Slashdot Mirror
Microsoft on Security: We'll Break Your Apps
jointm1k writes "Wired.com is running a story about how Microsoft is trying to act responsible and all by fixing (or trying to fix?) many (if not all) security holes in Windows. Not only new versions of Windows will be patched or improved, but as I understood they also plan to force security updates for older versions of Windows down peoples throats. Even if that means that some applications will mallfunction.
Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."
Well it looks like they might actually finally have the right idea as to how to compete with Linux,,, although they might have a few details a little skewed from what I would consider ideal, they seem to be heading in the right direction. Good to see that Microsoft might actually be listening to their customers finally.
.Net developer so this is of a much greater importance to me than it is to most.
Disclamer: Yes, I do love Linux, no I do not hate Microsoft, as a matter of a fact I am a
I read the same story at The Register
/. attacking them
The editiorial is innacurate and opinionated.
They are actually giving up on trying to secure older products.
And they are stating that for new security fixes on current products they are now putting security as a higher priority than not breaking the apps.
So rather than provide the security turned off, in the hope that some MCSE will turn it one once the app has been patched, the security is on even if the app breaks.
Now, regardless of the anti M$ feelings, this has got to be a good approach.
Yes you can read it as "Hear comes DRM, suck it down" or you can read it as "Secure by default really does matter, becasue we know 95% of users never change from the default settings" - the latter approach is taken by Suse in 8.1 and I don't see
There is a bigger problem out there -- laziness. Microsoft and others have made security patches available that admins simply do not install. If they did, the world would be a better place. I mean, I still get tons of Code Red hits on my web server. Patches have been available for that for....how long?!?!?!
Click here or here.
I am so sick of this revisionist, 20/20 hindsight, why-isn't-microsoft-perfect bullshit! Do you know how many applications written by blithering idiots they've had to keep working? I've heard tons of horror stories directly from friends at MS about the hoops they go through to keep COMPETING SOFTWARE from breaking. Yes, MS employees really do sit around figuring out how to keep Wordperfect from crashing.
What did you eat today? http://www.atetoday.com/
During the week of Sept. 11-18, 2001, terrorist attacks and the Nimda virus changed the public's perspective on security, he said.
I don't say this often, but... what a fucking wanker.
How does he plan to address these security issues? Say they were all "attacks", and then push legislation through to outlaw them?
Jesus. The fact that he even put a Microsoft fuckup in the same sentence as a 3500-life firebombing shows that he isn't fully mentally developed. I'd stay far away from any corporation who allowed this guy anywhere near their podium.
There is another side-effect: Just think of an update that does not only fix two recent security flaws, but also implements incompatible changes to the CIFS/SMB protocol. All users of MS Software are forced to upgrade, so there won't be any interoperability issues. But all those Samba File/Print/PDC installations across the world are suddenly broken.
And Samba is just a randomly picked example.
In that way, I would say Bill and Linus are very alike. In his quest to bring his users what they want Bill often breaks backwards compatability during the upgrade cycle (win 2k). However I have to say that Bill is very professional about these compatability breaks only making them every major release, whereas sometimes Linus' behavior makes me wonder. Doesn't anyone remember the disaster called the 2.4.x series?
?-|||-----x<*))))><
I'm torn on this issue. After years of trade rags ignoring well-designed alternatives in the marketplace and failing to do anything besides sucking Microsoft cock, I still find it refreshing when slashdot, a mere weblog, pulls out a headline with sardonic spin. I also find it amusing that people feel the need to rush to the defense of Microsoft. Seems as silly as protecting god with a sword.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
that got slashdotted yesterday
With that new law, companies would have to report hacks of systems. If MS fixes as many holes as they can before this new law can get swung around, the public won't find out how vunerable they are by using their OS.
The World's Worst Webcomic!
I thought the most interesting quote from the article was near the end:
"... slides also showed the surprising results of automated crash reports from Windows users. A mere 1 percent of Windows bugs account for half of the crashes reported from the field."
... is whot bwings os tugevza tsuzay.
windows just doesnt seem like it was designed to take on improvements
How many software projects as large and mature as the Windows code base can you name that are not terribly brittle? It's hard to create code that is extensible and maintainable.
When Win2K was being developed, peoples concerns were crashes and reboots, so they focused on that. Now concerns are centered around security. I'm no lover of M$, but it seems to me they are listening to their customers.
[/troll]
Brevity is the soul of wit
-- Polonius
This is the same mentality where I work. We have users still using Lotus 2.4, WordPerfect 5.1, and other crazy applications because the IS people refuse to **MAKE** the users do their own work. The users want the IS departments to migrate and test all the spreadsheets and documents for them because we have Office '97 or Office 2000 installed on the machines. Now 10 years ago when Lotus 2.4 and WordPerfect were introduced we didn't go around making macros and cell calculations for them did we? But we try to introduce new products to keep up with the times and they act stupid on us and say we are killing business because we **WON'T** migrate their stupid macros.
We can't even get the users to try and open the spreadsheets in Excel or Word. They just refuse to do it. My recommendation in the last meeting was to just turn off Lotus 2.4 and WordPerfect (apps run on server) and tell the user either to use Microsoft Excel and Word or find a new job.
My point being, Microsoft is doing exactly what should be done. You want everything to be stable and secure, well you better be ready to upgrade or patch whatever doesn't work after we do our fixes.
"Some mornings, it's just not worth chewing through the leather straps." ~ Emo Phillips
Actually MS just dumped the next server version after .NET, so it looks like they are headed towards longer release cycles. Since Liscense 6 gives you support for the last 5 years of os's it would not behoov MS to come out with a new OS every year, that would mean supporting 5 OS's for corp customers and testing all their apps against 5 OS's, not cheap. Instead it looks like MS is going the opposite way, look at the next version of Office, it won't run on any OS's other than win2k with SP3+, or winXP. MS is trying to dump the old kruft to reduce problems and hence support costs both external and internal.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I think he was referring to the VM changes that kept happening. You know, the cause for all the serious bugs found in all 2.4.x kernels except for 2.4.9 and 2.4.18+...
The fact is that 2.4.x has been a horrible series with only a couple usable versions.
"I might be threatening to write code."
I think I'll stop here.
"if he is naive enough to think that MS architects would design the perfect OS from the start."
Wait do you mean 18 years ago? Or do you mean they shouldn't shoot for the perfect OS every time they release a new re-hash of the previous operating system?
Albert Brooks said plan to throw one away, not release it as Millenium Edition.
No, he's implying that the 2.4.x had some very major VM changes made to it when it was supposedly "stable". You knew full well what he was refering too.
So now all the people that put out software packages 8 years ago for win98 are being told their apps are collateral damage.
Now all users on win98 will be FORCED to upgrade if they did not turn off garbage auto update.
See, just like homeland security, automatic patching starts out with a clean purpose, then they change it on you.
Recall how many "tricks" were necessary to get around M$ BS. Now their going back to erase those. Yea I can see WordPerfect 7 blowing up now. But I can't see Corel having the resources to fix it.
This will basically ensure that nothing runs on old "patched" OSes.
I call this XP strategy #2.
Microsoft may prohibit self-modifying code and code on the stack. You don't get any performance gain with either technique any more, since processors went superscalar.
And maybe Microsoft will delete the 16-bit compatibilty engine. It's time. In NT 3.5x, the 16-bit engine was optional, the system ran fine without it, and it should have stayed that way.
Microsoft will probably do something to break Word 97, and blame it on "security". They need the revenue. But there's a problem:
Plugging those holes, he said, would require not just rolling out new versions of Windows, but forcing security fixes onto users of older Windows versions, which he claimed was 30 to 40 times larger than the installed base of current versions.
XP sales must be lower than Microsoft admits. Microsoft has to make sure that their pressure forces people to upgrade to XP, rather than locking people into the legacy OS. Expect something on the server side that makes Internet usage difficult for legacy users.
Recall that long ago, Microsoft wanted to move away from 16bit code by going to Windows9X and also with NT, they wanted to grow in the server and professional side. Ultimately, they hoped to merge their products and so far, I don't feel they've been all that successful.
The biggest problem with NT is that it attempted to maintain compatibility with older stuff. It was important at that time they do it like this. (Personally, I think they should have thrown compatibility to the wind long ago to focus on stability and security... it's a SERVER after all, not a game machine or a workstation... make a separate workstation product with compatibility modules... but that's history now anyway...)
Now, with intense focus on security, they are proving themselves as serious players in sacrificing "performance and compatibility" by closing serious holes even at the expense of current software compatibility. I say BRAVO Microsoft for making such a bold and courageous move. Only a company with monopoly force can really afford to pull that move off and if you ask me, it's a decision late in coming.
Many people have me labelled as anti-microsoft and a Linux pusher but actually I'm not. While I agree with most of the anti-microsoft commentary and just about all of the pro-linux and open source stuff, I'm not religious about it. If I like it or see value in it, I'll use it. It's that simple. I appreciate what I interpret as a mature direction Microsoft is about to undertake.
I think it's a bit unfair for jointm1k to tack on the bit about "shoulda done it before they designed Windows..." In an industry that changes as often with technology as it does with "fashion" (consider shifts to and from client-server) It's tough for any company to keep up with current times let alone predict the future of computing 10 years down the road... even a company that, at times, sets the standards of industrial computing.
Microsoft has lost a lot of respect in the industry -- not only in the eyes of IT professionals, but also in the eyes of blue/grey-suited business people. I think it's important for Microsoft's future to do that. I'm also a little afraid of what would happen to computing in general if there were a mass shift away from Microsoft. I wish it were, but I don't think Linux based business solutions are ready for prime-time. (* brace for impact! *)
Long live Linux and all it stands for. Peace out.