Slashdot Mirror
Microsoft on Security: We'll Break Your Apps
jointm1k writes "Wired.com is running a story about how Microsoft is trying to act responsible and all by fixing (or trying to fix?) many (if not all) security holes in Windows. Not only new versions of Windows will be patched or improved, but as I understood they also plan to force security updates for older versions of Windows down peoples throats. Even if that means that some applications will mallfunction.
Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."
Brian-"There's just no pleasing some people"
Beggar-"That's what Jesus said, sir"
---"What did I say that sounded like 'Tell me about your day?'"---
Is that the new niche for software designed for teenage girls?
I guess the submitter has never read anything by Linus on the Linux mailing list. He is constantly making changes to the kernel and saying "screw stupid userland apps, this is the right way to do things". Even about non-security issues. And he's right, the only way to avoid massive layers of backwards-compatible cruft is to just slough off the existing infrastructure and create the OS anew for every release.
Assuming Microsoft does actually want to clean up their act, which I'm highly skeptical about, it seems that they'd be criticized for forcing updates just as much as they would for not trying to make adoption of the updates widespread.
Yeah, your right. Microsoft should have written every line perfectly like every line of code you ever have written.
Well it looks like they might actually finally have the right idea as to how to compete with Linux,,, although they might have a few details a little skewed from what I would consider ideal, they seem to be heading in the right direction. Good to see that Microsoft might actually be listening to their customers finally.
.Net developer so this is of a much greater importance to me than it is to most.
Disclamer: Yes, I do love Linux, no I do not hate Microsoft, as a matter of a fact I am a
they really should have done so when they designed Windows
Bugs (*aheam* features) and Security flaws are not intended to be part of the package. They happen because of bad design and bad coding practices and bad decisions. And no matter how hard you try (and try as you may even in the case of Linux) its impossible to do so during the design or coding time.
I would applaud this effort to force it down the throats of customers (atleast it would reduce the number of vulnerable servers sitting out in the open), but it goes only as far as any user would want to.
Rapid Nirvana
I read the same story at The Register
/. attacking them
The editiorial is innacurate and opinionated.
They are actually giving up on trying to secure older products.
And they are stating that for new security fixes on current products they are now putting security as a higher priority than not breaking the apps.
So rather than provide the security turned off, in the hope that some MCSE will turn it one once the app has been patched, the security is on even if the app breaks.
Now, regardless of the anti M$ feelings, this has got to be a good approach.
Yes you can read it as "Hear comes DRM, suck it down" or you can read it as "Secure by default really does matter, becasue we know 95% of users never change from the default settings" - the latter approach is taken by Suse in 8.1 and I don't see
There is a bigger problem out there -- laziness. Microsoft and others have made security patches available that admins simply do not install. If they did, the world would be a better place. I mean, I still get tons of Code Red hits on my web server. Patches have been available for that for....how long?!?!?!
Click here or here.
"We're going to tell people that even if (it) means we're going to break some of your apps, we're going to make these things more secure."
...
Hey everybody!
Use our "new" software
--- Als de angst oprukt, trekt de logica zich terug.
Trouble making decisions? Just flip for it.
The more holes they patch the more holes they open.
This new strategy is to break competing software
.On Solaris when a security related bug is patched the system APIs stay the same and shared libraries stay binary compatable. What the hell is Microsoft doing wrong (aside from everything)? I guess I didn't know how good I have it. Oh wait, yes I do.
-- Thou hast strayed far from the path of the Avatar.
but they really should have done so when they designed Windows
What os didn't need security fixes after it was released?
love is just extroverted narcissism
but they really should have done so when they designed Windows.
I think you have to remember that Microsoft used to put functionality before security. There is a tradeoff between functionality and security. For example, do you allow mailing functionality within the VBS language and the macro language? There is a reason why there are over 20 worms that can spread using MSN messenger, and none that can spread using Yahoo messenger.
However, times change, and people change. Now people put security before functionality. Microsoft is just going with the times...
From a site that used to store user passwords in plain text.
We'll Break Your Apps
Phew!
I first read We'll Break Your Ass !
Trolling using another account since 2005.
People who are running older versions of Windows need to be upgrading regardless so this will be a good thing for them as they can upgrade everything at once and get back to their task at hand rather than doing it piecemeal.
Really this is no big deal. If you run a business then you have to deal with things like this and if you don't want to run Windows than you can use something else. (My current boyfriend runs FreeBSD and loves it!!) Lets cut then some slack for once.
--Rosie
I think it's a noble effort on Microsoft's part, but if you've ever developed large applications you know that security cannot be an after thought. It's been my experience that unless you design security in from the very begining, it's almost impossible to make it truely secure. Security has to be part of the foundation not a layer higher level layer.
Let's roll.(tm)(r)(c)
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Microsoft: We'll break your apps!
App developers: And just exactly how is this different from Windows as it stands now?
Geek used to be a four letter word. Now it's a six-figure one.
I have to laugh! First it was we want to make sure all the old apps will run on our new OS's. But now it's lets break all the old apps so they have to buy Office '02. Once again M$ is making money of braking software, just this time it's there own! HAHA :)
JW
I am so sick of this revisionist, 20/20 hindsight, why-isn't-microsoft-perfect bullshit! Do you know how many applications written by blithering idiots they've had to keep working? I've heard tons of horror stories directly from friends at MS about the hoops they go through to keep COMPETING SOFTWARE from breaking. Yes, MS employees really do sit around figuring out how to keep Wordperfect from crashing.
What did you eat today? http://www.atetoday.com/
from my cold, dead fingers. And I WON'T let them lay a hand on my IE 4.0 !
Insightful: 76, Off-Topic: 379, Flamebait: 24, Funny: 152, Interesting: 201, Underrated: 55, Troll: 9, Total: 896
>"As you do that over a period of 20-odd years, you
> end up with a lot of features that aren't used by
> many people," Mundie said. Left unmanaged, he
> explained, these chunks of code become breeding
> grounds for security holes.
How about most features added to Windows because of competition reasons that have never been used or even thought about by many (if not most) people?
I think IE describes the 'chunks of code' that 'become breeding grounds for security holes'.
Brielle
Windows XP sp1 locked out WinXP installations using stolen keys from using WindowsUpdate or applying patches.
Will this new initiative reverse that practice?
Remember, it won't matter to most people if a Windows installation was pirated or not when it's the one being used as a DDoS zombie, spewing out viruses over SMTP, or something similar ... just that it is Windows.
(Btw: Plz 2 mod as +1 Insightful)
I think only ecommerce apps will mallfunction...
From the story:
"Mundie's slides also showed the surprising results of automated crash reports from Windows users. A mere 1 percent of Windows bugs account for half of the crashes reported from the field."
Automated crash reports? What's the skinny on this?
If it can work well enough to send in a report, how about automated crash recovery ?
Research is what I'm doing when I don't know what I'm doing.
Should have fixed when the designed???
Should is subjective here, apparently it was never a requirement so never truely considered in the design.
Anyway that's MS's choice, you don't _have_ to agree and you don't _have_ to buy their stuff either.
They could have done securoty better when they designed it, and it would have been a more secure (=>better) product, but looking at the success the product had, they must have done something right...
During the week of Sept. 11-18, 2001, terrorist attacks and the Nimda virus changed the public's perspective on security, he said.
I don't say this often, but... what a fucking wanker.
How does he plan to address these security issues? Say they were all "attacks", and then push legislation through to outlaw them?
Jesus. The fact that he even put a Microsoft fuckup in the same sentence as a 3500-life firebombing shows that he isn't fully mentally developed. I'd stay far away from any corporation who allowed this guy anywhere near their podium.
There is another side-effect: Just think of an update that does not only fix two recent security flaws, but also implements incompatible changes to the CIFS/SMB protocol. All users of MS Software are forced to upgrade, so there won't be any interoperability issues. But all those Samba File/Print/PDC installations across the world are suddenly broken.
And Samba is just a randomly picked example.
All your 'all your X are belong to us' are belong to the bitbucket.
-MT.
"...we're trying to fix sins of the past."
Except for theft of course. Or how about the sin of gluttony? They could strip their code of the bloat. Or what about sloth? That would require resignations of most of the executives. How about wrath? Bill and Craig would need some tranquilizers. Craig isn't aware of just how many circles of hell he'll be burning in.
Yeah, yeah, flamebait... but I need to vent somewhere!?!
Developers: We can use your help.
I'm experimenting with the superliminal.
That windows just doesnt seem like it was designed to take on improvements. It seems like every new "security" update only brings more problems. What they should be doing is sending out more release clients to testers before they release the next completed version of software to the public. Before they make their next release they need to DEBUG DEBUG DEBUG and grab a much wider variety of people willing to test their stuff. If their aim is really to "protect" the end user, then this is what they should have been doing all along.
The Blade Itself
One of the main arguments buisnesses have been using against looking for Linux solutions is that legacy applications (of the windowsNT/95 variety) must be runnable. Now with Microsoft saying that they may not support all legacy code this is removing one of the last barriers stopping some companies from looking at Linux.
If a company is looking at redoing an application for the windows base it may just be easier for them to make it work with WINE than with the new windows code base.
I am sure Microsoft is aware of this. There must be some really big holes they are going to close with action or they would not consider dropping the support for legacy applications.
Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows.
Next you'll be criticizing the quality of the beef at McDonald's.
Most Americans want to surf the web, download MP3s, and spend $2500 to watch the Matrix DVD on a two hour flight, and they'll pay the same amount for Windows whether Microsoft makes it secure, or not.
Bill Gates is a smart business man. Microsoft is a successful business. As such, the $ is the bottom line. Analzying their products from any other perspective is a waste of time.
Microsoft is doing the right thing.
n dept." -- GIVE ME A BREAK. If that were the goal, Microsoft would quickly be driving itself out of business. "... but they really should have done so when they designed Windows" -- again, who are you trying to fool here?? The same argument could be said for every operating system in mass production use today.
Every vendor Microsoft, Apple, Sun, Red Hat, Debian can create an incident where a patch breaks a vendors application.
I've personally seen it happen with 4 out of the 5 vendors already. Deal with it. AFAIK there is still no forced patching. Your OS doesn't just up and DIE if you decide not to patch your OS because you are aware that patching will create problems for you.
On another note - Certainly Slashdot leans a little left politically and leans a lot toward "open solution" computing but everything about this story just reaks. "windows-ain't-done-while-competing-apps-still-ru
Give it a rest. Your just starting to look foolish now.
http://windows.scares.us
Hopefully we can look forward to more posts containing phrases like "I reckon" and "Y'all" to appear on Slashdot soon. Not to mention that there isn't even anything new in this post at all that has been discussed ad nauseum on Slashdot already.
First of all, one of the big selling points of Wintel is that you have a wide choice of software. In the future, however, Mundie says that you can expect your old apps to be broken.
"We have decided that we will begrudgingly forsake certain app compatibility things when, in fact, they don't allow us to have a default configuration that opts for more security. In the past, the biggest thing that happened to us was IT managers would come to the company and say, hey, all those new features, they're great, all that new security stuff, that's great, but whatever you do don't break my app. So just turn it all off and trust me, we'll fix the apps and then we'll turn it all on. And the reality is that never happened.
And so we're going to tell people that even if it means we're going to break some of your apps we're going to make these things more secure and you're just going to have to go back and pay the price."
Notice that they're breaking your old apps not so they can sell you new ones, but purely in the interest of your security, and furthermore it's your fault they have to do this.
The other point Mundie makes is that, even after they sell you the new OS and the new apps, any security needed will be your responsibility, at your expense.
"And the other thing is that the customers, whether they're individuals or corporations, are going to have to make a decision about when and how much they spend to get these machines to be more secure. And to some extent you can do it by insulating them, to some extent you can do it by putting things around them or in front of them that protect them, you know, firewalls in some sense. And then in some cases, you can just replace them when you get new machines or new software or both that have intrinsically better capabilities."
Thanks, Microsoft, I'm glad you're looking out for my interests.
Making trouble today for a better tomorrow...
"We didn't just fall off the turnip truck a year ago and realize we needed to do this, We started thinking about this three years ago."
Microsoft didn't start thinking about security until Windows 2000 was a release candidate?
Software Engineer: Uh, Craiggers... I just heard some disturbing news.
Craig Mundie: Don't bother me now, I almost beat Bill's fastest time on Minesweeper.
SE: Well, it's just that Joe apparently didn't design any security infrastructure into Windows.
CM: Security what?
SE: Well, remember when I was telling you about how "hackers" can very easily get information on your computer?
CM: What, like that Stellman fellow and his hippie freedom shit?
SE: Not really.
CM: Well, if you think it's important, I'll have Bill send a memo out about it.
"Trustworthy Computing, a sweeping overhaul of Microsoft's software, business models and programming practices, was publicized in January [of this year] by a company-wide memo from Microsoft chairman Bill Gates."
AAAARRRRRGGGGHHH! You know, people went DOWN in that freaking airplane, went down and smashed into the ground and died and burned up. And I am SICK TO DEATH of now hearing the phrase used to hawk and shuck and promote every kind of consumeristic bullshit and political jingo. Can we pass a consititutional provision to the First Amendment that you aren't allowed to use the phrase "Let's Roll" in public unless you're actually about to confront terrorists on a hijacked plane?
It Is the Nature of Information to Transgress Artificial Boundaries
right, IT's a
tco? fooey. pay "protection" money to some FraUDuleNT payper liesense peddling softwar gangsters? no way? not you J.? say it isn't so. be LIEk giving gotti money to keep those garmentiers "in line". those
without our tco of software being near $0.00, thanks to the good gnus, we'd likely never be listed as one of "Top 10 Companies of 2002"(tm) , on fuddle's search thingy.
almost everything's gnu now. wait, there's more...
beat DOWn from trying to be a billyunheir/keeping your job? you may want to try some nice ktea . it's not snake oil, but it's still good for you.
It seems more probable that they are aligning themselves with the following CSEA proposal. Scary when you think about it, but I gave up posting stories to /. as they never make it...
who between them are responsible for a hell of a lot more of the nation's critical computer infrastructure than Microsoft
I feel obligated to remind you that Microsoft has a 95% share of the market.
The point is that MS realizes that there are issues with their software concerning security and it doesn't matter one damn bit if they choose to say they want to fix their software for national security. It truly is funny to see the opinions of those that are die hard anti MS zealots trying to dis them for EVERY SINGLE move or blurb. I'm glad the majority of the posts so far are pointing out just how rediculous and hypocritical that viewpoint is.
I don't mind them breaking my apps if that's what needs to be done to fix security issues but if they force it down on me I've got serious problems with it.
If they don't want to support unpatched systems fine, but don't push it down to me if I don't ask for it.
``Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows.''
I agree. They really should have designed Windows better. Or maybe they shouldn't have designed it at all, but just followed POSIX. _That_ would have made programming so much easier (especially cross-platform, but also just for Windows - win32 API is cruft)! Plus they would have gotten all the good security they are now still trying to get with Windows NT and XP. And it's not like they don't know that stealing well is better than inventing badly.
Please correct me if I got my facts wrong.
Yeah, ans the same goes for Linux, Mac OS, or what ever other OS you know of out there... oh I'm sorry you thought they were perfect?
I hope everyone realizes that they're doing this for PR purposes. Right now there are lots of government that are trying to get away from MS products so that they don't put all their information in the hands of an American Company. Also, this is one of the main selling points of OSS vs. MS. As soon as they feel people aren't paying that much attention to security, they'll back away from "cumbersome nuances" like security
I'll buy it that they really care about this stuff when they start building software over previous security-related experience, and I'm not talking patches here, I'm talking OS re-writes based on what works and doesn't security wise.
There are two kinds of people in the world: Those with good memory.
>but they really should have done so when they designed Windows.
No they shouldn't have. Can you imagine the problems with Windows 95, if they would have put tight security on it.
Inexperienced computers users would have throw their hands up in frustration(why can't i install this program!, why won't the printer install! I forgot my password) why do i have to add a new user).
Most people just want to get e-mail, surf the web, run quicken. As users starting demanding more(functionality, security, stability) they will switch to a different OS, or MS will have to improve. Which it seems they are trying.
Windows has plenty of room for improvement, but statement seems a bit of a reach.
Hey! Look on the bright side, it gives us sys admins/IT/IS/techie guys job security!! :-D
;-)
Boss: I hate to say this to you, but due to the recent economical slump.. I'm gonna have to let you go..
Worker: Boss! Boss! Something happened to all the computers! The database client isn't opening up!
Sys Admin being laid off: You were saying..
"The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
- make drastic fixes for security that by way of plugging up the gapping design flaws will break many machines that rightly used those flaws (back when they were features)
- leave the flaws in and have a sorta working and insecure machine
It is correct to say that Microsoft should have actually not designed crap. It would also be right to muse that if MS had put more into Engineering solutions instead of what was put into marketing, legal and making things break (remember the mantra from the DOS days, "DOS isn't done till Lotus doesn't run")These things are a definite reflection on the ethics and values of MS, much less their committment to consumers. However, now that is the reality so what are you going to do? Myself, I take this as either an "about time" change in strategy, or could take it that they are only concerned about quality when legal liability is involved. Personally, I just don't trust them based on there track record. However if I had to support (and admittingly I don't) Windows users who wanted security... then I would probably see about testing what breaks and why. Somethings may not be as hard to find work arounds. For example, if some internal pathway or routine is rerouted or castrated causing anything that depends on it to die... then perhaps the shared library that uses that could be rewritten and released (by MS). In cases of hard coded (to which I say, you TOO are learning a hard but necessary lesson about proper software design) pointers to things that will soon push up daisies then I suppose some emulation or redirection layer could be implemented... but still that is an ugly fix.
As someone who often has to work on MS boxes (I am typing this on one at work, sadly) or has to develop things for them (I like to refer developing for MS platforms as a thousand dollar effort for a temporary tatoo on your lungs... it hurts like hell, is very invasive, very expensive, requires a crap load of recovery time where risk of infection is massive yet is not only temporary but NO ONE will ever see it.) Optimizing software for MS platforms is kind of silly considering how the crapware they incorrectly refer to as an OS only cuts the apps throat. I say save money and just hack it together! </sarcasm>
The submitter is coming off as the very thing that no one wants (except for kiddies) and that is a poser zealot who really lashes out at others while looking over his shoulder to make sure it is making him look "cool." I thought we were slowly moving away from that crap! Michael should show a bit more maturity when reviewing then posting submissions.
Sun, IBM, Oracle and Apache started the race (after 9/11) somewhat in front of Microsoft in terms of security, didn't they? Maybe they don't really need to put people through this crap.
that got slashdotted yesterday
With that new law, companies would have to report hacks of systems. If MS fixes as many holes as they can before this new law can get swung around, the public won't find out how vunerable they are by using their OS.
The World's Worst Webcomic!
What are you, nuts? Referring to actual sources of information in your comments??? :)
I think his use of begrudgingly is mildly amusing. The word suggests envy or ill-will towards another person, in its common usage.
By contrast, I was impressed by Apple's maintenance of backwards compatibility for the longest periods. My 15 y.o. dumb little CS apps still run fine without any sense of "emulation" going on, and as they went from 16-bit to 32-bit and other advances,, for the most part the only apps that broke were the ones that flouted the programming rule set out in Apple's detailed manuals re API and such. Now they seem to be honoring this a little less (OS X obviously is a big step), but I thought that was cool. Maybe the little fish just has to be more polite.
I thought the most interesting quote from the article was near the end:
"... slides also showed the surprising results of automated crash reports from Windows users. A mere 1 percent of Windows bugs account for half of the crashes reported from the field."
... is whot bwings os tugevza tsuzay.
"During the week of Sept. 11-18, 2001, terrorist attacks and the Nimda virus changed the public's perspective on security, he said."
Another one from the article.
First, thank you for puttng this Troll on the front page Mike. Second, who are the targets of "M$ is bad". When people shit all over the Windows Desktop Operating System, are they attacking the business practices of a huge corporation, or are they attacking the developer? Really, Code is Code and there is a guy sitting at a keyboard developing. He is not a villian, he is doing his job. Sure people do not like the company he works for, but they are no where near as sinister as Enron, Andresen, Tyco, to name a few. How many layoffs has MS had in the last year? 5 years? Ten years? Sure there have been challenges with MS code, but I think we can all agree that this frequently happens when marketing writes release schedules. How many apps have you written that never needed patching? I have seen managers drive developers out of meetings for exposing ludacrious time lines.
My point is, when attacking a company, clarify who you are at odds with. MS is made of people like you just doing their job.
If we don't fight for ourselves no one will.
If Microsoft were a company with any other history for interoperability than the bad one it does have, I'd be willing to give them the benefit of the doubt. However, given the DR-DOS and WordPerfect issues, just to name two, I'd say this is just a cheap shot to
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Linus is always responsible for the next *major* release. There are *months* before it goes mainstream -- more than enough time for userland apps to adapt. If distributions don't want to accept some of Linus' changes (e.g. remember the VM wars?) they wont until they are satisfied. And if users don't want Linus' changes, they can patch it away.
What Microsoft wants is to break compatibility within *minor* releases. No doubt, their service packs also patch their own apps, so Microsoft apps would never suffer -- only 3rd party apps.
It's okay to break compatibility between major releases, especially if you publicize it months before it actually gets into the mainstream and you have a choice about rejecting it or not.
It's not okay to break compatibility within minor releases that:
* are forced on you (you can't unbundle a service pack)
* break only competitor's apps
* are released without giving you or competitors warning about their effects
Boss: Due to gross negligence, rampant incompetence and a complete lack of business sense we are losing money at an alarming rate. We believe that by reducing the people that do the work by which we all get paid and those that directly facilitate those workers should be laid off.
Laid off person: Ummm, did I hear you correctly, sir?
Boss: See, by ignoring patterns, trends and long (or even short) term business reality we have convinced ourselves that reducing those that produce the inflow of capital while we ourselves are merely draining the pool of resources we will stay afloat a bit longer. We will of course wrap this up in something along the lines of, "We plan to work the system and build business back up to hire back people... we cannot have workers who have no work to do!" But you are not supposed to observe how we foul up proposals, squander the ones we have and actively get in the way of productivity. (patterns are irellevant)
Worker: Boss, I heard that middle management has once again pissed the customer off by refusing to deliver on time and yet is over budget!
Laid off worker: Hmmm, I see your point sir... what you are doing is helping me get off this sinking ship of incompetent bridge officers
Boss: Ummm, well I suppose that... uhhhh, hmmm I have no buzz word to respond to you with that
This is the same mentality where I work. We have users still using Lotus 2.4, WordPerfect 5.1, and other crazy applications because the IS people refuse to **MAKE** the users do their own work. The users want the IS departments to migrate and test all the spreadsheets and documents for them because we have Office '97 or Office 2000 installed on the machines. Now 10 years ago when Lotus 2.4 and WordPerfect were introduced we didn't go around making macros and cell calculations for them did we? But we try to introduce new products to keep up with the times and they act stupid on us and say we are killing business because we **WON'T** migrate their stupid macros.
We can't even get the users to try and open the spreadsheets in Excel or Word. They just refuse to do it. My recommendation in the last meeting was to just turn off Lotus 2.4 and WordPerfect (apps run on server) and tell the user either to use Microsoft Excel and Word or find a new job.
My point being, Microsoft is doing exactly what should be done. You want everything to be stable and secure, well you better be ready to upgrade or patch whatever doesn't work after we do our fixes.
"Some mornings, it's just not worth chewing through the leather straps." ~ Emo Phillips
Remember the February a while back that Microsoft decided to only fix bugs that month? You'd figure that they would have decided then that the big bang theory of programming (code the program, compile & test when you're done) is not the way to go.
In the next few weeks, nothing will happen as the enterprise customers get their fixes first, then in a month or so the fixes will slowly trickle down into the end users where a small percentage of users will download them. The fixes will, of course, be un-packaged and come out every day. Then, Microsoft will realize this isn't helping capital and go back to plan A.
In the long run, we're all dead.
... they'll discontinue support for Sequel Server, to punish all those developpers that leave their database apps open to SQL injection attacks?
They have beef at McDonalds?
Will be MS Office
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Yes, Microsoft does have 95% of the server market. And Microsoft routers are the big thing now that Cisco is obsolete.
Broken Windows apps? *shock* *horror*
;-)
How is this possibly considered news?
-psy
So you figured that as you suck at getting First Post yourself, that you'd simply start replying to people who didn't get it either. I predict your IP is banned already and you're not smart enough to have a list of backup proxies. Way to troll, looser.
People are still using stuff that depends on pre-MSDOS 2.0 features? It's hard to imagine how such a machine would get on the network to be 0wn3d in the first place without some serious social engineering: "Take this program, copy it to a 320k 5.25" floppy..."
Yeah, I know what he means, and he's right, but that 20 year figure was pulled out of his .. hat.
One line blog. I hear that they're called Twitters now.
Because we all know no other OS ships with bugs, right?
If Microsoft fixes their security and some random stuff breaks as a result, no big deal, the security fixes need to be made.
However, this would be an excellent opportunity to break your competitor's products. I'm not saying that's the plan, but I seem to remember a few moves by MS to break competitor's products before.
"The last thing I want to do is deal with a bunch of people who want something."
Major Major
"Not only new versions of Windows will be patched or improved, but as I understood they also plan to force security updates for older versions of Windows down peoples throats. Even if that means that some applications will mallfunction."
Well, good. It's about time all of those broken app.s were exposed. Poor as it is, MS' code is clean as a whistle compared to many third-party Windows app.s.
The downside is there'll be a whole new class of broken-as-designed app.s I'll have to invent workarounds for. At least I've had LOTS of practice....
The story never mentions *how* they plan to force users of older systems to patch and upgrade their security. As has been the topic of many a comment, the biggest problem in security is an admin/user who doesn't patch. If they haven't been able to get people to patch in the past, how do they think they can force a win95 user to patch their box now?
The best they can hope to do as far as *forcing* upgrades is making the automatic "microsoft update" manditory and non-removable. Imagine the uproar...
Second, a reality check...you will never squash all bugs. Software is a dynamic beast, especially when it comes to operating environments. As the systems grow and functionality increases, so do the chances for bugs. It's a simple fact that the more lines of code you have, the more bugs you have. Microsoft is as able to squash all bugs in all their software as any *nix system is to fix every single bug in theirs. It just isn't going to happen...no system is perfect.
"Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows"
I particularly liked that part...as the current incarnation of the internet did NOT exist when the first versions of DOS came out. Heck, most people didn't know what a dialup was when 3.1 came out. Early MS systems were never designed to be multi-tasking, let alone multi user, and therefore never needed security...it simply wasn't thought necisary. If the computer is going to be used by one person and not connected to the net (such was the case in the early 80's), then why include extra usless security code? The same design base was used and simply extended to maintain backward compatability as time progressed. Thus MS saying that their design is fundamentaly insecure...because it didn't HAVE to be secure in the early days. After all, it's easier to expand than re-write...especially if you do want to backward compatability.
As I see it, the sins of the past are more about business practice (which is abhorent), than it is about software design. After all, they have migrated their new OS's to a fundamentaly NT based system, and have increased security and stability in the process. I'm not saying they don't have a ways to go, I'm just saying that it is better than it was.
In anycase...I'm happy with debian, so I don't care what they do for my sake. I hope that something good comes of this so that my parents can get a more stable and more secure OS...
-Frozen
I'm not always the brightest pixel in the stream
"Windows isn't designed for security."
"We'll provide security when customers start paying for it."
"All your apps are belong to us."
Of course, there's always the braying antics of the Em-Ballmer. Who told you to sit down?!?
If Jesus wants me it knows where to find me.
Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows
Well, their focus on security wasn't the same when there wasn't even a WWW, so now they're doing their best to fix their mistakes.
There's a lot you "should" do if you could predict the future. Windows worked fine and had few attacks in the 80's. Why should they spend time and effort on something that would become a problem in a decade later?
I'm sure there's a lot many operating systems should do today that might become a problem in another 10 years.
Beware: In C++, your friends can see your privates!
I was not going to comment at all about the stupidness of the poster going on about Microsoft should have fixed this from the start and all that crap only a non-programmer could say. So many others already said it so well.
Then I looked at the nick and emailaddress of the submitter: jointm1k and jointm1k@dajoint.nl, and suddenly it all became very clear to me just how you could, with a straight face, submit something like that.
Uh, that a.out binary will run fine provided you have a.out support in your kernel. a.out is a static exectuable format, so you don't even need to change any libraries. The calling conventions have not changed since 0.99, and the VFS API certainly hasn't changed (Which you'll need for that write() call that printf() needs).
So, uh, what was your point again?
Hey you! Join the Navy!
Microsoft's reputation for intentionally breaking competing applications is based on well-documented incidents where Microsoft added code specifically for this purpose.
Most recently (about two years ago) Microsoft added a "Security Update" for Outlook supposedly to protect users against viruses. It also broke a lot of applications that did things like synchronize with a PDA, at a time when Microsoft was focused on competing with Palm. The security update could easily have been designed to prevent this side effect.
Based on its ruthless history, it is entirely reasonable to expect that Microsoft will once again use its control of Windows to sabotage competitors products. It is not Microsoft-bashing to judge a company based on its past behavior. Microsoft has only itself to blame for developers' suspicion and hostility. A company that plays nice 95% of the time and plays dirty tricks 5% of the time is still going to be mistrusted *all* of the time, and rightly so.
There are *months* before it goes mainstream -- more than enough time for userland apps to adapt.
Maybe simple, small apps, but I'm sure there are companies that would NOT be able to port over large, custom software in "months." Even if they could, that would be damned expensive. I'd hate to have to choose between tanking my software or not getting the new kernel. Not an acceptable situation.
-Looking for a job as a materials chemist or multivariat
You know, I don't think it's ever been just the security problems of Windows that have made people dislike microsoft. I know there are probably a lot of people that just hate microsoft without thinking, because sometimes it's easy to hate the big player, but besides that there are issues about microsoft that go beyond the security problems. It's just their whole attitude towards users. They have no respect for people, and only want their money. of course that could be true for every corporation, but MS seems to take particular glee in taking peoples money, and I don't really like that. If an OS costs a lot, I expect it to work better than all others. Sadly this is not the case, so ... until they are not against the enduser, I will not like them.
Well first off, unix was never built for security either if I remember my history (somewhat) correctly. It's just been around way longer.
Also, achieving more than 90% market share, shady tactics and all, indicates they made the correct business decision by charging ahead and not sitting around and designing the perfectly architected OS.
Don't most of those end up languishing in research labs for decades?
Ideally the market leader would be the *best* product, but people's idea of best varies greatly depending on their needs.
True, it will suck to have things break, but if this is an honest attempt at fixing the OS, then its a good thing.
If its only a ploy to make low level changes in order to obsolete existing software and hardware, forcing upgrades and providing new pathways into the new EULA's/DRM world ( and revenue ), then its NOT a good thing.
---- Booth was a patriot ----
Okay,let's be serious for a moment, guys. There was this week when you had 10 stories from new planets being discovered that probably would lead everyone to "rethink what they know about the universe". Then you had the week of nonsense "ask slashdot" questions. Now we're getting to a point where Slashdot is ceasing to be "News for nerds" go turn into a MS bashing forum. I mean, from "News for nerds" to Linux advocacy to MS bashing, what is this turning into?
Can't you guys be scientificaly honest? These are complex subjects and it's not a question of "wanting" to design a good OS, it's a question of complexity in designing a good OS. Or are you guys just trying to look cool to your friends with that 'anty-MS' stance? Take a look ate the usage logs on Slashdot visitors' OSes. Then come back to tell me that the vast majority is at work and is forced to use Windows. I'll just laugh
I would gladly pay a disuation fee to discuss on slashdot. Wasn't there an ideia like that sometime?
Lay
Weakly typed languages will bring us armageddon
Automatic updates are a great idea. However, Microsoft has abused a great concept by changing the EULA and Windows Media Player functionality under the guise of 'updates'. I think this makes people leery about accepting updates. I'm no conspiracy theorist, but I have a XP box I'll never update because it actually does what I want it do do. Am I paranoid because I think accepting automatic updates will decrease its functionality? Trustworthy computing indeed.
Most recently (about two years ago) Microsoft added a "Security Update" for Outlook supposedly to protect users against viruses.
Supposedly?
The security update DOES do that. When you install it, it does two big things: blocks all access to executable attachments, and requires permission before an external program can gain access to your Address Book or use Outlook to send email.
Palm can still sync with Outlook, it just requires permission from the user.
This is also the default behavior in Outlook XP. (Good!)
Now if we could just get every Outlook user to install the patch or upgrade.
"And like that
So now all the people that put out software packages 8 years ago for win98 are being told their apps are collateral damage.
Now all users on win98 will be FORCED to upgrade if they did not turn off garbage auto update.
See, just like homeland security, automatic patching starts out with a clean purpose, then they change it on you.
Recall how many "tricks" were necessary to get around M$ BS. Now their going back to erase those. Yea I can see WordPerfect 7 blowing up now. But I can't see Corel having the resources to fix it.
This will basically ensure that nothing runs on old "patched" OSes.
I call this XP strategy #2.
Craig: Hi, Homer.
Homer: Hi. Who are you?
Craig: I help run a big computer company.
Homer: Oh. Hi! Do you have donuts?
Craig: Listen, I know you are a typical user and I want to share with you some very important details about your future personal computing experience.
Homer: Huh?
Craig: You have a computer. You bought it from us in 1996.
Homer: I did?
Craig: Well, your son did. He didn't buy it either.
Homer: Oh.
Craig: Anyhow, we let him keep it. We found out its insecure and in the next day or so, you will need to buy a shiny new one.
Homer: Why?
Craig: Because its insecure.
Homer: Why?
Craig: Because. So the old stuff won't work anymore.
(pause)
Craig: That's bad.
Homer: Doh!
Craig: But you have the chance to buy all new stuff. That's good.
Homer: I'm getting bored. Do you have donuts?
Craig: No. I'm off now. By the way, can you tell Mr. Burns that the software at his nuclear plant won't work on Monday, provided it isn't hijacked by terrorists after we roll out the new version?
Homer: Why did I let him in my house? How *did* he get in my house?
This space for rent.
On the other hand, if they fix the holes, people aren't vulnerable. Well, not to the same stuff, anyway. I still think that some of the holes are deliberately introduced along with other patches, so that Microsoft has a perfect excuse to unload more stuff on the unsuspecting people. Without actually analysing one of their security patches, I'd guess that the typical patch composition is one part bug fix, one part DRM (or other stuff) and one part bugs for the next round of patches to hang on.
I'm sure that when they provide the next "security release" it will be for your own good. I'm sure that it won't involve any new and more restrictive licensing options. I'm sure...
I'm sure that a vaporware press release is totally trustworthy.
Aren't you?
I think we've pushed this "anyone can grow up to be president" thing too far.
But this story reminds me of that great Chris Rock routine. (paraphrasing, and substituting the N word)
People always want credit for something they're supposed to do.
I ain't never been to jail. What do you want, a cookie?!
I take care of my kids. You're supposed to you dumb motherfucker!
So yes, while it is good that MS is doing this, I think that it is no big deal - they should do it. I am not going to praise them for it, this is what they should have done long before now. I am not going to rail on them either, because they are making some kind of effort. Assuming that they actually do what they say they are going to do. Sorry, but they have a bad track record, I am not going to believe it until I see it. Why am I skeptical? Among other things, I have seen the Win2kSP2 EULA. I wonder what the EULA on these new security patches will look like...
My beliefs do not require that you agree with them.
<rant>
Am I the only one who found it a bit inappropriate comparing September 11th's attacks to the nimda virus? OK, Nimda probably caused a few million dollars worth of wasted time, but how can they compare that to September 11th, when thousands died?
And really, are there that many people who after September 11 though much more about computer security?
</rant>
Two quick comments: 1) It's time for Microsoft to get back on the reality bus, and 2) whenever there's an argument about its devotion to principles and to freedom, all one has to do is point out that it wallows in its basest behavior. That should settle the argument pretty quickly. My general thesis is that if Microsoft wants to be taken seriously, it should counter the arguments in this letter with facts, not illogical panaceas, personal anecdotes, or insults. I'll talk a lot more about that later, but first let me finish my general thesis: We must respect each other and learn to live together in peace, so to speak. Once it becomes clear that Microsoft's janissaries have discounted their brain as a useless organ, it becomes apparent that Microsoft's machinations are not an abstract problem. They have very concrete, immediate, and unpleasant consequences. For instance, an organization that wants to get ahead should try to understand the long-range consequences of its flimflams. Microsoft has never had that faculty. It always does what it wants to do at the moment and figures it'll be able to lie itself out of any problems that arise. Microsoft wants all of us to believe that unsympathetic wimps make the best scout leaders and schoolteachers. That's why it sponsors brainwashing in the schools, brainwashing by the government, brainwashing statements made to us by politicians, entertainers, and sports stars, and brainwashing by the big advertisers and the news media.
As you can see, it has been said that one thing that Microsoft does well is paint people of different races and cultures as abysmal alien forces undermining the coherent national will. I, in turn, believe that this makes me fearful that I might someday find myself in the crosshairs of its gormless remarks. (To be honest, though, it wouldn't be the first time.) Microsoft's hypocrisy is transparent. Even the least discerning among us can see right through it. Microsoft has a staggering number of self-deceiving legatees. One way to lower their numbers, if not eradicate them entirely, is simple. We just inform them that Microsoft is willing to promote truth and justice when it's convenient. But when it threatens its creature comforts, Microsoft throws principle to the wind. It does not take much perspicacity to see that there is something patently uncompromising in the notion that space aliens are out to lay eggs in our innards or ooze their alien hell-slime all over us. And that's why I say to you: Have courage. Be honest. And do what needs to be done. That's the patriotic thing to do, and that's the right thing to do.
It is true that hindsight is 20/20 and noone ever codes software such that it works exactly perfectly the first time out. HOWEVER, it can also be said that Microsoft had a habit of pushing whatever out the door, regardless of known bugs, poor security, or otherwise (Windows ME comes to mind). That they are now requiring the customers to pay for upgrades and such should be a message to the customer as to the type of software supplier they're dealing with -- a fly-by-nighter clothed in its own weight and self-importance.
The good is that Microsoft is finally going to fix their problems. It's about damn time. The bad is that Microsoft is spinning this thing as if they weren't greatly responsible for the mess they are about to inflict. IMHO, and it is only that, if Microsoft spent more time and resources on testing their crap in the first place instead of pushing it out the door then perhaps so MANY holes wouldn't need to be patched now. There will always be bugs and security flaws but Microsoft as made releasing filth and spinning it as if it were a good thing an art form in itself.
As always, this is just my opinion. Your milage may vary.
I am glad to see that a significant number of posts reflect my opinion when I first read the topic. Microsoft is what it is, a corporation founded on the basis of making money. No one is forcing them to supply security patches for Windows98...they could say it is now obsolete and no longer support it at all. The products it is supporting through these security offerings are up to four years old, which is a lot longer than their originally intended life span, I'm sure. That's in addition to the fact that they are attempting to provide security services like this at no monetary cost to the consumer. Do you think GM would upgrade the radio in a '98 Cavalier to XM for free? It's all a matter of perspective, but I'm happy to see that MS is still providing services like this for their older OS's. Dave (I dual boot)
What ive come to see.. is that a lot of ppl here.. dont hate M$.. they dont Love M$.. there just neutral.. there just end users who use something.
And it seems to me that a very large group of people are fed up with bashkiddies who just post shit saying how much M$ sucks (I.there.H.O.) so why is it the editors havent heard the voice of the people? enough with the MS bashing Editors.. give it a rest.. your no longer the underdog.. your a bunch of whining children.
If you make it usable they will come
The More Knowledge you have the Luckier you Get- J.R. Ewing
This'll be great if they don't charge for ServicePack SecurityPatch 101. Sure I believe that! ;p -- i.e., I bet this is gonna cost somebody big time. BAHA!...Hey, wait, that somebody will probably be ME! (and you and you and you...)
should work on atleast 2.x.
From what i've heard (and i've experianced) most of the kernal brekages are poorly planned, i.e. If your going to break things, break quite a lot of things at once and get the design good enough that your not going to have to break them again for quite some time.
Breaking modules once or twice ok, but if you break them more often you should really re-design the interface layers to allow for better backwards compatibility. (I think this is being done in 2.5 and about time!)
thank God the internet isn't a human right.
Yea I can see WordPerfect 7 blowing up now. But I can't see Corel having the resources to fix it.
Then maybe Corel will profit when folks start upgrading to Corel 8, or 9. Corel doesn't make any money supporting old versions. The industry can't always wait around supporting really old software. I mean come on, I had version 8 five years ago! Most companies and people like to upgrade their computers at least every five years (and especially over the 1999-2001 tech boom, there's no excuse to still be running computers made so long ago).
$8.95/mo web hosting
for them, but they wouldn't listen. My boss has no love on any OS, but he just hate it when MS sales call him from time to time "Windows XX is about to be desupported on XXYY, would you like us to perform a system audit for your company, for free?"
We're pretty sure we don't want to run mission critical systems on anything that has only 3 years maintenance period.
There is a difference between writing a security patch that happens to break an application, and a security patch that is designed to break an application.
A security patch on any OS could potentially cause problems with software that runs on it. However, it wouldn't put it past me for Microsoft to purposefully make sure that competing products are broken.
At best case, MS isn't going to purposefully break anything. This is a legitimate attempt to fix security.
At worst case, this might Microsoft's first step in "testing" the strength of the court to see if they'll notice/tolerate them purposefully breaking applications and then claiming they can't release the fixes to the application maker because it is part of Windows "security."
"You spoony bard!" -Tellah
So, <paranoid disclaimer>whatever Microsoft is implying when they say that they will break applications</paraoind disclaimer>, it is always "Give me convenience or give me security" (Kudos to these fine guys), otherwise we wouldn't use passwords, encrypted authentication and other inconvenient stuff etc. "Why not just skip all these logins? They make my brain hurt from all the stuff I need to remember..."
So again, either you demand more knowledge, responsibility and work from the user, or you leave all the necessary security decisions to the software... There is a lot of reason for criticizing Microsoft in many ways, but I think its quite unrealistic to ask for ultimately convenient, ultimately secure software simultaneously... Consequently, either bash them for being insecure or for giving up convenience, please don't do both at the same time, because that doesn't seem to make much Sense(TM) to me... .)
the more user-friendly Linux appears to Joe Luser.
Sorry, with this latest update most of your applications will not work. Security is #1, you know. But IE still works. MS Office too; at $400 it's a steal! Yours, MS
This is not the greatest sig in the world, no. This is just a tribute.
"they also plan to force security updates for older versions of Windows down peoples throats"
I wonder if they are going to use their own security holes and bugs to do this
windows now protects its users from suicide bombers.
of course, in the Open Source world, we can recompile Hello World or other programs using standard API's, but alas not my Micsoft Visual Studio 5.0 Professional (academic edition) which doesn't want to work on Windows 98 or later
When an OS emerges that is designed for security, which can provide assurances that every line of code and fix has been security analyzed by multiple security knowledgable people with the power to reject the code and force it to conform to the security architecture, when it is distributed in a secure manner, when you can test it as installed to assure yourself that the designed-in protections are working....
When outside experts alanyze the code and docs and architecture and torture test it and penetration test it.
Then you'll have a high assurance platform.
But you'll still have functionality and even security errors but at least you'll be on the right track.
Oh, by the way, the total market for such an operating system has historically been limited to 2000 total installed units. Market entry cost is $10M and you get no return on your investment for 5 years.
It's hard to trust Microsoft. They've made it their business to be duplicitous. Whether they are honestly concerned about security for its own sake or as a new tool for furthering their goals of profit and dominance, its not easy to look at them and not keep into the shadows and see if anyone is sneaking up to blackjack you in the back of the head.
All this talk of breaking apps and seemingly shoving things at people is justifiably worrying to many.
And now that the real wolf has come, its hard to decide if Microsoft is really pointing it out or if they're trying to fool us all again. This is what they have sewn and so they reap it now. Many distrust them and will continue to mistrust them until they show that they are trustworthy once more.
This is their chance to show everyone that they can be, if not perfect, a moderately upstanding company rather than a domineering bully. I'll be watching them. And I'm sure many more will be as well to see if they can woo back the skeptical.
Kalen D'arrie
if os="Win31" or os="Win95" or os="Win98" then
delete *.dll
delete *.exe
print "Purchase Windows XP for the very best in security!"
print
print "I LOVE YOU MELISSA!"
endif
"We didn't just fall off the turnip truck a year ago and realize we needed to do this," he said. "We started thinking about this three years ago."
Oh, so they fell of the Turnip truck three years ago...
This post cannot be rebroadcast without the express written constent of Major League Baseball.
a fact I am a .Net developer
Fucker
When the revolution comes, you will be the first up against the wall. Fucking pansy ass sell out.
He never mentioned any conspiracies or even Linux; YOU'RE the one that brought that up.
Great way for ms to break thier competing apps without any new visits to the justice department.
Let me guess the first app that will "break".
Apache ?
All competing media players ?
Every non ms browser ?
This seems to me like ms is gonna gave a free ticket to break anything they want to.
Granted, I'm not a user of Linux and most of my computing is done on the Windows platforms but I have to ask what of end-user responsibility when it comes to computer security? I realize there are (and will always be) security issues that end users simply aren't aware of until they're exploited but given the software/application development cycle, the overall complexity of our modern-day computing systems, and the propensity of some to do little but find these security holes, I feel that developers do a fairly decent job in addressing them. Of course they *should* never be there in the first place but it's unreasonable and irrational to expect that with millions of lines of code and hundreds of developers (if not more), human error and simple oversight will be a factor in any application. Windows bashing is entertaining and a good way to get a crowd stirred up but in reality, aren't we in some way responsibile here as well? How many uninformed and ill-prepared users are there out there that don't so much as use anti-virus software? or free and easy-to-use firewall protection? or apply the latest service packs, patches, and updates? After all, would we blame Ford or Chrysler if we left the doors to our car unlocked and were robbed? Of course not. Or maybe we would ;>
Wasn't "Micro-Soft Cock" Gate's nickname in college?
Our company admins computer networks for scores of companies, school districts and government agencies; often as a backstop for an on-staff semi-technical person who handles the day-to-day stuff (adding users, etc.). We've always thought that our job was to support them so that their computers make they're more efficient and their work more productive. If someone is competent at WP5.1 and Lotus 2.4 and the applications run fine and the data is safe, why force them to change? Just to make the IT job easier?
We'd love to move people to Linux and OpenOffice but we face the same issues: people don't want to change and they don't want to lose their macros. So we support them and the applications and utilities *they* choose.
We learn Oracle for those who use Oracle, and we learn MSSQL for those who use that. We support NT file server, Linux file servers and MAC OS-X file servers depending on which systems the clients and their workers want. We have clients that use Corel Office. We have clients that use MS Office. We even have clients that use DOS workstations and Novell 3.1 to access data running on DB-4!
We think that a focus on the user is better than a focus on the technology. Sometimes users are forced to upgrade to a newer OS (often because of changes in some core application and reduction in support for the older versions... many of which worked just fine) but we never demand that our customers change unless it's for *their* good, not ours.
No one ever had to evacuate a city because the solar panels broke!
Coward :)
Ah.. a picture is worth a thousand words...
Example: See latest EULA changes introduced in service pack which is (or was) supposed to plug security holes.
So to add some speculations: This other stuff will be things which will be good for Microsoft, not users (or good also to users, as side-effect). Like DRM, auto-updates, spyware, slow-this-machine-down-on-demand-so-this-luser-buy s-new-machine(TM), etc. :)
hany
I'm all for security updates as long as they don't force Digital Restrictions Management or their usual abusive EULAs upon those who install the updates. I want my windows box to be secure, but not at the cost of limiting what I can use it for and what control M$ would gain over my system.
Yes, a very good point. Why didn't Microsoft make everything perfect when they designed Windows? Why don't everyone only make perfect software?
Get a grip. I think that it is a very good thing that Microsoft now wants to take more responsibility for the product they sell. Just as a car manufacturer should call in cars if they find a problem with them. Of course there are problems when developing software on the scale that Microsoft does, just look at any project that large and involving that many people and you will see that it is hard.
And yes, windows doesn't have the best design, and no they won't change it because for the majority of their users that would be a bad thing, old software would stop working etc. This is not a free OS given away that you don't have to take any responsibilites with and that you can gladly fuck up things for anyone as much as you want.
Be on M$ back when they do something stupid, but not when they do something nice. Be consistent please.
That's a bit of a sick attitude. Why should I have to re-buy something every five years? Shouldn't something I buy continue to work, as long as it doesn't wear out from use? Companies like Microsoft design in obsolescence, because they know it will sell more software, when they fix bugs, add new features, etc. This is part of the inherent conflict of interest in commercial software.
...we belong to all your X!
Someday Linux heads will get off their high horse and realize it's all just software. Last time I checked, the Msft Windows OS was far more complex than Linux. More complex, more room for problems. Msft was originally built on a very young and weak platform, DOS. Linux is based off of Unix, which has been collecting dust for now for how many years?
Linux vs Msft... It's that same shit as kids wearing their pants down their ass to be different. It's all a bunch of crap. Use what works for you. Stop comparing the two. Quit your bitch'n.
I'm off my box now.
Upgrades which leave the past behind are absolutely necessary, else the world will constantly build up cruft of backwards compatible systems that become less and less relevant. A prime example of this is Photoshop vs the Gimp.
I don't know anyone who hasn't been told by 'professionals' that the gimp doesn't cut it because it doesn't support CMYK - apparently 'required' by professional printers.
If these so called professionals would break free from hundred year old printing processes and realise the CMYK model is holding them back as most of their systems are digital and much better at handling RGB anyway, then I think the world would be a better place for designers and coders alike.
Microsoft has to break free from continous support of ancient apps if it's going to allow them to better support security. I trust they can do it eventually, and create secure systems, may as well make it as easy as possible on them.
Better for all of us
Microsoft truly is one of those companies which is damned if it does, damned if it doesn't...How many times have we heard the same vociferous group of people decry the "security holes" in Windows and curse Microsoft to the nether regions for being lax in their estimation? [Note: by far the majority of "security holes" are found by individuals and universities who are paid by Microsoft to find them, and they are often of such an obscure nature, requiring such an obscure chain of events to manifest, that it's no surprise few if any of them have ever been exploited by the elusive "hacker" in our midst.]
Yet, the same group now decries Microsoft's efforts to take those very steps by saying: "Hey, Microsoft, we want security and all of that--but hey--not if it breaks our older applications--we don't want it *that* bad!"
Jeeps. What a crock. Like one person earlier said, 99% of the security equation revolves around end users and the skill of system administrators. But isn't it just like the common public to want to keep its cake and eat it, too? Sure, it is.
JUST LIke the LOONIX was designed A+perfecto from the getstarttime.
"We didn't just fall off the turnip truck a year ago and realize we needed to do this," he said. "We started thinking about this three years ago. (Craig Mundie, Microsoft about Trustworthy Computing.)
Wow, that's "innovation" for you. Microsoft was the first company to have starting thinking about security a full, incredible, astonishing THREE years ago. Wow! Takes my breath away! This is definately the company I want to trust with my data.
If Microsoft went out of business tomorrow, Slashdot would go out of business the next day. Let's see... Slashdot's most wanted list:
1) Microsoft
2) RIAA
3) Anyone who wants to make money (except Slashdot, of course)
4) National Security Agency
5) FBI
Wow, that's a lot of numbers you just pulled out of your butt. Maybe now that the blockage is removed you can have a normal bowel movement.
No OS ships without bugs. We are not talking bugs. We are talking about 'insecure by design' microsoft programs. Programs that, by design, run and accept 3rd party scripts, just because some customers love the feature. Features over form. NOT bugs.
Of course they won't write code perfectly.
Nobody's asking them to write code perfectly.
People ARE asking them to write NEW code to the current environment. MS continues to simply slap functionality on top of the NT code base. (2000 and XP are still built on top of the initial NT code base.)
Microsoft knows that they have some serious security problems in their code. MS SVP Brian Valentine has admitted that Windows wasn't designed with security in mind.
Fine. We'll accept all that.
The thing is for us to accept that MS is serious about security they're going to have to throw out Windows and start again from the ground up. (Just look at Apple and the OS X line.) You can even code in backwards compatibility, just sandbox it.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
More like protecting a snarling pack of wolves with a duck.
If MS does this on the grand scale is this going to mean another minor boom in IT jobs. I mean it sounds to me like they are going to be creating a new Y2K level issue. Will there be thousands of apps that need repairing now?
1st... Obvious, you're an American. Last time I checked there's some other green and brown stains on World map. There's even two blueish.
2nd... You in America don't have beef, that's plastic you're eating.
3rd... Most Americans want to surf the web, download... OK, keep, Windows there then. I agree.
"We didn't just fall off the turnip truck a year ago and realize we needed to do this," he said. "We started thinking about this three years ago.
the last line should be read "We Fell off the turnip truck three years ago and just decided to implement security." he later addded "no not secure for the user secure for our monopoly."
It's not that people are compelled to upgrade to keep their existing system and apps working, but that in the space of five years people find that they use their PCs for more and different things, and find that they need to upgrade in order to do these news things.
Case in point - five years ago, I didn't do any 2D or 3D graphics in my spare time. Now I'm into both, and I'll be shopping for new hardware for my PC so that I can render faster.
As for the charge of planned obsolescence, you are assuming that MS are omniscient, something that is patently untrue. From missed deadlines (Windows 1.0, Windows 2000, 'Longhorn') to supposedly nifty stuff that bombed (BOB, Clippy, Hailstorm) to backing the wrong horse (MSN vs Internet), they've shown themselves to be only too human.
-MT.
Apparently, Windows itself is a legacy application.
Religion is the opium of the people. Evolution is the opium of scientists.
> What OS didn't need security fixes after it was released.
...
I can't resist:
CPM, Multics, MVS, System-40,
(i.e. any OS that died before the Internet)
n/t
Everyone out there is arguing the poin that 'MS designed windows badly'. They didn't. In fact, they didn't design it at all. Design implies a high level organization that is beyond lacking in the MS development process. If you look at any of thier initiatives, be it the next version of windows, or something more nebulous like .NET, there is no design. Someone comes up with an idea, and 50 teams go to work. Each team makes a bullet point on a list, and then it is all hastily put together in a big wrapper.
This may be fast, may work well for some things, but slapping features into a GUI is not design. To compound the problem V2 of the project will take the same code base and slap 20 more checkbox items onto it. Again, not design. Infact, it probably gets away from what little design there was in the beginning
Overall, the arguement should not be 'was it designed right', but 'was it designed', and the answer to that is no.
-Charlie
Y'know, in the MS/RIAA/MPAA/etc. newspeak, the word "security" can mean many different things.
One of the things it means, especially in the Palladium/DRM context, is "security for our software to run and do whatever it wants without you, stupid user, being able to do anything about it". The whole idea of Palladium/"secure computing" is trying to secure my computer against me.
Now, if you think about "security" this way, Mundy's promise to break old apps in the name of security starts to look fairly omnious...
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
ugh
I can't wait until Linux is the mainstream for desktop computing. Then we can slam them!
Anyone that has designed software knows that it is a process. A process that has to be revisited again and again. Microsoft is one of the key companies that have gotten us this far in computing. They deserve intelligent criticism.
"Even if that means that some applications will mallfunction. Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows"
./ crowd now is it?
nothing MS does is good rnough for
The war with islam is a war on the beast
The war on terror is a war for peace
Cool.
I've always wanted my Window$ apps to work while I was shopping at the mall...
t_t_b
I'm on PJ's "enemies" list! Are you?
That's not the case we're talking about here. Also, people are compelled to upgrade to keep their existing system working, because of bugs and security. Some of this is unavoidable, but...
Not at all. MS certainly has the resources to make a product that is more reliable, more secure, and nearly bug-free. They make a choice not to do so, and admit that this is the case, because a product fitting the above description would impede sales of future "upgrades." The fact that MS dominates the market makes it easier for them to get away with this.
Microsoft is so worried about geting those security updates installed, the Critical Update Notification checks the net for updates every 5 minutes.
Am I the only one who thinks that might be unnecessary?
That's all fine and dandy if you're into that sort of thing, but I know people who still use an old 486 or low end Pentium to do nothing more than e-mail, web browsing, office applications, and the odd simple game or two. In short, the system they have does just fine for everything they ever need to do. Face it, not everybody needs a system capable of doing 3D programming, running a CAD program, or playing the latest high-end game.
Why then should Billy and his thugs be able to just come in and render everything useless? This, to me, is just another M$ ploy to create an artificial market so sales of their software, and therefore any needed hardware to run it, is increased by force. This isn't just "changing a standard", this approaches intrusive!
Is there any doubt that Mozilla and OOo will be among the apps that "just happen" to be broken?
They're totally fucking Offtopic. MODS ON CRACK!
You haven't checked out the cost of Microsoft licensing lately, have you?
"Software Assurance" is making a lot of people pretty upset. As is the per seat cost of programs like Windows servers, Exchange and Outlook.
D
Accually, in a lot of cases all M$ needs to do is flip a bunch of the defaults to the more secure setting and a whole bunch of applications won't install or run properly. I run as a non administrative user in 2000, and I'm always hitting applications that want to modify a HKEY_LOCAL_MACHINE registry entry or some system specific file. Its completly uncalled for 99% of the time. Why does a cheezy 3rd party email client need to change the global settings, instead of my local user prefrences. Its like web pages, change your security settings to a little more restrictive and suddenly some cheezy web page refuses to work instead of running in a degraded mode.
I just checked my posting history and I have no idea what you are talking about.
Im glad to hear that microsoft are actualy trying to plug security holes however i dont like the idea of them being forced onto people if i have an app and i know the newest patch will break it and i wanna keep my app then i should be able to chose to have a slightly less secure OS in favor of keeping my app
Microsoft: We're releasing this, but you'll probably find bugs.
Slashdot: Damn them and their bugs!!!
Microsoft: Okay, we've created the patches, but you may lose a little functionality.
Slashdot: Damn the patches!!! Admins can fix this themselves!!!
Anybody see something wrong with this picture?
Microsoft may prohibit self-modifying code and code on the stack. You don't get any performance gain with either technique any more, since processors went superscalar.
And maybe Microsoft will delete the 16-bit compatibilty engine. It's time. In NT 3.5x, the 16-bit engine was optional, the system ran fine without it, and it should have stayed that way.
Microsoft will probably do something to break Word 97, and blame it on "security". They need the revenue. But there's a problem:
Plugging those holes, he said, would require not just rolling out new versions of Windows, but forcing security fixes onto users of older Windows versions, which he claimed was 30 to 40 times larger than the installed base of current versions.
XP sales must be lower than Microsoft admits. Microsoft has to make sure that their pressure forces people to upgrade to XP, rather than locking people into the legacy OS. Expect something on the server side that makes Internet usage difficult for legacy users.
Bitch and moan all you want about MS breaking apps with each upgrade.
Apple does that too.
Anyone running Jaguar yet?
Even 10.1 broke some things.
7.5 to 8.0 broke a whole buttload of things, IIRC.
And the worst transition was to 9.0. I remember that almost every single shareware app I had broke for 9. I stuck with 8.6 for 2 years because of that.
That's why it's so profitable to be a Mac developer. Your users have to upgrade every 12 months because the OS breaks it.
And no, I'm not talking about the Classic->X upgrade, that's a whole different enchilada. Doesn't count in my book.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
dancing mouse trailers and other garbage
Well, where else are the dancing mice going to rest between shots?
Seriously, were it any other company, I'd applaud their actions. But this is Micro$oft, people. I'm starting to think that poor security in Windows was by design, not due to lack of effort. Look at it this way, to quote Mundie, he states:
"We'll continue to make progress in the security area. New versions of many products will come out," he said.
Emphasis mine of course. I think there's another message in there, though. It seems to me that they're really saying this:
"Since many of our products have security vulnerabilities, we're going to re-release all of them, branded as 'Secure' and you, the consumer, will buy them because we're Microsoft, and you don't have a choice."
Well sure, they have a choice, but honestly, most companies are so tied into Microsoft, that they really don't. Now will they switch, just keep shelling out gobs of dough for the latest and, greatest (?) Microsoft products.
I wouldn't put it past them, that's for sure.
- Mike
Grrrrr... That's pretty frustrating.
One day, they tell you that they won't release more patches for Office 95 or 97 because they've been desupported. The next day, they tell you that they'll release security fixes (probably not other bug fixes?) because it's in they're corporate interest.
Microsoft's interests and my interests as a consumer are pretty far apart. Maybe someday, they'll figure that out. Bayesian spam filters in Mozilla 1.3 and popup disabling in today's Mozilla are what I want, not enhanced spammability. Until Microsoft builds software that suits my needs, I'll stick with OpenOffice and Mozilla for home use.
were they willing or did they feel as though they 'had no choice'? after microsmurf killed other os's at an alarming rate in the early/mid nineties (NOT by making better products, but by marketing F.U.D.- ask caldera, os/2, beos, etc.) the users were left feeling that m$ was the best, because the others had 'gone away'......so if a woman believes she is stranded on an island with native pygmies, waits 5 years, marries one, then goes to the other side of the island and finds normal sized people (sic)- did she really marry a pygmy willingly? well, yeah, BUT, did she really have a choice? not in her mind. microsmurf is the pygmy, and the users are stranded, they just don't realize it yet, cause the island is so crowded, people are falling off the edges, and eaten by the sharks before they can warn anyone else.
oh yeah, here comes the 'battleship macintosh', which can only carry 15% of the island population off at a time.
Microsoft SUCKERS.
I been told I do type with a Southern accent.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
The trade rags may be sycophantic pole-smokers, but I'd like to think the Slashdot population is more fair than that. We have been kicking Microsoft square in the nuts about their lack of security for years now, so does it make sense to flipflop and start kicking them for taking security seriously?
Now if the article was more like "Microsoft breaks apps to implement security, offers expensive upgrades" then we could continue kicking M$'s family jewels guilt-free.
Oracle. I cannot get it to install on newer systems without installing lots of backwards compatibility stuff.
I'm still deciding who fucked up: Oracle for using a semi-private function, or the glibc people for changing it to _really_ private...
If we waited for all security holes to be discovered and patched nothing would ever get released.
The question is how long should a particular developer be forced to "test" their software before release. The end answer of course is there is no definite amount of time.
It developers could catch all the holes before RTM they would, the reality is that until sw hits the public there just is no way to catch everything.
Ever feel like you are driving the getaway car?
Why then should Billy and his thugs be able to just come in and render everything useless?
Why should they let these vulnerabilities, some of which can be used for massive digital attacks, continue to exist in a product with their name on it? And it's not going to "render everything useless," Mr. Hyperbole.
When you have your computer connected to the internet, it is your responsibility to make sure you don't do any damage with it - intentional or not. Too many people have ignored that moral/social obligation.
Think of it as a Digital Emissions Inspection. If your old car can't pass modern emissions regulations, but you want to still drive it, you'll need to replace some old parts with new parts, and those repairs aren't guaranteed to be cheap.
What if people had a wireless phone that, due to age and poor initial programming, started jamming all other wireless signals within 500 feet. Is it fair to let these phones continue operating, just cause they were able to many years ago? Of course not. The FCC or some agency would recall/outlaw these phones. Well, computers are approaching that level of potential for damage, in that compromised systems can easily be used for massive DoS attacks that can seriously disrupt large networks. Software developers and users have a responsibility to do their best to make sure this does not happen.
Everyone complains about the security problems in Windows, and have derided them for it for years. So when Microsoft trys to own up and fix the problems, 3rd party application developers should do their part and follow suit.
$8.95/mo web hosting
Lets see now - seems like this would lead to a higher TOC.
;-)
Aren't they trying to show that their TOC is lower that Open Source TOC.
I have not applied certain upgrades to WinXP because they don't install unless you agree to a new EULA.
I guess that this means I MUST agree to the new license or stop using MS. Not a problem!
In other news...
I wonder where in my current license they say they can REQUIRE me to upgrade?
Not a problem, but I want my pound of flesh. I don't believe that I should need to give M$ consideration (in the form of a new EULA) in exchange for an upgrade any more than I give Ford consideration for a recall on my car without changing the terms of the service contract which came with the purchase.
The funny thing is that the one honest moderation, in my humble opinion, of my original post would be "off-topic," yet it didn't receive a single one. It isn't a troll because I genuinely think what I'm saying is right. It isn't flamebait (although some of my responses to some of the responses pretty much are): I'm honestly surprised that anyone would bother to respond to it at all. Ah, my legacy. And I must say, I think Insightful is stretching a point, honestly. Of course, fuck of a lot of good your anonymous mod this down comment is going to do. Ironically, with the various ups and downs it ended up with the exact same score it started with. Your comment's title should have been "LET'S ROLL: MOD PARENT AND ALL SIBLINGS DOWN"
It Is the Nature of Information to Transgress Artificial Boundaries
Of course, they're just than paranoid than us.
M$ will have to walk a rather narrow tightrope with this. Sure, it's their OS, and they have the right to change it even without such a grandiose announcement. They've dithered around with SMB for years, trying to break SAMBA without simultaneously cutting off all their own legacy clients. The latter consideration hasn't allowed them to make any changes so massive or obscure that the SAMBA development team hasn't been able to keep up.
If the do something that, for instance, breaks Quickbooks or a bunch of Adobe's stuff on XP, they will face legal issues which they probably don't want to revisit for a while. If they make it so all the little guys have no choice but to replace not only the OS but Office and all their other MS apps, and probably junk most of their hardware because it doesn't have the horsepower, those folks will most likely choose to stick with what they have, install a firewall, and maybe switch from Outlook to Eudora.
It's also possible--but I'm not holding my breath--that with Fritz hollings' wings clipped after the election, we may see a longer delay before we're saddled with a Federal mandate for DRM on anything that lights up.
Everyone seems intend on trashing MS for what I feel is a good move on their part. I'm curious though. Exactly what apps would break. I mean it would be suicide for MS if an app such as Photoshop stopped working. I feel that if apps break it will not be something released by a major software vendor. More likely your Bonzai Buddy or some other piece of crap will cease to function. We all know what a shame that would be.
That's all fine and dandy if you're into that sort of thing, but I know people who still use an old 486 or low end Pentium to do nothing more than e-mail, web browsing, office applications, and the odd simple game or two. In short, the system they have does just fine for everything they ever need to do. Face it, not everybody needs a system capable of doing 3D programming, running a CAD program, or playing the latest high-end game.
I wasn't suggesting that this should be the case for all and sundry - we have plenty of PC at work running Windows 98 and Office 97, and the only upgrading we do at the moment is to replace PCs as they succumb to the ravages of old age (don't worry, we backup all data just in case).
We also reassign PCs to other tasks when they are no longer able to keep up with the workload being assigned to them. The PCs we currently use for graphic design work will probably become Office PCs when they are replaced, for instance.
We have no real need for Office 2000, let alone Office XP. And given that we'd need to move to Windows 2000 systems just to be certain that Office would be stable, we're not rushing.
-MT.
Recall that long ago, Microsoft wanted to move away from 16bit code by going to Windows9X and also with NT, they wanted to grow in the server and professional side. Ultimately, they hoped to merge their products and so far, I don't feel they've been all that successful.
The biggest problem with NT is that it attempted to maintain compatibility with older stuff. It was important at that time they do it like this. (Personally, I think they should have thrown compatibility to the wind long ago to focus on stability and security... it's a SERVER after all, not a game machine or a workstation... make a separate workstation product with compatibility modules... but that's history now anyway...)
Now, with intense focus on security, they are proving themselves as serious players in sacrificing "performance and compatibility" by closing serious holes even at the expense of current software compatibility. I say BRAVO Microsoft for making such a bold and courageous move. Only a company with monopoly force can really afford to pull that move off and if you ask me, it's a decision late in coming.
Many people have me labelled as anti-microsoft and a Linux pusher but actually I'm not. While I agree with most of the anti-microsoft commentary and just about all of the pro-linux and open source stuff, I'm not religious about it. If I like it or see value in it, I'll use it. It's that simple. I appreciate what I interpret as a mature direction Microsoft is about to undertake.
I think it's a bit unfair for jointm1k to tack on the bit about "shoulda done it before they designed Windows..." In an industry that changes as often with technology as it does with "fashion" (consider shifts to and from client-server) It's tough for any company to keep up with current times let alone predict the future of computing 10 years down the road... even a company that, at times, sets the standards of industrial computing.
Microsoft has lost a lot of respect in the industry -- not only in the eyes of IT professionals, but also in the eyes of blue/grey-suited business people. I think it's important for Microsoft's future to do that. I'm also a little afraid of what would happen to computing in general if there were a mass shift away from Microsoft. I wish it were, but I don't think Linux based business solutions are ready for prime-time. (* brace for impact! *)
Long live Linux and all it stands for. Peace out.
Perhaps it's been posted before, but has anyone noticed the rather obvious irony in the choice of code name?
The Palladium was a statue of Athena that protected Troy from invasion. Ulysses and Diomedes stole the statue right from under Troy's nose.
How, you ask? With a trojan horse!
-Ryan
Under Capitalism people exploit other people.
Under Communism it's just the opposite.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
they need to stay incompatible.
All through the years, they had gnarly cruft in their API's for backward compatability and to maintain incompatability with competitors.
Now that they have sold us a bill (hic) of goods for a while, they now want to do a 180 and sell the "fixed" OS to us again with all new "fixed" Apps. Those people who don't upgrade? They aren't Microsoft customers. They are not playing MS's game of constant upgrade cycles. They must be made to pay and dearly.
Also, wine, with it's emulation of the cruft, is becoming very usable now and high profile. Time to break it!
No doubt that finally "fixing" things is the Right Thing(tm) to do but... I don't for one minute believe they are doing it for the Right Reason(tm).
Codifex Maximus ~ In search of... a shorter sig.
Just Windows95? I know people who are still using Windows3.1, just MS-DOS, CP/M, Apple ProDOS, and Apple's DOS 3.3! Heck, I have more emulators of old OSs than there are real computers being made for them! (Don't forget the kid here on /. who had 32 OSs? [if I remember correctly]).
Someone put a black hole in my pocket and now I'm broke.
Amen to that.
It was co-developed with IBM from the MS-NET project back in 1984. The actual protocol specification I have on my bookshelf is labeled "Microsoft Networks/OpenNET FILE SHARING PROTOCOL" INTEL Part Number 138446 Version 1.9 dated April 21, 1987, authored by Microsoft Corporation and Intel Corporation.
The IBM DOS 4 or the Microsoft DOS 4? There were two, you know. One was a 100% IBM product (PCDOS 4.0), one was a MS product (MS-DOS 4.0 and 4.1). The MS product was only ever sold by two OEMs.
where I work, the politics is thick enough to choke on and while some are pampared golden boys (who obviously know little about complex systems, or even how to program in general) there are those that do their job but never receive credit. These people in my opinion are foolish to stick around but still the situation ends up with them being told "We won't reward you simply doing your job" yet that is an inconsistent approach to which those that will and can not do their job are given daily rewards simply because they are breathing.
First off. There WERE 5 releases of OS/2, none if which was successful: OS/2 1.0: Console only version. OS/2 1.1: Added a GUI called Presentation Manager OS/2 1.2: Added installable filesystem support OS/2 1.3: IBM redesigned the scheduler and the memory manager and released it as their own version OS/2 1.3 (MS Version): Added support for SCSI drives OS/2 2.0: Shipped after the MS/IBM divorce, 32 bit version of OS/2, also known as Warp. Windows NT was originally called NT OS/2, and was intended to be OS/2 4.0. It was a complete bottom up rewrite of the operating system, the ONLY thing that came from OS/2 was the command interpreter. Win32 wasn't intended to be compatible with OS/2, it was intended to ease porting apps from Win16 to Win32. Since the OS went from a 16 bit OS to a 32 bit OS, there was never any intention of running 16 bit apps natively, they ran under a 16 bit emulation layer (called WoW, for Windows on Windows). Win9x was always supposed to be released, but Win9x was based on the DOS codebase, which was designed from 1982-1987. Security was an irrelevance in those days. That's why it has crappy security - absolutely nobody cared about security back then, except on big-iron machines, and Windows wasn't a big iron type of product. Heck, the internet barely existed back then, and the web certainly didn't. LanMan was ALWAY a Microsoft product, it was NEVER an IBM product (IBM licensed it and sold it, but it wasn't an IBM product - they did NONE of the development on it). NTLM describes the enhancements to the Lan Manager product for Windows NT, it wasn't "renamed". The version numbers of Windows are irrelevant. Windows NT 1.0 shipped as version 3.1 to relate it to Windows 3.1. The version numbers mean NOTHING. If you want to get technical, they are: Windows 1.0, 2.0, 3.0, 3.1, 3.11, WfW, NT 3.1, NT 3.5, NT 3.51, NT4, Win2K, WinXP.
Microsoft can't force upgrades down people's throats. A majority of pc users out there are probably still using windows 98, if that. Criticizing Microsoft for providing security updates for old windows versions, much less supporting them at all, is stupid.
Nobody's writing bugs for win95 anymore. That stopped in well...95 ;)
As for viruses. Most hackers have upgraded to XP anyway.
WOW what forward thinkers! No wonder they are so innovative! Even in the dark ages back in 1999 (that was back in the 20th centry... old days... back before folks were computer literate) they were thinking how computers in the 21st century would have to be secure!!!
-- Many men would appreciate a woman's mind more if they could fondle it
Now they're threatening all their competitors with Y2K-level possibilities. I wonder how "Microsoft actions" are mentioned in software company investment risk statements.
Sorry, I am truly not MS bashing. I am instead just reading everything so I can actually see what this really means.
Here it is in a nutshell
PALLADIUM
Or perhaps you all should install or allow Windoze to install any of these new "security upgrades" and read the license agreement that tells you their DRM is being installed as well, and grants them access to your system.
C'mon people! It was on /. where this first became big news! It was here that the forced DRM install in Media Player was discussed. It was here that people pointed out the newest service packs came with the preliminary DRM's and granted MS the right to install all of DRM and use it at their discretion.
As in 21 years, MS has not lived up to their security obligations no matter how many times (like this new "initiative" is the first), and they clearly state in their docs, readmes or/and license that DRM is being installed... do you really have any doubts who the security "fixes" are for?
Rob
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
Any changes which stop an interference are acceptable because it's a basic part of the system design. Apps have to work within the system's design. Usually there is only one app affected because well-behaved programs avoid banging against all the walls of their cage. (Indeed, Unix changes which will affect several apps...or even only a few specialized users of unusual device drivers... get much discussion and adjustment so as to break as little as possible while not leaving any weaknesses)
"Security updates forced on them?" What??? They are not mandatory. In fact, I think it is great they are going back to fix old systems. Are you telling me that no upgrade for a LINUX distro has ever broken a program? And if fixing a security proble breaks software, well, then the software was probably written to exploit an opening as a shortcut that is now closing, much like how Win 95/98 software that directly addressed hardware would not run on Win NT. No one is worse than Apple with breaking software with each update. My god, each MacOS update that comes out we wait for a few months or more to be sure all the apps are updated and still run. We are sill waiting for Protools to run on OS X. MS has done a vaery good job with this, and slowly migrating us from the 16-bit code.
READ first, post later. Especially when you dont even have to leave /. to find the EULA in question.
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
Now, if you read the posts, and the links to the stories and EULA, you notice what you find?
1 - these EULA's give MS the rights to FORCE their updates on you.
2 - these updates, fixes, security fixes, etc, focus on DRM more than true security issues.
So... anyone STILL falling for this "Gee, we finally realized that security is a big deal... took us 3 years since that turnip truck - dunno why we were on a turnip truck 3 years ago, but we were... but anyway, this time we really mean what we say about security being important. Before when we said it was and did nothing, that was different - but the same as the time before that, which was also different than this time... oh - and this has nothing to do with DRM - so dont read your EULAs that come with these 'fixes' since they tell you it does have to do with DRM and give us permission to full access to your machine, as well as rights to update, add or delete files as we see fit..."
So... who's buying this latest round of bull? Show of hands anyone?
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
Microsoft is the Evil Empire. Threfore, it's only natural that people hate them. You are right though--people shouldn't simply bash M$--at least they shouldn't all the time. :-) Instead, they should continually remind people of their past history of destroying all who stand in their way by buying them, or copying their stuff and running them out of business. Whenever Bill Gates talks of Microsoft's "freedom to innovate", what he really means is "freedom to steal". (or if you want to me to be more accurate and less dramatic: "freedom to use other peoples' ideas unconditionally without having to pay them or give them credit or be indebted to them in anyway". This would not be so bad except that MS doesn't want to extend that same, uh, courtesy to anyone who does the same to them. They want it all. All the time. They don't want to share.
Btw, did you actually read the article? It's not good at all. It tries to make the implicit assertion: "computer security problems" == "potential for cyberterrorism". Not a good thing for people to get in their heads. The article even makes reference to 9/11! This is the worst part:
Not good for us geeks, not good at all.
Furry cows moo and decompress.
We have been kicking Microsoft square in the nuts about their lack of security for years now, so does it make sense to flipflop and start kicking them for taking security seriously?
I'm rather partial to the idea of the application I used yesterday working today when I launch it and not being broken because some fix they implimented automatically denies me access to my files/programs at what may be a critical time!
Windows patches have burned me often enough that I'm hesitant to be the first one on the block to test out their new fix.
Even though, with this EULA, I still made one click within SP1 and disabled auto-updating, including notification. Updates now only occur when, or if, I go to Windows update. Seems to me that the new EULA covers their ass against lawsuits if data is lost due to a missed security update. "We told them they had to do it, your honor. Not our fault of the worm wiped the hard drive!"
I win!
and exactly how much damning evidence would you require before you conceed that, taking market penetration into account, microshaft is the single most flawed application developer ever?
how many security holes, how much consumer and private financial information needs to be put at risk, how much corporate and personal data must be lost and how many times must the bulk of the internet community have to put its guard up to ward against the latest viral infestation before MSLackeys(tm)start thinking that maybe something's wrong?
American business long ago gave up on demanding that prospective employees
be honest and hardworking. It has even stopped hoping for employees who are
educated enough that they can tell the difference between the men's room and
the women's room without having little pictures on the doors.
-- Dave Barry, "Urine Trouble, Mister"
- this post brought to you by the Automated Last Post Generator...