Slashdot Mirror
Ballmer Touts Focus on Security
kevinvee writes "Microsoft's Steve Ballmer announced a renewed focus on security at the Worldwide Partner Conference yesterday. He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."
Microsoft's Steve Ballmer announced a renewed focus on security
Didn't Bill Gates JUST do the same thing?
You wish people would not point out your flaws. No one ever likes their flaws being exposed, but it all a part of getting better. As a user, I want to know how insecure my important data is, and what I can do to fix it. MS and SunnComm both need a reality check. It goes something like this: If you fuck up and try to hide, when people notice, there will be hell to pay.
Next your going to say you dont want people pointing out your obvious personal flaws, just because it might hurt your feeling.
I swear, industries now of day are acting more and more like babies than professionals.
Yes this is deja vu.. How many times does Microsoft have to announce that they're refocusing on security. Either they repeatedly forget that security is important (seemingly every other month) or this is typical PR stunt to get critics off their back.
Sure they'll announce more security measures this month. The PHBs will get comfortable and clueless people will back off. Next month there will be another exploit (guaranteed). Businesses go down, networks get destroyed. PC-using schools are shut down, and Mac/Linux-using schools who aren't affected are ignored by the press. MS puts on the spin that hackers should be treated as terrorists. Clueless journalists blame it all on Windows popularity, rather than lack of a focus on security.
Then MS annouces once again a renewal on its focus on security.
Rinse. Repeat.
Those who laugh at you for you having a Mac.. are the people who constantly call you to fix their PC.
Windows XP was released a little over 2 years ago.
Since that time, browsers like Mozilla and Opera have put out many new releases of their programs, each one containing many bug fixes and new features.
Microsft has released no new versions of Internet Explorer. No new features. No bug fixes.
The only "improvement" has been a haphazard series of patches, each one only released several months after somebody discovers a major security hole.
I wish Steve Ballmer would just be quiet.
I think the major problem is how patches are structured, i have no idea of how many and which patches i need to install because microsoft site is very confuse and there is always a new bug on the news
Another is the way microsoft sells their OS, the version i bought on store is the same of one year ago. So just after install i need to download and install tons of patches, this is a problem while handling several machines (or several installs on the same one
And there is another one ( i think that's the one i don't update
Examples are: MS WindowsMediaPlayer 6.x vs 7 and up, MSIexplorer 5.5 vs 6.x. I can't patch them, i need to install a new one (often the installing process says it's a patch but is just a install of a newer version).
As Schneier said later in the article, "Announcements never secured anything." This particular announcement, however, seems to indicate that they'll be securing even less than that.
Maybe they should just tell M$ about the security flaws
That is exactly what most of them do, and they get ignored... After months of letting them know quietly, they realize the only way to get action is put MS under the gun (publish the fault). If MS fixed holes as they got reported to them rather than as they got reported to the public, Ballmer would have his wish...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
The reason is simple. If you want to promote your sphere of dominance over other countries, of course you will pump out computer tools which you have the best backdoors to. Then you can read their secrets at will.
Except this plan is backfiring. Whoever came up with it didn't take into account the ordinary hobbyists who can find the same holes and use them for something "evil".
There are certain intelligence (as in CIA)-related benefits from having crappish security in certain places. You can just go in and take the stuff without troubling your field operatives to break into the place.
There's another thing, too. A company is not a source of products to benefit the mankind (I wish it were), but selling something is just a tool to make profits for the owners of that company. So, as long as Microsoft can sell shit, and people will buy it, they will keep on doing it. Professional pride or quality won't make the upper management's nor the owners' profits any bigger, so there's no reason for Microsoft to bother with that.
I guess the submitter's idea of "unbiased coverage" is "comments from people who have lots of reasons to dislike Microsoft."
It's almost impossible to avoid bias in anything, but this one is plain as day!
Yeah, you're right...in fact, if the app isn't signed by MS, then they should remove it, because you never know, it might be doing something "bad".
Problem is, you'd be screaming just as much about this "solution" as you are right now about the popups, etc. And you'd be perfectly justified in doing so.
If a MS OS is going to have the ability to run arbitrary executables (arguably the OS's most important job), then it can't be responsbile for what those apps do.
I'm not sure what the solution is, but one possibility might be to create two (or more) different versions of Windows. There could be:
WinXP for Business
- Only runs MS signed apps...anything else will refuse to install (maybe overridable by someone with administration ability?).
- Will actively search for "bad" apps like you described and remove them if they get installed somehow.
WinXP for Home
- Will run whatever you damn well chose, but it's your own fault when something goes wrong.
Actually maybe these are the same OS, just with different settings. Perhaps MS could make different default install configs depending on your setup.
What are the chances of Ballmer taking back his 'keep quiet' statement and instead saying 'I don't want to be the guy that creates any kind of chilling effect on research'?
"A synonym is a word you use when you can't spell the word you first thought of." - Burt Bacharach
Having just helped someone put WindowsXP on a laptop last night I easily say the flaw is not on the user end. There's a hojillion security vulnerabilities in WindowsXP. Most people do not have broadband. Lacking broadband makes it really damn difficult to keep up with patches. The fresh WindowsXP install that went on the laptop couldn't even connect to the internet for five minutes without being hit by MSBlaster. Five minutes. That's ridiculous. The user is not at fault in a situation like that, Microsoft is.
Ballmer can blame users all he wants. It comes down to Microsoft having a crappy security model and poor development practices. Having a bunch of temporary employees programming black boxes gets them into a lot of trouble. So does having DCOM services a majority of users will never need or use enabled by default. A WindowsXP Pro system shouldn't be listening to RPCs from the internet.
Ballmer needs to have his developers look more closely at how they are designing their systems. Windows shouldn't have a broadband connection as part of the damn system requirements. Even with an automagic updater people without fast persistant connections will still run around without the proper patches. Maybe Microsoft needs an ounce of prevention to release more secure and robust systems in the future.
I'm a loner Dottie, a Rebel.
For these reasons (trademark infringement, extortion), it would be completely within Microsoft's rights (and perhaps duties) to check for and remove such software as part of the normal update process.
Please no! I already run into plenty of situations where updates cause problems of their own so the last thing I want is for MS to start making their updates more complex.