Security Community Reacts to Microsoft Announcement
A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.
Separate Data and Control Paths
Use Secure Default Configurations
Separate Protocols and Products
Choose for Security over Features
Make it Transparent and Auditable
Give advance notice of Protocols and Designs
Engage the community
All that stuff sounds great, but I can say the same thing in far fewer words:
Start from scratch. Do it right this time.
The first thing Microsoft is going to do under their new "security first" paradigm will be to announce that due to security concerns, they can't tell us what any of their security upgrades actually are.
Bottom line is, words are easy. I'm going to wait to see the action.
Chris Beckenbach
This reads alot like the dilbert where dogbert is a consultant and says something to the effect of "I'm going to make a bunch of recommendations that I know you are too cowardly to implement. Later, when you fail, I'll laugh at you for ignoring my advice."
25% Funny, 25% Insightful, 25% Informative, 25% Troll
Tackhead's One-Liner:
If they put 10% of today's PR budget into the next release's security budget, they might have a chance.
Star Trek computers already
You mean computers with lots of flashing lights and unlabeled buttons that people just seem to know what to push? We already have those in casinos.
Dear Bill
It saddens me to see Microsoft exiting the highway of consumer satisfaction into the dirt road of security.
As a long time fan and appreciator the Microsoft way, i feel i must stand up and ask:
Why?
Microsoft has done more than any other company to turn Desktop Computing into a thriling adventure. From the very moment i turn on my PC, i feel i'm entering a world of wonder and surprise, where new adventures can happen at any moment:
- Maybe Windows will not start-up and i end with a black screen.
- Maybe it will start in VGA mode
- Maybe clicking in the explorer toolbar wil result in a blue screen
- Maybe Word will crash when i'm editing an important document.
- Maybe installing the newest IE will make half my applications stop working.
- Maybe after installing the newest DirectX Windows will stop working.
- Maybe i'll open an e-mail an my PC starts acting funny.
- Maybe i'll get a phone call from my ISP saying a Denial of Service attack to the Whitehouse site has been detected from my machine.
- Maybe the mouse pointer will start moving by itself
- Maybe all my files are deleted.
Why? Why do you want to remove all the thrill and adventure from my life???
I was going to do exactly what this fellow did, but he beat me to it. Clever. Let's hope this URL gets around: http://www.trustworthycomputing.com
He who refuses to do arithmetic is doomed to talk nonsense.