Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Goal, Security Through Obscurity?

Posted by ryuzaki0 on from the its-been-working-great-so-far dept.

dave cutler writes "Salon has an amusing little wire article claiming that Microsoft argues that were they to provide any greater technical detail about protocols and APIs, it would make computers running their operating system far more vulnerable to cracking attacks." Update: 05/09 13:59 GMT by M : The benefit to customers of Microsoft integrating internet services into the operating system, as well as Microsoft's commitment to security, are exemplified in this article which notes yet another remote root hole in Microsoft's code.

3 of 374 comments (clear)

  1. MS Security Paradigm by theFlux · · Score: 5, Interesting

    Yes, its true that the security through obscurity claims of MS seem like blowing smoke, but obscurity is an accepted security paradigm. Any CS course in security outta mention it, and you can read about it in "Security in Computing" by Pfleeger. Its always been my stance, however, that MS is taking the obscurity stance to propagate their business model and NOT to better security.

  2. Problem Is... by 4of12 · · Score: 5, Interesting

    ...that they are partially correct and justified in hiding certain secret keys as ways of preventing unauthorized use of products.

    But that's an oversimplification that I'm afraid the lawyers and the court won't be able to clearly pick apart. Even the Microsoft VP testimony about the issue was sprinkled with constant reminders that this was "a confusing" technology. It is confusing. But it's essential for everyone to understand what it's purpose is and how it can be misused, too.

    The part that rubs the wrong way, of course, is that the exact same arguments could be used to prevent a competitive implementation of an interface that Microsoft wants to own for themselves.

    --
    "Provided by the management for your protection."
  3. MS can't have it both ways by FearUncertaintyDoubt · · Score: 5, Interesting
    Hasn't MS claimed for years that it doesn't have secret APIs that only MS developers get access to? Haven't they always claimed that there is a level playing field for developers to create, oh, say, office suites for Windows? Now they say they can't turn over their secret APIs which they denied existed for security reasons?

    Bill Gates can't be a borg. Nothing that is part machine could tolerate such inconsistency. Only humans can say that 1=0 and believe it.