Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: Trust and Antitrust

Posted by ryuzaki0 on from the ironic-t-shirt-slogan dept.

Microsoft is in the news for two reasons today: the continuing saga of the antitrust cases, and Microsoft's public relations push for "trustworthy computing". A selection of links: Microsoft claims two months of code reviews and half-day seminars surpasses everything ever done by the open source community; Salon talks about the problems with a monoculture; SBC, an abusive telecom monopoly, complains about Microsoft's behavior, an abusive OS monopoly; and Microsoft responds, claiming that SBC is merely being self-serving.

3 of 518 comments (clear)

  1. NY Times username/password by AmigaAvenger · · Score: 5, Informative

    Username: dotslash2002 Password: dotslash2002 (had to, no one posted on yet, had to go through the trouble of getting another account registered...)

  2. Re:Two months? Get real. by ILikeRed · · Score: 5, Informative

    Derkec gushed:
    True, but in a very real way, Microsoft has a point. The Open Source community has never really taken time to say, "ok let's stop development and everyone will go check code extremely carefully."

    No, False. You (and MicroSoft) are completly ignoring Open Source projects that only audit code... i.e. the Kernel Janitors:

    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  3. Re:Key to user security... by rabtech · · Score: 5, Informative

    Microsoft has gotten the message. If you were on the Windows.NET server beta, you'd have gotten the memo ;)

    Essentially, Windows.NET server ships with absolutely NOTHING enabled by default. This does present a problem to the typical Microsoft "its so easy just plug it in" sort of thing, but that is solved by an improved "configure your server wizard". The first time the server boots up, the user can explicity select what to install and/or turn on, and ONLY what they select gets installed/turned on.

    The individual components themselves have improved as well. IIS 6 by default will serve only static HTML files, and installs no sample files or other stuff. You have to manually run the IIS security wizard to turn on things like ASP, CGI, etc. If you install a new ISAPI filter or something of the like, you have to manually enable it. Nothing gets turned on unless YOU the admin turns it on.

    The other thing is that IIS 6 is a complete ground-up rewrite; no code from IIS 5 was used in its creation. Its gone through a complete code review to (hopefully) eliminate any buffer overflows or other bugs. There are other improvements as well... for example, the easy ability to run each website being hosted under a separate security account, typically with minimal access to anything.

    Microsoft isn't stupid; they see that their biggest PR problem right now is security and they are doing something about it. True, they should have jumped on this a long time ago, but late is better than never.

    --
    Natural != (nontoxic || beneficial)