Never is a long time. What box-breaching flaws are in the latest release? Oh, you were referring to those older releases still installed all over the place. Like the old NT 4 boxen, and the unpatched IIS, and Win95's nukable TCP stack, and
My retort is the same as Microsoft's: UPGRADE
The program breaks every single one of the rules Bruce and Adam set out.
Bruce and Adam are not the only ones writing rules. Appealing to authority plays well to the unwashed masses who don't know any better. That's why it's a favorite of Microsoft spin doctors (and government spin doctors, and media spin doctors, and...)
UNIX only became secure as a result of trial and error.
This is partly why it has the level of trust that it does. We have experience with it, and know what to expect.
For many years the main contribution to the security world from the UNIX security architecture folk was discouraging people from using shaddow [sic]password files.
I think you meant "encouraging people to use shadow password files".
Win2K and XP have Kerberos and PKI integrated into their core.
What does that mean?
The standard condfiguration supports IPSEC, S/MIME, SSL, Kerberos, Smartcard login, Encrypted File system. Measuring security in terms of cryptographic features Microsoft wins hands down (Microsoft are good on features).
Microsoft is also good at winning irrelevant feature comparison contests. What is there to assure anyone that these features are any more secure than the other featureful crap that got Microsoft into trouble in the first place? How do we know these services do not harbor even bigger holes than the ones we know about already elsewhere in the OS? At least with IIS, we can have a clue that it ought not be left turned on except where it is required. Who is going to turn off security "features" as a matter of course, even if it's the right thing to do, as it is with IIS features? Today's features are tomorrow's embarrasing exploit. It matters not one bit whether the features are characterized as the "security" type of features. If they are written poorly, they can be exploited. If they are not needed, but are enabled anyway, they pose a needless risk. Needless risk is where Microsoft excels.
The problem I see for Linux is complacency. There are too many weenies out there whose knowledge of security is actually minimal who tell people Linux is secure because that is what they have been told.
That's pretty fucking funny. Complacency on the part of MCSE-types is why Microsoft software is such a problem. Nimda was not propagated by web servers running on Linux. It was propagated by IIS webservers running on Microsoft systems operated by complacent Microsoft admins.
But Linux users and distro preparers are learning. Newer distros come with everything turned off. Even after it was shown that unwitting NT and W2K users' PCs were propagating worms because the users had no idea a web server was even running, much less that it needed patching, XP still comes with everything turned on.
Wake me up when XP2 ships, and let me know if stuff is still on out of the box.
Windows has a great security architecture that the crappy applications completely bypass.
If it was a great architecture, the apps would not be able to bypass it.
Edith Keeler Must Die
DRM is exactly what this is about. Maybe PR, too.
, 00 .html
see:
http://cryptome.org/mpaa-v-net-mg.htm
http://www.wired.com/news/politics/0,1283,46655
"At the heart of the fight are two questions: whether computer users can continue to be allowed to have the abilities that computers have had since their invention, and whether the content companies can survive in a world in which users have that power. What's been missing from the debate so far has been the users themselves. It seems safe to say that most computer and Internet users like to have choices -- choices both of the content they consume and of the kinds of tools they should get to use. Still, maybe citizens would say they're willing to give up "general-purpose" computers and willing to use, instead, systems designed to prevent them from engaging in willynilly copying, if that is the price you have to pay for compelling music and movies and television over the Internet.. "
...
I've been in enough situations where an application implemented by someone who didn't think through the design clearly enough had to be rewritten to meet new fundamental requirements, or, in some cases, to even work.
I don't believe that any actual programmers (i.e. the people who occasionally state they need to rewrite something) would make such a statement. As delicate as software is these days, it shouldn't be too much of a stretch to assume that some things cannot be repaired. Often, a prototype is thrown together as a proof-of-concept and needs to have its functionality designed to fit into a proper application, but instead, stuff just keeps getting glued onto the original prototype.
In a recent case, I had a very large application that was written in perl. It performed very badly and was all but impossible to extend. The business specification for the next version of the application included a lot of functionality we would not be able to add to the existing code base. We determined that we could, more quickly, create an entirely new code base in a new language that included all of the new functionality and all of the old functionality that was actually still used faster than we could've retrofitted the new requirements into the old code. We did.
It's ridiculous to think that the sum of work of a ton of junior programmers makes up an implementation that's worth retaining simply because it's there.
-- The world is watching America, and America is watching TV.
This reminds me of a presentation I was at last year, by a director of IT at a large bank division (the kind of place where you need a 5 year police check, etc). The key quote I remember was "Trust can't be bought or sold - Trust is earned". Considering MS's history, what have they done to earn my trust?
I use Macs to up my productivity, so up yours Microsoft!
If Microsoft's claimed change of policy about the security of their software is, in fact, a sham, we should see detectable consequences. As you noted in your news.com article, any actual change must result in a major slowdown in releases of new products and product features.
Before any such change (or lack of one) is evident, though, the first hint must be a change in their P.R. approach to discovered holes. Until now their spin has been that security holes just don't matter very much. They posted patches on their (indifferently maintained) site, but wouldn't do anything so expensive as recalling the faulty product from the distribution channel, or notifying affected customers, or offering refunds (never mind paying customers' expenses).
Now that security holes have been officially recognized, they can't be treated as merely cosmetic -- the equivalent of a Cracker Jack box with no toy -- but a real response is expensive. If the new security focus is a sham, expect to see more official denial. Most security holes will get only P.R. treatment, portrayed as "ordinary" bugs, or blamed on incompetent users, insufficient firewall protection, or "terrorist" hackers. There might be a quota, where no more than four holes per year may be treated as (expensively) real, while the rest are officially buried.
Their problem is that secure software isn't just software that has been audited for buffer overflows. Software is so complex that almost any fault can have mysterious consequences, any of which may (also) be a security hole. As the OpenBSD Project has explained for years, the only secure software is correct, reliable software. You don't get that by adding a security officer or auditor to each product team. It takes a complete overhaul of the software production process, and a complete turnaround in the attitudes of the entire engineering and engineering management staff. Without such a wholesale overhaul, the flow of bugs and (consequent) security holes will continue unabated, despite any management prohibition.
I sat next to a Microsoft coder (and sometime manager) on a flight from Seattle recently. He explained that as long as a coder's bug count was below some level, the bugs could be ignored, and the coder could continue implementing new features. If the bug count crossed the threshold, he would have to stop until it was brought back down -- not to zero, just to the limit. This systematic tolerance for faults of all kinds is why their software is so bad today, and it won't change quickly. Nothing in the press release suggested that they saw security as inextricably connected with reliability.
In the meantime, P.R. games are far cheaper, and arguably more effective. Is the problem really that Microsoft products are shabby and insecure, or that they are now perceived so? Everybody who would like to continue business-as-usual will say it's the latter. They will play up the effectiveness of MS's "responsiveness" to security holes, and pretend that "effective response" is a substitute for shipping reliable code to begin with. Reliable code, after all, doesn't generate fawning press, or indeed any press at all.
I saw a similar process in action, starkly, sixteen years ago. IBM and HP had both introduced their first PCs with internal 10-megabyte disk drives. The HPs cost a little more. IBM offered theirs with a "service contract" at about twice the price difference. Over the course of the next year *all* the IBM drives failed -- which, it turned out later, IBM had expected -- while HP's mostly survived. IBM got reams of favorable press about how good their service was, for replacing the drives on the spot (albeit only for customers who had bought the service contract!). IBM came away with a reputation for good customer service. HP got creamed.
In summary, if the new security policy is a sham, expect to see Microsoft engage in periodic, massively orchestrated "responses" to selected embarrassments, and to become much more reticent about the rest. Expect no change in their warranty disclaimers. Expect analyst reports proclaiming that MS products are now more secure than the competition. The effect will be a net decrease in the ability of their customers to maintain secure servers, yet if the P.R. campaign succeeds, most customers will perceive the "security problem" as solved, and continuing reports as stubbornly persistent old news.
Pardon my ignorance, but I've seen this term used quite a bit in regards to bugs. What exactly is a buffer overflow, and how does it work? How does one prevent a buffer overflow from happening?
Last night I shot an elephant in my pajamas. How he got in my pajamas I'll never know.
The difference is far from subtle, the major difference between CGI and Web Services is that in the early days of CGI people would have cshell scripts processing the queries.
So in a short time people discovered that you could cause all sorts of programs to be run simply by sending a query of the form http://xx...xx?a=x;rm+-rf+* which would result in some script executing
greet x;rm -rf *
Give or take the correct URL escape hackery.
Rob and Ari discovered the joys of shared libraries pretty soon after their CGI hack. OK CGI is easier to get started in than the Apache or NSAPI plug in architecture, but it is a lot more secure. What do people use though?
The fact that there are still books arround with three inch spines and the letters CGI on the front cover selling by the hundreds in Frys tells me that there are plenty of folk using what was a one night hack by two undergrad students who have since mended their ways. Even so those same folk will go off and throw stones at Mr Softy.
Incidentaly I was in the next room when Ari wrote the CGI spec and I can assure you that the idea that there might be a security issue did not occur to him when he was writing it.
The difference is that at least on the client side is that if I hack a website with SOAP web services the results can now affect the software running locally. Thus manipulating software on the client side to do things they were not intended to do.
No, this is not the difference. In IIS the Web service runs as just another back-end service provider.
SOAP does make it easier to export a DLL library to the Web. So if an attacker got control of a machine with Visual Studio .NET they could cause the individual all sorts of grief by exporting their system DLLs as SOAP services, but there are already trojans that allow execution of arbitrary code and the firewall should not allow incomming HTTP requests on the internal net in any case. So yes SOAP provides an additional and somewhat more artistic way to torment a machine that has been captured, but it does not introduce a new way to torment a machine.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Second of all, if you actually read the article, you'll find that the systems were in fact test systems, so the IT professional was doing exactly what you recommend. And, based on the results of the test (namely, the systems were unable to incorporate essential security patches from Microsoft), I'm sure you and I would agree that Windows XP is unsuitable for production use.
Which was my point.
The eweek article I linked referenced several sources, of which I only quoted one. I could understand if it was one particular configuration of hardware, but the diversity of negative experiences seems to indicate that this problem is more general than just one configuration.
It was not original or funny at all.
There is one and only one reason for M$ "new" focus on security. I remember reading an article (I think the link was through SlashDot, although I'm not positive) that said the congresscritters were considering removing the liability protection software makers enjoy. This "new direction" is the M$ attempt to head off any such legislation.
Keep in mind the fact that microsoft will not simply stop and do only security/bug fixes. It is now just the priority.
.net that will not change. That is crucial.
IMO, this was actually planned by microsoft. They got lightyears ahead with their technology, with features, now all they have to do is sit on it as it sells, and create bug-fixes. Not only does this make the product more stable and secure, but they also have an initial standard for things like
Oh no! This can't be. How then can I order
tons of armaments from Lockheed, from
Smith and Wesson, and from General Dynamics
without being detected? Microsoft is the
greatest company in the world! Bill Gates
is blessed by Allah. You slashdotters are
evidently pro-Israeli. You are removing the
one thing that allows us poor Arabs the
ability to destroy this infidel nation in
our midst. Bill Gates, do not believe what
these Pro-Linux zealots are telling you.
Your products are great, and VERY SECURE.
We have been smuggling American-made weapons
into Palestine, Afghanistan, Chechnya, Somalia
and the Philippines for years! The Republican
and Democratic parties are paying for the goods
and shipping without their knowing it. All of
this courtesy of Bill Gates. All this done
securely! Without the armaments producers
themselves not knowing we ordered them!
HOW MUCH MORE SECURE CAN YOU GET?
OpenSSL provides lots of hooks for various types of crypto. OpenSSH (probably) just hooks onto those.
Your argument that people 'have to accept it anyway' is very interesting. I am unable to understand how you, or anyone else, *has* to buy Microsoft software? I can think of atleast 1 decent competitor that offers nearly everything Microsoft offers, Apple Computer. Sure the apple does cost more when it comes to hardware but you get what you pay for. Same goes for Sun on the server side. In reality, no one is FORCED to buy Microsoft software but rather people CHOOSE to buy Microsoft software. They COULD pay more for the Apple. They COULD hire expensive admins to manage a cluster of 5,000 Unix boxes. In short, people will continue to use Microsoft untill something "better" comes out. And remember that each person has a completly different view of what exactly "better" is!
Has anybody considered...
- Bill Gates, possibly the most hated being in the entire world of technology;
- His statement, that from now on, Microsoft will focus on security, implying their software will be secure;
- The possibility that maybe, just maybe, this might not be lip service or a smoke screen;
- The number of both hackers and crackers who'll stand up and take this as one frickin' huge challenge for the fun of it?
Wabbit Season, Duck Season, renewed Micwosoft Season?
Trustworthy???!??
After the MS-DOJ trial, MS wants to convince us they are capable of it?
This still leaves the user with the "Janitor and the Vault" problem. Does Bill gates use the same key for his office door and the company vault full of bearer bonds? If he does, hten he needs to either not allow the janitor to clean his office, or he needs to give the janitor acess to his office and the vault.
The propper way of doing this is to allowte user by default to xecute attachments, but the attachments are sandboxed so they can't make network connections, can't create file handles, and basically canonly play sounds and display pretty graphics. If an email attachment needs to do more than this, then something's wrong.
The *nix world isn't much better, btw. I'd love to see the Unix process model modifed so that executables by default ran as a seperate uid from the user invoking them, and unable to do anything except write tings to the screen, ply sounds, and open files owned by the execuatable. If an executable needs a file handle for one off my files, it needs to pop up a dialog box and ask me nicely for me to open the file for it, This wouldn't necessarily mean major code changes, but it would cause problems for many daemons unless the daemons were run setuid root or something almost as bad.
Ah well, Apple has always ahead of its time.. maybe Apple will ge this right and really force me to go out and go get one of those meaty SMP RISC boxes.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
I'm not buying it, but then I can read C. Those who cannot read C can trust in Red Hat and SuSE to keep tabs on the kernel hackers, but Red Hat and SuSE probably do not wish to spend their marketing dollars attacking such a target, and they cannot spend as much as Microsoft can. Plus Linux vendors cannot claim the "ground-up" ;-) stance that Microsoft claims it is using to ensure trustworthiness (not security.)
end of line