Trustworthy Computing At One Year

ackthpt writes "One year ago Bill Gates issued forth an email directing the company to work toward Trustworthy Computing, making Microsoft operating systems, applications and services secure and reliable. Where is that effort at today? vnunet has this Q&A with Microsoft security chief Stuart Okin. Slow, steady progress seems to be the result. They've targeted Security, Privacy, Reliability and Business Integrity, but so far have had a go at Privacy. Okin indicates the strategy may take 5 to 15 years, but more immediate milestones are targeted within the next two years and focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP. I'd chalk this up as a frank and honest interview, rather than madly spun, and paints a picture of the massive cat herding effort undertaken."

Well

[B3ryllium]

My XP machine has never been hacked, so it must have been a success!

Re:Well

[geeber]

It may not have been hacked, but while you were sleeping Microsoft sucked all the content off your hard drive. Oops, I mean, they updated your OS for you.

Re:Well

that's because you never turn the dang thing on.

Re:Well

[B3ryllium]

My computer is off when I sleep (ever since I got my kickass FreeBSD server). Annoying thing is that I can't put it in "Standby" mode. I think my video drivers block that option or something (!?). Wish I could figure out how to fix it. heheh :)

Re:Well

My XP machine has never been hacked

Use a sharper axe.

Re:Well

[Dark+Lord+Seth]

My XP machine has never been hacked, so it must have been a success!

XP isn't THAT bad untill you do stupid stuff like:

• Using administrator acount for day to day use
• Use various dodgy programs
• Use various blatantly insecure programs
• Open every executable file you get
• Never make sure critical stuff is up to date*

* = Involves installing service packs. Don't think of this as a problem, think of it as a challanger instead! Okay, so it's still crap to do but it will give you a more positive view on life :) Besides, I think you're just cheating! Have you ever booted it? Does it dual boot something else that you normally use? Is it even connected to the internet to start with? :P

Re:Well

[B3ryllium]

Hahah, sounds like a good idea :)

Re:Well

[Proc6]

> Don't think of this as a problem, think of it as a challanger instead!

Challenger? As in Space Shuttle Challenger? Freudian slip?

Re:Well

[Groo+Wanderer]

That you know of......

Re:Well

[drinkypoo]

On the other hand, I got infected with a worm because another XP computer on the same network got infected. I was at sp1, they were not. It's stupid that you can be compromised in that fashion, there should be no path that will allow it. It's not like I have any blank passwords, or passwords in common with the other system.

Re:Well

[Lshmael]

If other computers on your network (whether that is a LAN or the Internet) are vulnerable, you should protect your computer by installing a firewall, or disabling services that could compromise your computer. The fact that you got infected is your own fault.

Re:Well

score 5 funny. Mee too, my linux box has been hacked. Probably because I used "enter" for the root access password. What a sorry world we live in.

Re:Well

[Grishnakh]

I think his point was that his machine was fully patched to the newest version, but this didn't fully eliminate the vulnerability because another unpatched machine infected his.

And you can't firewall every single computer on a LAN. Anyone working in a corporate computing environment knows this.

I still agree it's his own fault; it's because he chose such an insecure platform from a vendor with a long history of insecure products. How many people now refuse to buy Firestone tires because of the tread-separation issue? Why do these people continue to buy Microsoft products after all kinds of problems with them?

Re:Well

[fucksl4shd0t]

I think his point was that his machine was fully patched to the newest version, but this didn't fully eliminate the vulnerability because another unpatched machine infected his.

I'm no security expert, but the fact that he got it anyway indicates that he wasn't patched, right? If he was patched, it shouldn't matter if he stuck it on a floppy and ran the executable, right? It still wouldn't work.

How many people now refuse to buy Firestone tires because of the tread-separation issue?

Mostly people that don't understand the issue. I worked in tires for a year as a mechanic, not a salesman, and I can tell you that the tires weren't that bad. I saw them put on a number of non-Ford vehicles with the guilty numbers on them and they're still on the road! The problem is that the Ford Explorer uses a funky suspension by comparison to other SUVs, and tends to wear tires differently. It was really just a matter of putting tires on a truck where the truck's suspension wore the tires in their weakest spot. Not necessarily the best thing to do, and certainly a bad combination, but not really the worst thing to do either. Granted, Ford and Firestone both could have dealt with the situation much better than they did, but the tires shouldn't reflect on all of Firestone's tires, since they were really only a problem on Ford Explorers.

Note, I wouldn't use Firestone tires myself either, but that's because I don't trust Firestone mechanics. I was in the business a long time, long enough to know which chains to avoid.

Re:Well

[shadowbearer]

Having had some experience along that line myself, I'd also say that part of the problem was mishandling of the vehicles. My experience was in grain truck/tractor repair, but we replaced a lot of tires that were way overworn from obvious bad handling (example: cutting tight turns at highway speeds with a full 20t+ load can produce massive outer tire wear including sidewall seperation).
I don't know how that applies to SUVs/Firestone, but I would be willing to bet some of it does, given how I've seen people driving those things on the roads. They think they're driving friccin' Ferraris.

I do know that no Firestone tire I've ever had on any heavy vehicle I've ever driven has caused problems. OTOH, Ford has *always* had funky suspensions (remember the IBeam suspensions? what a PITA!)

Would welcome comments.

SB

Re:Well

[kraksmoka]

if there's one thing that's truly fucking evil about XP it is the requirement that certan programs have about using the administrator account. have another program, video security cameras, same way. sure, its nice to limit access for certain items, but my poor L-users have to get into their stuff.

frankly, i'm just glad that they know only enough to do quick books and word, and that their router has all incoming ports explicitly blocked :)

Re:Well

[Alsee]

I'm no security expert, but the fact that he got it anyway indicates that he wasn't patched, right?

He quite clearly said he WAS patched. He's saying that XP "trusts" any other copy of XP on its local network. It therefore cheerfully accepts the infection from its unpatched friend across the local network.

If he was patched, it shouldn't matter if he stuck it on a floppy and ran the executable, right?

No, if you choose to run an executable it can do pretty much anything it wants. The reason you need a patch is because the computer is executing something that isn't supposed to be an executable. For example the Slammer worm was a data packet, a request for a database lookup. That's not supposed to be an executable, but SQL caused it to get executed.

I don't know enough details to say for sure, but what he described probably shouldn't happen. If it did then it probably indicates either a problem with the patch, a second hole in the XP local network, or simply a flawed design for the XP local network.

-

Re:Well

[cyclist1200]

If SP1 was supposed to protect you from that worm, I'd say it failed - period. The other infected machine on the same network is a moot point. I mean, SP1 didn't protect you, so the lack of it on the other machine probably isn't the reason the infection was able to spread.

Re:Well

[fucksl4shd0t]

You are only regarding the stereotype that the media portrays to you. The period after WWI was quite rough for America, and we were still recovering from this when WWII started.

As a matter of fact, the specific model of explorer involved tended to wear the outer edges of the tires more than the inner edges. You know, the wear pattern you look that indicates underinflation? The Explorers would wear that way with the tires underinflated by only 5 PSI. Couple that with the driving habits and you've got trouble. Now, the average motorist checks his air only when he gets oil changes, if that often, but you can easily lose 5 PSI in 2 summer months, 2-4 weeks if you have a cold winter month.

It was that reason, in fact, that Ford and Firestone were both so shitty about the situation at first, because their warranties read that the warranty is invalid if you don't maintain recommended tire pressure. I believe the question revolved around whether or not it was a manufacturing defect, and the decision was made solely on the basis of how many people were flipping on the highway as a result of the tires rather than an objective examination of the vehicle. It's my opinion that if they had actually examined the vehicle they may well have decided to make Ford pull the entire class off the road. They got off easy, they shouldn't have behaved so poorly over it.

To Ford's credit, though, they bounced back much quicker than Firestone did. :)

Their front suspensions on the trucks haven't changed much until the most recent production models. The Explorers that were flipping were using a variation of the old I-beam suspension, still. :) You're right, big pita! I did enjoy doing quick $50/side shock changes. I'd make $100 in 10 minutes. :) But if you had to do the rears, man, you were screwed. Take off the spare tire....

"Targeting" privacy?

[bafu]

...sounds ominous. ;-)

Re:"Targeting" privacy?

[Xformer]

Of course! For obliteration... :-)

first DRM

you can't access this post unless you're running a Paladium-enabled OS.

Re:first DRM

[hxnwix]

my modchip must be working then
19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 *submit*

Re:first DRM

Why is there an empty post here? Doesn't slashcode prevent that? And what does "First DRM" mean?

Quote from article.

[Frobnicator]

Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work.

He must buy terrible telephones.

Re:Quote from article.

[$$$$$exyGal]

Another quote:

In 10 or 15 years time we could achieve Trustworthy Computing and there will still be people that don't like us.

How can "Trustworthy Computing" ever be achieved? Ironically, the more that some people trust their computers, the more others will distrust them. The only way to completely trust the computer is if no human can break into it and steal your data. But if no human can break into the computer, then what do I do if the computer won't give me my data when I need it?

--sex

Re:Quote from article.

Yes, and have you heard the words "carrier grade" system? Thats what telco's use. You have to be able to diagnose a failure insitu and have a plan that says that failure can never happen again. There ain't no carrier grade windows.

Re:Quote from article.

[kfg]

Even worse. What happens if part of that trustworthyness is achieved by handing trust to someone else's computer?

Now if your computer decides not to trust you you're hosed, and if *their* computer decides not to trust you you're hosed.

And who says you can trust *them?*

And that's just it. Trustworthy computing isn't *about* you trusting your computer, it's about your computer trusting *you.*

I already trust my computer. My computer has no business "wondering" whether it trusts me or not.

If I have the car keys I expect the car to run. It's up to me to protect my keys.

KFG

Re:Quote from article.

[VEGx]

Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work.

...and the rest of the cases it didn't work in the first room either, right?

Re:Quote from article.

[iabervon]

If you unplug and replug a phone 1000000 times, the little pin will break off of the plug and the plug won't stay in.

Re:Quote from article.

[aoteoroa]

I already trust my computer. My computer has no business "wondering" whether it trusts me or not.

That was a beautiful quote.

Re:Quote from article.

[Slurpee]

How can "Trustworthy Computing" ever be achieved? Ironically, the more that some people trust their computers, the more others will distrust them.


The same way "Trustworth TV Watching" can be achieved. At the moment the computer is still "new" to our homes. They have only really been around our homes for 5-10 years (if that). We have had TVs in our homes since the 60s.

I won't be suprised if it takes us 30-40 years to make computers worthy to be trusted, as well as for us to actually trust them.

I work in iTV (interactive TV), and there have been surveys showing that 86% of Australians distrust ordering Pizza off the internet, but 92% of them trust ordering Pizza from their TVs (as part of an iTV trial we did). The difference is that the TV is a trusted family member (sad but true).

Re:Quote from article.

[mOdQuArK!]

We have had TVs in our homes since the 60s.

Ironically, as TVs become smarter & more like computers, the less we are going to trust them.

Re:Quote from article.

[Slurpee]

Ironically, as TVs become smarter & more like computers, the less we are going to trust them.


totally. I haven't seen any data suggesting people trust their TVs less, but I suspect it may happen. Some iTV deployments have really bad security..and if a few bad things happen and are publicised, things may change. When people start not being able to record TV shows, or are forced to watch Adverts rather then fast forwarding, etc etc...I suspect they may become not so happy with their TVs.

Re:Quote from article.

[Shippy]

Actually, I think Trustworthy computing is a lot about *you* trusting your computer. Things like Security and Reliability should come out of the box by design and in deployment. You should not have to worry about risking your data to crashes and/or attackers. Only when this happens with your platform be "Trustworthy".

Re:Quote from article.

[aggieben]

You missed the point. He wasn't saying that they could acheive "trustworthy computing" (a.k.a. unusable computing), he was saying that even if that were to happen people would still be people that dislike MS. bc

Re:Quote from article.

[aggieben]

err.....s/people would still be people/there would still be people/

/me makes note to self: click 'preview' button first.... bc

Re:Quote from article.

[rowanxmas]

So, if I actually know something about my computer, like what a "service" is, or how to type "chmod og-rwx" as opposed to being a corporate person?<BR>
Since I trust my computer right now, both my win and lin boxes, but that's cause I know what I'm doing. I would not trust my computer if I was a dumbass, but not dumbass enough to know to not trust my computer.<BR>
In terms of reliability I typically have uptimes of upwards of 100days, usually I update my kernal at that time...<BR>
So, I guess I have already achieved Trustworthy computer.

Re:Quote from article.

[Shippy]

Well, good for you. But when a lot of 10,000 machine corporations get hit by things like Slammer, Code Red, ILoveYou, and Scalper, this is not good. And before you go off on "patch yer crap", actually put yourselves in their shoes.

1) Patching 10,000 machines sucks.
2) Before you can even do this, you have to extensively test the consequences of the patch.
3) Sometimes the patches themselves (like the original Slammer patch) are a bitch to install.
4) Sometimes a patch is re-issued (Sun does this ALL THE TIME with no reason!), which means this whole process has to happen again.

What takes the case on this is that many of these worms propogate because of functionality that should have been turned off by default. Microsoft is trying to say with their "Trustworthy Computing" movement that they're now thinking about being secure by design and deployment in advance. And don't give me that crap about "Linux has been doing this for blah blah blah..." because there are still plenty of stupid coding errors in Linux, or BSD, or just about any other program you select. Just because you have uptime of 100 days, that doesn't mean you haven't been hacked for the past 30 without even knowing it. And before you go "I know I haven't been because I'm super-smart!", it's a hypothetical statement. Not everyone is as super-smart as you, and so no, they don't know everything about their machines and all the interactions that happen in the little box.

In a way, yes Trustworthy Computing is a mechanism to get people to go "Oh, ok, they're going to care now.", but I think it's better to keep your customers informed on your major movements. I didn't see RedHat doing this when they decide to completely screw with KDE and Gnome to make BlueCurve. We had to hear it through a newsgroup comment posted on Slashdot. And before you can really judge them on whether they've failed or not, first realize the immense task this is (the article talks about this. You read the article, right?) so it won't happen overnight. Also, wait until you see Server 2003. This is the first major flagship product to come out with the new security training everyone received. Give things time. Besides, if Microsoft says they want to make stuff more secure, why not just freakin' let them try? If you don't like it, you're free to use the alternatives.

Re:Quote from article.

[kfg]

You are correct, and as I said, I can already trust my computer in these regards.

This definition is NOT what MS is talking about when they say "Trustworthy" computing however.

KFG

Re:Quote from article.

[shadowbearer]

It's not the TV I don't trust, it's the *content* on it.

I know I can always smash the TV with my handy wood chopper...which
still doesn't stop me from shouting at it when politicians are speaking on the thing.

Poor TV must be bloody terrified of me by now.

SB

Re:Quote from article.

[broter]

Yet another quote:

When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at...

So they want to bill me monthly? :)

Re:Quote from article.

[shaitand]

Patching 10,000 machines is a breeze, you spend a couple hours coding a script and let the patch proprogate and automaticlaly patch all the machines WITHOUT end user interaction. Oops wait, you mean microsoft machines. nm then, your right, patching 10,000 machines is a bitch. As for not everyone knowing all the interactions that take place in the little box... WTF ARE they doing administrating a 10,000 client network if they don't? Absolutely the sytem should be more secure by default than a MS os, things like NOT presenting a menu of users when you boot the machine, things like true process level security, things like the lowest level component in the system ie the kernel handling the security. Backwards thinking like "oh gee, if I install it as administrator it should magically be in every users shortcut bar' and 'thinks should be available to every user when I install them unless I specify otherwise' when it really should be the other way around. A computer is not a car, a computer is a programmable multi-purpose tool, and like any other tool. Unless you know how to operate it, you have no buisness operating it without supervision no matter what you paid for it. The OS is responsible for making the system securable and requiring as little as possible from me to maintain security. BUT I AM responsible for making sure it's secure after I set it up, and why it's secure. Security training? Have you worked in a corporate environment before and learned what "training" is? Training was probably a 2hr session to the secretaries that they should not code bugs, bugs are bad. Bugs aren't the problem in microsoft systems. The problem is giving uninformed users "convience" and "features" they want (or in some cases don't) when the features are in reality security holes by their very nature. Autologin is a good example of this. I bet they still haven't considered the possiblity that an email program has absolutely no legitimate need for the ability to translate vb code or activex controls. Or that vb itself is something that should be scraped for security reasons. Linux and BSD have holes as well true, but I haven't seen them intentionally incorporate holes like those! 75 glitches is no tribute or ban to microsoft though, counting the number of discovered security vulnerabilities is the most ridiculus thing I've ever heard. Considering the people doing the programming, come from alot of the same schools, with the same training, under the same professors. Then mixed into a melting pot of coding, further fuzzed up by the number of projects that are grouped together when figuring those numbers. In reality coding MISTAKES (as opposed to intentional holes like those above) are probably about equivelent fresh off the keyboard. Considering that, the having the highest number of vulnerabilities discovered makes you the more secure option not the less, because more of your bugs are caught and fixed. If a program had only one publically found and patched vulnerability I'd never consider using it. Because it means they aren't looking and the only ones who know are the hackers.

Re:Quote from article.

[shadowbearer]

"Karma: Excellent (whore)"

Slashdot Help: The Preview Button

The Preview Button helps you find out whether what was said in your post is what you intended to say.

It can also be used to correct totally fucked-up formatting; that is, if you want to. ;-)

SB

Re:Quote from article.

[Shippy]

Oops wait, you mean microsoft machines. nm then, your right, patching 10,000 machines is a bitch.

And this is something they are trying to change. And what do you mean you code a script that lets the patch propogate. You mean to tell me that you would code up a script that would automatically login to a remote machine AS ROOT and install a patch? Sounds like you're using an 'r' command if you do something like that. Even if you _are_ using something like SSH, your script would have to be storing your password while running. Bad bad bad.

Absolutely the sytem should be more secure by default than a MS os, things like NOT presenting a menu of users when you boot the machine, things like true process level security, things like the lowest level component in the system ie the kernel handling the security.

True. First of all, not presenting a menu of users is an option. In XP, turn off Control Panel->User Accounts->Change the way users log on or off->Use Welcome Screen. Tada, no more menu of users. As for process level security and the kernel handling the security, I'm pretty sure this is how it's done, or it's very similar. The tokenized system used by Windows is very low-level and does allow each process to have specific privileges and to drop the privileges it doesn't need. The main problem is that most windows users run as an admin.

Unless you know how to operate it, you have no buisness operating it without supervision no matter what you paid for it.

So, what you're saying is that you do want stuff like the fritz chip on the mobo to have control, and not the user? You do realize that this would be mandated by congress so no new machines woudl be without this chip?

Security training? Have you worked in a corporate environment before and learned what "training" is? Training was probably a 2hr session to the secretaries that they should not code bugs, bugs are bad.

Funny you should mention this. I happen to work in a very large corporate environment (that shall remain nameless) that recently spent millions and millions of dollars giving their software engineers in-depth training on software security issues. Many people in my team this week are attending all-day onsite talks about secure coding practices.

Bugs aren't the problem in microsoft systems. The problem is giving uninformed users "convience" and "features" they want (or in some cases don't) when the features are in reality security holes by their very nature. Autologin is a good example of this.

This is one of the biggest problems. The customers want these features. They don't understand the security implications. If they don't have these easy-to-use features, they won't purchase the product. This is a reason why many people don't choose Linux as their desktop OS. They don't want to fiddle around for a long time to get a feature to work. They want it to "just work". Security and ease-of-use is, unfortunately, a see-saw. You gain one and lose the other. HOWEVER, I think you'll see that this thought has changed for at least their Server 2003 release. Unless you absolutely need the functionality to boot the machine and login, it will not be turned on.

I bet they still haven't considered the possiblity that an email program has absolutely no legitimate need for the ability to translate vb code or activex controls. Or that vb itself is something that should be scraped for security reasons.

Actually, they have. Unfortunately, the old VB code cannot be done with, but the new VB.NET stuff uses the .NET CLR which moves toward being much more secure. Plus, recent patches to their software have turned off the stupid "auto-load malicious code" options. Of course, people have to apply them before they'll work.

Linux and BSD have holes as well true, but I haven't seen them intentionally incorporate holes like those!

Last I used Mandrake (it was awhile ago), there was an auto-login feature.

75 glitches is no tribute or ban to microsoft though, counting the number of discovered security vulnerabilities is the most ridiculus thing I've ever heard.

I agree. It's like counting number of lines for how much work you accomplished for the day.

Considering that, the having the highest number of vulnerabilities discovered makes you the more secure option not the less, because more of your bugs are caught and fixed. If a program had only one publically found and patched vulnerability I'd never consider using it. Because it means they aren't looking and the only ones who know are the hackers.

This is weird logic. You're telling me that I can go and write the shittiest open-source code riddled with bugs, but because people caught and fixed 100 this year, then I'm much better then closed-source that has (hypothetically) one bug? Just because my 100 open-source bugs got fixed doesn't mean there aren't more. Plus, you'd have to constantly be installing patches (which we already know is a problem). And if my one closed-source bug was disclosed and fixed which means I now have zero bugs, you wouldn't use it? Of course, you can argue that also you wouldn't know how many more bugs could exist for this system, too, but I'm trying to make the point that it can go both ways. I think you have to take in more metrics like "how often was the system broken into?", "how easy is the bug to exploit?", and "how serious of an exploit is it?" Following your logic, you'd only use code that was known to be insecurely designed from the start. You have to code securely from the beginning. Security is a feature. If you rely on just patching tons of times, you'll be doing that forever and probably introduce new problems in the process.

Re:Quote from article.

[Anonymous+DWord]

Last I used Mandrake (it was awhile ago), there was an auto-login feature.

Yeah, but it's off by default, and they warn you that it can be a Bad Idea before you're allowed to enable it.

Re:Quote from article.

[Shippy]

And this is good. Microsoft should learn something from that. Unfortunately, though, most people when they see a dialog that prompts for 'Are you sure?' as in 'Are you sure you want to install this software from Gator?' or 'Are you sure you want to accept this non-trusted certificate?' most people are just going to say 'Yes' because they just want to do what they want to do or they want to keep doing what they're doing without having to stop their work. It sucks.

Re:Quote from article.

[Demonix]

christ, ever see SMS? Patching the OS on 10k MS machines is easy...patching office is a PITA...

man, you guys...

Re:Quote from article.

[kfg]

My favorite is the way hitting the escape key escapes the password to logon to W95/98.

That's like having a car you can start either with the key or just by pushing the big red button on the dashboard.

Oh yeah, really makes *me* want to park the 'Vette at the mall.

KFG

Re:Quote from article.

[Tony-A]

How can "Trustworthy Computing" ever be achieved?
Not by being opaque and complicated. Not when the creator of the opaque and complicated computing device might have a hidden agenda.

Ironically, the more that some people trust their computers, the more others will distrust them.
Survival instinct as a species. The crack in OpenBSD with a patching strategy that would leave no window of exploitability. Debian dug in their heels and wouldn't buy into it. If you can get all of the population to blindly accept anything that looks like a security patch, there doesn't have to be a hole. You can make a hole.

If no human can break into your computer and steal your data, and some little thing goes wrong in a sensitive area, you've just lost all your data. It's fairly easy to make a lock that will stop the owner but only slow down a determined burglar.

Re:Quote from article.

Patching 10,000 machines is a breeze, you spend a couple hours coding a script and let the patch proprogate and automaticlaly patch all the machines WITHOUT end user interaction. Oops wait, you mean microsoft machines. nm then, your right, patching 10,000 machines is a bitch.

You spend a couple hours propogating a patch to 10,000 machines? Wow. I spend about 4 minutes placing it into SMS and pushing a button and let that propogate it to all of the workstations at staggered intervals with no user interaction, even if the patch requires administrative priveledges, and scheduled reboots for non-productive hours if need be.

Or I could spend about 30 minutes to write a script in VBScript using WMI to do the same thing.

Honestly people, it's no longer 1990. Even Microsoft has done quite a bit of catching up.

Re:Quote from article.

[CmdrGravy]

Yeah, that doesn't work if you deleted the f#ckin annoying SMS client from your machine though does it. Stupid thing takes about 20mins to run every f#ckin morning. Not anymore it doesn't :-)

Re:Quote from article.

[EvilTwinSkippy]

In Soviet Russia...

the computer distrusts YOU.

Re:Quote from article.

[shaitand]

You found my formatting less than beautiful?
Surely you jest?

Re:Quote from article.

[shaitand]

And this is something they are trying to change. And what
do you mean you code a script that lets the patch propogate.

You mean to tell me that you would code up a script that
would automatically login to a remote machine AS ROOT and
install a patch? Sounds like you're using an 'r' command if
you do something like that. Even if you _are_ using something
like SSH, your script would have to be storing your password
while running. Bad bad bad.

I wasn't giving an example of how this should be done.

That was really example of just how simple this is accomplish
on a more flexible system. I also didn't specify how the
script would operate.

True. First of all, not presenting a menu of users is an option. In XP, turn off Control Panel->User Accounts->Change the and the kernel handling the way users log on or off->Use Welcome Screen. Tada, no more menu of users. As for process level security e security, I'm pretty sure this is how it's done, or it's very similar. The tokenized system used by Windows is very low-level and does allow each process to have specific privileges and to drop the privileges it doesn't need. The main problem is that most windows users run as an admin.

Really I don't think I need to say much here. I feel you've unintentionally made
my point quite well.

So, what you're saying is that you do want stuff like the fritz chip on the mobo to have control, and not the user? You do realize that this would be mandated by congress so no new machines woudl be without this chip?

No I think a much better solution would be to educate users.
hmm perhaps we can start requiring a license to operate a computer
extensive testing. Only kidding on the last but some times it
feels like it.

Funny you should mention this. I happen to work in a very large corporate environment (that shall remain nameless) that recently spent millions and millions of dollars giving their software engineers in-depth training on software security issues. Many people in my team this week are attending all-day onsite talks about secure coding practices.

I'm hoping you are agreeing and that you think a single day to learn how to
code security is a pathetic excuse for a joke? Secure programming is something
that falls more along the lines of a two semester introduction, one semesters worth
discussing concepts and another semester of real world lab work. with
peer review.

Or a crash and burn roller coaster on an open source project where the
slightest slip in your code results in hundreds of emails from other programmers
flamming you for being incompetent. Either should be a good start.

This is one of the biggest problems. The customers want these features. They don't understand the security implications. If they don't have these easy-to-use features, they won't purchase the product. This is a reason why many people don't choose Linux as their desktop OS. They don't want to fiddle around for a long time to get a feature to work. They want it to "just work". Security and ease-of-use is, unfortunately, a see-saw. You gain one and lose the other. HOWEVER, I think you'll see that this thought has changed for at least their Server 2003 release. Unless you absolutely need the functionality to boot the machine and login, it will not be turned on.

Yeah the answer is for nobody to sell the product with those features. If nobody sells
it because it's garbage that's not worth selling in the first place. Then customers
will just have to purchase another option from those that are sold. But since this is
profit hungry america, just turning it off by default and making it require a reghack
would do for now.

Last I used Mandrake (it was awhile ago), there was an auto-login feature.
Someone else already answered this. Besides Mandrake is linux based. Surely you
don't think you can judge linux security based on what any random idiot could throw
together (ie a distro) based on it? Your comparing apples to oranges, in linux
there are alot of players and you can't judge the whole by any one of them.
In windows there is only one player, and everytime that player screws up. The whole
IS screwed up and you can most certainly blame them.

This is weird logic. You're telling me that I can go and write the shittiest open-source code riddled with bugs, but because people caught and fixed 100 this year, then I'm much better then closed-source that has (hypothetically) one bug? Just because my 100 open-source bugs got fixed doesn't mean there aren't more. Plus, you'd have to constantly be installing patches (which we already know is a problem). And if my one closed-source bug was disclosed and fixed which means I now have zero bugs, you wouldn't use it? Of course, you can argue that also you wouldn't know how many more bugs could exist for this system, too, but I'm trying to make the point that it can go both ways. I think you have to take in more metrics like "how often was the system broken into?", "how easy is the bug to exploit?", and "how serious of an exploit is it?" Following your logic, you'd only use code that was known to be insecurely designed from the start. You have to code securely from the beginning. Security is a feature. If you rely on just patching tons of times, you'll be doing that forever and probably introduce new problems in the process.

This is not at all what I'm saying, and I certainly there are other factors to
consider. What I'm saying is any random microsoft programmer may have worked for
symantec last year, and may have been working on open source stuff at home. Some are even
paid to work on open sourced stuff. Serious projects don't let any random idiot throw
in a patch without it being reviewed by dozens of people who DO know what their doing.
Any random chunk of code can be more or less bug ridden. But I'm saying overall they average about the same before anyone uses the code. So giving microsoft the benefit
of the doubt on implementing bad ideas, bugs are probably relatively equal in the code to
begin with. So code that has 500 bugs, and 300 of them have been fixed I'd most
definately trust before code that has had only 1 bug fixed out the 500. This is too
general and I'd never make a basis on this alone, but their is no such thing as code
that has zero bugs, nor has there ever been a piece of real software that has ever
been fully debugged.

Overall though, you present a good argument and I really
think you should have been modded up as well.

Re:Quote from article.

[shadowbearer]

Don'cha just hate it when that happens? ;=) LOL

trustworthiness through obscurity

[PD]

What we need to do is raise that bar and make sure these vulnerabilities are very obscure.

They're not going to fix the bugs, they're going to hide them underneath a new GUI layer.

Re:trustworthiness through obscurity

[gig]

I first read that as "secure", then noticed it was "obscure".

Their quality is just so low. When you are inventing new ways to be untrustworthy, to use as an excuse that nobody can be 100% trustworthy is really poor form. It's like saying no program can be bug-free so don't even do any beta testing or QA.

Anyway, Windows is done like dinner. Microsoft buying VirtualPC from Connectix was the final chapter for NT. There will be a follow-up to the X-Box that runs VirtualPC and runs all the DOS and NT legacy-code in that safer environment on top of a "trustworthy" (Palladium) OS that you can't get into at all and that will be a feature. A few years ago Microsoft stopped picturing Compaq machines in its ads and started putting in their own Microsoft PC concept designs, which look like X-Box. What Apple just did with Mac OS X in an open, UNIX way, Microsoft is going to do in a Microsoft way, with X-Box and VirtualPC. If you've run VirtualPC on Mac OS X, then you already get the idea of Windows-on-UNIX, because you've seen the Blue Screen Of Death in a little window and you can just reboot the window. It's obvious that all of Microsoft's thunder is just about some little puny software. It all runs inside one Mac application. If Windows gets hosed, you trash the little virtual disk file and get a fresh one off the VirtualPC install CD and it's like having a new computer. So why is it so hard to admin a "real" Windows system?

Re:trustworthiness through obscurity

[fucksl4shd0t]

Hey asshole, I just clicked on your signature and realized I was a lab rat! Now show some courtesy and click on mine. :)

Re:trustworthiness through obscurity

[Tony-A]

Hehe. Security through obscurity does work! Only problem is that it is the vulnerabilities that are secure!

Trustworthy computing @ Microsoft?

[naNoox]

Isn't that an oxymoron? Nanoox

Oh yes

[unterderbrucke]

Microsoft moving to Palladium certainly helps them move toward their goal of privacy.

Article Text

Q+A: Stuart Okin, Microsoft UK's chief security officer

Emma Nash [26-02-2003]

It's been a year since Bill Gates sent an email to Microsoft's 50,000 staff, informing them that security was the company's new watchword and its Trustworthy Computing strategy was its newest and biggest priority.
Twelve months later and the company says it wants people to be able to trust computing infrastructures within the next 10 years. The software giant is doing all it can to shake off its reputation of having bug-ridden software that is inherently insecure.

Stuart Okin, Microsoft UK's chief security officer talked to Computing about the company's security vision.

How did the Trustworthy Computing strategy came to life at Microsoft and what does it mean?

Trustworthy Computing was born out of chief technology officer Craig Mundie's office in January last year. He coined the phrase and it lead on to a vision that resulted in the famous email that Bill Gates sent out. Trustworthy Computing is a vision of the future in five, 10 or 15 years, which says we want users to say they trust their computing platform.

Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.

We have come up with four pillars: security, privacy, reliability and business integrity. We are trying to develop a score card system for each one of these and put an improvement plan in place. To date we've had a go at privacy and we are trying to roll that out. The other three are more difficult.

What improvements have been made so far?

The largest impact has been on our consumer business. About 11,000 programme managers, developers and subsidiaries have received additional security training. A lot of this is about learning how to write secure code, and consider things like - do you need certain functions set as default? We've also seen an impact on our security bulletins.

Microsoft issued 72 security bulletins last year. That doesn't help your reputation, does it?

The problem with Microsoft is because we have a big deployment base out there, we go very, very public with any vulnerability, with patches. Some we actively alert the press about. We know it's going to cause negative press but we have to do it. That's a problem for us. But if you follow any of the vulnerabilities of our competitors, we are not as bad as them. It just takes one vulnerability to be exploited and it has a major effect.

It is a problem from a reputation point of view. And we know that we will never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet. What we need to do is raise that bar and make sure these vulnerabilities are very obscure.

Will it be a big struggle to change people's perception of Microsoft and security?

There is a broad spectrum of people that like Microsoft, and there are those that don't like Microsoft. Microsoft is a very successful company and there's a lot of people that don't like success. In 10 or 15 years time we could achieve Trustworthy Computing and there will still be people that don't like us. That's fine. We can't win with everybody, but we can ensure we are transparent, honest and forthright.

How much of these security problems can be improved with education?

It's partly to do with education, but Trustworthy Computing is a roadmap. We will bring out the most secure software we have, but there will always be vulnerabilities. It's about what we can learn from them and then we can raise the bar again next time round.

Will we see a decline in the number of security vulnerabilities in the coming years?

I'm not sure we will see the number decrease particularly, because they go across all of our products. I hope we'll see them decrease in products like Windows 2003 rather than 2000 and XP. We have some internal aims and we work on the basis that we aim for zero, and we see where it goes from there. We have the people, processes and technology in place to get to zero.

Surely this is an industry undertaking and Microsoft cannot get the world to trust computers on its own?

We cannot do it alone. We have to do this with our partners, with the government and with our competitors, because there are things we can do with education and awareness. It's Microsoft's vision but it's not something we can do alone. We are working with our competitors through standards groups, such as Saint.

How progressed is the strategy?

We have done a lot in the last year but we need to do a lot more in the next two years. We need to do a lot more in the patch management area. The product groups are very much independent at the moment - Windows, SQL, Exchange are all pretty much separate. We have to work to common standards, which we've pretty much got licked because of the arrival of the internet and open standards.

The one we haven't got licked is patch management and engineering. Each division has their own engineering group. We have got to bring engineering to a point where all patches are together in a single deliverable way. We're looking to get to two installers in the next two years and then to one some time after that.

Craig is a crack smoker

[EvilStein]

"Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at"

No, we don't know that. That man has obviously never seen the wiring in my apartment building. I'm lucky if I screw in a light bulb and have it work.

And as for the bill? I scrapped my landline and went with Vonage because I *never* knew what the bill was going to be. The list of 9 different taxes varied every month.

Re:Craig is a crack smoker

so how do you like that Vonage service? i was thinking about doing that but thought i'd hold off until i heard some feedback.

Re:Craig is a crack smoker

[EvilStein]

Kind of hard to reply to an AC, but. :P

I am *very* happy with Vonage. Very very happy. I've never had any call problems at all. the price is excellent. With relatives out of town, I've saved a ton in long distance fees.
Also, I'm not getting hit with a big pile of taxes. There's sales tax, that's IT. My old SBC bill was about 45% in taxes. Now I pay only like $5 more and get *all* of the useful features.

Vonage now supports fax machines as well. Oh, and "Virtual Numbers." I live in the East SF Bay. I have family in Northern CA. Now I can get a number in the 530 area code, and my family can call *me* and not run up long distance charges. I could pick up a Florida NPA/NXX as well, for only $4.99/mo.

Vonage rocks. I pray to god that the Bells don't ever cause their demise.

Re:Craig is a crack smoker

[drinkypoo]

POTS is POTS is POTS. Any POTS phone will probably work with any POTS line. If the line isn't there, then the line isn't there. That simple.

You DO know ABOUT what your bill is going to be in almost every case. It's easy to estimate. You might have been specially screwed, and the phone company will try to get money out of you and/or avoid giving you money you deserve any chance they get, they're notorious for it in fact (at least pacific bell is, so by extension southwestern bell, even if they weren't already) but you know that your basic service costs n, and you pay so much per minute long distance, et cetera. If you use a special service (like a 900 number) then you know how much that costs as well.

I'm having a hard time seeing as how the computer is any different, though. The only issue is certain ISPs like Earthlink will bill you without informing you that they will do so. They put a $20 hold on my account when I signed up for my "FREE" trial, they didn't tell me that they were doing this. But that is a service-related issue and nothing will fix that in the realm of computing.

Re:Craig is a crack smoker

[gig]

Yeah, but can I plug a Windows computer onto that POTS and get it onto the Internet reliably without professional help? And if I do, how much of a risk do I have that any data on the machine is public? What code is running on their in my house, every second that it's on?

The UNIX community has already solved so many of the issues that are facing the Windows platform, and what UNIX didn't solve, the Mac community did. To see Microsoft still doing a "what, me?" thing in 2003 is really sad. It would be halfway acceptable if Windows XP had the security of Mac OS X, but it doesn't. A $999 Apple iBook is more secure than a $10,000 Windows server. Apple is dishing out notebooks to school children with better security, privacy, and reliability than any Microsoft product, ever.

Re:Craig is a crack smoker

[drinkypoo]

Microsoft is dealing with security issues in a legacy codebase whose roots reach back to the original 32 bit windows for N-Ten (i860 emu.) MacOSX is now based on a codebase which they got from NeXT which is in turn more or less based on BSD Unix, and was considered the best-of-breed desktop Unix (by many) in any case until the hardware it ran on became too outmoded (it wasn't exactly lightning fast when it was new, but it was closer) and the PC version never gained any acceptance.

Targeting Privacy?

[chill]

Wow, and with this story still on the front page?

This gives me flashbacks to Statistics classes in college. Specifically a problem where a hypothetical bus company wanted to raise prices, but for each increase they lost riders. The result was to curves and the intersection was where the "optimum" result was.

I can envision that same graph in MS, where "security" and "compalints/bad PR" are the two curves...

Re:Targeting Privacy?

that should have been your econ class.

my prof gave the exact same example: the local public transit raised fares during the first week of class. he pointed out that if they were to lower it, they'd get more riders overall and result in more money for operating costs (the transit system is non-profit). this would also lighten loads on the downtown streets, as it's currently cheaper to drive in daily instead of bus.

Re:Targeting Privacy?

[beagle]

Wow, and with this story still on the front page?

That is exactly what I was thinking!

Re:Targeting Privacy?

[lucabrasi999]

Wow, and with this story [slashdot.org] still on the front page? Not to be modded as redundant or anything, but ditto. (That makes me at least the third or fourth person that has had this thought). Oh, M$ is targeting Privacy, all right. Targeting it for elimination. Or at least targeting it so they can own all the information about their users.

Re:Targeting Privacy?

[Slurpee]

I can envision that same graph in MS, where "security" and "compalints/bad PR" are the two curves...


Welcome to reality. Companies do this every day, in all sorts of areas. Price, Security, Quality, Functionality, Time to Market, support, phone staff, outlets, regions to sell it in etc etc. All sorts of things go into deciding how and when to release a product (be it a piece of software or a teddy-bear).

Companies that don't make these hard decisions, no matter how great their product will eventually be or how commited to quality they are...will go bust. You make no money while developing a product, only when selling it.

90% of product development takes 90% of the time, the last 10% takes the other 90% of the time.

Re:Targeting Privacy?

Welcome to reality. Companies do this every day, in all sorts of areas. Price, Security, Quality, Functionality, Time to Market,

Exactly. That guy sounds like he needs to watch Fight Club.

Re:Targeting Privacy?

[fucksl4shd0t]

90% of product development takes 90% of the time, the last 10% takes the other 90% of the time.

Dude, I was willing to grant you the benefit of the doubt as a statistician, until I read the last sentence of your post. :(

Re:Targeting Privacy?

[EvilTwinSkippy]

3 Curves, security, complaints they are doing to little, and complaints they are breaking too much.

Though their track record so far seems to indicate the last one is a dotted line that is invisible on printouts...

making Microsoft OS secure and reliable...

[AcquaCow]

Secure...reliable...I still don't trust all the misc info that is dumped to disk at install time. 400+ printer def's, and misc. etc... MS seems to be throwing hundreds of small .exe's into their system to make it easier for tasks to be done, but correct me if I'm wrong, but isn't it harder to keep a system secure if you keep adding application after application to a base install? More apps, more code...more room for something to go wrong...

-- AcquaCow

Re:making Microsoft OS secure and reliable...

[wizarddc]

I thought Linux/OSS was of the "Do one thing, and do it right" philosophy? So if Microsoft does the same, it's unsecure and A Bad Thing?

Re:making Microsoft OS secure and reliable...

[mOdQuArK!]

I thought Linux/OSS was of the "Do one thing, and do it right" philosophy?

I think it's more along the line of "do everything and get it all right eventually".

Only a company _like_ Microsoft would say that there is only one right way of doing things, and that they know what it is.

Re:making Microsoft OS secure and reliable...

[drinkypoo]

Microsoft installs all/most of their drivers these days because people got tired of having to go look for the CD, and this is significantly faster, plus the drivers all had to be compressed, and to save maximum space they are compressed into a single CAB, which is cumbersome to access on CD.

OS features which you do not use are not installed. Many items come with executables which you do not typically use (I just found out about netsh, boy is my face red) so it seems like a ton of shit is being installed but really is it more utilities and scripts and crap than come with the average linux distribution? Probably not. It comes with more binary drivers, but that's because it doesn't come with any source drivers.

Re:making Microsoft OS secure and reliable...

[NoCoward]

God, does EVERYTHING need to be about Microsoft around here? What happened to news for nerds?

Re:making Microsoft OS secure and reliable...

I just found out about netsh, boy is my face red

OK, I give up, what's netsh?

Re:making Microsoft OS secure and reliable...

[shadowbearer]

"MS seems to be throwing hundreds of small .exe's into their system"

and Bog help you if you get hit with the Magister virus. I've seen systems with literally thousands of infected exe files *shudders*

format, reload....sigh

SB

Re:making Microsoft OS secure and reliable...

[Cplus]

Netsh is a Microsoft command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.

Re:making Microsoft OS secure and reliable...

[fucksl4shd0t]

Microsoft installs all/most of their drivers these days because people got tired of having to go look for the CD, and this is significantly faster, plus the drivers all had to be compressed, and to save maximum space they are compressed into a single CAB, which is cumbersome to access on CD.

I don't know that there's really anything wrong with this, either.

As an example, I've got on my harddrive the downloaded ISOs of Mandrake LInux 9.0, and I've got urpmi looking there instead of for the CDs. They're mounted up as read-only loopback filesystems. It's on my server! So whenever I need an application from anywhere on my network, I ssh to my server and run drakconf to see if it's on the distro. If not, I do something else. If so, I install it. Beats the hell out of spending 30 minutes looking for the damn CDs everytime, and then having to go into my bedroom to install the shit, possibly waking up wife and/or kids.

Re:making Microsoft OS secure and reliable...

[toopc]

God, does EVERYTHING need to be about Microsoft around here? What happened to news for nerds?

Articles about Microsoft puts the asses in the seats...so to speak

Re:making Microsoft OS secure and reliable...

[archen]

MS seems to be throwing hundreds of small .exe's into their system to make it easier for tasks to be done,

Isn't this the very unix philosophy people have been touting as a strength? Keep in mind that the flip side of the coin is to include everything in one app and make it too complex for anyone to understand or keep secure. Option 3 I guess would be something to do with dll hell.

In the real world

[Visaris]

While you can talk about all the work that is being put into making Microsoft products secure and bug free all day long, it really is pointless.

Think about the read world. I set up a new box with Windows XP server. I got the new service pack and all the latest patches from windows update. IIS on my box was hacked within 2 weeks. I was hosting a warez ftp that I had no clue about. I don't trust Microsoft worth shit anymore.

Re:In the real world

Was there some cool shit on there, though?

Re:In the real world

[Visaris]

Well, most of it was in german... But yeah, there were a few games on there. SOF II, some movies and the like. The big trouble was they somehow made some 1GB+ files on my comp that I couldn't delete. I don't know how they corrupted the filesystem, but they managed. I had to the a whole drive reformat as microsoft scandisk was worthless. Yet another reason microsoft sux..

Re:In the real world

[sbillard]

Windows XP server?
Are you sure?
Take a closer look. There is no such thing. XP is a desktop OS and it comes in two flavors: Professional and Home.
Not "Server"

Start making some sense or STFU.

Re:In the real world

[The+Bungi]

I set up a new box with Windows XP server. [...] the new service pack and all the latest patches from windows update.

BWAHAHAHAH!!! Bullshit. There's no "XP server", asswipe. There's Windows 2003 Server, which is still in beta and therefore not supported by PSS and therefore has no updates or patches.

If you setup a web server with IIS on Windows XP Pro, assuming you found a way to get over the 10 connection limit (you did, no?), you installed "all the patches", and you still got hacked, then you're not lying, you're just stupid.

I can't believe FUD drivel like this gets modded up.

Re:In the real world

microsoft sux

yes, sux. tell us how it sux and reply to the people qho called you on your bull below

Re:In the real world

And you never considered that perhaps you had it configured wrong? I could set up a bsd box but set it to accept all connections. If it got hacked, would I blame the OS or my own stupidity?

Re:In the real world

[The+Bungi]

(Score:0, Troll)

Here, mod this down as well. I have plenty karma. And keep modding up assholes like the OP as "informative". But the truth hurts, eh?

Re:In the real world

[NineNine]

Wow. A kid who doesn't know the difference between XP and W2K running a warez server that gets hacked, then claims that somehow the filesystem was corrupted to the point where things "couldn't be deleted", even when using scandisk, which doesn't exist in W2K. That's an incredible story! Have you heard the one about these magic beans?

Re:In the real world

[The+Bungi]

Hey Visaris, now that I'm in a roll and the mods are coming in hard and fast, let's talk some more. If I'm going to be modded down for calling you on your bullshit, I'd just as well have some fun.

Didja think about getting a fucking firewall, hmmm? How about that? I can't believe someone would be so stupid as to let a goddamn warez site in "german", nonetheless, and "several gigabytes" worth of "stuff", to be run without their knowledge from their home or office box. I mean, that's the epitome of stupidity. It's so stupid, it hurts.

You see, it's not that "micro$oft sux". No, it's just that you are either too fucking stupid to use a computer or you're just lying. I'd tend to go with the latter. "I was typing in auto mode"?? WTF does that mean? Do you turn your brain off while posting to Slashdot? That's no typo, ~tihs is a tipo~. So are you saying you typed "XP server" instead of "Win2K server"? No, you're just full of shit.

But let's continue to assume your tale is true. Where did you acquire a copy of "Win2K server"? Did you get it when you ordered your Compaq rackmount? Or did you buy it at discount from CDW? No, you probably pirated it. So, I'd say it's pretty fucking stupid to come out and say that you had no idea of how to correctly set up a server with software that you pirated in the first place. Why bother? I'm sure you're smart enough to install BSD or something and secure it completely. And you won't feel bad about being a pirate, eh?

Now go play with your Nintendo and stay away from computers.

Re:In the real world

[The+Bungi]

I had to the a whole drive reformat as microsoft scandisk was worthless.

I hate to break it to you, but "scandisk" doesn't exist in "Win2k Server". Are you starting to feel mighty stupid now, or shall I continue?

Re:In the real world

[jrj102]

You are a bafoon. First of all, there is no such thing as "Windows XP Server." However, that's a minor nitpick.

The point I want to make though, is this: Did you intelligently lock down the machine? Did you have current patches installed? I think the answer to one or both of those questions is "no."

Even more important: was the machine behind a firewall? Anyone who runs a web server, regardless of operating system, DESERVES to get hacked. (Intentional overstatement.) Come on... to deploy a system without adequate security measures and then blame the OS vendor when it gets hacked is silly.

Guess what: a Linux box running Apache is insecure if it is not properly configured and patches are not up to date. I am not saying that Linux is just as insecure as Windows 2000 Server I am saying that the user does bear SOME responsibility for maintaining a secure environment.

Re:In the real world

[palp]

I had something similar happen once when I left the anonymous FTP access turned on in IIS's FTP server (actually I may have been using a 3rd party FTP server at the time, I don't recall).

They create directories that Windows chokes on deleting or renaming - I never really investigated why, there's some blank spaces in the filenames, perhaps low ascii characters - and dump a bunch of files in there. I still have the directories on my drive, I just deleted the files inside them and didn't worry about it.

Most likely this is some kid who set up a 2k server and turned on "all the features" which would include IIS ftp with anonymous access enabled. DEFINITLY user error.

Re:In the real world

[palp]

You're right and he's an idiot, but just to nitpick a bit, MS does in fact release security patches and other updates for the 2003 Server beta.

I'm running RC2 on a couple of boxes and as far as I can tell it's mostly the same patches that come out for 2k/xp, but they do release them specific to 2003 Server.

Not that he's running that. But like I said, just to nitpick.

Re:In the real world

[drsmithy]

Think about the read world. I set up a new box with Windows XP server. I got the new service pack and all the latest patches from windows update. IIS on my box was hacked within 2 weeks. I was hosting a warez ftp that I had no clue about. I don't trust Microsoft worth shit anymore.

This was obviously a layer 8 problem.

Re:In the real world

The intruders set up the warez sight. Try learning how to read before flaming.

Re:In the real world

[shadowbearer]

You know, most of the responses to this post remind me of the old days of Linux "RFTM" Usenet shit. Teach rather than flame, eh, people? I thought we'd got past that....

Oh, we've progressed so far.....

Visaris: One piece of advice: Don't use MS products to run a server. You will end up bald with a trashbasket full of hair. It's not worth it.

SB

Re:In the real world

[fucksl4shd0t]

Hey Visaris, now that I'm in a roll and the mods are coming in hard and fast, let's talk some more. If I'm going to be modded down for calling you on your bullshit, I'd just as well have some fun.

lol

Usually I have reason to bitch at you, but this time I'm with you all the way man. I feel for ya. ;)

Re:In the real world

[The+Bungi]

Condolences appreciated =)

Re:In the real world

1. Windows XP Server doesn't exist (the product, which isn't released yet, is Windows 2003 Server)

2. IIS is not part of the default installation of Windows XP Professional. You installed it willfully.

3. If this were Linux you certainly would have subscribed to a security mailing list and actively taken a role in patching vulnerable libraries/daemons. But since it's Windows you expected it to be taken care of for you.

4. Windows Update does not carry patches for IIS. Should it? Honestly I think Windows Update should be expanded to include all catalogued (read, accepted into Logo program) software for Windows, but with people attacking the privacy issues of the client requesting for patch lists by software and version I don't how many would use it.

only as trustworthy as...

[Sydney+Weidman]

the path of least resistance

Since the interests of a business aren't necessarily aligned with those of buyers, and those of a monopoly even less so, MS computing will be about as trusworthy as the rest of the business world. Unless there's someone (regulator or consumer interest group) breathing down their neck, they are unlikely to be worthy of anyone's trust.

Re:only as trustworthy as...

[kien]

Since the interests of a business aren't necessarily aligned with those of buyers, and those of a monopoly even less so, MS computing will be about as trusworthy as the rest of the business world.

That's a particularly insightful comment, especially if you take a walk down Google's Executive Indictment Lane.

Enron, Qwest, Worldcom...even if it wasn't Microsoft (convicted monopolist), there's no way I'd trust a big company to provide me a "trustworthy" system.

--K.

ISO News siezed by DoJ today for XBox mod chips...

[Dave21212]

I guess that's trustworthyness through DMCA ? If you can't even secure a game box, why would I trust them with my servers !

Some people think it may be a hoax, but for what it's worth...

ISONews
Yahoo

Regarding removing every vulnerability

[Sgs-Cruz]

...never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet...

So NetBSD, Apache, ErOS users are all... in space? Someone call NASA, I think we have a Mars program...!

Re:Regarding removing every vulnerability

[1lus10n]

..... you cannot get rid of every hole.

however you can do a mucchhhhhh better job than M$ is doing. the idea of *security via obscurity* is whats wrong with them. hiding the bugs doesnt fix them, or make them any less likely to be exploited.

Re:Regarding removing every vulnerability

[$$$$$exyGal]

I don't understand your point (or joke?)...

The people at NetBSD, Apache or any other place would ever claim they could get rid of every vulnerability in their software. They know quite well that that will never happen.

--sex

Re:Regarding removing every vulnerability

[b0r1s]

Huh?

Apache had the chunked encoding vulnerability that got a lot of Unix boxes cracked, not to mention a ton of other problems: http://www.apacheweek.com/features/security-13

NetBSD has a whole list of security bugs ( http://www.netbsd.org/Security/ )

ErOS is a toy OS.

Re:Regarding removing every vulnerability

[shadowbearer]

I think he might have meant that at least the org's he mentioned are *trying* to eliminate everything.....

But I'm not sure...it's for certain MS has no really serious commitment along those lines. Not yet, anyway. Heh. Otherwise they'd be rewriting everything.

Oh, wait ;-)

SB

Stuart's notion of the problem:

[burgburgburg]

The problem with Microsoft is because we have a big deployment base out there, we go very, very public with any vulnerability, with patches. Some we actively alert the press about. We know it's going to cause negative press but we have to do it. That's a problem for us.

a) Huh?!?
b) So it isn't the 72 security bulletins, and it isn't the fact that putting out that many overwhelms IT people, and it isn't the fact that the patching process can be so arduous and potentially destructive (can you say Slammer) that people will avoid it for months on end, and it isn't the fact that MS tends to be initially evasive/dismissive of a large number of exploits discovered. The problem is the going public.
c) I'm still not feeling the Trustworthiness.

Re:Stuart's notion of the problem:

[Mark+(ph'x)]

The one we haven't got licked is patch management and engineering. Each division has their own engineering group. We have got to bring engineering to a point where all patches are together in a single deliverable way. We're looking to get to two installers in the next two years and then to one some time after that.

Hopefully, this might be helpful...

MOD PARENT UP

You have to admit the man has a point.

Trustworthy computing? I'll none of it!

[DarklordJonnyDigital]

Microsoft? Trustworthy? What this means is that our computer systems need to trust Microsoft - a company who, while I'm always willing to give them a chance to try and redeem themselves, are primarily interested in making profit before giving people what they actually need.

I'll none of it. 5 to 15 years is being optimistic!

Re:Trustworthy computing? I'll none of it!

[alext]

Indeed.

More to the point, there is absolutely no reason why my having a system that I can trust requires that the system be trusted by Microsoft. The two relationships are completely orthogonal, despite what MS would have you believe.

Re:Trustworthy computing? I'll none of it!

[IchBinEinPenguin]

are primarily interested in making profit before giving people what they actually need.

Therein lies the answer.
Ralph Nader wrote "unsafe at any speed" which finally awoke people to the fact that cars were dangerous and that safetey features were a good thing.

Before you know it, manufacturers of cars build safeteyinto the cars because it's what the consumer wnats and therefor it's what the producer wants.

Now.... how does this apply to a market dominated by a monopoly where getting accurate non-hyped info on 'safetey' and 'reliability' is near impossible?

Microsoft is like any other company, they do what benefits them.

Competition = consumer-driven-markets ==> what the consumer wants is what is in the best interest of the manufacturer to produce.
Monopoly = manufacturer-driven market ==> the consumer is forced to put up with whatever is on offer which may not be what they want.

Why do you think we got clipp (universally despised) instead of stability (desperatley wanted) in Word?

Trusted Platforms

[Fringe]

From the interview, Craig said:

Trustworthy Computing is a vision of the future in five, 10 or 15 years, which says we want users to say they trust their computing platform.

It could be done much quicker than that if they'd open their source. Linux users trust their platform.

His answers seemed frank and honest, a nice touch. Makes me wonder if he'll find himself out-of-work next week.

Re:Trusted Platforms

[crudeboy]

>It could be done much quicker than that if they'd open their source. Linux users trust their platform.

No, not all linux users trust their platform. I for one don't. I like it but there's no way I'll put my trust in it, or any other OS I run.

Re:Trusted Platforms

Yes, they trust it enough to assume that peers would have caught trojans being written into the build scripts.

15 years?

[the_machine]

Okin indicates the strategy may take 5 to 15 years

15 years? What M$ product is around today that will be around 15 years from now?

Re:15 years?

What M$ product is around today that will be around 15 years from now?

Clippit.

Re:15 years?

[geeber]

Well, consider:

The first version of Windows came out somewhere in the mid to late 80's (can't remember exactly when). It took them from then to now, about 15 years, to finally make a halfway decent version.

So, 15 years for them to get the trustworthy part right? Sounds like a pretty good estimate to me.

Re:15 years?

[iggymanz]

Well,it's 2003 and XP still runs DOS programs...so there's a good chance there will be more layers of compatibility stuff and old cruft!

Re:15 years?

[Atzanteol]

What M$ product is around today that will be around 15 years from now?

That, I believe, is the point.

They're focusing only on new products. Forsake the existing. Yet another reason for you to upgrade in the future!

Now Windows 2048 with Trustworthy Computing(TM)!!!

Re:15 years?

15 years? What M$ product is around today that will be around 15 years from now?

Microsoft FUD?

Re:15 years?

Windows 98

Re:15 years?

[KliX]

I'd agree - what OS or system doesn't take that long to get exploited [e.g. pushing the hardware/OS of old machines] or fixed totally to it's users specifications..

On another note, I do, I suppose, as a developer find it annoying that it does, even with the best people and equiptment take decades to get complex software working.

I suppose rockets, the space shuttle, radio, the hardware[!] etc didn't take longer though. Man, I'll be dead before the OS that superceeds windows gets fixed. Doh.

Re:15 years?

[gmuslera]

Is good math, 15 years of adding features, and 15 to do them right.

Of course, they could did things right from the start, but common sense is so uncommon...

Re:15 years?

[drinkypoo]

You know, it's people like you that really make life annoying for the rest of us, you pissers, moaners, and whiners. If there's no backwards compatibility, everyone bitches, but if there is, then all the geeks will bitch about cruft. Get over it, sparky, you want compatibility, and you are (or at least should be) glad that Windows NT does that in a ntvdm process instead of actually being partly based on the way DOS does things, as Windows 9x was.

Re:15 years?

[iggymanz]

Broken backwards compatibility is one kind of cruft. Feature bloat is another.

Re:15 years?

The products won't be around, but all their baggage will be stacked up in the back room. It's called "backwards compatibility", and is the long-term curse of anybody who ever released a marginal product that was "good enough for now". Once it's out there, you can't kill it without offending the customers.

Believe it or not, Microsoft does pay attention to customers in this respect. New versions do handle old file formats. They want you to upgrade, and keep upgrading--not go to another supplier.

Look how long it took to get the MS/DOS 1.x system calls out of windows (Win 95). Then remember that those were retreaded CP/M-80 system calls. Your past misdeeds will come back to haunt you!

Serious question

Is it possible for a virtual architecture to sort of repair a flawed real architecture under it? For example, x86 page protection is not as granular as it should be. Is writing a virtual architecture similar to x86 but where these problems are fixed building on a swamp, or could it actually be effective?

Steady progress ? Privacy ?

[Troll+Garou]

Slow, steady progress seems to be the result. They've targeted Security, Privacy, Reliability and Business Integrity, but so far have had a go at Privacy.

No kidding. The best example is the latest Windows Update engine collecting info about all your registered applications, featured earlier right here on the /. main page.

Talk to me about Privacy and Business Integrity again, and I'll chop your head off.

Mission statement.

[tarquin_fim_bim]

"Trustworthy Computing is a vision of the future in five, 10 or 15 years

But in the meantime we shall vigorously pedal all the buggy shit we can, and still claim: "It's the most secure yet"

Re:Mission statement.

[ralico]

Taking that line, MS can "borrow" AOL's ad campaign,

"Windows 2kX, the most secure Windows yet!"

Re:Mission statement.

You mean peddle?

Re:Mission statement.

Nooo, they have a pedal driven buggy called shit, which is progressively more secure.

5 to 15 years?!?!

[FosterKanig]

I was always told:
Measure Twice...Cut Once

That's some free advice from me to MS

Re:5 to 15 years?!?!

[enos]

I was always told:
Measure Twice...Cut Once

I cut twice and it's still too short.

Re:5 to 15 years?!?!

[Dr+Caleb]

You cut it on the wrong side. Try the other side to make it longer.

Re:5 to 15 years?!?!

[shadowbearer]

Mod parent up! Great old carpenter joke....

SB (yes, I am a wood hacker ;-)

People's perceptions, by Stuart

[burgburgburg]

Microsoft is a very successful company and there's a lot of people that don't like success.

There are also those who have nothing against success, but do have a problem with being gouged by Convicted Monopolists (tm) selling insecure bloatware.

Wildly optimistic

[cuberat]

I'm not willing to stipulate that MS will be the 400-lb. gorilla it is now in 15 years.

If, a decade from today, Microsoft is still trying to fix the problems they have now, then they're dead in the water. Someone leaner and meaner will come along and push them aside.

That's the way this business works. We're not the car industry.

Re:Wildly optimistic

[binaryDigit]

.... Someone leaner and meaner will come along and push them aside.

That's the way this business works. We're not the car industry.

No we're worse than the car industry. With the auto industry one can always switch manufacturers and have an auto that drives basically the same way as any other auto does. We can buy tires, batteries, wipers, etc at the local Pep Boys (assuming a fairly "standard" auto, i.e. you don't own a Ferrari Enzo), all specific to our auto, put with common parts availability. We can do none of the above with software. This is why Microsoft was able to become Microsoft. Market share is king, and it's something that is extrememly difficult to overcome without huge resources, regardless of how "leaner and meaner" you are. In this market it's not good enough to be better, you have to be better and have deep enough pockets to fight a long and protracted battle. Either that or rely on the generous coding by those who are willing to do it for "free".

Re:Wildly optimistic

[drinkypoo]

No we're worse than the car industry. With the auto industry one can always switch manufacturers and have an auto that drives basically the same way as any other auto does. We can buy tires, batteries, wipers, etc at the local Pep Boys (assuming a fairly "standard" auto, i.e. you don't own a Ferrari Enzo), all specific to our auto, put with common parts availability.

Not only that, but it is completely legal to develop workalike replacements for auto parts. Hell, it's even legal to develop lookalike replacements. In fact, you can make fiberglass copies of the fenders on you car and sell them without making any modifications from the original design (Except that it's made of sheet steel and yours is made of fiberglass) as long as you don't claim they are original parts.

Also, cars are not made of source code, they're made of steel. All there is to a vehicle is its physical form. (The ECU is an issue but not that much of one, as you can replace it entirely in all but the most complicated engines with an off the shelf part.) You can copy the physical form without TOO much trouble (shaping steel into some of those positions is pretty hard though...) and it's legal to do so.

Re:Wildly optimistic

"Either that or rely on the generous coding by those who are willing to do it for "free". "

Sounds good. Let's go with that one.

This is turning normal users against MS

[StormyWeather]

The wierdest thing happened today. My father picked up an el-cheapo computer I built for a relative from me, and asked about linux. I was floored. My father is intelligent when it comes to many things, but is not computer savvy. You guys will probably flame me for this, but my father wants to try linux because he can't pirate XP easily. However, his company buys a ton of software based on his recommendations (based upon mine), so his decision usually ends up filling Microsoft's coffers a fair amount. I like the idea because I can ssh into his machine and fix something if it breaks, and I don't have to worry about all the damn viruses, key loggers, and spyware he seems to collect like a bee collects pollen just through regular email correspondance.


When I hear people bitching about the new direction Microsoft is going with anti privacy and anti piracy I rejoice, and wish them to go further. All it does is push more people into a free operating system such as BSD or GNU/linux.

Re:This is turning normal users against MS

wow, i think you the first person i have seen to use GNU/linux without making fun of it. whats up?

Re:This is turning normal users against MS

[drinkypoo]

You guys will probably flame me for this, but my father wants to try linux because he can't pirate XP easily.

If I flame you, it will only be based on the poor quality of your genetic material. Your father can't figure out how to warez XP, and he's going to run Linux? Good luck, daddy-o.

Re:This is turning normal users against MS

[rowanxmas]

This is very funny, shoulda kept my mod points.

Re:This is turning normal users against MS

[sebisor]

In case you haven't tried yet - knoppix (http://knopper.net) is a Linux distribution you can boot from a CD and doesn't touch you HDD. You can use it for remote debugging. For a real paranoid admin - really trustworthy!

Re:This is turning normal users against MS

[StormyWeather]

I know most people think it is silly, but I was using GNU software a long time before I used GNU/Linux. If I am only talking about something related to the Kernel then I will say Linux. However, I use Linux through GNU/Gnome, edit my homework with KDE/Kdevelop, compile that homework with GNU/g++, browse the web using Mozilla, and do word processing with OpenOffice. I can do all of those things without linux, or run linux with none of the other. It's not really fair to say I use Linux. I use GNU copylefted software through linux. Hence GNU/Linux makes perfect sense to me, the same way millions of people say their operating system is AOL because that is the only thing they see :). I would never press anyone else to say it though, that's just assinine :).

Re:This is turning normal users against MS

[stephanruby]

A similar thing happened to me last week. When I met my mom, she handed me a BusinessWeek article (I think it was a BusinessWeek article, but I'm not positive), and she started raving about Linux and said that I needed to get into this (little did she know, that the operating system that I set up for her and that she was already using everyday for over a year was already a Linux-based system).

Trustworthy as Ma Bell?

[Spazmania]

Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.

Good lord, that's Microsoft's idea of trustworthy? At least 75% of the Verizon bills I audit at work are wrong, many to the tune of thousands of dollars. And don't get me started about the impossibility of figuring out whether the caller is a telemarketer before picking up the phone...

Re:Trustworthy as Ma Bell?

[$$$$$exyGal]

Agreed. Remember all those commercials that used to make fun of the idea of 'figuring out your phone bill' ? Yup. That's Microsoft's vision.

--sex

Overview of article

[LittleBigScript]

Even telephones fail.

There are four pillars in computing to us. We are activaly pursuing one of those.

We have billion customers and only a few tens of thousands of employees to fix there problems.

We may fix most of our security problems in say, 10 to 15 years.

Some people dislike us and we are ok with that...we're still quite rich.

You can fool all of the people some of the time,etc,etc...

No one is 100 percent secure. It is impossible.

Our goal is 100 percent security, and we think we can achieve that.

One last thing, Win200 and WinXP may have security holes (we don't plan on fixing), but Win2003 will be GREAT! Well in about 10 to 15 years...

Re:Overview of article

[$$$$$exyGal]

Don't forget: ... and there will still be people that don't like us.

So add this to your list:

A lot of people will always hate Microsoft, and they know it ;-)

--sex

Re:Overview of article

[rowanxmas]

Won't that make it Win2013-Win2018? I mean, yeah, win95 blows chunks, but win2018 is going to ROCK!!!<BR>
at least until win2020 comes...

Re:Overview of article

[fucksl4shd0t]

at least until win2020 comes...

Is that the one built by investigative reporters? And they're promising us PRIVACY????

Re:ISO News siezed by DoJ today for XBox mod chips

[MisterFancypants]

I guess that's trustworthyness through DMCA ? If you can't even secure a game box, why would I trust them with my servers !

I suppose YOU could secure a game box where the attacker has physical access to the machine? If so, someone in the security industry should hire you ASAP! But in reality you're just an anti-Microsoft idiot...so nevermind.

You betcha

[worst_name_ever]

They've targeted Security, Privacy, Reliability and Business Integrity

I'll say they have! By this time next year they should be nearly finished with their program to eliminate all of the above.

Re:ISO News siezed by DoJ today for XBox mod chips

[Klerck]

It's definitely real

And on a similar note, several sites were shutdown and taken over by the government without a conviction of the parties involved.

Herding cats?!?!

[Ignorant+Aardvark]

There are no known ways to herd a cat. Now, if you're talking about skinning it ...

Some "Inconsistencies"

[Neumann]

He answers to one question:

And we know that we will never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet.

then 2 questions later he says:

We have the people, processes and technology in place to get to zero (security vulnerabilities)

so am I reading this wrong or is he contradicting himself?

Re:Some "Inconsistencies"

[The+Bungi]

is he contradicting himself?

Yes he is. He's an asshole (and look at my sig when I say that). They could have named any other of their VPs to that position, and they picked the worst possible one. He has an alarming propensity to trip over his own FUD, as it were.

Re:Some "Inconsistencies"

[shadowbearer]

"I contradict myself? Ok, I contradict myself. I am large; I contain multitudes."

Oh...wait, I thought we were talking about Ballmer.

SB

Re:Some "Inconsistencies"

[The+Bungi]

Oh, that's fantastic. I now get modded down for attacking Microsoft.

Beautiful.

Re:Some "Inconsistencies"

[superyooser]

The goal is to achieve zero security vulnerabilities. Realistically, he understands that this will not actually happen.
I saw one of those inspirational posters you see in elementary schools with this saying:

"Shoot for the moon. [perfection] Even if you don't make it, you'll be among the stars. [pretty close]"

That's the idea. The higher you set your goals, the greater your achievement will be.

Isn't this common sense? Are you people just being facetious? I feel like I've been trolled. :-/

Re:Some "Inconsistencies"

[fucksl4shd0t]

Oh, that's fantastic. I now get modded down for attacking Microsoft.

This is just plain stupid, dude. I think the problem isn't that you like microsoft, but rather that you're a smart guy. If you were dumb, they'd've modded you up. Since you're not dumb, they're scared you'll turn people away from Free Software.

Also, you provided a real criticism of Microsoft, it wasn't just random bitching and whining like we usually see from people who haven't run windows since KDE 0.1 came out.

Usually I wanna tangle with you, as much as we philosophically disagree, though, you're on the level.

Re:Some "Inconsistencies"

[The+Bungi]

If you were dumb, they'd've modded you up.

*grin* OK, that's a piece of advice I'll have to remember.

Usually I wanna tangle with you

Hey, there will be other flame wars =)

Re:Some "Inconsistencies"

[zozzi]

And we know that we will never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet.

then 2 questions later he says:

We have the people, processes and technology in place to get to zero (security vulnerabilities)

so am I reading this wrong or is he contradicting himself?

Neither. He's just not living on this planet.

Re:Some "Inconsistencies"

[CmdrGravy]

"Shoot for the moon. [perfection] Even if you don't make it, you'll be among the stars. [pretty close]" Not sure what schools that poster was in but I certainly hope they don't Astronomy as well ;-)

Light bulb joke

[Webmoth]

"...I'm lucky if I screw in a light bulb..."

That brings to mind the old joke:

Q: How many flies does it take to screw in a light bulb?

A: Only two, but how'd they get in there in the first place?

Here's a fix:

[image]

Developers, program managers, QA engineers, and marketing leads should be held accountable for security holes found in the products they ship. Even after the fact. E.g., those responsible for the recent Slammer vulnerabilities should get smaller bonuses and performance incentives this year. This should be part of their "Trustworthy Computing" initative. If development and business owners are not being held personally accountable within Microsoft, their products are not going to improve. Period.

Decent MSFT employees stay on average 5 years. This is more than enough time for the "dis"-incentive of a post-mortem on the security of their product to have an effect.

You listening, Bill? Steve?

PS: I'm ex-MSFT. I left because while I believed in the strength of the individual developers (the best as a whole I've ever worked with) the corporate management does not listen to the actual needs of the customers. They are very, very good at listening to what the customers will buy. Unfortunately, those are two different things right now.

Re:Here's a fix:

This is how it works in my industry. I'm an Architect. To build anything larger than a house, you have to have drawings, and those drawings have to be stamped & signed by an Architect. Whomever stamps and signs those drawings is liable FOR LIFE for the work contained within those drawings.

So, say, I stamp and sign a drawing that I don't look closely at or I made a big mistake within the drawings. In five years, I leave the firm that I work for, and work for a different firm. After that, the building falls down and kills a bunch of people. Now, the company I used to work for AS WELL AS I am liable for that happening, if it's proven to be our fault that the building fell down.

This 'check' allows for problems to really get solved; unlike software development which is still a completely unregulated industry.

Re:Here's a fix:

[binaryDigit]

those responsible for the recent Slammer vulnerabilities should get smaller bonuses and performance incentives this year.

How would you recommend providing incentive for the OSS developer to create fewer vulnerabilities?

If development and business owners are not being held personally accountable within Microsoft, their products are not going to improve. Period.

And how does this translate into improving OSS where you typically don't have a paycheck to lord over the heads of the developers?

Re:Here's a fix:

[kfg]

That would work, *IF* they had the power to halt production until their bug was worked out and got a bonus for doing it.

Dream on.

Most bugs in commercial code exist because the coders work under pressure to a deadline they didn't even have a hand in making. Not because they're bad coders. The quality of the coders is nearly irrelevant, which is why MS can employ so many of the best coders in the world and still turn out crap product.

Many other bugs are introduced as part of the basic architecture by *marketing,* not the coders.(Can you say Outlook Express? I knew you could)

This isn't about good code. It's about marketing product.

KFG

Re:Here's a fix:

[Simon+Brooke]

How would you recommend providing incentive for the OSS developer to create fewer vulnerabilities?

You don't need to provide an incentive for open source programmers to create fewer vulnerabilities. Our code's out there in the open for everyone to look at. If someone finds a vulnerability in our code that we haven't spotted and fixed first the egg is all over our faces, personally. It hits us right where it hurts, in the personal pride and self image. If your code is out there in public with your name and your email address on it you care that it's as good as you can make it.

Re:Here's a fix:

[binaryDigit]

You don't need to provide an incentive for open source programmers to create fewer vulnerabilities

I'm sorry I don't share your belief that having others find your blunders is somehow "better" (or just as good as) having financial incentive. Plus in the corp world, there is BOTH the risk of having someone find your broken code and the financial slap on the wrists. There are more than enough vulns. in OSS code that if your statement is correct, would imply that the people doing the coding on OSS are producing marginal code due to lack of skill vs attention to detail (I'm referring specifically to busted code, not ALL their code). Is this what you are saying?

Re:Here's a fix:

[Slurpee]

Most bugs in commercial code exist because the coders work under pressure to a deadline they didn't even have a hand in making. Not because they're bad coders. The quality of the coders is nearly irrelevant, which is why MS can employ so many of the best coders in the world and still turn out crap product.

Many other bugs are introduced as part of the basic architecture by *marketing,* not the coders.(Can you say Outlook Express? I knew you could)

This isn't about good code. It's about marketing product.


hear!! hear!!

And don't forget how many bugs are added through requirement changing half-way through development .

Marketer: Hows the work going?

Programmer: Great! Have almost finish an alpha, almost ready for testing phase...as per plan and spec.

M: awesome! Oh, by the way...I also need it to send SMSes alerting us when a customer needs something or rather...

P: umm...not in the spec.

M: wasn't it? well it was meant to be in the spec.

P: You signed off on the spec. It doesn't have it in it.

M: Well I'm telling you now it needs it.

At this point the programmer generally goes one of two ways.

- They can be helpful, offering to see if they can throw something together in a few days. This is often done by helpful programmers or those who like to show off. Often they underestimate how hard it really is, how long it will take, and how it changes the rest of the project. But because nothing is in writing, and it is last minute...they put themselves in a bad position, hammered by costs, times, and reliability problems.. They also opened the door, and in the future the marketer will continue to add things at the last moment. It is a bad downward spiral into insanity.

- they can piss off the marketer (and possibly big people in the company). Say they won't do it until they have a change request. They need the changes speced out, and then need to reply in writing how this changes the project. It adds an extra week to dev time, test time, etc etc. They need the changes (including extra time and costs) signed off by everyone involved. In the end this is a much better way...it teaches the marketer their "I just need..." costs money and time. And makes sure things are done right.

Re:Here's a fix:

[tcopeland]

> P: You signed off on the spec. It
> doesn't have it in it.

The problem with "signing off on the spec" is that it doesn't work any more than "type all the characters right the first time" does.

When I'm programming, I follow a feedback loop of:

- write some code
- write a couple tests
- oops, test failed, didn't think about that condition
- write more code, tests pass, yay

Why would a marketing person be any different? I daresay marketers change their minds, improve their stuff, and think of new things just as much as I do.

Yours,

tom

Re:Here's a fix:

[fucksl4shd0t]

I'm sorry I don't share your belief that having others find your blunders is somehow "better" (or just as good as) having financial incentive. Plus in the corp world, there is BOTH the risk of having someone find your broken code and the financial slap on the wrists.

Let's see if I've got this straight. You seem to be saying that if a person doesn't have financial incentive they won't exercise a work ethic? Do you work for the government or one of its contractors?

There's no excuse for having a shitty work ethic, and the poster was just saying that Free Software developers have a work ethic. I agree with the generalization, I know many free software developers and haven't yet met one with a shitty work ethic.

Financial incentive is no substitute for work ethic.

Re:Here's a fix:

[Simon+Brooke]

I'm sorry I don't share your belief that having others find your blunders is somehow "better" (or just as good as) having financial incentive.

Did you read a word I wrote? I said, one is motivated to find and fix problems in one's own code becuase if one doesn't and someone else finds it first one is embarrassed in front of the whole developer (and user) community. That seems to me a much more powerful incentive than any amount of money.

Re:Here's a fix:

[binaryDigit]

Let's see if I've got this straight. You seem to be saying that if a person doesn't have financial incentive they won't exercise a work ethic? Do you work for the government or one of its contractors?

Uh no, I said that I didn't agree that just having egg on your face in front of your peers was better or more incentive than a similar corporate situation combined with a financial incentive. I'm sure you've met many OSS developers with great work ethic. I've met many corp. developers that had great work ethic, and I've met many that had crap work ethic who didn't care WHO saw their code.

I think what the original poster probably MEANT to say was that the person who is likely to take their time to contribute to an OSS project is MORE LIKELY to be more concienceous about their code, and thereby wouldn't NEED additional motivation. I would whole heartedly agree with that. HOWEVER the original poster's implication was that corp. developers had to be held accountable for their code or else, but yet not OSS developers. My response was a question on how to hold OSS developers accountable for theirs. They then replied that effectively "there was no need", I did not, and do not, agree. Having good work ethic and not writing bugs are two separate things. As is obvious by the bugs that actually do show up in OSS that is writin by developers with "good work ethic" and having been reviewed by their peers (not trying to bad mouth OSS development, I'm just saying it's not perfect either).

Re:Here's a fix:

[binaryDigit]

Did you read a word I wrote? I said, one is motivated to find and fix problems in one's own code becuase if one doesn't and someone else finds it first one is embarrassed in front of the whole developer (and user) community. That seems to me a much more powerful incentive than any amount of money.

Yes I did read what you wrote. Are you assuming I didn't because I dared to not agree with you? I still don't. The original post refered to ACCOUNTABILITY, NOT motivation. You seem to be implying that since the OSS is afraid of looking stupid, that they'll produce better code, THEREFORE there is no need to place any additional standards for accountability, UNLIKE the corp developer, since their just greedy and are in it for the paycheck. Which if it is what your saying, then it's plain wrong. We're talking about taking responsibility for your mistakes. If the OSS developer makes fewer of them because of the environment and their "typical" mind set, then fine. BUT, the OSS developer WILL make mistakes. And when they do, should they not be held just as accountable for their mistakes as the corp developer? Which leads right back to the question I first posed, with the corp developer you have financial incentives/penalties, what leverage does one have when the OSS developer screws up? You have not addressed my question, other than to somehow imply that OSS developers never screw up.

Re:Here's a fix:

[fucksl4shd0t]

Uh no, I said that I didn't agree that just having egg on your face in front of your peers was better or more incentive than a similar corporate situation combined with a financial incentive. I'm sure you've met many OSS developers with great work ethic. I've met many corp. developers that had great work ethic, and I've met many that had crap work ethic who didn't care WHO saw their code.

Perhaps I read work ethic into it. :) I have to agree with your statement based on the followup you just posted. :)

I must agree because, as a rule, I generally don't really give a shit what people think about me. I let my actions speak for themselves, and if people don't like it, fuck 'em. Most of the time, people find they like it, however. In any case, as you say, getting egg on my face in front of my peers is irrelevant to me, but fixing bugs is part of my work ethic. I stand by my work, even if the GPL says I'm not liable for it, I still stand by it and fix it when it breaks, and this is true among many OSS developers.

Finally, I also have to agree that OSS isn't perfect either. The difference, I think, and it's a big difference, is that OSS strives every day to be better than it was the day before (there are exceptions, let's ignore those :) ). Corporate development frequently involves deadlines, marketing, and internal politics (sometimes even external politics, ref: Microsoft, Israel, the Mac, and Office). OSS politics also affects OSS projects, in many cases. Each system has advantages and disadvantages. OSS has proven itself a valid development model, but has yet to prove itself better than others. While we can point to all the great, wonderful, and successful projects, for every one of these there's at least 10 that failed somehow.

Bottom line, though, is that there is always a need for an incentive for people to do things. Money works for some, work ethic works for many, money + work ethic works the best for me. :) Vanity (which is essentially what the original poster was talking about) also works for some. Any other incentives that work, that you know about?

The four pillars

security, privacy, reliability and business integrity.

The first three I understand, single words with a direct meaning. The forth business integrity ? Why is integrity qualified with business? Whose business and how? Its seems a little more difficult to pin down what they mean by that.

Re:The four pillars

[skillet-thief]

Business integrity is an oxymoron.

Actually, ...

yes, it has. We've read through your personal files (good stuff, fun) and are now using your box as a spam forwarder and a DOS instigator. Nothing personal.

There are reasons people don't like Microsoft

[interstellar_donkey]

And I don't think Microsoft really understands the real reasons why. The interview hints at the mentality of MS that its detractors are somehow upset because the company is succesful.

I don't dislike MS because it's been so succesful, I dislike MS because A: Its preditory business practices and B: Its disdain for its users.

It would be like Al Capone saying the only reason why people don't like him is because he was so rich and powerful.

Re:There are reasons people don't like Microsoft

[MonopolyNews]

I think that few people hate microsoft because they are the top of the hill. What few there are are outnumbered by people that love microsoft only because they are at the top of the hill. In the end, being at the top of the hill is a PR plus for microsoft. Thus, the hate you see left over, and now common in the press (what a different case than 5 years ago!), are based on real gripes. At least, that's how it looks to me.

Special Report in Information Security Magazine

[Belluminari]

The February issue of Information Security has a special report by Lawrence Walsh titled "Trustworthy Yet?" that is a good companion to this article.

I trust Miocrosoft already

[cabalamat2]

When I buy Microsoft products, I know I can trust them to shaft me with shoddy software, vendor lock-in, DRM, gratuitously incompatible file formats, etc.

not as bad as whoi?

[fanatic]

From the linked article: But if you follow any of the vulnerabilities of our competitors, we are not as bad as them.

Um, which competitors are these? Where are the numbers (minus duplicate counting across distros and inconsistent inclusion/exclusion of apps)?

Would this be the FOSS community that acknowledges and patches holes in hours?

My idea is this:

[huhmz]

The product groups are very much independent at the moment - Windows, SQL, Exchange are all pretty much separate.

How about they just use the IIS guys room as base of operations? ;)

When will they ever get it?

[siskbc]

There are also those who have nothing against success, but do have a problem with being gouged by Convicted Monopolists (tm) selling insecure bloatware.

No kidding. People would be much more likely to accept/forgive MS if they ever showed any evidence of contrition. As it is, they settle lawsuits, claim they are just being persecuted, and blame people for being jealous of their success. And they wonder why we don't trust them?

Bullshit.

But if you follow any of the vulnerabilities of our competitors, we are not as bad as them.

Sorry, but this is just not true. The last time UNIX had a melt-down akin to any of the last dozen or so MShit worms was the RTM worm, and that was in 1988.

Thank goodness

I've been alarmed that people have been using pipes like those from the raids to smoke an herb that occurs naturally and has been in use for thousands of years before the DEA existed. Next up are the sinners who use mary-jane for medical purposes. I'll be damed if someone who has terminal cancer is gonna get even mild relief. Die in pain dam it!

Re:Thank goodness

Next up? They have already been beaten down again and again. In sovereign states that have laws allowing medical use of the herb.

Woah! Typo!

[Visaris]

Sorry, I meant Win2k Server. (sp3 if you want to know) I was typing in auto mode, sorry.

Re:Woah! Typo!

[indiigo]

You need(ed) urlscan:
http://www.microsoft.com/technet/treevie w/default. asp?url=/technet/security/tools/tools/urlscan.asp

And a clue how to admin a box. Usually you learn about the tenets of how it works BEFORE you use it on the net. Your issue is 100% admin error, not Microsoft.

Live and learn.

Re:Woah! Typo!

[gig]

> ou need(ed) urlscan:
> http://www.microsoft.com/technet/treeview/default.
> asp?url=/technet/security/tools/tools/urlscan.asp

> And a clue how to admin a box. Usually you learn about
> the tenets of how it works BEFORE you use it on the net.
> Your issue is 100% admin error, not Microsoft.

BULLSHIT, BULLSHIT, BULLSHIT. You might think it's not, but it is. These systems are not sold to card-carrying, beard-wearing UNIX admins, they are sold to everyday working-people and small business and whatever other unfortunates didn't fucking know to get a Mac. AND, rather than an easy, automatic update system like Apple's, or a geek-friendly but you can trust it system like other UNIX, Microsoft has this outrageous update system that even they have blamed when Hotmail went down under some known bug that they themselves hadn't patched.

If you go right now and get Mac OS X Server instead of Windows 2000 Server, Mac OS X itself will check with Apple daily or weekly or monthly or never (your choice) for patches, and the system will install them itself. This update system is years-old, pre-dating Mac OS X even, and I have watched it painlessly update scores of Macs through about five Mac OS 9 updates and about 30 Mac OS X updates (10.1.1 to 10.1.2 for example, or an openSSH patch a day or so after a vulnerability is found, or whatever). I'm telling you right now that a 7th-grader with an iBook she got from school can run a secure Apache Web server over her DSL without ever installing any patches, and all she has to do is click one button to start the server. Surely, given that real-world condition, a server system from Microsoft that costs thousands and thousands in software licenses and labor to deploy shouldn't be so fragile that an admin has to check a Microsoft Web site every day to see how messed up their server might be.

This is a scandal, people. Just because you've enjoyed watching Linus et al rebuild 1970's computing from the ground up for free over the last few years doesn't mean you can apologize for Microsoft's 1980's style security policies here in 2003. We don't just network now, we Internet, we Wi-Fi, we Bluetooth, we hot-plug cameras and 20 types of storage and then we pick it up and move to somewhere else and connect to a bunch of stuff there. If Apple can make their OS UNIX-compatible, across their whole line, from kids computers to video workstations to recording studios to artists and QuickTime servers and Web servers, then why can't one plain Microsoft server weather a little time connected to the big bad old Internet (ooh, scary) all by itself?

Microsoft is never really held responsible because if you do that, you have to admit that Steve Jobs was right, and IBM was right, and Linus Torvalds was right, and your CTO was wrong to spend the last five years filing your company with shitty DOS boxes just so you could get your nuts into an even bigger Microsoft vice.

I'm telling you, if you have run one of Apple's new systems for even a day, just taking it for a test drive, kicking the tires, so to speak, then you will probably get a huge sinking feeling that 90% of the industry is just sitting there scratching their asses and trying to figure out how they can sell you yet another POTS modem, or yet another hub of some kind, while Apple actually built the desktop platform for the future. You get trustworthy computing from Apple because they stand by EVERYTHING. They build it right, they sign their name on it, you pay one price and you get a complete system that does what they said it does and keeps on doing it in spite of the fact that the Internet was invented.

Windows is not just screwed up at the core level, in the kernel and security and such. It's also screwed up at the application platform level. Microsoft just bought VirtualPC so that they can build it into Windows 2003 Server so that their users who actually can't migrate their NT stuff to XP can run virtual NT's on Windows 2003. In other words, the user's application installations are so fragile that they have to move forward with an entire emulated Pentium computer and their whole NT OS wrapped around them in software. When you can't even add or remove apps in a proper way, what kind of platform is that?

Re:Woah! Typo!

That sure is a lot of air for something that does nothing to refute my point. There are lots of exploits that require the admin to be competent about the system he/she administrates. If you are setting up any system, you patch, then you apply best known methods for administration. granted, W2K server should not have had these services turned on by default, but then again someone shouldn't be turning on a web server without a clue about proper procedures on how to administrate.

I don't doubt Microsoft is screwy in many security regards, but this instance is 100% the admin's fault, he missed a critical step in setting up a new machine. There is no red-hat or OSX replacement for knowing the systems you administrate first and foremost.

And apple is far too expensive, any way you look at it, for serving, being served, etc, for what you get out of it other than a eye-candy GUI or a slick OS(or two)

I can build 2-3 servers/workstations that outperorm Mac on business class software for every mac, and still come out with money to spare.

No contradiction

[k2r]

> Anyone who says the opposite is not living on this planet.

No, he's not contradicting himself but just doesn't live on this planet.

k2r

Ironic

[stevejsmith]

Kind of ironic that when you're creating a file that you need to restrict people from because you don't trust them to follow simple instructions it's called trust-worthy computing, eh?

Comment removed

[account_deleted]

Comment removed based on user account deletion

WTF!

[frank_adrian314159]

Has Bill bought stock in VA Lin..., uh Syst... uh whateverthe hell we call it today? Two somewhat positive MS stories in one day! And without the usual bashing in the headlines!!?? Who the hell put Prozac in Cowboy Neal's chili???

I hope it wears off by tomorrow...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Definitely Targeting Privacy!

[Aumaden]

I don't know about the rest of you, but I certainly feel I can trust Microsoft to help themselves to as much of my privacy as possible! -- Aumaden

One of the best ways to herd cats

[kfg]

Is to have as few as possible cats to keep track of.

There comes a time when the labor of herding the cats exceeds the value of the labor they produce and the whole thing starts to go downhill.

MS hit that point many years ago. They have a lot of money though, and a profit margin that's nearly obscene, so they can afford a lot of cats, so they get them.

You want more, better, faster product from MS? Cut the staff in half, starting with middle management.

Daimler and Benz invented the automobile working alone. The Wright Bros. invented the aeroplane working alone. It takes a team of engineers and designers 6 months to *two years* to make a change in a Ford's hood ornament.

The man month truly is mythical.

KFG

Re:One of the best ways to herd cats

[RatBastard]

Reduce the number of products! They should have stayed focused on the OS and left the rest alone. MS wasn't a bunch of mean asshats before they had a vested interest in Office. When it was just DOS/Windows they were pretty cool with most people (safe Lotus, but they always seemed to have it in foir those guys).

If MS put everything they had into making Windows the best OS out there, and let other companies develope products to run under Windows, rather than taking over every market that runs under Windows, no one would have aproblem with them at all.

And the certainly wouldn't have all those damned Outlook virii that rampage across the Net!

Re:One of the best ways to herd cats

[kfg]

When MS first announced they were going into the Office productivity market, then totally dominated by Lotus and Word Perfect, the division head said that MS wanted their fair share of that market, and they considered that fair share to be 100%.

MS isn't mean because they have Office. Office was developed as a tool to be mean with.

MS has been mean since they released their first BASIC interpreter and they aren't hated because they're big. They were hated from day *one.* I remember.

The one thing you have to understand about MS is that it's a cult of personality, and that personality is Bill. The whole history of the company is written in on his soul.

God have mercy on it.

KFG

Re:One of the best ways to herd cats

[The+Ape+With+No+Name]

Is to have as few as possible cats to keep track of.

No way. The best way to herd cats is to give them catnip and then move in with a frontend loader. Otherwise switch to an animal whose very nature tends toward the herd mentality: Microsoft Users^H^H^H^H^H^H^H^H^H^H^H^H^H^Hsheep.

Re:One of the best ways to herd cats

[shadowbearer]

Cats produce labor? ;-) Anyway, you don't herd cats, they're always running in front of you ;-) herding *you*.

In Soviet Russia, *You* own *Cats*!

Lame, I know. But I have too many cats to herd (Herd of 4 and growing)

Great post, KFG.

SB

Re:One of the best ways to herd cats

[kfg]

Thanks. I'm down to one dearly beloved companion of 16 years, but in my younger days had as many as 16 about the place at a time if you count the kittens.

Sometimes they herded me bloody crazy.

"I am the cat that walks alone and all place are alike to me." - Rudyard Kipling

What I want to know is if all places are alike why they insist on being on top of the turntable when I want to play a record or why they decide they want to sleep on my keyboard just when I want to use the computer.

KFG

Re:One of the best ways to herd cats

[Tony-A]

Hmmmm, that explains a few things. Not exactly what you want guarding your back.

Re:One of the best ways to herd cats

[shadowbearer]

Thanks for the quote, never heard that one. It fits. ;-) Little furry (lovable) rodents.

Or playing in the bathtub, leaving hair in it every day for me to wash out; sleeping in my clothes dresser drawers if I'm dumb enough to leave them open; playing with the computer cabl

Open Standards?

[SiO2]

We have to work to common standards, which we've pretty much got licked because of the arrival of the internet and open standards.

Perhaps I'm being cynical, but since when has Microsoft truly embraced open standards? They are still trying to hijack Java, which, I guess, could be seen as proprietary in a sense because Sun owns it but it is open to a certain extent in that it embraces multiple platforms. Also, if they are committed to standards, why doesn't Chimera or Mozilla really function properly as an Outlook web client for Exchange? They send broken style sheets to Opera. The list goes on.

It seems to me they're trying to own the internet, like everything else, after denying its usefulness all those years ago.

Except for MS-SQL, of course

[sharkey]

The problem with Microsoft is because we have a big deployment base out there, we go very, very public with any vulnerability, with patches.

Those are such secret bugs/patches, Microsoft doesn't even tell their OWN admins.

None of you would be here without...

[Superfreaker]

Windows 95 !!!

'Cept you damn Vax people. But then again, you aren't really "people" are you?

Re:None of you would be here without...

[fucksl4shd0t]

Dude, when it's time to railroad, you railroad. It's irrelevant *who* does it, it will just be done. That was the time, it was just time to railroad. If MS had fought the internet too much, then we'd have an Apple monopoly (Commodore had gone down already). But it was time to railroad. I saw it coming in '91 when I first signed onto the internet from my Amiga, and it came.

Re:Here's a not so old proverb

[Kong+the+Medium]

If architects would build houses like programmers build programs, the first woodpecker which comes along would destroy our civilisation.

MS and Privacy

[edward.virtually@pob]

MS's true concern (lack thereof) for user privacy is covered in http://slashdot.org/article.pl?sid=03/02/26/132023 1&mode=thread&tid=109&tid=158
which refers to the spyware built into Windows Update. Those who trust MS are fools. The only secure Windows box is one behind a firewall that prohibits it from making connections to the Internet.

Most people don't don't like Microsoft

[NineNine]

The fact is that most people LIKE Microsoft. You may be talking about the OSS geek microcosm on /., or even the relatively small geek microcosm, but survey after survey shows that most people in general *love* Microsoft. I looked up a bunch of 'em for a post a few months ago, I don't feel like finding 'em again.

Trustworthy Plataforms...

[gmuslera]

... should be the ones without Microsoft behind.

Re:Trustworthy Plataforms...

[Oriumpor]

I'm sorry this is no troll, Microsoft has a poor history of security and is a baby in the server market. BSD/Sun/SCO/Unix/Linux are at the forefront of security. Microsoft can only A) Buy security from these companies or B) Follow from example. Security by Obscurity is old, outdated and their shared source initiative (security potential wise) is laughable in comparison to even the smallest Daemon projects on Sourceforge.

As all security is percieved, since there is always a point of entry, otherwise.... how would I get MY information... or use MY computer...

Re:Trustworthy Plataforms...

[gmuslera]

My point was beyond security... how do you trust in something that have such an untrusty company behind? Is not that Microsoft had such a clean history of doing things in the right way always.

If only their products have they source "really" open (even with shared source, I think that you can't have all the sources of i.e. windows XP, for "security reasons", and with shared source if someone discover a big trap put by Microsoft hidden somewhere can't tell anyone) you could base your trust in something more based in facts that in blind and dumb hope in a company that still do dirty tricks.

Breakdown of every tenet of Microsoft Security...

[indiigo]

So far we've seen a breakdown of every level of security that Microsoft themselves preach, and we've seen it recently:

1. They didn't test their own code(patches) before releasing it. Exchange (summer '01) and NT4 ('03) are examples of products broken after patches. The NT4 patch took over a month to fix! There are still about 9+ vulnerabilities with IE out there, and have been that many ever since it's release!

2. They have seen numerous internal vulnerabilities in house. Examples include the VPN contractor who was vulnerable and exposed their internal code, as well as slapper worm happening last month. The second is a massive issue, no patching on their own systems, I can't believe that one.

3. They are vulnerable to social engineering cracks, which can effect their infrastructure from the top down (someone claiming to be from Microsoft getting issued valid global certificates that all machines trust.) Microsoft wasn't even at fault there, but someone MS trusted was.

The problem is here is that they preach, but the practice, and more importantly the models will *not work* in the long term. As their OS's and software becomes much more hemogenized, the "defaults" won't matter as much, because the system will depend on itself far too much.

An example is security in the windows world is dependant now on auto-updates. You crack that and you crack EVERY WINDOWS PC looking to it since Windows 95.

Where are the checks and balances that will prevent an attack from the top down? I don't see it ever being viable with trust being put in one organization.

Big contradiction, yes

[Hao+Wu]

Imagine a grocer sells you 5 apples. That same grocer the very next day tells you no I don't sell apples, never have. So you buy oranges instead. Not 5, however, because you are now distrustful of this grocer telling you false advertizing.

Here, Microsoft is the grocer, and we are the suckers who don't know better than to believe such foolishness. You want apples, but Microsoft claims it sold oranges and only oranges. It is ridiculous of course.

I think this says it all....

[stephenry]

"We have to work to common standards, which we've pretty much got licked because of the arrival of the internet and open standards. " Yeah, right!

Re:Breakdown of every tenet of Microsoft Security.

[davidstrauss]

Examples include the VPN contractor who was vulnerable and exposed their internal code.

Quick! Close the source of any Linux project that may have security vulnerabilities.

Re:Here's a not so old proverb

[Slurpee]

If architects would build houses like programmers build programs, the first woodpecker which comes along would destroy our civilisation.


funny.

but an unfair comparison. Architects have a profession going back tens of thousands of years. Software Developers go back decades.

Re:Stand up for PEACE!

That is to say, you will

Re:Here's a not so old proverb

No. It's not because of the amount of time Architects have been around, it has to do with the fact that there are legal controls within the building industry; it's hard to become a architect, and gain that ability (and liability) to stamp and sign drawings.

OTOH, Anybody can stand up and proclaim themselves an programmer. an 'software architect'. IT's an unregulated industry, and that's why it's so messed up. It hasn't anything to do with how long they have been around; hell cars have only been around a little longer than programmers, compartively. Look at the amount of regulation that goes on there to keep people and the environment safe.

Re:ISO News siezed by DoJ today for XBox mod chips

[drinkypoo]

Using a site based on piracy to sell a device whose primary purpose is to promote piracy is simply stupid. You would have to be an idiot to think you could get away with something like that in today's political climate.

double speak experts

[wadiwood]

I think Microsoft must be softening us up for another round of double speak (refer George Orwell "1984" for a definitive text)

security = anyone can access your stuff and break it privacy = microsoft and your boss (via the network tech) can access all your stuff reliability = system can be relied upon to crash and eat your work at least twice daily business integrity = it's important to tell your customers what they want to hear ie lie

pillars = we only need one to hold everything up

improvement = as practiced by Bill Clinton: talking about it and reporting on the talk is the same as action and progress

phone won't work in another port when your network tech has pinched the port at the hub for something else.

"We can't win with everybody, but we can ensure we are transparent, honest and forthright" The sky is falling the sky is falling, does this mean microsoft wants to go open source??? OK, maybe not, must be more double speak.

transparent = obscure
honest = lie, cover up and divert attention
forthright = crooked, devious, manipulative


all patches are together in a single deliverable way patch3 can't be installed without patch2 which requires patch1 which requires the install upgrade, which is no longer supported, so you must buy the spyware version of our software (XP). Sigh. I'm going freebsd and Xwin or similar.

Re:Here's a not so old proverb

[Slurpee]

Mechanical engineers have been around a lot longer then programmers.

And not much to do with regulation. There are plenty of things that aren't regulated and aren't as dodgy as programing.

I still think its more to do the fact that Software Dev is an emerging industry/skill.

Captain Crunch

[xixax]

"Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at"

Unless someone figures out how to use a whistle to compromise the phone billing. Or use a radio to read the cel-phone signals in order to clone the phone. Or get people to dial 1900 numbers. Or....

Xix.

how to use outlook

[wadiwood]

How to use outlook to secure your private email, for example those email jokes and pictures and love notes that can get you into trouble.

remember: its not very secure if it's been through your boss's exchange server.

create a pst file

file > new > personal folders file (.pst)

browse to your pc hard disk and create pst file on there somewhere (don't use the default dir). Chances are that your boss's system is not likely to back up your hard drive. Remember the network techs are likely to trash the hard drive any time they want to do an upgrade so you are responsible for your own backups.

Select some level of encryption and enter a password. Remember the encryption is probably token and microsoft would be able to hack into it using their key.

Drag all your dodgy email into this personal folder. If you can do this the same day as you receive the dogdy email, there is a small chance that you will have downloaded it off the work server before it would have been backed up (usually overnight).

Then each night before you go home, you can copy your fred.pst file onto your portable storage, and securely delete it from the hard drive. In fact if it goes directly onto the portable storage (I love those usb port things) even better.

Now to access the pesky mail at home. You need to go into your copy of outlook and create a new pst file, with the same name and password as your work one. Then replace the file that outlook created with your work one. I dunno why you can't just "attach" the work pst but outlook won't let you.

I don't guarentee this method but it is a whole lot better than leaving it on the work server for anyone else to read. Better is to have your own email with an independent ISP, but if work mates insist on using work email for non work, then hide the results.

I like to think that if my previous job tried to sack me for sending dodgy email, I could take most of the workforce with me or claim unfair dismissal. Can't get anything done (profit) if you have no workers right?

And note, this doesn't protect you at all if you are the one sending the dodgy stuff.

Comment removed

[account_deleted]

Comment removed based on user account deletion

CorporateInformationAwareness:we can' t trust you

Regular Joe: Sorry sir, i thought i could open up the hood of my car like my parents used to. You mean i can't ever own a car again because of what i've done?Why don't you trust me anymore?

CIA:You never registered and activated that vehicle and as a result it's been flagged as stolen.

Regular Joe: Stolen?

CIA:Yes it makes no difference if you have a reciept you failed to follow the proper procedures of activation. Following Proper procedures is the only way to ensure full trustworthy compliance.

Regular Joe: But what if i want to go somewhere in a car?

CIA: After your internment in Corporate Reform camp you'll be given a new number in addition to the SS# you already have.

Regular Joe: Why do i need a new number? Isn't one enough already?

CIA: Your new number will be used in our GPS database in order to track your movements from place to place to ensure you are not moving around in any unregistered or unactivated vehicles. If you disable your tracer chip we'll be forced to arrest you again for non-compliance with trustworthiness protocol.

Regular Joe: But i thought you guys only used those for money? You mean you put those in people too?

CIA: Only people that fail to earn trustworthiness. You can earn points towards trustworthiness certificates like everyone else does through reporting on violations of trustworthiness to your local CIA chapter. Upon approval of verified violations you will recieve your first certificate, but if we can prove you have turned into us false or misleading violations you will have to be sent back to Corporate Reform Camp.

Regular Joe: I never thought to take those rules about hood opening so seriously.

CIA: It's too late for that now. As soon as you opened that hood you should have noticed we knew exactly where you were thanks to the GPS chip that's set to go off in case of non-compliance with registration or in the unusual event a hood is opened. Have a nice day. Oh, and remember to thank the CIA for your newfound education reform at Corporate Camp so you can finally be on your way to joining the rest of society in earning full compliance of trustworthiness.

Win2K - no one's buying into XP anyway

Just like every time MS tries to desupport NT 4.0 they back off because of all the howling from folks who have no need to move off a platform that works well enough. BFD it doesn't support USB...

Uncle Bill's and Hopping Steve's Wild and Wooly Happy Upgrade Merry-Go-Round Fleecing is coming to a screechiing halt as businesses realize they don't have to contribute a few thousand sqaure feet to Gates's mansion.

And all the MCSE pushers can't change that because the addicts are wising up...

Get a clue, Charlie Brown

[wfrp01]

focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP.

Yeah, why would you want to fix a product that was originally sold as a trustworthy product to an unsuspecting (gullible? naive?) public when doing so would undermine your ability to coerce people into buying your next so-called trustworthy product; which they'll eventually have to buy in order to protect themselves against all of the unaddressed problems with the old product?

How many times will people fall for this? Come on, Charlie Brown, get a clue and stop falling for Lucy's stupid fucking trick!

very very public

> we go very, very public with any vulnerability, with patches.

Hahahahahha, funny man.
Maybe it was a typo.

we go very, very hard after anyone who forces us
to admit to any vulnerability with patches.

I still won't put a Windows computer on the net

Because, too many companies, include MS who said that they're working on the privacy aspect break their promises or hell, don't even TRY. They'll constently send back data about the person's computers, or do what ever they can, to steal our privacy. XP sends back all sort of info about what is on yoru computer. Why? Who knows, but there's no resason for it.

Shadowwalker Delaforge

#1 Goal is total market control

[Geekbot]

MS is always mean. I don't think much of anyone would deny that the #1, top, only significant goal of MS has only been to be the dominating, primary, controlling, only figure on the scene, from OS to Office Apps, to Media playback, to DRM, to even the Console Gaming System now.

Hoever, you have a very good point regarding staying with only the OS development. By developing the OS only, they would not have forced competitors in browsers and office apps out of the market. They would not have been an enemy of EVERY business. They would have let other companies design good apps for their product instead of designing it to crash running anything other than their own software applications. In all, Windows would have run better and the programs you run under Windows would have performed better.

we go very, very public with any vulnerability

[Geekbot]

"we go very, very public with any vulnerability"

What a total piece of crap! They do not go public with every vulnerability, they do not go public with every "feature" where feature is a terrible hole in the system that they try conning people into believing is a useful tool (to who? russian mafia and script kiddies?). If they went public with every vulnerability, why do hackers have to post vulnerabilities on mailing lists before MS will even acknowledge them and call them features?

And since they don't patch every vulnerability, who cares if they admit to them. They don't admit to them in mainstream media where they lay down the Spin better than a politician. The average user isn't going to be aware of most of the vulnerabilities in MS and are not going to bother anyway, as MS wont patch them, or those patches will crash their system.

This guy is insulting. I am offended because he insults me by pretty much lying to me about the efforts of MS. Not that I don't know what MS is up to, but it's insulting for him to try pulling it anyway.

Of course

[jsse]

They are gearing toward their ultimate goal of Trustworthy Computing. :)

The Computer is NOT a TV or a Telephone

[Geekbot]

I hate this kind of lame ass comparison. The TV has few problems because it does one thing and you don't tamper with it.

A TV that had to be changed every couple of months to handle a different signal from each station would not be "trustworthy".

A phone that had to do 15 things, such as playing games, doing calculations, and decoding text messages would not be as "trustworthy".

The computer must do all these things. But the most untrustworthy part of the computer lies in it's necessity to contact other computers. You have to allow your computer to "trust" some information coming in. Without accepting outside data as good, you could never allow your machine to decode anything. And it just so happens that not everything out there is good. I want my computer to stop crashing. I want decent drivers. But I don't want my computer to be a telephone. I don't want to give up all it's features just so it wont break.

I want to be able to run games from people that MS doesnt like. And I think that MS's version of Trustworthy basically means stopping your computer from running any code they don't approve first and not allowing reputable users from knowing of vulnerabilities.

mine either and its unpatched!!

[waspleg]

of course it's behind my OpenBSD server's nat which is where teh real security is ;)

evilness aside

[f00zbll]

Talk about a load of PR horse crap. What a waste of time. why the hell is this crap even getting posted.

...not exactly

[ejaw5]

now, I've only done this on ONE machine but, this past week I was assisting a relative to format a new harddrive. The HD utility disk was had become corrupted to I had to go to the harddrive manufacture's site (western digital) and get a new one. They didn't have floppy *.iso where you could use DOS's rawrite so the only way to make a floppy was to download the DOS executable. Unfortunately, it hung after launching it under XP. Luckily, my uncle also had a win98 laptop that I was able to network-transfer the exe and create the floppy

Exactly!

[Ender+Ryan]

Exactly! "Trustworthy computing" is analagous to buying a car where you don't get the keys! You get the car, but every time you want to drive it, you have to prove you're the owner of the car, and someone else, who you don't know but are supposed to trust, has to start it for you.

Call me paranoid, but I think I trust myself more than I'll ever trust a stranger.

Hmmm... Is that what passes for paranoid these days? Ridiculous...

And we're not even talking business or national security.

"Trusted computing" my ass... That's like a Mafia slogan, "Legit business".

Re:Exactly!

[kfg]

And what if you want to, say, lend your car to your mom?

This is why I also object to bio-keys.

What am I supposed to do, pry out my eye and give it to my mom so she can run to the store?

It's doofey.

KFG

Re:Exactly!

[fucksl4shd0t]

"Trustworthy computing" is analagous to buying a car where you don't get the keys!

Um, actually, the key is supposed to prove that you own the car, or are at least authorized to drive it. You're supposed to guard your keys, keep them close to you at all times. Now, it's not the security issue it sounds like.

For example: When I go to bed, I lock all the doors in my house. My keys hang in a jacket pocket on the front door (it's a temporary situation, they should be in my bedroom, where I normally keep them). To get them under normal circumstances, someone would have to first break into the house. Well I already check the locks on the windows and doors in the house, and they're locked. I don't worry about too elaborate security measures. I keep the outside well-lit at night (whenever possible, I was fighting with the upstairs neighbor over this issue, actually, but now she's moved out). So, at night, to get the keys to my truck, you have to first go through the well-lit area, then break something (a window or something), then unlock the door or window associated with the breaking, then come inside the house. There's 4 people sleeping, theoretically, but there can be anyone awake at any time of the night. My kids know to wake me and my wife if anybody comes in the house, so if they see the intruder they might wake me. Anyway, then they have to find the keys, checking various pockets. Normally, they'd have to actually enter my bedroom to do this.

Of course, as soon as they break in, they have as much chance of finding the keys as they do of browsing the web on my computer. :) (password-protected, not strongly, but your average burglar wouldn't be able to guess it)

Why is all this important? It's important because one of Microsoft's plaguing problems which the Free Software community wants to adopt is the fact the PEOPLE DON'T THINK ABOUT SECURITY.

I fought my upstairs neighbor over the lighting issue because she was worried about our electric bill while I was worried about our house being the easiest pickings on the block. She worried about money, I worried about, um, guess what, SECURITY.

Your average bear doesn't go wondering around thinking about whether or not his keys are vulnerable. He takes it for granted. Your average person leaves doors unlocked, trunks unlatched, and so forth. I see people late at night leave their cars running while they run into a gas station! They left it running so it wouldn't get cold. Of course, a gas station, late at night is the WORST place to leave your car running! Even if you lock the doors and carry a second key! You've just made it take 2 seconds to steal your car, and no matter how closely you watch it, you won't get out there to stop the guy quick enough, and he's gone with your car. Call that security?

Yes, MS software seems to have an inordinate amount of bugs. Argue with me, I don't give a shit.

Yes, MS software tends to install with poorly chosen defaults from a security standpoint.

Yes, MS software is frequently run by people who don't ever think about security in any other aspect of their lives, why the hell should they think about it now?

For many people, "computing" is some vague amoebic thing and they expect "experts" to make it secure. They just don't think that they need to lock their doors and turn on a few lights! Hell, they don't even do it in their own homes when it's their very lives that are potentially at risk! The only way Microsoft is ever going to get out of their mess, and this is something we need to look at as a growth-minded community ourselves, is to EDUCATE END-USERS. It's a friggin' MYTH that people don't need to know anything about their computers. Do they understand "lock your doors"? Do they understand "keep your key safe"? Security is a pervasive concept. You either think about it, or you don't.

Privacy

had a go at Privacy Yes, they certainly have...

Yet one more reason I don't like MS

Paper MCSE's. Seriously, I work with some people who were social research majors who thought that understanding how to use Windows makes them a computer scientist. The people screw more stuff up under the guise of reparing things than anyone I've ever seen.

And the management and employees I worked with prior to that at the same place went to a different place. I make a point of checking out their uptime on netcraft (running Win2000/iis) vs. ours. Their's is one fourth of our longest uptime - 60 days vs. 240 days for us, and only because the idiots I work with rebooted so they could rerun stinking ethernet cables! I tried to explain to them that they didn't have to turn off my web server to rerun the cable, but those MCSE's, you can't get anything past them!!! ;-)

Is it just me?

Is it just me, or is MS basically the nerd from highschool?

(Ooh, tough crowd)

Seriously...

They wet the bed, but never confess to it.

They try to see what everyone is doing, all the time, trying to gain more acceptance.

They always seem to say they are becoming more like the other kids.

They say people don't like them because they're smart and rich and successful and and and....

They copy what the other kids are doing, blatently.

The kids who are always getting in trouble keep knocking their books out of their hands.

They just never seem to 'get it'...

More?

Incompatible with the Microsoft business model

[Animats]

The only way to achieve computer security is to minimize the amount of trusted code. Browsers should not be trusted. Mail programs should not be trusted. Application installers should not run as root. Everything that can possibly run outside the kernel should run outside the kerrnel, and with minimal privileges, even if there's a performance hit. That's how it's done, and we've known that for two decades.

Microsoft has everything including the kitchen sink in the kernel. Multimedia codecs are in kernel space. Networking stacks are in kernel space. Internet Exploder is "part of the operating system". (Open a file dialog box from your own application, and three new threads start up, some of them in parts of IE.) Any of this code can contain a security hole. And it all changes constantly. It's hopeless with a system like that.

It can be done right. Look at VM for IBM mainframes. When was the last time you heard about a security vulnerability in VM?

Not that Linux is all that much better. The kernel is much too big. But at least the windowing system is outside of the kernel.

Good question.

[zabieru]

In some cases, yes. TCP/IP is built that way... I forget which is which, and I'm actually way out of my depth here, but one protocol basically sucks, and the other was built on top of it to make it reliable. Other examples, I do not know, and I'm not sure how wel this applies to other situations... Like I said, I'm out of my depth, but I think the principle is sound.

Reuters - Microsoft security effort 'failing'

It looks not so much a security effort as a marketing blitz. At least according to a Reuters report, Microsoft's security effort is failing.

What effect these few changes have had on third party applications? The DRM baked into Office 2003 seems to required purchasing quite a few upgrades. What's are the technical and licensing gothca's?

Another article on "Trustworthy Computing at 1"

[Cally]

Information Security magazine have a cover feature on the same subject, specific articles are here, here , here and here. I haven't read my paper copy yet but they're usually fairly good quality (well, better than most trade press anyway.)

No, I have no connection with them.

lesson from music industry

[hany]

Lesson from music industry: Sharing kills profits (or at least RIAA and MPAA are caiming something like this).

So if you are sharing your car with your mom, you are hurting profits of car makers, because your mom does not need to buy her own car.

So, if you look at it this way, then it is appropriate to "punish" you for such sharing by requiring you to pry out your eye.

:)

comparing apples and oranges

[hany]

AcquaCow:

I still don't trust all the misc info that is dumped to disk at install time. 400+ printer def's, and misc. etc... More apps, more code...more room for something to go wrong...

You:

I thought Linux/OSS was of the "Do one thing, and do it right" philosophy? So if Microsoft does the same, it's unsecure and A Bad Thing?

IMO AcquaCow is talking mainly about unused stuff (hardly anybody has 400+ different printers installed all at the same time) while you are talking about all stuff (both used and unused by user of the system).

All these bashing comments

[LadyLucky]

And not one person can see what is really going on here. This is Microsoft, eating away at the advantages of open source software. It used to be stability, but now Windows is at least as stable as anything else for the desktop.

Microsoft making changes to itself to make its programs secure and reliable should frighten you. How often to Microsoft fail at what they set out to do? Pretty soon, the only thing that free and open software will have is just that, free and open. Try explaining that to someone as a reason to use one piece of software over another.

one difference

[hany]

I still see there one difference.

It looks like to me that while coder includes resources for such "looping" in their estimates, marketers do not.

Marketers make some initial cost offering, maybe leave some breathing room in it (so profit wont be smaller when somehing goes wrong) but when they are "looping" they think that "it is just small change, it took me 2 minutes to think it up so it takes say another 20 minutes to coders to add this to project (originaly I planed it for 2 hours and they said it'll take them 20 hours to code)" never minding possibility of risking something like:

1. need to deep rewrite of existing codebase (say plus another 20 hours for that addition dreamed up in 2 minutes)
2. need to just quick-hack existing codebase which (as a sideeffect) introduces a lot of bugs and race conditions

But I'm not marketer, they should know better. But indications show thet they generaly do not.

Re:one difference

[tcopeland]

> it is just small change, it took me
> 2 minutes to think it up

The thing that keeps me on my toes is that sometimes the marketing folks are right! Sometimes it only takes a few minutes to make a little change they want that will make a big difference.

For example, say you've written some Java GUI product and the marketing fellow runs up and says "hey, we've got to have an 'About' option on the menu, our customers won't pay us without it!". It'll literally take me 5 minutes to put a new JMenuItem on there that uses a JOptionPane to popup up a little information that he wants in there. And it can always be expanded later if they then decide that it needs to have a Flash viewer embedded or something.

> need to deep rewrite of existing codebase

This points to a good XP practice wherein code is refactored all along so that change is not painful. In fact, since change is expected, you make it easy by maintaining a slew of unit tests and keeping the code clean.

Yours,

tom

Trusting TVs : UK Sky (sat) box calls home

The Sky box I have at home connects to the phone line - it is part of it's rental contract that it has to be connected, otherwise you have to pay considerably more.

Ostensibly it is to use interactive services, it is not however a particularly large leap of faith to beleive that it records statistical information on whats being watched, for advertisers etc... Do I trust it - not particularly.

Hopping on the bandwagon...

[EvilTwinSkippy]

Acutually it's not that simple. You have analog phones, digital phones, VOIP phones. They all use roughly the same wiring, and unless you know what you are looking for they are very hard to tell apart.

And if you plug the wrong phone into the wrong phone system, you are going to blow out either the phone or the local phone switch. Hell, there are even a few flavors of Analog phone depending on what part of the world you are in.

Now let's assume that we are only dealing with analog phones designed for our ubiquitous american AT&T network. (Yes folks, the reason every phone system in the US in compadible has everything to do with the Bell monopoly.) Is it a pulse or tone line? It is even connected? Is it actually a DSL?

Nope. as a phone/network guy who works in a very old building, I would say your chances of plugging a phone into a jack in the next room and having it working are more like 25%.

I do hear you on the billing issue though. I'm a Verizon customer and some days I wish they would just loose the pretenses and simply charge me more.

Comment removed

[account_deleted]

Comment removed based on user account deletion

What Does "Trustworthy Computing" Mean?

[Azizcoos]

RMS has a pretty good idea what it means:
http://www.gnu.org/philosophy/can-you-trus t.html

No

[RodeoBoy]

He just lives on another planet.

Last Post!

[alpg]

Recession is when your neighbor loses his job. Depression is when you
lose your job. These economic downturns are very difficult to predict,
but sophisticated econometric modeling houses like Data Resources and
Chase Econometrics have successfully predicted 14 of the last 3 recessions.

- this post brought to you by the Automated Last Post Generator...