Security Community Reacts to Microsoft Announcement

← Back to Stories (view on slashdot.org)

Security Community Reacts to Microsoft Announcement

Posted by Hemos on Friday January 25, 2002 @04:25AM from the hope-against-hope dept.

A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.

3 of 471 comments (clear)

Min score:

Reason:

Sort:

Craig's article... by ImaLamer · 2002-01-25 04:33 · Score: 5, Interesting

...says:

But we're still in the early years of the computer revolution, and there are many technological, social and regulatory hurdles we must overcome before computers truly become a ubiquitous--and essential--technology.

The early years? No. When you've got one person on top who can't get their sh*t together...

I mean, we could be farther along in this 'revolution' he speaks of. Why aren't we? Because the Big Guys [read:Microsoft] are doing what they want to do. Why are they now only focusing on security?

Oh! Pick me! I know! --- Because they do what they want to do, and that's it. They don't give in to customer demand; most of their product is cooked up by visions that Bill and others have.

--
Get your Unix fortune now!
Getting ready for the setlement by bitty · 2002-01-25 04:38 · Score: 5, Interesting

Someone brought this up in another article, so I can't take credit.

The settlement with the DOJ specifically allows Microsoft to exclude documentation of APIs that relate to security. This new initiative makes damn near anything in some way relate to security. Gotta love it.
Security Focus gets it right. I doubt M$ will by CodeShark · 2002-01-25 06:36 · Score: 5, Interesting

Having done an amount of C++ coding back in the early years of Win9x, I have extreme doubts that M$ has the commitment or the ability to do anything more than "patch the leaky tires". Here's why: IMO the code structure upon which most MS apps are built (MFC classes) has some deep down design flaws which can't be rectified without introducing serious compatibility issues with any other MFC apps already out there.
As an example, we wrote a test app with a different foundation class library that was bug- and memory-leak free in all of the major WinXX OS's up through 98 and NT 4), and even compilable and bug free back into Win 3.XX. The whole app was a total of 123K: the Microsoft Foundation Class (MFC) [version 3.2, IIRC] test app as created by the wizard came in at just over 1 Meg, riddled with memory leaks, logical errors, etc. Our determination was that it wasn't just a bad wizard -- the MFC itself was causing many of the leaks and problems.
Now then, if you look at the Win API set now (Y2002), it is just that much more massive than when I last actively coded to it -- but the underlying code classes look much the same. [I haven't done a diff, so I can't prove it.]
So accurate or inaccurate, I don't think Microsoft has the corporate will to change from a company built on FUD (fear uncertainty doubt) to a company whose software is something I can trust because it doesn't even look to me like they have fixed all of their original problems in the foundational code classes from the early days of Windows 95.

--
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...