Microsoft's Goal, Security Through Obscurity?

← Back to Stories (view on slashdot.org)

Microsoft's Goal, Security Through Obscurity?

Posted by ryuzaki0 on Thursday May 9, 2002 @03:10AM from the its-been-working-great-so-far dept.

dave cutler writes "Salon has an amusing little wire article claiming that Microsoft argues that were they to provide any greater technical detail about protocols and APIs, it would make computers running their operating system far more vulnerable to cracking attacks." Update: 05/09 13:59 GMT by M : The benefit to customers of Microsoft integrating internet services into the operating system, as well as Microsoft's commitment to security, are exemplified in this article which notes yet another remote root hole in Microsoft's code.

4 of 374 comments (clear)

whatever... by Hassman · 2002-05-09 03:30 · Score: 1, Troll

My linux box has been hacked 4 times...

Nothing has ever happened to my windows Machine...

--
-Mark
Dovie'andi se tovya sagain.
1. Re:whatever... by NerdSlayer · 2002-05-09 05:12 · Score: 1, Troll
  
  My linux box has been hacked 4 times...
  
  Nothing has ever happened to my windows Machine...
  
  Yes, I agree, this has been my experience as well. Though I think for large corporations, dumb employees opening bad emails in outlook end up causing more problems over the long run.
  
  Most recently, my linux machine was hacked by a bug in OpenSSH. Though I'm familiar with locking down linux boxes, ssh is must. It kinda makes me wish there was some way to get updates pushed to me, Microsoft-style.
Re:yet another ROOT hole in MS Code? by ink · 2002-05-09 07:41 · Score: 2, Troll

NT based windows, administrator has this access.

Actually, NT's root user is called SYSTEM. The "Administrator" user is a crippled account that cannot do many things. This is a requirement for some security settings (mostly for auditing). It's also the reason why you can't kill the stupid printing spool service as the Administrator (you need the kill.exe or rkill.exe programs, which are SUID-SYSTEM more or less). You'll also notice that members of the "Backup" group have elevated privileges above the Administrator users for exactly the same reason.

--
The wheel is turning, but the hamster is dead.
Re:Why? by ink · 2002-05-09 12:47 · Score: 1, Troll

Perhaps you should go back to law school. My wife is a nurse and if she provides free services for some accident victim that we come across, she can and will be held liable for anything that goes wrong. There are many things that you can be sued for, regardless how much you charge.
Even if what you say is true (it isn't), RedHat, Mandrake, SuSE, IBM, et. all can be run out of business if there are bugs in Linux for which they are liable, and charging for. It's a horribly bad idea, because then all businesses would stay away from supplying any sort of support structure for open source softwares for fear of an unexpected lawsut. The price of commercial software would go up, and all sorts of draconian legal measures would need to be in place (eg, sigining a NDA before being allowed to operate software -- or similar).

Just leave it alone, and let the geeks handle it.

--
The wheel is turning, but the hamster is dead.