Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ballmer Touts Focus on Security

Posted by michael on from the read-his-lips-no-new-remote-root-holes dept.

kevinvee writes "Microsoft's Steve Ballmer announced a renewed focus on security at the Worldwide Partner Conference yesterday. He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."

9 of 322 comments (clear)

  1. we'll focus on security .. this time we mean it! by Anonymous Coward · · Score: 5, Insightful

    He recognizes the fatal user flaw of not applying patches and introduced an educational plan to help correct this. Also included in his statement was a response about computer researchers who publish flaws in Microsoft products, 'I wish those people just would be quiet.' The end of the article gives unbiased coverage of some people's opinions about the latest announcement."

    Yeah, and we wish that this gigantic wealthy company would just FIX THEIR SOFTWARE. But it ain't gonna happen.

    I still can't figure out why a company with Microsoft's resources has such mediocre security. They should be blowing Linux and BSD and Mac out of the water with tight default firewalls, statistical intrusion detection, distributed monitoring, sandboxed executables, no executable mail attachments, modular software, and anything else short of palladium. Yet they don't. Why? Because they know if legislation is passed, they will be able to afford it and nobody else will? Because they know they have such a huge lock-in, managers will grumble but renew licenses anyway? What's the deal MS?

    It bugs the hell out of me that they have the audacity to lock us into their products (which work okay most of the time, I'll give you that) yet can't give us the common courtesy to solve these problems. I really don't give a shit if Office 2003 is based on XML or EBCDIC, I just need the computer to be "Secretary-Proof" for at least a week or two after it's turned on. Monthly security updates? Good grief!! How about getting it right the first time!

    Microsoft needs to snap into action ASAP. They need to fix the bugs, do whatever it takes, cut performance by 3/4 and run everything in a virtual machine, I don't care. They need to send out CD's to every single customer who ever made the mistake of buying their product, which looks more like a beta version than a finished program.

    Or.. or.. well, okay you got me. We can't afford to switch from Windows. But it seems we can't afford to stay with it either!

  2. 'I wish those people just would be quiet.' by AKAImBatman · · Score: 4, Funny

    And I would have gotten away with it too, if it weren't for you meddling kids!!!

    --
    Javascript + Nintendo DSi = DSiCade
  3. Its not the computer researchers fault by samsmithnz · · Score: 5, Insightful

    Its not that the computer researchers who publish the flaws thats a problem, its the fact that the only way they can get Microsofts attention is to publish them!!! How many stories have we read about a 'researcher' finding an issue, and then spending 2 months trying to contact MS, before giving up and posting it in places like this!

  4. "I really wish they would just shut up." by Saint+Aardvark · · Score: 4, Insightful

    I wish they didn't have anything to talk about.

    --
    Carousel is a lie!
  5. Me Too... by Fapestniegd · · Score: 4, Funny

    'I wish those people just would be quiet.'

    I wish they would too. There is nothing worse than finding an exploit that gives me total access to any network I want, and then when some other chucklehead finds it, blabs all over the net, and then Network Administrators start locking down the ports I use to run willy-nilly through their network. I would have about another month to own their network before the patch comes out. But noooo, some jerkhead has to cut me off a month early. And I have to find an unknown exploit all over again.

    Maybe I should post anonymously, nah to hell with it.

  6. In other news ... by Kombat · · Score: 5, Funny
    Inside sources at Microsoft have revealed that as part of their effort to focus more on security, the next release of Windows, "Longhorn," will feature a handy "My Viruses" folder, to accompany the popular and mature "My Documents," "My Pictures," and "My Music" folders. Also, the OfficeXP assistant, Clippy, has been enhanced. Users of the next-generation leading desktop OS can look forward to Clippy popping his helpful head up from the corner and exclaiming,

    "It looks like you're writing a virus. Would you like to:
    • Initiate a DDoS attack?
    • Publish a Trojan horse?
    • Install a backdoor?"
    --
    Like woodworking? Build your own picture frames.
  7. Patches by Via_Patrino · · Score: 4, Interesting
    recognizes the fatal user flaw of not applying patches


    I think the major problem is how patches are structured, i have no idea of how many and which patches i need to install because microsoft site is very confuse and there is always a new bug on the news


    Another is the way microsoft sells their OS, the version i bought on store is the same of one year ago. So just after install i need to download and install tons of patches, this is a problem while handling several machines (or several installs on the same one :). If i could download the latest version (which all patches included) and install it it wouldn't have that much problem


    And there is another one ( i think that's the one i don't update :): A lot of security patches include a lot of unuseful (read heavy) stuff. I just want a patch to my system, i don't want more animations or a lot of tools that i won't use and will just bloath the code.

    Examples are: MS WindowsMediaPlayer 6.x vs 7 and up, MSIexplorer 5.5 vs 6.x. I can't patch them, i need to install a new one (often the installing process says it's a patch but is just a install of a newer version).

  8. Re:we'll focus on security .. this time we mean it by 00420 · · Score: 5, Funny

    We can't afford to switch from Windows

    I know. If only Linux weren't so damn expensive.

    --
    Have you tried Linux yet?
  9. Fatal "user" flaw? by Graymalkin · · Score: 4, Interesting

    Having just helped someone put WindowsXP on a laptop last night I easily say the flaw is not on the user end. There's a hojillion security vulnerabilities in WindowsXP. Most people do not have broadband. Lacking broadband makes it really damn difficult to keep up with patches. The fresh WindowsXP install that went on the laptop couldn't even connect to the internet for five minutes without being hit by MSBlaster. Five minutes. That's ridiculous. The user is not at fault in a situation like that, Microsoft is.

    Ballmer can blame users all he wants. It comes down to Microsoft having a crappy security model and poor development practices. Having a bunch of temporary employees programming black boxes gets them into a lot of trouble. So does having DCOM services a majority of users will never need or use enabled by default. A WindowsXP Pro system shouldn't be listening to RPCs from the internet.

    Ballmer needs to have his developers look more closely at how they are designing their systems. Windows shouldn't have a broadband connection as part of the damn system requirements. Even with an automagic updater people without fast persistant connections will still run around without the proper patches. Maybe Microsoft needs an ounce of prevention to release more secure and robust systems in the future.

    --
    I'm a loner Dottie, a Rebel.