Slashdot Mirror
Microsoft to Clean Up Code
the_pooh_experience writes "Microsoft has decided to beef up their security group by adding a code cleaning group according to Infoworld. As the director of MS security engineering says: 'Microsoft is a long way from its ultimate goal where users can take security for granted in its products...the majority of viruses written attack Microsoft products.'" The new group is called Security Engineering Strategy and while it may seem long overdue to many, it's still a step in the right direction for the folks in Redmond.
First, this isn't a code cleaning initiative, as someone above noted -- the article says that the new group will "establish new software development processes and create tools for its programmers so that future Microsoft products will have fewer security flaws." So it looks like their job is to just improve the programming methodology at our favorite software company.
;-)*cough*).
Second, there are only ten people on this task force. Will they have enough time to fix the programming methodology for all Microsoft software? Somehow, I doubt it -- and it doesn't take much imagination to guess that the Mac products, for example, aren't likely to be the primary targets, as well as any spyware that Microsoft finds convenient (*cough*WMP
So it's a step in the right direction but I think they need to use more manpower to solve this problem. God knows they have plenty of it. Until they do, across the board, I don't think many of us will ever trust Microsoft's security. (I'll leave the question of trusting Microsoft itself to another discussion.)
-- shayborg
Microsoft also got hit a lot harder every time they claimed some semblance of security. They've learned their lesson, albeit slowly. Now they only claim to be working on improving security, considerably different than Larry's claims.
woof.
*Perfectly is taken to mean "Works about right as long as that system has the same brand and minor revision of the JRE"
Nope, don't think so... I develop on 1.4.1, and my stuff runs fine on 1.2.2 and up.
This isn't any ordinary darkness. It's advanced darkness.
What you suggest would be the end of Windows (maybe not a bad thing). An ex-Microsoftie says it well here: Why you should never rewrite from scratch.
"Rub her feet." -- L.L.
We've heard this before. Didn't they take a year and clean up all of thier code before? Are they going to take another year and do it again? How many years will this take any ways?
In all reality, if they want to fix their security, they need to fix the way they view data and process. They blur the lines between the the two way too much. They also encourage the users to blur the line between the two as well.
If they truely want to make a more secure OS, they need to remove the ability to run code from every form of document you cvan make with their code. Macros are nice but when they let you have full access to the system and it's resources they are deadly and the biggest security hole you can ask for!
I should not be able to run full blown basic apps just by opening a word doc, email, spread sheet or whatever.
-- Many men would appreciate a woman's mind more if they could fondle it
To bad Larry's claims of being Unbreakable? were squashed. As the article says:
"Some security experts have said that the discovery of these vulnerabilities changes the claim of "unbreakable" from marketing hype to a false sense of security."
Dude, that "security expert" was none other than Steve Gibson and his Nanoprobes. Nobody took that seriously except for non-technical AOLers (such as yourself, apparently).