Slashdot Mirror


Ballmer Touts Focus on Security

kevinvee writes "Microsoft's Steve Ballmer announced a renewed focus on security at the Worldwide Partner Conference yesterday. He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."

4 of 322 comments (clear)

  1. When? by PD · · Score: 0, Troll

    I just LOVE Microsoft. No, not the way you think. I mean that I want to have SEX with it.

  2. not one exploit in Mac OS 9.2.2 or earlier EVER by Anonymous Coward · · Score: -1, Troll

    not one exploit in Mac OS 9.2.2 or earlier EVER

    Check SecurityFocus.com BugTraq if you do not believe me. You will find one and only one remote exploit from over 5 years ago for one rare third party addon tool for web assisted vending.

    The mac os is inpenetrable. I am not talking about FreeBSD derived MacOS X (which already had a more than a 35 exploits and potential exploits in BugTraq) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
    .

    Thats why many universities, and military websites used mac OS9. OS9 has never had an exploit, while OSX has had at least over 35 or so documented exploits.

    It is a concrete fact that that no MacOS based webserver has ever been hacked into in the history of the internet.

    The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on ample historical evidence.

    Why is is hack proof? These reasons :

    1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

    2> No Root user. All mac developers know their code is always running at root. Not hing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

    3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

    4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

    5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.

    4> Stack return address positioned in s afer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place return address in front or out of context of where the buffer would overrun. Much safer.

    7> There are less macs, though there are huge cash prizes for cracking i

  3. Re:we'll focus on security .. this time we mean it by t0ny · · Score: 1, Troll
    Yeah, and we wish that this gigantic wealthy company would just FIX THEIR SOFTWARE. But it ain't gonna happen Seems to me that their marketshare shows most people find their software acceptable. Not only that, but speaking as a professional expert on MS products, I dont see anything "broke" with it. It is perfectly secure? No. Is anything? No.

    Maybe before you start running your habitually complaining, slashdot party line spewing mouth, you should get your REAL facts straight.

    In fact, yesterday there was an article RIGHT HERE featuring SAN's top ten security concerns on both Windows and Unix. And strangely enough, it was hard to tell which was 'worse', since both had flaws which, while patching would fix it, required the end user to actually DO it. So the real problem isnt in the OS, it lies between the chair and the keyboard.

    Wake up to the truth- its out there. You need to take your "I hate M$" hat off, its cutting off the bloodflow to your brain.

    What's the deal MS?

    The deal is Windows Server 2003. The deal is also Software Update Services. The deal is also the tons of security bulletins, software patches, and technical resources *constantly* put out by MS. Anyone who knows the real deal certainly cant say MS isnt being dilligent about security or stability.

    How about getting it right the first time!

    Like who? Word Perfect? Puh-lease! Star Office? Dont make me laugh!

    You guys need to wake up to the fact that EVERYTHING in the world is a work in progress. If you can show me one piece of software that is flawless right out of the gate, I'll eat my hat. BSD, Linux, Unix, etc, they ALL need to be patched. Nothing is perfect. NOTHING.

    Microsoft needs to snap into action ASAP.

    Stop being a shrill, whiny bitch and go look at Technet. Its obvious you can connect to the internet, so quit being so lazy. If you support the stuff, at least you can put an effort into figuring out how to do so effectively. Or would you rather just make baseless complaints in the comfort of Slashdot, the home of baseless MS criticism?

    They need to send out CD's to every single customer who ever made the mistake of buying their product, which looks more like a beta version than a finished program

    First, get off your lazy ass and get the patches from www.microsoft.com. Second, name the 'product' you are having so much trouble with. In my experience, especially regarding Microsoft, its a poor craftsman who blames his tools. I dont work with ANYTHING they currently make which performs like 'beta software'. Even their beta software performs better than that of most of their competitors. Do I love every design choice they made? Hell no! But those I dont like I just learn how to work around. And its entirely possible, given how they design their products.

    MS designs FOR their customers. And thats a fact.

    I will now be modded down to hell, since I have slaughtered every Slashdot sacred cow, but the real truth hurts.

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

  4. Re:we'll focus on security .. this time we mean it by smack_attack · · Score: 0, Troll

    Yeah, except all these goddamn virus writers and hackers think they are doing you a favor by breaking into your car and loosening the steering wheel and cutting your brake lines to show you how insecure your door locks are.