Slashdot Mirror
Can You Trust Microsoft On Security?
simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)
I liked the "whitespace" joke better.
I don't think that the Yahoo! story is a Joke... it was posted 03/31 not 04/01... If it is, please correct me. I'd like to be wrong here.
Desperation is a stinky cologne
With the recent spate of MS problem such as the slammer worm, IIS vunrabilities etc their public image is tarnished at best. However I think what people realise is that most programs have potential security holes. What people want is a quick response to the problem.
Take the two recent sendmail issues. Two big holes were found but fixes were available straight away. What about MS? Well I believe the record is 6 months after an exploit is in the public domain. Now thats why I have trouble trusting MS
Rus
Cheap UK and US VPS
Beware of the man behind the curtain
However, even the non paranoid don't trust Microsoft. The problem is evidently that the suits are going for Microsoft while the techies (the real ones, who didn't get the job by the list of MCSEs in their CVs) just get beaten into submission.
Conversion Rate Optimisation French / English consultant
No, I'll never trust Slashdot on anything today.
I mean, NEVER
Is this rhetorical?
Eve Fairbanks says I drive a hybrid!LOL
Because if you can't trust the NSA, who can you trust?
here and here
You can't judge a book by the way it wears its hair.
This one is not even funny ...
That's why I don't like 1st april : You can't really trust what you read on the news for a whole day. I mean you can trust the news even less than usual.
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
The review is also available on mirror1, mirror2, mirror3, mirror4
Yay! Slashdot is finally going to mirror content!
Oh wait, what day is it?
I dunno, I read this earlier today (right now being 9PM April 1st, JST), before it was April fools in the states.. and like it says on the article, it was posted Mar 31st, 6PM, eastern time..
No.
Argumentation: WinNuke, the exploits in WinXX discovered on monthly basis, Microsoft's soddy handling of personal information, their suspected cooperation in handling email addresses to spammers, the suspicion of backdoors in Windows. etc.
It's time to turn off the computer for a day. Go outside. Walk around a little bit. Look up to the sky and feel the wind and sun against your face. Try to become friends with a girl.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Trust is earned. You don't becone trustworthy, just by marketing. Ask yourself "Has Microsoft earned my trust?"
Remember: If you buy anything from spammers, you have a small penis.
They are ignoring an NT error that appeared before NT 4's EOL. IMHO, the clock started ticking then and won't stop until the bug is fixed.
There has to be an example more than 6 months!
There just has to be!
Proof that winshit isn't crap.
1. Take a pile of crap.
2. Put it on your desk.
3. See if it's exploited.
4. Realize that crap is the superior system.
You can't judge a book by the way it wears its hair.
I sometimes wonder if the trust on MS is not on security but in responsibility.
:-) But they would be quickly overrun with requests...
In other words, companies would prefer to use MS products because they can lay the blame on it if something goes wrong, and shift responsibility for a solution to them.
OOS is either very distributed or you have to work it yourself, which presents an additional risk for your person. I have no doubt that many are willing to take the blame as trade-off for ditching MS, though.
Maybe if an insurance company were to offer "computer bug funds", things would change.
The ENIAC Demo Competition
Let the games begin!!! :)
Microsoft Corp. has announced that later this month Bill Gates will give a world-wide video conference to finally explain dot-Net. "It's time to ascend to the next level", Gates said, "we've cut elsewhere drastically in order to augment our sales staff in time for the event". Business leaders should expect calls, visits, and treats during the next month from Microsoft sales staff to ensure that all end users have installed the license for the current Windows Media Player and the licenses for the latest service packs. Calls will be followed by onsite visits. Microsoft sales staff, all licensed notary publics, and Business Software Alliance inspection teams to ensure that each and every the click-through agreement is followed up with a notarized contract.
As part of the treat, each site will receive packets of flavored drink mix for a special toast at the end of the teleconference. MSCEs will give instructions on the preparation of the mix and will assist the sales staff in dispensing to executive staff.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
was found here yesterday. I don't think it is a joke.
in the review is a BSOD.
What's more, a fatal exception has occured at F0AD:42494C4C.
Use ISO 8601 dates [YYYY-MM-DD]
Koetzle noted that while Microsoft's patches for the last nine high-profile Windows security holes predated such attacks by an average of 305 days, too few customers applied the fixes because "administrators lacked both the confidence that a patch won't bring down a production system and the tools and time to validate Microsoft's avalanche of patches."
I know I have totally screwed at least one "critical" production server by installing a service pack. Granted, that was NT4, which on the whole is just an impossible architecture to patch...or so they say.
Lack of security from the ground up in their design is what I believe the problem really is. The lack of a simple "bring this server up to date" scheduler doesn't help either. Even if they had that, people wouldn't use it due to patches toasting systems in the past.
-Pete
Soccer Goal Plans
I would avode using M$ software for this very reason and because Windows Server(s) get more unstable the longer they are running. With a Linux or BSD system you can have it running and very secure right out the box. I know that Linux has had a few security run-ins but at least when you apply a Linux patch it does bring down the entire system -
1999 - Applied cumalative security fix to IIS and ended-up having to completely re-install the entire server after it became unstable. The two things might not be linked but I don't think so.
So it is an article that for the most part says nothing
For the /. laziody, the synopsys is as follows:
Microsoft, while maybe not the most secure operating system in the world, is
But the real story is... what is with that picture? It consists of two guys looking at a screen. I can understand the difficulty of coming up with a picture that has anything to do with this article, but maybe you can leave a picture off this article instead of putting random images in the article
The caption of the picture says:
I wish I had more to say on the subject
While 77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows, 89 percent still use the software for sensitive applications[...]
So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications". Of course, they probably have very little choice in the matter, and hopefully they take my tack of firewalling it off from everything when forced to use it.
I was just getting at the obvious false statement in the teaser - the respondents *are* trusting Win, they just aren't *happy* about having to.
I forget what 8 was for.
how in the hell did that get slashdot worthy.
send it over to the enquire and post some real news.
I cant trust a company that says they cannot patch their own enterprise-level Operating System (only to force customers to buy a new one, because, IMHO "technical" excuses like that are ridiculous).
:)
If Microsoft says they cant patch, then open the source for us to patch it for free
------- The last Sig. got fired.
The easiest thing to do, is to do what everybody else does and hope you're not a victim:
"I hope the hackers pick on some other company."
"I hope they lay off someone else in the next reorganization."
"I hope the terrorsts blow up the Holland Tunnel when I'm not in it."
Research shows that 67% of those who use the term "research shows", are just making shit up.
Either post real news or post funny fakes, but don't combine the two, it just confuses people-which are real, which aren't? And that ruins the whole 'news for nerds' part. If you're bound and determined to do multiple April Fools stories, just give up April 1st for real news, it can wait a day.
And if this is just not funny, work on that too.
It's hackers, crackers and users I don't trust.
Most issues with MS software have been holes and badly coded stuff (buffer overflows anyone?). They per se aren't the people I distrust, but they inadvertently assist people who I do.
Microsoft's problem is that they create software that's great if it runs in a 100% MS environment and everyone's a 'good' user with no malicious intent. It's idealistic software.
Problem is, we live in the real world...
Microsoft is as secure as a Ford Pinto is safe.
As part of the treat, each site will receive packets of flavored drink mix for a special toast at the end of the teleconference. MSCEs will give instructions on the preparation of the mix and will assist the sales staff in dispensing to executive staff.
Sadly, many will miss this Jonestown reference.
More sad is how accurate you are.
Tequila: It's not just for breakfast anymore!
The two consecutive 4Cs should've given it away.
Use ISO 8601 dates [YYYY-MM-DD]
This one is not even funny ...
Certainly not.. The article is about Microsoft security.. and there is nothing to laugh or to smile about...
News can never be trusted... Why?
1) CNN has inacurate 3D models of battle cruisers
2) CNN refuses to report things that could harm U.S. soldiers but does show everything that could harm Iraqi soldiers (and civilians)
3) CNN stopped counting(!) the U.S. casualities right after there has been word that the U.S. soldiers were surprised by the resistance against the self declared Liberators of Iraq.
4) CNN does not report about terrorists who try to free the U.S. of texas
5) Profit!
Three-fourths of computer software security experts at major companies surveyed by Forrester Research Inc. do not think Microsoft Corp.'s products are secure
The other one-fourth use *nix and were unable to comment...
getSexySig();
I only trust an operating system as far as I can throw it. After comprehensive tests windows XP CD's fly 300 feet when launched from my skeet shooter and are still bootable. But most of my Linux CD's never survive the launch process so I there fore I can not trust Linux since I can't throw it.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
The sky is blue.
The language of England is English.
If you're out in the rain, you'll get wet.
Well...anyone have any more stories for the "Obvious News Network"?
"Do I dare disturb the universe?"
Since you are posting on
From the article:
I would stay up all night consuming massive amounts of coffee, cola, and pizza. I lost weight, my skin became pale, I allowed my hair to grow long, gave up shaving, and never took a bath.
How can he eat massive amounts of pizza and loose weight?!
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
That accurate article is about Microsoft security.. and there is nothing to laugh or to smile about...
News can never be trusted... Why?
1) CNN has inacurate 3D models of battle cruisers
2) CNN refuses to report things that could harm U.S. soldiers but does show everything that could harm Iraqi soldiers (and civilians)
3) CNN stopped counting(!) the U.S. casualities right after there has been word that the U.S. soldiers were surprised by the resistance against the self declared Liberators of Iraq.
4) CNN does not report about terrorists who try to free the U.S. of texas
5) Profit!
About wether or not this story is true; follow your geek instict: Can You Trust Microsoft On Security?
Newsflash: Due to date errors, April Fools Day (The first of April) was confused with Captain Obvious Day (The fourth of January). Slashdot has risen to the challenge, howeever and you can expect to see posts about the sky being blue, the grass being green and admin not trusting Microsoft.
By reading this comment, you immediately waive any and all rights regarding it.
is sunlight really as bright as it looks?
do you get wet by standing in the rain?
is hotmail really secure? *
* Well, almost. But two of three ain't bad.
"Smoking helps you lose weight - one lung at a time" -- A. E. Neumann
The EULA for this release is reported to read simply: "FSF Lawyers are weenies".
Sure you can trust Microsoft. Why the other day a guy named Microsoft offered me candy and a ride home. He had a lot of money and a pretty car so I said sure. Now i'm locked in a smelly basement, sending this message by trained carrier pigeon (my pigeon has a /. account). I guess i'm safe...
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
Granted, it's from an April Fools story, but couldn't they even try to get the BSOD screen shot right?
That BSOD version is from Win9x versions... the NT-based BSOD has the text at the upper left of the screen, and no CTRL-ALT-DEL message either.
Given that the Windows codebase has evolved over so many versions, it's hardly surprising that there are plenty of security holes. If the foundation is shakey, don't expect the building to stay up. Especially in a closed-source environment where the number of people scrutinising the code is minimal.
.Net products is the opportunity for them to start over with their security. The models in place for .Net apps are superior to what was previously on offer for Windows development. They even throw in stuff like run-time buffer overflow detection...if you turn it on.
.Net security problems so far appears to be minimal, MS could improve their image as being poor in security, provided they get sufficient take up...and don't screw it up this time around...
It seems to me that one potential benefit for MS from it's
Given that the number of
All he said was 'I liked the "whitespace" joke better.'
Maybe
"Since "product activation" is necessary to get the system working, XP proceeded to dial my modem and register my personal data with Microsoft Passport, while at the same time signing me up for MSN and billing my credit card without asking. How convenient can you get?"
So So Terrible, Yet So So True!
All Hail APRFLS God. Mr. Gates!
And wasn't M$ founded on April 1st.
Help me get a PSP! Who can afford s
It's all very easy to sit around and put each other on the back and say "yes, well, we've known this for years". We know that Bill made his big trustworthy computing announcement, and he said it was a forward looking initiative - they were going to focus on getting new products right rather than going back and re-architecting old products (a decision I agree with).
So, Windows Server 2003 was RTMed last week - the first OS released post-trustworthy computing. Let's wait and see the fruits of Bills initiative, rather than keep flogging that same dead horse. If windows 2003 has good security, well, maybe they have a chance. If it doesn't, forget it, game over.
Read reviews of shopping cart software
These experts seem to be commenting on implimentations, but they never have rolled it out. Unfortunately, most NT roll outs start with Bob in accounting in charge of the thing. By the time the NT network becomes important, it is fubared. Instead of blaming Bob's lack of IT skill, or questioning why they didn't hire an NT subject matter expert, they blame the product. Cleaned up after this mess many times. People are generally amazed at what happens when it is setup properly.
The "translation" is done using the ASCII charset which is used as a standard in computers, and the corresponding numbers are in hexadecimal form.
The whole message is F0AD:42494C4C. From this, we get "Fuck Off And Die: Bill". How, you ask?
F0AD == Fuck Off And Die [hacker slang]
42494C4C: break them into pairs, as we do with hex numbers. We get 42 49 4C 4C.
Now match the hex numbers with their corresponding values from the ASCII Table.
42 == B
49 == I
4C == L
4C == L
Use ISO 8601 dates [YYYY-MM-DD]
Even if the patches worked, and even if it had been an old-style, slow worm, you can't patch fast enough. But it wasn't. Slammer reached saturation in 8.5 minutes. Most likely this story was a tidbit to draw fire away from the quarterly financial statement or from the DRM/Palladium stealth payload in Windows Server 2003 + Office 2003.
Sure folks may wish to run Microsoft products for ideological reasons, but there aren't any technical ones and now the market is changing. C*Os have figured out the OS X, RedHat, Mandrake, Debian, OpenBSD, etc. are much easier install and maintain than Windows Xp and far more flexible and secure -- both on the workstation and the server. Novell Netware should also be mentioned as excellent. C'mon when was the last time you heard of MS machine reaching an uptime of more than 200 days? That would be embarassingly short for QNX and Novell.
Microsoft has been to computing what Big Tobacco was to sports.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
And another 12 year old graces our presents.... Get a life!
How did you credit card got into that computer?
IANAL but write like a drunk one.
Here we will be, complaining about the same things when the next version of Windows is probed and tested, and then you will raise your karmaless self to say "let wait for the next version, if that suck then yeah, they will never learn".
The time is here and now, and the company has probed beyond doubt how they regard security in a networked world.
IANAL but write like a drunk one.
Koetzle also said that IT professionals should work more closely with Microsoft and companies that write software for Windows to make sure computer systems are more secure, instead of blaming Microsoft for security breaches.
The funny thing is that when I offered cooperation, in particular in the resolution process of a new vulnerability (which requires a certain amount of information sharing and therefore trust, admittedly), Microsoft engineers were just too eager to point out that this kind of cooperation was not acceptable according to their company policy.
I don't work at a billion dollar company, so this shouldn't surpirse me, but I'm told that this doesn't make much of a difference at all. As most companies nowadays do, Microsoft probably talks to company representatives about security issues, but only at a level in the hierarchy at which it's unlikely that the really pressing questions are asked (e.g. "how can I detect attacks on my infrastructure, exploiting that recent bug?").
I have total confidence in my XP security, because I do not use it or any other MS product.
No comma don apostrophe t thank me period
IANAL but write like a drunk one.
... and dangerous on their own right.
IANAL but write like a drunk one.
The survey polled 35 software security experts at $1 billion companies.
35 people speaking for how many actual software users/developers?
Isn't this the same as saying that if the president agrees with something then all americans do to?
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
While I agree that 3/4ths of security experts don't trust Microsoft, I think the survey would hold more weight with the average business manager if they had surveyed more people. The article says that they talked to 35 people, which simply doesn't seem like a very representative sample. The number is so low, it makes other claims in the survey ridiculous. When they say that 59 percent of the people surveyed have suffered attacks, that translates to 21 people. Big deal. I would like to see a similar survey done, with a much larger sampling area.
. . . but, aren't there terrorists out there?
I feel much safer staying inside where I can listen to the calm soothing voice of my president telling me everything will be O-Tay.
I'm not tense. I'm just terribly, terribly, alert.
I think you meant to say Microsoft is as secure as your sex life is active.
Just trying to help...
Funny...except it's MCSE not MSCE
(Microsoft Certified Systems Engineer)
Ok. I give up. Just when will Microsoft say it and mean it? Not to start another holy war but think about it. Haven't we been hearing this from Microsoft for the last 15 years or so already?
:-)
Maybe someday it will come true. Not holding my breath however. At least I have my Linux OS to hug
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
"probed beyond doubt"?!?!
I don't think I want that one explained to me....
I can believe that one day MS will write perfectly trustworthy software -- okay, I AM being hypothetical -- but I don't think I could ever believe that they would be a trustworthy company.
77% of people asked say getting their money back from Benny "The Cheat" Malone is a top concern, however 89% continue to loan him money.
Would you say they are trusting Benny?
Actually, its doesn't prove that at all. Its partially a matter of who makes the decisions about applications (often clueless managers) and some may only run on windows[...]
To address your exact words, are you trying to disagree with me? I originally said "Of course, they probably have very little choice in the matter."
I forget what 8 was for.
At the bottom of the distrowatch page that's linked to in the original item is a link to one of the better commentaries I've seen on the state of our industry:
http://aaxnet.com/editor/edit029.html
"I would stay up all night consuming massive amounts of coffee, cola, and pizza. I lost weight, my skin became pale..."
They have a tremendous selection of fresh juices
Anyone who just looks at the SW to be secure and doesn't put up firewalls and IDS all throughout their enterprise is going to get screwed. Likewise, if all you do is put up firewalls and IDS and don't bother to keep your servers (Windows or otherwise) patched and monitored, you're still going to lose your data.
Purchase your components based on need. (duh!) If you need to run a certain app, then you may be left with Windows. It is then up to you to secure it with your own effort.
All these articles about how poor "MS" security is do is make people aware that security is up to them, since MS hasn't bothered. But install the most secure system possible without configuring it properly and you might as well have left the door to the building unlocked with big cartoon arrow signs to that effect telling everyone you don't have any security.
Kid: Look mommy, I installed Windows XP all by myself
Mom: Very good son, I bet you are just dying to hear the door bell aren't you?
Kid: What do you mean mommy?
**DING DONG***
Man at door: This is the NSA, come out with your hands up and on the OEM key or we will be forced to open fire!
Mom: Go ahead son, do as the friendly man with the gun tells you
Kid: But mommy, this is Billys copy of Windows XP not mine
Mom: Well thanks to DRM, you and Billy will both be learning your lessons like all the other murderers and criminals in jail
Kid: But mommy I don't want to go to jail
Mom: Don't worry son, I'll come get you in a few years after I bear the offspring of Bill Gates which, if not done is punishable by death
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
Everyone is complaining about this being unsuprising and not newsworthy. You aren't reading it right:
/.
If three quarters of IT professionals don't believe M$ software is secure - then the SHOCKING NEWS is that 25% of IT professionals are quite happy to place their trust in M$ software's security!
That's *AMAZING* news.
Thanks for delivering the shocking news
"Always trust content from Microsoft Corporation?"
There's a "Yes" button and a "No" button... but where the hell is the "HELL F*CKING NO" button?
woof!
Windows XP Service Pack 1 causes memory management problems that my experience shows are far, far worse than Microsoft says. The new 815411 patch seems to fix the problems on the one system on which I have tested it. The title is "Programs Run Slower After You Install Windows XP SP-1", but that doesn't make sense. Why do they run slower? Because the operating system is trying to recover from memory management errors?
To see the problem, start 20 instances of Mozilla, each with 10 tabs. As you are doing this, you will find that the responsiveness of the Windows XP system becomes much slower. Then, when the limit of installed memory is reached, and the system begins using virtual memory, all instances of Mozilla will crash. After the crashes, the Windows XP system remains unstable. The instability can only be fixed by re-booting.
See the Slashdot article: XP Service Pack Slows Programs
The Slashdot article referenced this article: Service Pack glitch causes system slowdowns (Notice the nonsense subtitle in this article: "Windows XP SP1 update flaw affects memory-allocating programs".)
Microsoft is apparently afraid that the patch causes more problems, so the patch has limited availability. Also, by making people who want the patch call Microsoft, the company may be collecting information about the problems people are having. It seems from the way the notice of the patch is worded that if you call Microsoft, you may have to pay.
I downloaded the patch from other sources, and found that they all were the same, so that relieved worries of a bad patch.
Sources:
Neowin
Q815411_WXP_SP2_x86_ENU.exe
Q815411_WXP_SP2_x86_ENU.exe
Q815411_WXP_SP2_x86_ENU.exe
http://www.paricom.com/matt/xphotfix/
They are the most ethical, secure, and innovative computer and software company evar!!!111!
Please take note of the post date and time.
Any MS astroturffers can claim this post if they like.
They weren't implemented by doctors or lawyers either. Pity the (real) engineer who spends his day patching microsoft products.
BTW I am from Canada where, like everywhere except the states, the word engineer means something.
/rant
With "Microsoft" and "Security" in the same sentence, It's got to be an April Fool's posting....
OS Software is like love: The best way to make it grow is to give it away.
Sadly, many will miss this Jonestown reference.
:)
More sad is how accurate you are.
Not that accurate really, I thought the kool-aid had been drunk long ago
Anyone seen this article? This company has had to install over 37,000 Windows patches in the past 6 months or so.
It would be funnier if they actually got a real Windows XP stop error and displayed it.
They showed windows XP blue screening, which never happens...
Sure windows XP might crash from time to time, like any other OS, but it doesn't ever show a blue screen of death... the BSOD died with the win9x line.
GoatPigSheep, the 3 most important food groups
no.
Now wash your hands.
This may not be popular on /., but Microsoft aren't the only people who have bugs in their code (Oracle's openhack entry was XSS'd but not M$'s). Admittedly the seem to have more than their fair share. I belive this will change in the future. Microsoft seem legitimately concerned about security and the reputation their products have. I've read the second version of "writing secure code" from MS press, and it is an excellent book for windows developers, but reading some of it it sounded more like an _internal_ document than one designed to be read by a wider audience. I'm fairly sure the "security pushes" in redmond will continue for years to come. Each product group (apparently) now performs what sounds like quite exhaustive "threat modelling" of their application. VC++ 7 has a compiler option to significantly reduce the likelyhood of buffer over-runs. Microsoft is also moving to using managed .NET code instead of C++ which will improve security also. Each version of windows from Win2K to windows server 2003 has added a number of security related APIs. Windows Server 2003 installs less stuff by default, uses more secure defaults on the things it does install, tells you if you enter a "weak" account password etc. All of these things are little things, but together I think they show a picture of how the focus may have changed to be more security conscious. It may take years and a number of versions (especially because of the backward compatibility they will want to maintain) but I wouldn't be surprised if windows became a much more security conscious platform. Wow, that sounds like a lot of M$ marketting on re-reading it but it is all true. M$ have woken up to the need to create secure applications.
One system I patched still has major problems, but seems faster and more reliable. (Intel 815EEA2 motherboard, 866 MHz P3 processor, WinXP SP1, with Q815411 patch.)
I'm now running a test with a Gigabyte 81EXP motherboard, Intel chipset, 2.53 MHz P4 processor. No results yet.
How come MS didn't apply the patch if it was available in July, 2002 and waited till they were hit by slammer.
Wouldn't that make karma whoring easier? Even scripted karma whoring.
Bayesian filtering as an optional modifier might be a good idea, but certainly not default or toward karma.
A bayesian filter can't tell the difference between a lame-ass use of "31337 $p34k" and a parody that uses it for humor. Further more, it can't tell the difference between insulting Windows to fit in and insulting it because it's crap.
You can't judge a book by the way it wears its hair.