Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Community Reacts to Microsoft Announcement

Posted by Hemos on from the hope-against-hope dept.

A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.

21 of 471 comments (clear)

  1. MSFT? by crow_t_robot · · Score: 2, Funny

    I watch that MSFT3K all the time and they never talk about computer stuff... I am suspicious of the validity of this reference...

    1. Re:MSFT? by Anonymous Coward · · Score: 2, Funny

      Which one is Bill Gates? The human or the talking gumball machine?

  2. How to secure Microsoft Windows: by Proaxiom · · Score: 5, Funny
    Schneier and Shostack say:
    Separate Data and Control Paths
    Use Secure Default Configurations
    Separate Protocols and Products
    Choose for Security over Features
    Make it Transparent and Auditable
    Give advance notice of Protocols and Designs
    Engage the community

    All that stuff sounds great, but I can say the same thing in far fewer words:
    Start from scratch. Do it right this time.

    1. Re:How to secure Microsoft Windows: by SpaceLifeForm · · Score: 2, Funny
      Beware a programmer who ever claims that they need to rewrite something: 9 times out of 10 it's because they are lazy, or they're just not smart enough to figure it out.

      Apparently you've encountered quite alot of clean, well documented code. Lucky you.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
  3. Microsoft's First Security Policy by gspeare · · Score: 5, Funny

    The first thing Microsoft is going to do under their new "security first" paradigm will be to announce that due to security concerns, they can't tell us what any of their security upgrades actually are.

  4. In Other News.... by wo1verin3 · · Score: 2, Funny

    ... All Pig Flight Training School Opens

  5. Leaked memo! by NetRanger · · Score: 2, Funny

    Here's a memo leaked to me from Bill Gates himself:
    January 25, 2002
    Fr: Gates, Bill (Microsoft-Redmond, WA)
    To: All Mail Users
    Re: New Security Focus

    I'm sure that everyone here has read our previous announcements in reference to the new security focus here at Microsoft. Let me be the first to make sure it is clear that these announcements will be followed up by actions, not just words.

    Of course new technology is what Microsoft is all about, so I am dictating this letter to you as you read it.

    Of course you know we have already taken the initiative to instruct the Windows team to cease development of new features, and focus on using existing technology from our competitor's software for placement into Windows, over ten years ago.

    Now it seems that some of the "glue" holding all these technologies together has, shall we say... uh, cracked.

    Therefore it is imperitive that we cease adding new functionality not relevant to squashing those little bastards who think they have a better haircut than me!!!! and... uh...

    I mean, we really need to focus on stability and security, I mean, after all, to meet our vaporware deadlines we didn't really get the chance to read the code we stole... I mean, to reincorporate new ideas properly into Windows.

    You know, I'm turning this damn dictation off now ASH!*%(#@$

    [End of File]

    --
    -- We live in a world where lemonade is artificial and soap has real lemon.
    1. Re:Leaked memo! by Anonymous Coward · · Score: 1, Funny


      > Here's a memo leaked to me from Bill Gates himself:
      ...
      > [End of File]

      You forgot the most important part of the entire message:

      Please click the attachment for more information!

      [B.P., posting from P&M's Windows machine.]

  6. New Levels by Sir+Tristam · · Score: 5, Funny
    "We must lead the industry to a whole new level of Trustworthiness in computing."
    - Bill Gates internal memo, 15 January 2002.
    Hasn't this already been accomplished? I'd feel a lot better if it had stated that this would be a higher level of trustworthiness. All software (other than a "hello world" program, TeX and anything I write ;-D ) have bugs; that's simply life. Admit them, correct them, and move on instead of trying to ignore and bury them, and people would feel a lot more trusting of the products. The same applies for "gee-whiz" features that end up being security holes; admit that they were bad ideas and remove them (or at least disable them by default)

    Bottom line is, words are easy. I'm going to wait to see the action.

    Chris Beckenbach

  7. Rememberances... by FauxPasIII · · Score: 4, Funny

    This reads alot like the dilbert where dogbert is a consultant and says something to the effect of "I'm going to make a bunch of recommendations that I know you are too cowardly to implement. Later, when you fail, I'll laugh at you for ignoring my advice."

    --
    25% Funny, 25% Insightful, 25% Informative, 25% Troll
  8. My first assosiation by af_robot · · Score: 2, Funny

    with words Security and Microsoft is Taliban and Democracy

  9. Vunerabilty? by archen · · Score: 2, Funny

    I remember some MS propaganda stating that Linux and other Unix based OS's inherited 30 years of vunerabilities, yet NT was wonderfully secure because it was a much more modern OS. NOW they're making security a priority? Don't tell me M$ has been lying to me!

  10. Re:Speedreader's summary of all 6 articles by Tackhead · · Score: 3, Funny
    > [Speedreader's Summary:] It will be good if they succeed; we hope they try as hard as their PR says they will.

    Tackhead's One-Liner:

    If they put 10% of today's PR budget into the next release's security budget, they might have a chance.

  11. Re:Windows needs a clean break by archen · · Score: 3, Funny

    Star Trek computers already

    You mean computers with lots of flashing lights and unlabeled buttons that people just seem to know what to push? We already have those in casinos.

  12. Re:Denny's by Anonymous Coward · · Score: 1, Funny

    Couldn't they just pay some filthy commie hippy atheist Linux h4xx0r $10 to watch the store on Christmas day?
    No, I guess not, they'd come back the 26th to find the resturaunt cleaned out. Because "food wants to be free".

  13. My response to Microsoft by Aceticon · · Score: 3, Funny

    Dear Bill

    It saddens me to see Microsoft exiting the highway of consumer satisfaction into the dirt road of security.

    As a long time fan and appreciator the Microsoft way, i feel i must stand up and ask:

    Why?

    Microsoft has done more than any other company to turn Desktop Computing into a thriling adventure. From the very moment i turn on my PC, i feel i'm entering a world of wonder and surprise, where new adventures can happen at any moment:
    - Maybe Windows will not start-up and i end with a black screen.
    - Maybe it will start in VGA mode
    - Maybe clicking in the explorer toolbar wil result in a blue screen
    - Maybe Word will crash when i'm editing an important document.
    - Maybe installing the newest IE will make half my applications stop working.
    - Maybe after installing the newest DirectX Windows will stop working.
    - Maybe i'll open an e-mail an my PC starts acting funny.
    - Maybe i'll get a phone call from my ISP saying a Denial of Service attack to the Whitehouse site has been detected from my machine.
    - Maybe the mouse pointer will start moving by itself
    - Maybe all my files are deleted.

    Why? Why do you want to remove all the thrill and adventure from my life???

  14. Everybody's getting too worked up. by rhizome · · Score: 2, Funny
    Of course, the only appropriate response to Microsoft's initiative:

    *What* security problems?

    Think about it, if the industry plays dumb the way that Microsoft has for the past 10 years, then they will have to enumerate their history and how they might address the problems. Speculation on my part, sure, but they sure don't deserve all of these free ideas.

    I'm an MCSE, and while Microsoft's lameness has provided me with a nice career for the past several years, but I still have nerdy idealism governing my attitude. :) It's been many years that my standards of quality have been much higher than Microsoft's, and now we see that they want to "lead" into the future. Well, start by catching up.

    --
    When I was a kid, we only had one Darth.
  15. Re:Craig's article... by MrTaz65 · · Score: 1, Funny

    I think you typo'd

    You meant "It seems like only Apple is actually interested in it's users' _money_."

  16. www.trustworthycomputing.com by Dan+Crash · · Score: 3, Funny

    I was going to do exactly what this fellow did, but he beat me to it. Clever. Let's hope this URL gets around: http://www.trustworthycomputing.com

    --
    He who refuses to do arithmetic is doomed to talk nonsense.
  17. Re:UNIX = legacy by hummingtroll · · Score: 2, Funny
    Besides, when Windoze people note that my unix box is 'obsolete', the best word I can reply with is 'evolution'.

    That's my feeling exactly. If Unix is a dinosaur, Linux is a crocodile. A "dead-end" evolutionary design that's managed to survive for millions of years, crocodiles are ugly and scaly but their jaws will crush your bones like twigs. While crocodiles may not light fires or swing gracefully from tree to tree or buy Madonna albums, boy oh boy, you dunk a monkey in the river with one and you'll quickly find out which one's supremely adapted to THAT environment.

  18. Re:Craig's article... by xonker · · Score: 2, Funny

    Excuse me, but you just described MacDonald's ...

    There's a pretty big difference between McDonald's and Microsoft. McDonald's doesn't hold a monopoly, McDonald's offers choices to its customers -- admittedly, McDonald's still sucks, but you don't have to eat there. They can't force you to eat there. You can order only the items on the menu that you want, and the last time I checked they had plenty of competition.

    The only thing they have in common is both companies start with "M" and they both suck.

    When Microsoft buys McDonald's then it's REALLY time to worry...