Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trustworthy Computing At One Year

Posted by timothy on from the still-an-infant dept.

ackthpt writes "One year ago Bill Gates issued forth an email directing the company to work toward Trustworthy Computing, making Microsoft operating systems, applications and services secure and reliable. Where is that effort at today? vnunet has this Q&A with Microsoft security chief Stuart Okin. Slow, steady progress seems to be the result. They've targeted Security, Privacy, Reliability and Business Integrity, but so far have had a go at Privacy. Okin indicates the strategy may take 5 to 15 years, but more immediate milestones are targeted within the next two years and focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP. I'd chalk this up as a frank and honest interview, rather than madly spun, and paints a picture of the massive cat herding effort undertaken."

6 of 298 comments (clear)

  1. making Microsoft OS secure and reliable... by AcquaCow · · Score: 5, Interesting

    Secure...reliable...I still don't trust all the misc info that is dumped to disk at install time. 400+ printer def's, and misc. etc... MS seems to be throwing hundreds of small .exe's into their system to make it easier for tasks to be done, but correct me if I'm wrong, but isn't it harder to keep a system secure if you keep adding application after application to a base install? More apps, more code...more room for something to go wrong...

    -- AcquaCow

    --

    up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
    *makes note to limit user processes...
  2. only as trustworthy as... by Sydney+Weidman · · Score: 4, Interesting

    the path of least resistance

    Since the interests of a business aren't necessarily aligned with those of buyers, and those of a monopoly even less so, MS computing will be about as trusworthy as the rest of the business world. Unless there's someone (regulator or consumer interest group) breathing down their neck, they are unlikely to be worthy of anyone's trust.

  3. Stuart's notion of the problem: by burgburgburg · · Score: 5, Interesting
    The problem with Microsoft is because we have a big deployment base out there, we go very, very public with any vulnerability, with patches. Some we actively alert the press about. We know it's going to cause negative press but we have to do it. That's a problem for us.

    a) Huh?!?
    b) So it isn't the 72 security bulletins, and it isn't the fact that putting out that many overwhelms IT people, and it isn't the fact that the patching process can be so arduous and potentially destructive (can you say Slammer) that people will avoid it for months on end, and it isn't the fact that MS tends to be initially evasive/dismissive of a large number of exploits discovered. The problem is the going public.
    c) I'm still not feeling the Trustworthiness.

  4. This is turning normal users against MS by StormyWeather · · Score: 5, Interesting

    The wierdest thing happened today. My father picked up an el-cheapo computer I built for a relative from me, and asked about linux. I was floored. My father is intelligent when it comes to many things, but is not computer savvy. You guys will probably flame me for this, but my father wants to try linux because he can't pirate XP easily. However, his company buys a ton of software based on his recommendations (based upon mine), so his decision usually ends up filling Microsoft's coffers a fair amount. I like the idea because I can ssh into his machine and fix something if it breaks, and I don't have to worry about all the damn viruses, key loggers, and spyware he seems to collect like a bee collects pollen just through regular email correspondance.


    When I hear people bitching about the new direction Microsoft is going with anti privacy and anti piracy I rejoice, and wish them to go further. All it does is push more people into a free operating system such as BSD or GNU/linux.

  5. Trustworthy as Ma Bell? by Spazmania · · Score: 4, Interesting

    Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.

    Good lord, that's Microsoft's idea of trustworthy? At least 75% of the Verizon bills I audit at work are wrong, many to the tune of thousands of dollars. And don't get me started about the impossibility of figuring out whether the caller is a telemarketer before picking up the phone...

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  6. Here's a fix: by image · · Score: 4, Interesting

    Developers, program managers, QA engineers, and marketing leads should be held accountable for security holes found in the products they ship. Even after the fact. E.g., those responsible for the recent Slammer vulnerabilities should get smaller bonuses and performance incentives this year. This should be part of their "Trustworthy Computing" initative. If development and business owners are not being held personally accountable within Microsoft, their products are not going to improve. Period.

    Decent MSFT employees stay on average 5 years. This is more than enough time for the "dis"-incentive of a post-mortem on the security of their product to have an effect.

    You listening, Bill? Steve?

    PS: I'm ex-MSFT. I left because while I believed in the strength of the individual developers (the best as a whole I've ever worked with) the corporate management does not listen to the actual needs of the customers. They are very, very good at listening to what the customers will buy. Unfortunately, those are two different things right now.