Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trustworthy Computing At One Year

Posted by timothy on from the still-an-infant dept.

ackthpt writes "One year ago Bill Gates issued forth an email directing the company to work toward Trustworthy Computing, making Microsoft operating systems, applications and services secure and reliable. Where is that effort at today? vnunet has this Q&A with Microsoft security chief Stuart Okin. Slow, steady progress seems to be the result. They've targeted Security, Privacy, Reliability and Business Integrity, but so far have had a go at Privacy. Okin indicates the strategy may take 5 to 15 years, but more immediate milestones are targeted within the next two years and focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP. I'd chalk this up as a frank and honest interview, rather than madly spun, and paints a picture of the massive cat herding effort undertaken."

22 of 298 comments (clear)

  1. Well by B3ryllium · · Score: 4, Funny

    My XP machine has never been hacked, so it must have been a success!

    1. Re:Well by Anonymous Coward · · Score: 5, Funny
      My XP machine has never been hacked

      Use a sharper axe.

    2. Re:Well by Proc6 · · Score: 1, Funny
      > Don't think of this as a problem, think of it as a challanger instead!

      Challenger? As in Space Shuttle Challenger? Freudian slip?

      --

      I'm Rick James with mod points biatch!

  2. "Targeting" privacy? by bafu · · Score: 2, Funny

    ...sounds ominous. ;-)

    1. Re:"Targeting" privacy? by Xformer · · Score: 2, Funny

      Of course! For obliteration... :-)

      --
      All I want is a kind word, a warm bed and unlimited power.
  3. first DRM by Anonymous Coward · · Score: 5, Funny

    you can't access this post unless you're running a Paladium-enabled OS.

  4. Quote from article. by Frobnicator · · Score: 5, Funny
    Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work.
    He must buy terrible telephones.
    --
    //TODO: Think of witty sig statement
  5. trustworthiness through obscurity by PD · · Score: 5, Funny

    What we need to do is raise that bar and make sure these vulnerabilities are very obscure.

    They're not going to fix the bugs, they're going to hide them underneath a new GUI layer.

    --
    If tits were wings it'd be flying around.
  6. In the real world by Visaris · · Score: 2, Funny

    While you can talk about all the work that is being put into making Microsoft products secure and bug free all day long, it really is pointless.

    Think about the read world. I set up a new box with Windows XP server. I got the new service pack and all the latest patches from windows update. IIS on my box was hacked within 2 weeks. I was hosting a warez ftp that I had no clue about. I don't trust Microsoft worth shit anymore.

    --

    I am a viral sig. Please help me spread.
    1. Re:In the real world by The+Bungi · · Score: 3, Funny
      Hey Visaris, now that I'm in a roll and the mods are coming in hard and fast, let's talk some more. If I'm going to be modded down for calling you on your bullshit, I'd just as well have some fun.

      Didja think about getting a fucking firewall, hmmm? How about that? I can't believe someone would be so stupid as to let a goddamn warez site in "german", nonetheless, and "several gigabytes" worth of "stuff", to be run without their knowledge from their home or office box. I mean, that's the epitome of stupidity. It's so stupid, it hurts.

      You see, it's not that "micro$oft sux". No, it's just that you are either too fucking stupid to use a computer or you're just lying. I'd tend to go with the latter. "I was typing in auto mode"?? WTF does that mean? Do you turn your brain off while posting to Slashdot? That's no typo, ~tihs is a tipo~. So are you saying you typed "XP server" instead of "Win2K server"? No, you're just full of shit.

      But let's continue to assume your tale is true. Where did you acquire a copy of "Win2K server"? Did you get it when you ordered your Compaq rackmount? Or did you buy it at discount from CDW? No, you probably pirated it. So, I'd say it's pretty fucking stupid to come out and say that you had no idea of how to correctly set up a server with software that you pirated in the first place. Why bother? I'm sure you're smart enough to install BSD or something and secure it completely. And you won't feel bad about being a pirate, eh?

      Now go play with your Nintendo and stay away from computers.

  7. Regarding removing every vulnerability by Sgs-Cruz · · Score: 1, Funny
    ...never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet...

    So NetBSD, Apache, ErOS users are all... in space? Someone call NASA, I think we have a Mars program...!

    --

    Karma: pi (Mostly due to circular reasoning in posts).

  8. Mission statement. by tarquin_fim_bim · · Score: 5, Funny

    "Trustworthy Computing is a vision of the future in five, 10 or 15 years

    But in the meantime we shall vigorously pedal all the buggy shit we can, and still claim: "It's the most secure yet"

  9. 5 to 15 years?!?! by FosterKanig · · Score: 3, Funny

    I was always told:
    Measure Twice...Cut Once

    That's some free advice from me to MS

    1. Re:5 to 15 years?!?! by enos · · Score: 2, Funny
      I was always told:
      Measure Twice...Cut Once

      I cut twice and it's still too short.

      --
      boldly going forward, 'cause we can't find reverse
  10. Overview of article by LittleBigScript · · Score: 5, Funny

    Even telephones fail.

    There are four pillars in computing to us. We are activaly pursuing one of those.

    We have billion customers and only a few tens of thousands of employees to fix there problems.

    We may fix most of our security problems in say, 10 to 15 years.

    Some people dislike us and we are ok with that...we're still quite rich.

    You can fool all of the people some of the time,etc,etc...

    No one is 100 percent secure. It is impossible.

    Our goal is 100 percent security, and we think we can achieve that.

    One last thing, Win200 and WinXP may have security holes (we don't plan on fixing), but Win2003 will be GREAT! Well in about 10 to 15 years...

  11. You betcha by worst_name_ever · · Score: 4, Funny
    They've targeted Security, Privacy, Reliability and Business Integrity

    I'll say they have! By this time next year they should be nearly finished with their program to eliminate all of the above.

    --

    In Soviet Rush, today's Tom Sawyer gets high on you.
  12. Light bulb joke by Webmoth · · Score: 4, Funny

    "...I'm lucky if I screw in a light bulb..."

    That brings to mind the old joke:

    Q: How many flies does it take to screw in a light bulb?

    A: Only two, but how'd they get in there in the first place?

    --
    Give me my freedom, and I'll take care of my own security, thank you.
  13. My idea is this: by huhmz · · Score: 2, Funny

    The product groups are very much independent at the moment - Windows, SQL, Exchange are all pretty much separate.

    How about they just use the IIS guys room as base of operations? ;)

  14. No contradiction by k2r · · Score: 2, Funny

    > Anyone who says the opposite is not living on this planet.

    No, he's not contradicting himself but just doesn't live on this planet.

    k2r

  15. Re:The four pillars by skillet-thief · · Score: 2, Funny

    Business integrity is an oxymoron.

    --

    Congratulations! Now we are the Evil Empire

  16. CorporateInformationAwareness:we can' t trust you by Anonymous Coward · · Score: 2, Funny

    Regular Joe: Sorry sir, i thought i could open up the hood of my car like my parents used to. You mean i can't ever own a car again because of what i've done?Why don't you trust me anymore?

    CIA:You never registered and activated that vehicle and as a result it's been flagged as stolen.

    Regular Joe: Stolen?

    CIA:Yes it makes no difference if you have a reciept you failed to follow the proper procedures of activation. Following Proper procedures is the only way to ensure full trustworthy compliance.

    Regular Joe: But what if i want to go somewhere in a car?

    CIA: After your internment in Corporate Reform camp you'll be given a new number in addition to the SS# you already have.

    Regular Joe: Why do i need a new number? Isn't one enough already?

    CIA: Your new number will be used in our GPS database in order to track your movements from place to place to ensure you are not moving around in any unregistered or unactivated vehicles. If you disable your tracer chip we'll be forced to arrest you again for non-compliance with trustworthiness protocol.

    Regular Joe: But i thought you guys only used those for money? You mean you put those in people too?

    CIA: Only people that fail to earn trustworthiness. You can earn points towards trustworthiness certificates like everyone else does through reporting on violations of trustworthiness to your local CIA chapter. Upon approval of verified violations you will recieve your first certificate, but if we can prove you have turned into us false or misleading violations you will have to be sent back to Corporate Reform Camp.

    Regular Joe: I never thought to take those rules about hood opening so seriously.

    CIA: It's too late for that now. As soon as you opened that hood you should have noticed we knew exactly where you were thanks to the GPS chip that's set to go off in case of non-compliance with registration or in the unusual event a hood is opened. Have a nice day. Oh, and remember to thank the CIA for your newfound education reform at Corporate Camp so you can finally be on your way to joining the rest of society in earning full compliance of trustworthiness.

  17. Get a clue, Charlie Brown by wfrp01 · · Score: 3, Funny

    focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP.

    Yeah, why would you want to fix a product that was originally sold as a trustworthy product to an unsuspecting (gullible? naive?) public when doing so would undermine your ability to coerce people into buying your next so-called trustworthy product; which they'll eventually have to buy in order to protect themselves against all of the unaddressed problems with the old product?

    How many times will people fall for this? Come on, Charlie Brown, get a clue and stop falling for Lucy's stupid fucking trick!

    --

    --Lawrence Lessig for Congress!