Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ballmer Touts Focus on Security

Posted by michael on from the read-his-lips-no-new-remote-root-holes dept.

kevinvee writes "Microsoft's Steve Ballmer announced a renewed focus on security at the Worldwide Partner Conference yesterday. He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."

15 of 322 comments (clear)

  1. we'll focus on security .. this time we mean it! by Anonymous Coward · · Score: 5, Insightful

    He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."

    Yeah, and we wish that this gigantic wealthy company would just FIX THEIR SOFTWARE. But it ain't gonna happen.

    I still can't figure out why a company with Microsoft's resources has such mediocre security. They should be blowing Linux and BSD and Mac out of the water with tight default firewalls, statistical intrusion detection, distributed monitoring, sandboxed executables, no executable mail attachments, modular software, and anything else short of palladium. Yet they don't. Why? Because they know if legislation is passed, they will be able to afford it and nobody else will? Because they know they have such a huge lock-in, managers will grumble but renew licenses anyway? What's the deal MS?

    It bugs the hell out of me that they have the audacity to lock us into their products (which work okay most of the time, I'll give you that) yet can't give us the common courtesy to solve these problems. I really don't give a shit if Office 2003 is based on XML or EBCDIC, I just need the computer to be "Secretary-Proof" for at least a week or two after it's turned on. Monthly security updates? Good grief!! How about getting it right the first time!

    Microsoft needs to snap into action ASAP. They need to fix the bugs, do whatever it takes, cut performance by 3/4 and run everything in a virtual machine, I don't care. They need to send out CD's to every single customer who ever made the mistake of buying their product, which looks more like a beta version than a finished program.

    Or.. or.. well, okay you got me. We can't afford to switch from Windows. But it seems we can't afford to stay with it either!

  2. 'I wish those people just would be quiet.' by AKAImBatman · · Score: 4, Funny

    And I would have gotten away with it too, if it weren't for you meddling kids!!!

    --
    Javascript + Nintendo DSi = DSiCade
  3. Its not the computer researchers fault by samsmithnz · · Score: 5, Insightful

    Its not that the computer researchers who publish the flaws thats a problem, its the fact that the only way they can get Microsofts attention is to publish them!!! How many stories have we read about a 'researcher' finding an issue, and then spending 2 months trying to contact MS, before giving up and posting it in places like this!

  4. Re:I'm sure he does wish they would be quiet by capt.Hij · · Score: 3, Informative
    "I wish those people just would be quiet," he said of computer researchers who publish vulnerabilities in Microsoft's products. "It would be best for the world. That's not going to happen, so we have to work in the right fashion with these security researchers."

    They want to educate people but do not want the people who really know to talk about it? This seems a bit paternalistic even for microsoft. They want to be the ones who work with people to make updates but do not want anybody else to have a voice.

    The semantics themselves are also a bit problematic. I'm assuming that he doesn't really want them to "shut-up" but rather not talk to people outside of the microsoft offices???

  5. Interesting Wording by 31415926535897 · · Score: 3, Insightful

    Notice Balmer's statement, 'I wish those people just would be quiet.'

    He's not saying, "Please don't release the findings so that blackhats can't use the exploits."

    He's not even saying, "Please delay telling the public about your findings so that we have a chance to fix the flaws."

    He's saying, "I wish they would be quiet so that we don't have to spend the time/money/manpower to plug our holes. It's not our fault people are exploiting the holes, it's the people who release security reports."

    I know, you're saying that it's obvious a company would want to help it's bottom line, but he didn't even have the decency to make his statement very cryptically.

  6. "I really wish they would just shut up." by Saint+Aardvark · · Score: 4, Insightful

    I wish they didn't have anything to talk about.

    --
    Carousel is a lie!
  7. Me Too... by Fapestniegd · · Score: 4, Funny

    'I wish those people just would be quiet.'

    I wish they would too. There is nothing worse than finding an exploit that gives me total access to any network I want, and then when some other chucklehead finds it, blabs all over the net, and then Network Administrators start locking down the ports I use to run willy-nilly through their network. I would have about another month to own their network before the patch comes out. But noooo, some jerkhead has to cut me off a month early. And I have to find an unknown exploit all over again.

    Maybe I should post anonymously, nah to hell with it.

  8. In other news ... by Kombat · · Score: 5, Funny
    Inside sources at Microsoft have revealed that as part of their effort to focus more on security, the next release of Windows, "Longhorn," will feature a handy "My Viruses" folder, to accompany the popular and mature "My Documents," "My Pictures," and "My Music" folders. Also, the OfficeXP assistant, Clippy, has been enhanced. Users of the next-generation leading desktop OS can look forward to Clippy popping his helpful head up from the corner and exclaiming,

    "It looks like you're writing a virus. Would you like to:
    • Initiate a DDoS attack?
    • Publish a Trojan horse?
    • Install a backdoor?"
    --
    Like woodworking? Build your own picture frames.
  9. Re:I'm sure he does wish they would be quiet by midav · · Score: 3, Insightful

    I wish they would not have to talk that much

  10. Meanwhile... by An+Anonymous+Hero · · Score: 3, Informative

    Gartner echoes concerns on Microsoft reliance

    A copy of the Gartner research note seen by CNET News.com mirrors the conclusions of seven prominent security researchers, who released a paper stating that Microsoft's dominance in software could have serious consequences for national cybersecurity. The Gartner report is scheduled to be published Friday.

    (The point is not what they are saying, it who's saying it.)

  11. Patches by Via_Patrino · · Score: 4, Interesting
    recognizes the fatal user flaw of not applying patches


    I think the major problem is how patches are structured, i have no idea of how many and which patches i need to install because microsoft site is very confuse and there is always a new bug on the news


    Another is the way microsoft sells their OS, the version i bought on store is the same of one year ago. So just after install i need to download and install tons of patches, this is a problem while handling several machines (or several installs on the same one :). If i could download the latest version (which all patches included) and install it it wouldn't have that much problem


    And there is another one ( i think that's the one i don't update :): A lot of security patches include a lot of unuseful (read heavy) stuff. I just want a patch to my system, i don't want more animations or a lot of tools that i won't use and will just bloath the code.

    Examples are: MS WindowsMediaPlayer 6.x vs 7 and up, MSIexplorer 5.5 vs 6.x. I can't patch them, i need to install a new one (often the installing process says it's a patch but is just a install of a newer version).

  12. Re:we'll focus on security .. this time we mean it by 00420 · · Score: 5, Funny

    We can't afford to switch from Windows

    I know. If only Linux weren't so damn expensive.

    --
    Have you tried Linux yet?
  13. Re:we'll focus on security .. this time we mean it by Kevinb · · Score: 3, Insightful
    I still can't figure out why a company with Microsoft's resources has such mediocre security. They should be blowing Linux and BSD and Mac out of the water with tight default firewalls, statistical intrusion detection, distributed monitoring, sandboxed executables, no executable mail attachments, modular software, and anything else short of palladium. Yet they don't. Why?

    There's an analogy in the article which explains this perfectly: "Computer security is almost like car insurance. Nobody wants it until their car gets totaled." Very few of MS' customers were asking for security features until recently (within the past two years or so) -- so MS didn't deliver them. Besides, how do you explain "statistical intrusion detection" to the average home user who just wants to read e-mail and surf the Web?

  14. Fatal "user" flaw? by Graymalkin · · Score: 4, Interesting

    Having just helped someone put WindowsXP on a laptop last night I easily say the flaw is not on the user end. There's a hojillion security vulnerabilities in WindowsXP. Most people do not have broadband. Lacking broadband makes it really damn difficult to keep up with patches. The fresh WindowsXP install that went on the laptop couldn't even connect to the internet for five minutes without being hit by MSBlaster. Five minutes. That's ridiculous. The user is not at fault in a situation like that, Microsoft is.

    Ballmer can blame users all he wants. It comes down to Microsoft having a crappy security model and poor development practices. Having a bunch of temporary employees programming black boxes gets them into a lot of trouble. So does having DCOM services a majority of users will never need or use enabled by default. A WindowsXP Pro system shouldn't be listening to RPCs from the internet.

    Ballmer needs to have his developers look more closely at how they are designing their systems. Windows shouldn't have a broadband connection as part of the damn system requirements. Even with an automagic updater people without fast persistant connections will still run around without the proper patches. Maybe Microsoft needs an ounce of prevention to release more secure and robust systems in the future.

    --
    I'm a loner Dottie, a Rebel.
  15. Re:we'll focus on security .. this time we mean it by poot_rootbeer · · Score: 3, Insightful

    [...] tight default firewalls, statistical intrusion detection, distributed monitoring, sandboxed executables, no executable mail attachments, modular software, and anything else short of palladium. Yet they don't. Why?

    Would implementing any of those things make Microsoft more money than not implementing them? It's all about profit margins. Proactive development cuts into profitability, as does the practice of hiring experienced developers instead of fresh-faced children just out of engineering school who are willing to work twice as hard (although not twice as smart) in exchange for a free mountain bike and occasional use of the game room.

    do whatever it takes, cut performance by 3/4 and run everything in a virtual machine, I don't care.

    You may not, but all the rest of Microsoft's customers do. "Fast but wonky" is all too often perceived as preferable to "slow but bulletproof."

    How about getting it right the first time!
    Microsoft needs to snap into action ASAP.

    You just have all the answers, don't you? Maybe Microsoft should hire a fresh new voice like you to oversee their development efforts.

    Are you willing to work 60hr weeks for $55k and all the free Mountain Dew you can drink?