Slashdot Mirror
MS Exec: 'Our products just aren't engineered for security'
Various Microsoft news tidbits contributed by numerous readers: Phoebus0 notes that Microsoft's Vice-President in charge of Windows development states flat out that Microsoft products aren't engineered for security, absolutely guaranteeing he'll have tomorrow's Ditherati quote. Many readers submitted this Knowledge Base article stating that Microsoft is mystified by a wave of successful hacks on assorted versions of Windows (there's also a news report on this). Microsoft has another security bulletin out on the digital certificate spoofing bug that has caused them so many problems recently.
Another excuse to let people believe that palladium is needed :/
This might be a stupid point, but of course microsoft products aren't engineered for security. The common man doesn't buy products for security, and even now the common man largely does not understand that they could even have their functionality in a secure environment (though arguably most salesguys cannot have the functionality they demand in a secure environment, but that's another debate.)
Is whether this will make the national news. Trust me, if CNN and MS/NBC and all the rest choose not to cover this, the general public won't know, and won't really make a decision based on this information.
Of course, this could just be a ploy to get M$'s most vile next O/S out, Palladium, that will let them 0\/\/|\| j00r s0ul (and credit card, and email, and music, and movies, and any personal items that may happen to be sitting on top of your computer...)
Actually, from what I gather MS's R&D engineers are some of the best engineers around. The actual production engineers are good as well, but nowhere near their R&D counterparts.
Stop picking on MS engineers for poor products, and level the blame at the correct place - marketing and management.
A huge part of the problem comes from never deprecating API's. It is one thing to tell someone to design and build something new - much harder to extend something that was not even close to what it was designed for (and did not have time to abstract things out).
To this day, I am amazed the windows kernel even compiles, much less runs...
+++ UGUCAUCGUAUUUCU
Bingo. As Nathan Myhrvold once said, Microsoft wants to get a vig on every transaction going over the net. Tcp/ip doesn't have a built-in billing model, so they're trying to shoehorn one on top of it. Even though it will be a bloated, insecure mess, the government and the entertainment industry are and will remain enthusiastic supporters of palladium. All that data is an irresistable temptation: so much money to be made, so much monitoring to be done.
The real war will be between this plutocratic regime and the free software movement. The general public doesn't know it yet, but linux is very close to there on the desktop. This represents a serious threat to the universality of palladium, so Microsoft and its allies will try to have laws passed that criminalize free software use, and/or the use of general purpose (i.e. non-palladium equipped) computers.
Sound crazy? It's not. And the issue of freedom & privacy vs. big business & government is going to be huge, front page news as it gets closer and the general public gets a whiff of it. But Disney owns the news, so expect it to be more of a grassroots groundswell-type thing.
Who will win? I don't know. But I see a future that scares the hell out of me, and I really hope we're not too lazy to do something about it.