Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Community Reacts to Microsoft Announcement

Posted by Hemos on from the hope-against-hope dept.

A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.

6 of 471 comments (clear)

  1. Security is everyone's problem by crumbz · · Score: 4, Interesting

    It seems that the various tones of the above mentioned pieces reflect a Microsoft good or Microsoft bad attitude. Unfortunately, the problem being discussed transcends the usual polemics of such a debate. Good security, whether from Microsoft, Sun, Novell, Cisco or others, is in everyone's best interest. If Microsoft has finally awoken to this fact, good for them. Their previous security through obfusication was a travesty and insulting. If my personal information is going to be stored on a computer that is linked to a network, I want the best damn security money can buy. For that computer, for the database software, for the firewall, for the remote machine at the local insurance agency that is accessing the info, et. all.
    True Names are important for a reason.

  2. Craig's article... by ImaLamer · · Score: 5, Interesting

    ...says:

    But we're still in the early years of the computer revolution, and there are many technological, social and regulatory hurdles we must overcome before computers truly become a ubiquitous--and essential--technology.


    The early years? No. When you've got one person on top who can't get their sh*t together...

    I mean, we could be farther along in this 'revolution' he speaks of. Why aren't we? Because the Big Guys [read:Microsoft] are doing what they want to do. Why are they now only focusing on security?

    Oh! Pick me! I know! --- Because they do what they want to do, and that's it. They don't give in to customer demand; most of their product is cooked up by visions that Bill and others have.

    --
    Get your Unix fortune now!
  3. Windows needs a clean break by Dephex+Twin · · Score: 4, Interesting

    Windows is too backwards compatible, IMO. Too much building off of old stuff. Microsoft needs to make a new version more or less from scratch, like Apple's transition from the old Mac OS to OS X. It isn't a quick or easy transition, but it will pay off in the long run.

    I guess that's the problem when you are a huge software company trying to appeal to everyone. You end up supporting everything and it turns into a big mess.

    mark

    --

    If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
  4. Getting ready for the setlement by bitty · · Score: 5, Interesting

    Someone brought this up in another article, so I can't take credit.

    The settlement with the DOJ specifically allows Microsoft to exclude documentation of APIs that relate to security. This new initiative makes damn near anything in some way relate to security. Gotta love it.

  5. DRM! by mikeee · · Score: 4, Interesting

    What really scares me about this is the talk about taking desktop control away from users, the one thing MS has always been good about in the past.

    Billg says:

    "Security: The data our software and services store on behalf of our customers should be protected from harm and used or modified only in appropriate ways...It should be easy for users to specify appropriate use of their information including controlling the use of email they send."

    Of course, this new "secure" email won't work on those unamerican Linux computers.

    Am I the only one nervous about that?

  6. Security Focus gets it right. I doubt M$ will by CodeShark · · Score: 5, Interesting
    Having done an amount of C++ coding back in the early years of Win9x, I have extreme doubts that M$ has the commitment or the ability to do anything more than "patch the leaky tires". Here's why: IMO the code structure upon which most MS apps are built (MFC classes) has some deep down design flaws which can't be rectified without introducing serious compatibility issues with any other MFC apps already out there.

    As an example, we wrote a test app with a different foundation class library that was bug- and memory-leak free in all of the major WinXX OS's up through 98 and NT 4), and even compilable and bug free back into Win 3.XX. The whole app was a total of 123K: the Microsoft Foundation Class (MFC) [version 3.2, IIRC] test app as created by the wizard came in at just over 1 Meg, riddled with memory leaks, logical errors, etc. Our determination was that it wasn't just a bad wizard -- the MFC itself was causing many of the leaks and problems.

    Now then, if you look at the Win API set now (Y2002), it is just that much more massive than when I last actively coded to it -- but the underlying code classes look much the same. [I haven't done a diff, so I can't prove it.]

    So accurate or inaccurate, I don't think Microsoft has the corporate will to change from a company built on FUD (fear uncertainty doubt) to a company whose software is something I can trust because it doesn't even look to me like they have fixed all of their original problems in the foundational code classes from the early days of Windows 95.

    --
    ...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...