Slashdot Mirror
Trustworthy Computing At One Year
ackthpt writes "One year ago Bill Gates issued forth an email directing the company to work toward Trustworthy Computing, making Microsoft operating systems, applications and services secure and reliable. Where is that effort at today? vnunet has this Q&A with Microsoft security chief Stuart Okin. Slow, steady progress seems to be the result. They've targeted Security, Privacy, Reliability and Business Integrity, but so far have had a go at Privacy. Okin indicates the strategy may take 5 to 15 years, but more immediate milestones are targeted within the next two years and focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP. I'd chalk this up as a frank and honest interview, rather than madly spun, and paints a picture of the massive cat herding effort undertaken."
My XP machine has never been hacked, so it must have been a success!
you can't access this post unless you're running a Paladium-enabled OS.
//TODO: Think of witty sig statement
What we need to do is raise that bar and make sure these vulnerabilities are very obscure.
They're not going to fix the bugs, they're going to hide them underneath a new GUI layer.
If tits were wings it'd be flying around.
"Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at"
No, we don't know that. That man has obviously never seen the wiring in my apartment building. I'm lucky if I screw in a light bulb and have it work.
And as for the bill? I scrapped my landline and went with Vonage because I *never* knew what the bill was going to be. The list of 9 different taxes varied every month.
Wow, and with this story still on the front page?
This gives me flashbacks to Statistics classes in college. Specifically a problem where a hypothetical bus company wanted to raise prices, but for each increase they lost riders. The result was to curves and the intersection was where the "optimum" result was.
I can envision that same graph in MS, where "security" and "compalints/bad PR" are the two curves...
Learning HOW to think is more important than learning WHAT to think.
Secure...reliable...I still don't trust all the misc info that is dumped to disk at install time. 400+ printer def's, and misc. etc... MS seems to be throwing hundreds of small .exe's into their system to make it easier for tasks to be done, but correct me if I'm wrong, but isn't it harder to keep a system secure if you keep adding application after application to a base install? More apps, more code...more room for something to go wrong...
-- AcquaCow
up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
*makes note to limit user processes...
the path of least resistance
Since the interests of a business aren't necessarily aligned with those of buyers, and those of a monopoly even less so, MS computing will be about as trusworthy as the rest of the business world. Unless there's someone (regulator or consumer interest group) breathing down their neck, they are unlikely to be worthy of anyone's trust.
I guess that's trustworthyness through DMCA ? If you can't even secure a game box, why would I trust them with my servers !
Some people think it may be a hoax, but for what it's worth...
ISONews
Yahoo
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
a) Huh?!?
b) So it isn't the 72 security bulletins, and it isn't the fact that putting out that many overwhelms IT people, and it isn't the fact that the patching process can be so arduous and potentially destructive (can you say Slammer) that people will avoid it for months on end, and it isn't the fact that MS tends to be initially evasive/dismissive of a large number of exploits discovered. The problem is the going public.
c) I'm still not feeling the Trustworthiness.
Okin indicates the strategy may take 5 to 15 years
15 years? What M$ product is around today that will be around 15 years from now?
"Trustworthy Computing is a vision of the future in five, 10 or 15 years
But in the meantime we shall vigorously pedal all the buggy shit we can, and still claim: "It's the most secure yet"
I was always told:
Measure Twice...Cut Once
That's some free advice from me to MS
The wierdest thing happened today. My father picked up an el-cheapo computer I built for a relative from me, and asked about linux. I was floored. My father is intelligent when it comes to many things, but is not computer savvy. You guys will probably flame me for this, but my father wants to try linux because he can't pirate XP easily. However, his company buys a ton of software based on his recommendations (based upon mine), so his decision usually ends up filling Microsoft's coffers a fair amount. I like the idea because I can ssh into his machine and fix something if it breaks, and I don't have to worry about all the damn viruses, key loggers, and spyware he seems to collect like a bee collects pollen just through regular email correspondance.
When I hear people bitching about the new direction Microsoft is going with anti privacy and anti piracy I rejoice, and wish them to go further. All it does is push more people into a free operating system such as BSD or GNU/linux.
Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.
Good lord, that's Microsoft's idea of trustworthy? At least 75% of the Verizon bills I audit at work are wrong, many to the tune of thousands of dollars. And don't get me started about the impossibility of figuring out whether the caller is a telemarketer before picking up the phone...
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Even telephones fail.
There are four pillars in computing to us. We are activaly pursuing one of those.
We have billion customers and only a few tens of thousands of employees to fix there problems.
We may fix most of our security problems in say, 10 to 15 years.
Some people dislike us and we are ok with that...we're still quite rich.
You can fool all of the people some of the time,etc,etc...
No one is 100 percent secure. It is impossible.
Our goal is 100 percent security, and we think we can achieve that.
One last thing, Win200 and WinXP may have security holes (we don't plan on fixing), but Win2003 will be GREAT! Well in about 10 to 15 years...
I'll say they have! By this time next year they should be nearly finished with their program to eliminate all of the above.
In Soviet Rush, today's Tom Sawyer gets high on you.
He answers to one question:
And we know that we will never be able to get rid of every vulnerability. Anyone who says the opposite is not living on this planet.
then 2 questions later he says:
We have the people, processes and technology in place to get to zero (security vulnerabilities)
so am I reading this wrong or is he contradicting himself?
"...I'm lucky if I screw in a light bulb..."
That brings to mind the old joke:
Q: How many flies does it take to screw in a light bulb?
A: Only two, but how'd they get in there in the first place?
Give me my freedom, and I'll take care of my own security, thank you.
Developers, program managers, QA engineers, and marketing leads should be held accountable for security holes found in the products they ship. Even after the fact. E.g., those responsible for the recent Slammer vulnerabilities should get smaller bonuses and performance incentives this year. This should be part of their "Trustworthy Computing" initative. If development and business owners are not being held personally accountable within Microsoft, their products are not going to improve. Period.
Decent MSFT employees stay on average 5 years. This is more than enough time for the "dis"-incentive of a post-mortem on the security of their product to have an effect.
You listening, Bill? Steve?
PS: I'm ex-MSFT. I left because while I believed in the strength of the individual developers (the best as a whole I've ever worked with) the corporate management does not listen to the actual needs of the customers. They are very, very good at listening to what the customers will buy. Unfortunately, those are two different things right now.
And I don't think Microsoft really understands the real reasons why. The interview hints at the mentality of MS that its detractors are somehow upset because the company is succesful.
I don't dislike MS because it's been so succesful, I dislike MS because A: Its preditory business practices and B: Its disdain for its users.
It would be like Al Capone saying the only reason why people don't like him is because he was so rich and powerful.
The Internet is generally stupid
From the linked article: But if you follow any of the vulnerabilities of our competitors, we are not as bad as them.
Um, which competitors are these? Where are the numbers (minus duplicate counting across distros and inconsistent inclusion/exclusion of apps)?
Would this be the FOSS community that acknowledges and patches holes in hours?
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
No kidding. People would be much more likely to accept/forgive MS if they ever showed any evidence of contrition. As it is, they settle lawsuits, claim they are just being persecuted, and blame people for being jealous of their success. And they wonder why we don't trust them?
-Looking for a job as a materials chemist or multivariat
.... Someone leaner and meaner will come along and push them aside.
That's the way this business works. We're not the car industry.
No we're worse than the car industry. With the auto industry one can always switch manufacturers and have an auto that drives basically the same way as any other auto does. We can buy tires, batteries, wipers, etc at the local Pep Boys (assuming a fairly "standard" auto, i.e. you don't own a Ferrari Enzo), all specific to our auto, put with common parts availability. We can do none of the above with software. This is why Microsoft was able to become Microsoft. Market share is king, and it's something that is extrememly difficult to overcome without huge resources, regardless of how "leaner and meaner" you are. In this market it's not good enough to be better, you have to be better and have deep enough pockets to fight a long and protracted battle. Either that or rely on the generous coding by those who are willing to do it for "free".
Comment removed based on user account deletion
Indeed.
More to the point, there is absolutely no reason why my having a system that I can trust requires that the system be trusted by Microsoft. The two relationships are completely orthogonal, despite what MS would have you believe.
Is to have as few as possible cats to keep track of.
There comes a time when the labor of herding the cats exceeds the value of the labor they produce and the whole thing starts to go downhill.
MS hit that point many years ago. They have a lot of money though, and a profit margin that's nearly obscene, so they can afford a lot of cats, so they get them.
You want more, better, faster product from MS? Cut the staff in half, starting with middle management.
Daimler and Benz invented the automobile working alone. The Wright Bros. invented the aeroplane working alone. It takes a team of engineers and designers 6 months to *two years* to make a change in a Ford's hood ornament.
The man month truly is mythical.
KFG
We have to work to common standards, which we've pretty much got licked because of the arrival of the internet and open standards.
Perhaps I'm being cynical, but since when has Microsoft truly embraced open standards? They are still trying to hijack Java, which, I guess, could be seen as proprietary in a sense because Sun owns it but it is open to a certain extent in that it embraces multiple platforms. Also, if they are committed to standards, why doesn't Chimera or Mozilla really function properly as an Outlook web client for Exchange? They send broken style sheets to Opera. The list goes on.
It seems to me they're trying to own the internet, like everything else, after denying its usefulness all those years ago.
Didja think about getting a fucking firewall, hmmm? How about that? I can't believe someone would be so stupid as to let a goddamn warez site in "german", nonetheless, and "several gigabytes" worth of "stuff", to be run without their knowledge from their home or office box. I mean, that's the epitome of stupidity. It's so stupid, it hurts.
You see, it's not that "micro$oft sux". No, it's just that you are either too fucking stupid to use a computer or you're just lying. I'd tend to go with the latter. "I was typing in auto mode"?? WTF does that mean? Do you turn your brain off while posting to Slashdot? That's no typo, ~tihs is a tipo~. So are you saying you typed "XP server" instead of "Win2K server"? No, you're just full of shit.
But let's continue to assume your tale is true. Where did you acquire a copy of "Win2K server"? Did you get it when you ordered your Compaq rackmount? Or did you buy it at discount from CDW? No, you probably pirated it. So, I'd say it's pretty fucking stupid to come out and say that you had no idea of how to correctly set up a server with software that you pirated in the first place. Why bother? I'm sure you're smart enough to install BSD or something and secure it completely. And you won't feel bad about being a pirate, eh?
Now go play with your Nintendo and stay away from computers.
So far we've seen a breakdown of every level of security that Microsoft themselves preach, and we've seen it recently:
1. They didn't test their own code(patches) before releasing it. Exchange (summer '01) and NT4 ('03) are examples of products broken after patches. The NT4 patch took over a month to fix! There are still about 9+ vulnerabilities with IE out there, and have been that many ever since it's release!
2. They have seen numerous internal vulnerabilities in house. Examples include the VPN contractor who was vulnerable and exposed their internal code, as well as slapper worm happening last month. The second is a massive issue, no patching on their own systems, I can't believe that one.
3. They are vulnerable to social engineering cracks, which can effect their infrastructure from the top down (someone claiming to be from Microsoft getting issued valid global certificates that all machines trust.) Microsoft wasn't even at fault there, but someone MS trusted was.
The problem is here is that they preach, but the practice, and more importantly the models will *not work* in the long term. As their OS's and software becomes much more hemogenized, the "defaults" won't matter as much, because the system will depend on itself far too much.
An example is security in the windows world is dependant now on auto-updates. You crack that and you crack EVERY WINDOWS PC looking to it since Windows 95.
Where are the checks and balances that will prevent an attack from the top down? I don't see it ever being viable with trust being put in one organization.
fslg503-985-8686503-985-8686503-985-8686503-985-8
focusing on reducing vulnerabilities in the next version of Windows, rather than attempting to fix 2000 or XP.
Yeah, why would you want to fix a product that was originally sold as a trustworthy product to an unsuspecting (gullible? naive?) public when doing so would undermine your ability to coerce people into buying your next so-called trustworthy product; which they'll eventually have to buy in order to protect themselves against all of the unaddressed problems with the old product?
How many times will people fall for this? Come on, Charlie Brown, get a clue and stop falling for Lucy's stupid fucking trick!
--Lawrence Lessig for Congress!
I hate this kind of lame ass comparison. The TV has few problems because it does one thing and you don't tamper with it.
A TV that had to be changed every couple of months to handle a different signal from each station would not be "trustworthy".
A phone that had to do 15 things, such as playing games, doing calculations, and decoding text messages would not be as "trustworthy".
The computer must do all these things. But the most untrustworthy part of the computer lies in it's necessity to contact other computers. You have to allow your computer to "trust" some information coming in. Without accepting outside data as good, you could never allow your machine to decode anything. And it just so happens that not everything out there is good. I want my computer to stop crashing. I want decent drivers. But I don't want my computer to be a telephone. I don't want to give up all it's features just so it wont break.
I want to be able to run games from people that MS doesnt like. And I think that MS's version of Trustworthy basically means stopping your computer from running any code they don't approve first and not allowing reputable users from knowing of vulnerabilities.
"Trustworthy computing" is analagous to buying a car where you don't get the keys!
Um, actually, the key is supposed to prove that you own the car, or are at least authorized to drive it. You're supposed to guard your keys, keep them close to you at all times. Now, it's not the security issue it sounds like.
For example: When I go to bed, I lock all the doors in my house. My keys hang in a jacket pocket on the front door (it's a temporary situation, they should be in my bedroom, where I normally keep them). To get them under normal circumstances, someone would have to first break into the house. Well I already check the locks on the windows and doors in the house, and they're locked. I don't worry about too elaborate security measures. I keep the outside well-lit at night (whenever possible, I was fighting with the upstairs neighbor over this issue, actually, but now she's moved out). So, at night, to get the keys to my truck, you have to first go through the well-lit area, then break something (a window or something), then unlock the door or window associated with the breaking, then come inside the house. There's 4 people sleeping, theoretically, but there can be anyone awake at any time of the night. My kids know to wake me and my wife if anybody comes in the house, so if they see the intruder they might wake me. Anyway, then they have to find the keys, checking various pockets. Normally, they'd have to actually enter my bedroom to do this.
Of course, as soon as they break in, they have as much chance of finding the keys as they do of browsing the web on my computer. :) (password-protected, not strongly, but your average burglar wouldn't be able to guess it)
Why is all this important? It's important because one of Microsoft's plaguing problems which the Free Software community wants to adopt is the fact the PEOPLE DON'T THINK ABOUT SECURITY.
I fought my upstairs neighbor over the lighting issue because she was worried about our electric bill while I was worried about our house being the easiest pickings on the block. She worried about money, I worried about, um, guess what, SECURITY.
Your average bear doesn't go wondering around thinking about whether or not his keys are vulnerable. He takes it for granted. Your average person leaves doors unlocked, trunks unlatched, and so forth. I see people late at night leave their cars running while they run into a gas station! They left it running so it wouldn't get cold. Of course, a gas station, late at night is the WORST place to leave your car running! Even if you lock the doors and carry a second key! You've just made it take 2 seconds to steal your car, and no matter how closely you watch it, you won't get out there to stop the guy quick enough, and he's gone with your car. Call that security?
Yes, MS software seems to have an inordinate amount of bugs. Argue with me, I don't give a shit.
Yes, MS software tends to install with poorly chosen defaults from a security standpoint.
Yes, MS software is frequently run by people who don't ever think about security in any other aspect of their lives, why the hell should they think about it now?
For many people, "computing" is some vague amoebic thing and they expect "experts" to make it secure. They just don't think that they need to lock their doors and turn on a few lights! Hell, they don't even do it in their own homes when it's their very lives that are potentially at risk! The only way Microsoft is ever going to get out of their mess, and this is something we need to look at as a growth-minded community ourselves, is to EDUCATE END-USERS. It's a friggin' MYTH that people don't need to know anything about their computers. Do they understand "lock your doors"? Do they understand "keep your key safe"? Security is a pervasive concept. You either think about it, or you don't.
Like what I said? You might like my music