Slashdot Mirror
Gates: 'You don't need perfect code' for Security
securitas writes "ITBusiness has an interview from the Microsoft Professional Developers Conference where Bill Gates says 'You don't need perfect code to avoid security problems.' Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date. Considering that Microsoft says it is focused on security, the comments from the Chief Software Architect aren't inspiring, especially beacuse the underlying attitude seems to contradict the idea of well-written, secure code. What kind of message does that send to the developers who work for Gates?"
This is a typical problem, that was discussed a few days ago. People
are confusing microsoft's success in general with Technological
superiority.
I find it interesting that *anyone* would care what Bill Gate's
opinion is on security. The volume of critical problems reported, and
of actual viruses and worms that have spread across the internet
lately should've been enough to indicate that microsoft doesn't have a
good understanding of security in general.
His argument is an interesting point of view though. It sounds to me
like he's saying microsoft doesn't need perfect code because people
can just install firewalls. What if the code in the firewalls in turn
isn't perfect though? Doesn't that leave us in an insecure position
again? What about the e-mail scanning software? What if it misses a
virus? Shouldn't you have layers of protection, instead of an outer
layer of protection and a soft underbelly?
Of course he is shifting the burden back to the users of the software
again. If only they had our firewall product and a good e-mail
scanning software package, and if they kept their software up to date
none of this would've happened.
Of course if they didn't ship their software with nearly every service
turned on by default, and everyone running as root this wouldn't have
happened either, but let's not trifle with details.
I really liked the part at the end where he comments that all the
viruses and attacks on microsoft's os are really a compliment.
You keep telling yourself that Bill.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
he's right, you only need good code. Too bad windows still doesn't hit the mark.
What happened, did the all of their programmers just unionize or something? What else could spur that sort of "laziness is OK" mentality?
Um - an honest one?
Regardless though - nobody seriously expects MS to give more than lip service to security unless it affects sales - The only thing that matters is getting product out of the door and onto desktops, even if it is worse than what it is replacing.
-=DaveHowe=-
For example, if you introduce a bug that breaks the TCPIP stack, that's going to really secure things nicely.
Considering you can never have perfect code unless your application is about five lines long, you think he'd know better.
I think it says a lot.
That's why Outlook is so *cool*.
T.
This space for rent.
I couldn't agree more.
Majority of security issues come not from buffer overflows in the application code or similar stuff, but from dumb users clicking on e-mail attachments and downloading wicked screensavers.
Ever ran Spybot through a typical home user computer? Middle-aged women seem to be the worst offenders, Spybot and Ad-aware have pages and pages of stuff that the user usually isn't aware about.
well.. what is 'perfect' code?
and he's absolutely right. We could just unplug our computers and leave them in a cold, dark room all by themselves, with no power.
For the rest of us, however, security starts with the code.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Buffer Overflow.
This post cannot be re-broadcast without the express written consent of Major League Baseball.
How do you firewall off a semi-legit request to a external MS-Exchange that "Admin's" the server? Even stateful devices like the Packeteer cant selectively block data in the TCP block... expessially 0-day exploits.
Yeah. You can use firewalls(cough). That's why Unix is the Internet OS.
If we are not going to rely on perfect code but expect firewalls to catch the problems, then what do we do if the code in the firewalls aren't perfect?
Do we string together a series of firewalls in the hope that the code problems don't overlap?
That you dont need to be perfect to write code, as long as its on a system which less than 5% of the computer market uses.
As for microsoft, I would suggest cutting them some slack. Bugs happen, and lots of software = lots of bugs. It doesnt take a rocket scientist to figure it out.
But I guess if everyone started using linux, we'd all live happily ever after, right?
Nope. Same incompetence. Same bugs, same exploits found probably more often. Sure, nothing life threatening, but there will be more instances of "Molly home and garden" who doesnt understand that logging in as Root all the time is not the safest thing to do.
It makes sense to me. Don't rely on someone else to keep your computer secure. Take steps yourself.
Look at me, I'm just going to get the latest debian iso and install it and not worry about anything!
Look at me, I'm just going to go buy a car and not worry about locking the doors or using a club, because I expect that the ignition system is tamper proof.
Don't blame the architect when someone comes through an unlocked window in your home and steals your stereo.
No, you don't need perfect code. Linux has no "perfect code". If it did, Linus et al would be finished and have moved on to other things.
I dont rely on Linus for security, I don't rely on Bill Gates for security. At the end of the day, it's my system, and it's up to me to take steps to protect it.
I don't need no instructions to know how to rock!!!!
I don't want to sound like a troll :-). If Bill Gates said "perfect software" isn't necessary, he's somewhat on the lines we are at today because no software out there can be declared perfect or bug free. There is no such thing. But whenever bugs are found, it is good practise to patch software. We do this under Linux, Mac OS X and Windows. And having a good firewall configuration helps keep out the dirty world.
Banu
Bill Gates says 'You don't need perfect code to avoid security problems.'
Too... many... jokes...
Isn't Microsoft the company that's trying to encapsulate object access on port 80? SOAP? What firewall will block that?
And what are home users supposed to do? Block off their e-mail ports so they can't get mail? That'll stop viruses for sure.
If tits were wings it'd be flying around.
This seems like a perfectly reasonable thing for him to say that has been taken out of context to make Microsoft look bad. After all, should developers be asked to write "perfect code" - I don't even know what that means.
Sounds like what Bill is actually saying is that "It's not our fault!" or "Security is not our responsibility!". By saying that security should fall to firewalls, etc., he is trying to shift responsibility from his company to the end user. Sounds to me like it is nothing more than justifying the trend in software, particularly MS (but admittedly others) to let software schedules be driven by the marketing department as opposed to when the software is actually ready for prime time.
The fact is, you won't get perfect code, whether you need it or not. You should design things to minimize the amount of code that does have to be perfect, and the damage done if it isn't.
"What kind of message does that send to the developers who work for Gates?"
Since you can't write secure code, we'll just pretend secure code is unecessary. And when they gets bugs and viruses, just blame it on the user for not configuring their firewall right. And prepare to be buried by an avalanche of patches in the aol-cd-level magnitude range.
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Blame the user, not the developer, is the message.
Its not the users responsibly to compensate for poor design, regardless of the product. Be it an unsafe car, or insecure OS.
---- Booth was a patriot ----
I'm not normally one to be anti-Microsoft, but man... That's an example of doublethink if I ever saw one...
By that logic, Microsoft software should be the securest software around.
...and he'll be sued for irreparably damaging M$ good image.
It's just a BloJJ
Mr. Gates does realize that these magical firewalls he speaks of do run code as well? Or is it since most firewalls are not written by Microsoft, they are therefore much more secure...
Jerm
Oh, you're not a real doctor, are you?
Let's face it.. C (and C++) can either let you do amazing things or burn you. There will always be bugs in software, thats just the way it works. The only true way to protect from people trying to exploit those bugs, is from the foundation up via utilities like systrace, propolice, W^X, etc (www.openbsd.org for more info). That's the best way. Even when you program with security in mind you can still make mistakes. Yes, bugs are bugs and still need to get fixed, but they wouldnt have such an adverse affect if other policies were in place.
"You don't need perfect code to avoid security problems."
Here is a guy who knows nothing about perfect code, nor security.
Reminds me of the child who keeps on flunking school responding to the first sign of criticism, "I don't have to be PERFECT, do I?"
Sdelat' Ameriku velikoy Snova!
"What kind of message does that send to the developers who work for Gates?"
Well, I think that developers who work for Gates won't get a big advice from that kind of message. Hope you won't take it as a troll, but in fact, I think that only anti-microsoft people will matter with that type of articles, based on out-of-their-context sentences.
____
nico
Nico-Live
e Bill Gates says 'You don't need perfect code to avoid security problems.'
What do you mean, Bill,
Windows isn't perfect?
Oh my gosh!
"All code has at least one extra instruction and at least one bug. Therefore by extrapolation, all programs can be reduced to one instruction that doesn't work."
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
"You don't need perfect code to avoid security problems. There are things we're doing that are making code closer to perfect, in terms of tools and security audits and things like that. But there are two other techniques: one is called firewalling and the other is called keeping the software up to date. None of these problems (viruses and worms) happened to people who did either one of those things."
The first sentence is correct -- or moot. The last is pure bullshit.
"Perfect" code is probably unattainable in complex applications. This is why things like firewalls, IDS, backups, etc. exist. Code should be made as good as possible, but dwelling on perfection will only pull your focus from other issues.
However, no virus or firewall in the world is gonna stop a cluleless user from clicking on an attachment and screwing their system. Virus scanners are mostly reactionary -- if it isn't in their list of malware, they can't find it. If it is a new way to screw users, and they click it...
EVEN if users have to jump through hoops like not executing from inside the mail program, saving it to the desktop, unzipping, scanning -- they'll screw something up. It is the nature of the beast.
Even with sandboxing -- good luck getting a user to execute the code in a sandbox first, every time.
Learning HOW to think is more important than learning WHAT to think.
What sort of message does it send to the developers?
Probably something like: "Spaghetti! Spaghetti and TURTLES!!! Burgle gurgle bleep... natas, nAtAs is coming?! Zzzzzzub zzub zzzzzzze lordzzzz ofzzz ze flieezzzzzzz zub. TELETUBBIES!"
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
That just doesn't work... If you have poorly written insecure Code running any service that you wish to make available to the public all the firewalls in the world arn't gonna make that system secure... the second that service is exposed its suceptable to exploit.
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Gates wouldn't have security even if he did have perfect code. The biggest security problems for Microsoft products lie in their design shortcomings, not in the coding.
It surprises me that BG is taking the 'pass the buck' approach to security. I'm not claiming that anyone shouldn't take those measures regardless of their OS (even the most staunch Linux camps will tell you this), but seriously, shouldn't the head cheese of MS at least pretend that their intent is to make their products as secure as possible? It really doesn't infuse much confidence in MS in me.
Children in the backseats don't cause accidents. Accidents in the back seats cause children.
"Rarely is the question asked: is our children learning?"
1) Buy our software,
2) Put in a firewall and configure it, and
3) If someone gets through and trashes your system, let us know about it so we can issue a patch.
I feel SO secure.
If someone else said "You don't need perfect code to have good security." instead of Bill Gates, do you think you it would raise the same kind of stink that this comment makes?
This is not clear, but seems to suggest
(a) he thinks that 100/12 is close to 10;
(b) he thinks there are 57 (TM Heinz) or more vunerabilities yet to be found in XP but the intensity of attack has not been high enough yet.
Accidents happen and that's why there is insecure code on every platform and in every platform.
His point was simple: If you have protection on the outer rim, the problem with the code can hopefully go unabused (again, there are even more exceptions here, but the point is clear!).
So he mentions buffer overruns, he really doesnt address them. I stand by my original statement.
Okay, thanks for posting.
This post cannot be re-broadcast without the express written consent of Major League Baseball.
These comments are not encouraging as they imply that BillG sees the way forward to be better patching (e.g. the once-a-month idea that gives worms an average of a fortnigh to take over the world) rather than better code.
In soviet russia stale jokes recycle you!
BG is right, to a point... almost.
Good design will minimize the liability from imperfect code, but unfortunately, MS hasn't gotten to the point of admitting their design is the problem yet. When they do, this interview will mean something.
(Oh, and I'm sorry for the ridiculously lame subject line, but I'm finished summarizing for today. [grin])
"Lawyers are for sucks."
- Doug McKenzie
What kind of message does that send to the developers who work for Gates?
That it's time to get more G5's because 18 isn't enough...
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
It's kind of hard to say any system, even open source, is going to have "perfect code," but the major problem that is pointed out here is that it does no good to patch a system when the customers aren't going to install the patch. With products like 'nix, which are used more by *ahem* "serious" computer users, admins and the ilk, as soon as someone says "There's a bug in the software," word gets out, and people in the know make sure they are protected. The general population doesn't respond that quickly, however. Many Windows owners aren't even going to understand how to update their systems. This is not so much a fault with Windows as a fault with computer users who don't attempt to fully understand the product they are working with. People don't understand firewalls, they don't understand basic security. They know that you double-click on Outlook, and, poof, there's your e-mail.
We're going to see some obvious responses to this post about the faults of closed-system software, but Gates does bring up a good point: It's hard to have a secure system if the end-user doesn't know what he or she is doing. It's like a car that you drive for five years without ever getting the oil changed; there is no patch for ignorance. And what's funny is: whenever a company tries to become more user-friendly, Windows, Macintosh, etc., the hardcore community gets on their case for it. If we could develop an open-source system with enough depth to satisfy the experienced users, but is easy enough to keep in control by the neophytes, then you could have a widespread, secure system.
Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
BillG: "You don't need secure code".
(aside to Ballmer - "The Force gives power over weak minds")
Ballmer: "Um yes, the Force gives power over weak minds."
BillG: "Steve, stop that!"
Ballmer: "Um... Steve, stop that!"
I want to delete my account but Slashdot doesn't allow it.
Because BILL! said it, it must be bad. I don't see anything wrong with the statement. Any coder on /. with any experience on even the smallest of systems knows that there is no such thing as a perfect system the first time around. We like to think in terms of OO and loosly-coupled systems don't we? Well, secure code from Microsoft is just one object of the "security model". He's absolutely right. Firewalls were invented for a reason. So was antivirus software. These are just pieces of the pie that, when coupled together with secure software, provide multiple layers of protection. No one piece of the model should be expected to do it all. And if MS can patch what it misses quickly enough, which they have been much better at of late, then it is our (the user's) job to apply those patches and keep our security system running at full capacity. I didn't have a single problem with MSBlast or any of the other latest and greatest viruses/worms. I didn't get Nimda, I didn't get Code Red, I didn't get SObig...I keep my patches up to date, I run a firewall, I have antivirus software, and I'm generally careful. I don't think that it is too much to ask of the end users to put their own houses in order, so to speak, using the tools that are readily available.
I mean come on, it isn't like he completely absolved himself (and by extension the company) of all responsibility, he just correctly recognizes the nature of the secured system.
Why did they name it c# when clearly they mean for it to be c$? Wrong finger I guess...
Haven't we done this before? Last time, it was about Outlook, then it was about Longhorn...why does Slashdot keep posting flamebait?
How immature do you have to be to post an entire article about one line from Bill Gates? I mean, what do you expect the point is? Clearly, the editors want you to fall over yourselves bashing away on Microsoft.
Don't fall for it. Instead, let's show that we're a rational, level-headed community and not just a reactive one against some company.
Did you also know that Bill Gates said earlier this week the following:
"Jealousy has driven more mistakes by my competitors than anything else," Gates said. "When people focus not on the next breakthrough, but on cutting off Microsoft, it's actually been quite a windfall for us."
Now, this entire article is just a flamebait. You can take anything anybody ever said and make a story like this out of it. Remember SCO doing it with Linus' comments on patents in the kernel? And you all harped on them for it.
What happened to Slashdot?
"Sufferin' succotash."
Configure your firewall properly to block all requests to and from port 25. Doesn't matter how secure Exchange is if you have your firewall properly configured.
Duh, why didn't I think of that!
-m
http://www.invisik.com
You don't need perfect code for security. You need secure code for security, and that's what seems, thus far, to have been beyond Microsoft's grasp.
As long as everything is tunneled through port 80, not only am I safe (got a firewall) but also fully productive without the inconvieniences of a firewall.
I'm glad we have people like Bill Gates to solve all our problems for us.
(Yes, this post is a troll.)
Healthcare article at Kuro5hin
Doesn't your firewall need perfect code then?
Well written code,
Has a cost associated with it. Problem is, no one wants to pay for that cost. Every thing should be free. Right down to the music we listen to.
Idiot children,
--El Duderino
Microsoft's expertise is controlling the market, not writing code.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You don't need perfect code to avoid security problems.
And, of course, you don't. You can just unplug it from the network.
More to the point, though, is what's required in terms of code quality for the context it's running in. Windows' evolution has been one of a desktop operating system becoming a network-centric operating system, whereas *nix's history has been the reverse. This, naturally, is the area where Microsoft has the most catching up to do.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
How much trouble their products have when seperated by stateful firewalls. I mean, it wasn't until after AD was out for a bit that they realized you couldn't put a firewall between them and for large corporations, that wasn't acceptable. Now there is a bogus work-around, but ultimately W2K is horrible at dealing with firewalls inside the enterprise.
And the whole idea of a protected shell, soft middle has been destroyed by the likes of Nimbda, Nachi, etc. Eventually, someone gets past the outer shell.
We like to keep all of our satallite locations seperated by Firewalls, but as we started moving to W2K3 we found out Microsoft won't support our infrastrucure with internal firewalls...
Real nice Bill, thanks for the help.
This sig is the express property of someone.
I think what we're seeing is characteristic of business mentality. In business, you have a lot of pressures: paying employees, meeting deadlines, reducing capital investment, satisfying shareholders with snazz. A business simply can not afford to create software that is as secure as software generated by academics, or even small developers.
Why should anyone be surprised? They've been operating under the principle that you don't need perfect code for their base OS and other products for years. Why should security be any different?
Gaming is a big problem, the line between server and client is usually erased and there is always some code that is executable in the game directories from the server side. Microsofts' version of a chroot jail is severely limited because the OS trusts the software.
Microsoft's trusted computing platform has the potential of limiting these kinds of compromises. Too bad it will be used for much more to limit and package current services for profit in giving the off switch of a microsoft or another developer. Even if abuse is not in microsofts' or other developers interests, third parties, M$ liability and litigation promise the abuse of it's security platform.
Super cookie's that can't be erased.
Bilbo Baggins was very thankful that the dragon Smaug was protected in this very manner. I can just imagine Dragon MicroSmaug with a missing scale flying overhead...
From excellent karma to terible karma with a single +5 funny post...
re: don't need perfect code to be secure
Linux code is not perfect and is secure.
From a military perspective, "patching" is equivalent to deploying your forces to protect against kids throwing rocks over the base fence. That won't help when an organized force attacks.
Perhaps he meant one of the following instead:
1) Microsoft makes code with lots of bugs, so protect yourself as if you were a sailor in Shanghai.
2) "I" (meaning BG) can't figure out how to make secure code. And since I'm rich, I will buy your company if you figure it out.
hmmm....
stuff |
Considering that Microsoft says it is focused on security, the comments from the Chief Software Architect aren't inspiring... What kind of message does that send to the developers who work for Gates?
The same message M$ has always sent.
"The left hand does not know what the right hand is doing, so once again you're on your own, folks."
Weaselmancer
Weaselmancer
rediculous.
Just like GWB said more people dead in Iraq proves that the American occupation of Iraq is working.
Gates is saying the more attacks and flaws that are exploited proves Windows success.
Do you believe either one?
for the illusion of security, you just need a good PR department and ignorant customers.
So good ol' Bill probably isn't the best spokesperson for MS, his PR people were probably cringing when he said that. I'm figuring that this guy is enough of a genius that "perfect code" to him means absofuckinlutely-brilliant 99.9% efficient code. The people at MS are pretty bright but asking them to uphold Gates' standards is a pretty tall order. In any case, I'll add on to previous posters by saying that users need to take much more responsibility in security. Just because you have airbags in your car doesn't mean you drive without a seatbelt.
BG: I mean, people act like some other systems don't have vulnerabilities; actually all the forms of Unix as well as Linux have had more vulnerabilities per line of code.
br That's funny, I haven't ever seen a BSOD on my Linux machines? Every system has vulnerabilities Mr. Gates, the difference is that the people working on Linux/Unix FIX the problems...
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
As long as you keep the source closed, patch often, and pray every night before bed.
I'd say two things to him. First, the only completely effective firewall is the one where I unplug my computer. Assuming you leave a port open, that's a possibility for an attack. Second, all a hacker needs is a proper buffer-overflow in a user program that employs that port, and it's fun time. I'm sure Internet Exploder etc wouldn't apply there. No, not at all.
He has a point in that firewalls have to be a large part of the solution. However, the idea that I can write the world's shittiest code and this is OK because I have a firewall is ludicrous.
Naturally, all this assumes you don't buy your firewall software from MS. That would be pretty funny.
-Looking for a job as a materials chemist or multivariat
On the contrary, in the article reported on CNET on October 29, 2003:
I guess Apple isn't so great after all.
seriously.
I don't understand why no one raises the patch size issue. To fix a buffer overflow, you've got to need what, 2K of modified code, tops? But the patch is like 2MB? Or 20MB?
In the US, where most people are still on dialup, how can anyone reasonably expect that people are going to download tens of megabytes of patches?
Microsoft should be mailing out free CDs with the latest patches.
Let's be fair to Mr. Gates, for once. If you needed perfect code to achieve security, security would be impossible; I've never seen a nontrivial perfect program. All real-world large projects are going to have errors in them; it's a simple fact of our imperfect world.
Once you recognize this, attention must turn from achieving some mythical perfection to dealing with the probable scope and impact of errors. Just for example, one good thing about languages like (e.g.) Perl and Java is that (absent major kludging) they are incapable of expressing a buffer-overrun bug, a category of possible bug in (e.g.) C which is single-handedly responsible for a majority of significant net security holes.
In other words, once you admit that your code will never be perfect, you are forced to consider how to limit the damage your imperfections can do, and that in turn steers you toward technologies, processes, and practices that help you with that potential-damage reduction goal.
In that sense, Gates is entirely correct that one key to maintaining a secure system is to limit the accessibility of unneeded ports (and the services possibly behind them) from the net at large. Yes, ideally, all those ports and services would be invulnerable to attack. But we know that we're not perfect, so we play it safe and use a firewall. It's classic "belt and suspenders" engineering.
There is certainly a lot to be said about Microsoft's culpability for the low quality of their products, particularly with regard to security. But that doesn't mean Gates was wrong to say what he said.
When all you have is a hammer, everything looks like a skull.
The reason why he is correct is because code running under a Virtual Machine like the JVM or CLR does not need to be perfect because security is inherited from the VM. So yes, he is correct under certain configurations.
Honestly, how many of you can say that you only rely on ONE thing for security, whether it's your car, computer, house, whatever. Take your car for example. You rely on seatbelts, airbags, the design of the frame, etc. But as soon as you place some asshole driver behind the wheel, you get a death trap. The computer needs a good user a good OS, a good firewall, a good ISP, etc, otherwise it's crap. If you were really "l337", you would realize that you can't rely on the OS to keep you safe. You need much more than that. I think Bill Gates is a wank too. But you anti-Windows/anti-Microsoft people are more wanks than he is! Quit saying all that's wrong with the world and come up with the solutions, otherwise do the world a favour and dispose of yourself.
I actually agree with this in principle. I mean, in your house I suspect like me you only place the secure locks on the outside facing doors. All other doors are unlocked. If you have a group of workstations you should make sure the outside facing server is secure, the others do not need the same kind of security.
I work as a technology consultant. Security advice and audits account for about 40% of my business and generates our most profits. Only about 20% of the time, from my expirance, have systems been well maintained. Good firewalls, up to date security patches even on M$ systems, but most of their problems come from 3rd party applications and bad code.
Look at the OpenSSH problem. That wasn't a problem with Linux per say, it was with bad code in a module (that was one of those "glad we run OpenBSD" days). Sendmail, DNS/BIND are natorious for this.
You can sure up a system, but one line of bad code, whether it be in PERL, PHP, ASP, C++, VB, .net or whatever can quickly negate any hardware security measures.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Sure, personal firewalls located on every computer can help to avoid the spread of worms. However, *many* viruses spread through simple social engineering. After all, a firewall would have done nothing to prevent the spread of all those email viruses we've heard about. Not to mention other infection vectors like the web browser. So, yes, a firewall is definitely part of the security equation. However, it is NOT a magic silver bullet (as any sysadmin will attest).
Instead he suggests that users acquire and properly configure firewalls
Well that's odd, don't firewalls run using software code? What if that code is not secure? Doesn't XP and W2K come with firewall SOFTWARE to protect your computer? How is that software any different from any other software?
Bad boys rape our young girls but Violet gives willingly.
thats hilarious .. you dont need good code to be sure .. you only need somebody else's good code to run a firewall.
oh lordy.
"Old man yells at systemd"
What he meant to say was "You don't need perfect code for security, just perfect security for your code".
"make sure that they keep their software patches up-to-date"
They are pursuing a subscription based model which the regular release of software patches supports. Now users see regular patches for scary new security holes downloaded on a regular basis... I expect now that most people are getting used to it, that Microsoft will shorten its supported lifecycle for OS releases and require full upgrades... which of course you can get downloaded to your machine directly using a credit card.
Funny how Bill is using the Open Source community to help spread FUD about its own products which will then be used to help force regular costly upgrades on people.
Security concerns might cause some people to start using Linux Desktops, but the majority of people will just buy into a system of regular updates from Microsoft.
This is a no win issue for the Open Source community.
The evil is too strong to resist, the only way to win is to deny it battle.
To the stupid moderator who modded the partent off-topic. You sir are an idiot and an arsehole! I would say a lot more but the filters would surely crash and die from processing such profanity....
...either, as evidenced by the parent. Leave Billy alone, he doesn't know any better.
"If voting could really change things, it would be illegal. " - Revolution Books, NY
It's funny to see his comments in comparison with the release notes from the hot-of-the-press (3.4) version OpenBSD.
....thats the difference in philosophies between the PR and marketing droids in Bills camp and hardcore security geeks in the Open crew that have some real knowledge.
The Open crew really know their stuff and has realised that there is no such thing as perfect code. So far Bill and them correlate, then the big difference raise. The Open guys, as you see from the release notes, add layer after layer of protections to compensate for the lack of perfect software in the real world. Why else should you have ProPolice, W^X, randomized dyn linker stuff, systrace, fixed the bufferoverruns in the source etc?
If something is broken, such as a buffer overrun in an application, the consequences probably isn't catastrophical if some of the other layers can trap the attack (of course they still can be bad if the user is stupid when configuring)
Have Bill these layers? No, I didn't think so....
....of which Microsoft has neither.
"Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date." Bill Gates is sending the message that in his opinion, security is not the responsibility of the software author, but of the end user. This is an obviously flawed point of view. Just as if a car manufactor knowingly released a car with faulty breaks, they would take the initiative to launch a recall, and would most likely face civil/crimial consequences for their actions. However, MS has been able to knowingly release a defective product and escape consequence. They are even so arrogant as to say that it is up to the end user to secure their system. Bill is clearly stating that MS does not take security seriously.
Common sense tells us to go to the Auto dealer to get a fix done when there is a recall. Granted we all get a notice if that happens but you know not to drive around too long if there is word it could be serious.
But the computer is a tool to most people akin to a screwdriver or hammer, people really dont look to take care of it, they just use it. If more people looked at it like a pet and not a tool, then maybe people would care for their computers.
That being said, it IS his duty to the customer to both make fixes visable and known and not hide them like Microsoft does on a routine basis, and more importantly make things work better the first time so this stuff doesnt happen every 3 weeks.
One of the things that pisses me off the most about Microsoft vs. Apple is that Microsoft defaults almost everything to being open and insecure half the time. Only with XP was stuff not defaulted to on and did they default you to having a firewall to protect stuff.
And it was always stupid stuff no consumer would ever use that was defaulted to being open, and of course you being the consumer didnt know any better. This is more dangerous now when we see more and more computers connecting full time with the use of cable and DSL vs. even 5 years ago when roughly 97% of traffic was 56k, and therefore only on for short periods.
They are taking steps, but Microsoft has to stop denying it has an important roll in this cause honeslty it does. Everyone is using your OS guys, the least you can do is make sure their computers will be safe.
"Slashdot, where telling the truth is overrated but lying is insightful."
I mean, people act like some other systems don't have vulnerabilities; actually all the forms of Unix as well as Linux have had more vulnerabilities per line of code. They don?t propagate as much because they're not as dense as our system is, so the things that prevent the propagation are particularly important for our world.
Dense
adj. denser, densest
Having relatively high density. Crowded closely together; compact: a dense population.
Hard to penetrate; thick: a dense jungle. Permitting little light to pass through, because of compactness of matter: dense glass; a dense fog.
Opaque, with good contrast between light and dark areas. Used of a photographic negative.
Difficult to understand because of complexity or obscurity: a dense novel.
Slow to apprehend; thickheaded.
Hit it right on the head their Bill...
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
Right up until someone brings a laptop in that's infected. Well-written secure code is the only real way to do it. You know that Bill...
Do you have ESP?
The NGSCB initiative is what they're developing to answer some of these issues: it remains to be seen if it's vapourware or not (and requires hardware changes too IIRC) but it should make it easier to conform to the set of security requirements if you at least KNOW about them when you're writing an app.
If there already hadn't been people specifically bitten by using a (non-Microsoft) software firewall and installing a brand new Windows security patch - and losing access to the internet.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I figure Bill read Dubya's comments that all the chaos and bombing in Iraq
was a measure of the U.S.'s success and decided to give the same argument a whirl
with regards to Windows.
Or is it that Dubya, Rummy, et al are using Microsoft Security (sic)
as a model for operations in Iraq?
Take your pick...
This would prevent most buffer overflow attacks.
I think it's correct to assume that you'll never--on a box where many companies can write software--have 100% perfect code. Having hardware at the processor and network level to add security is a fine idea.
Microsoft isn't too far off the mark.
Best Buy can have you arrested
"well written code" is pretty dependent on who's looking at it - very subjective. if no one's looking at it (that is, no one except those writing it) then it's impossible for anyone outside to come to any conclusion.
thus, open code is the only code that can be called "well written".
two words:
peer review
and that's my 2c
'You need to stay out of Windows to avoid a lot of security problems.'
Thanks for the buck Bill... I'll be sure to pass it along.
"Oh dear, she's stuck in an infinite loop and he's an idiot" -Prof. Farnsworth (Futurama)
MS: The enemies of progress and IP are getting more desperate as our products get better. Our users should purchase add on security packages because no code is perfect.
Bush: The enemies of freedom are getting increasingly desperate as we restore order and open schools. We need to iraqify the security forces.
Joking aside, some of what Gates says is true though. There will always be some exploits of complex systems, even with a focus on security. Software developers also need to make the update/patching process simpler. Windows updates, debian APT same idea. He's also right when he says users need to be aware of security risks. Securing your machine and data are like locking your car, you're responsible for using the lock but the manufacturer provides a simple interface to it. Microsoft (and other software developers) need to ensure their products are secure, and users have a simple interface to them. Most people wouldn't know what ports and sockets are, but they do know what a door is and how to operate a key. I think some of the bundled security features in OS/X Panther need to be widely available (auto-encrypt folders, multiple overwrites of file blocks).
If Gates thinks E-mail scanners and firewalls are absolutely essential for operating Windows, MS should be bundling a really good firewall and a great virus scanner in its O/S. Linux distros do.
-- Equity lord of the Trill Consortium
While its true you don't need perfect code, however, when the tools you use (i.e. theirs) actually 'promote' unsafe coding practices. The issue in particular I'm thinking of is the feature in both the C and VB compiler where you can actually TURN OFF buffer over-run and under-run checks when you compile the executable. I think I remember reading some where that these types of vulnerabilities (buffers) are like 90 - 95 % of the problems out there.
There is no such thing as software without bugs.
There is no such thing as an operating system without vulnerabilities.
No scan will find all the holes.
No firewall will protect you from all attacks.
No patch will fix all your systems.
No intrusion detection system will catch all breakins.
No employee screening process will weed out all the criminals.
No employee training program will eliminate all employee mistakes.
Security cannot be purchased.
Security cannot be achieved.
The security process is a checklist of items that should be evaluated and expanded periodically.
Continuously and actively search for vulnerabilities. If the cracker knows about the hole before you do, you have a problem. Run scanners, hire people to test your security.
Read security advisories, keep systems up to date with the latest patches, consult others who also try try to keep their security bar high.
Take preventative measures: install a firewall, train employees to use secure practices, implement stricter checks and balances.
Detect problems with intrusion detection systems. Put up honeypots and tripwires. Enable logging.
It scares me, but Microsoft is right.
Perfect code is a myth, like extra money, or a temporary tax. What we really need is consistency between the calls, internal (local) or external (web) in the way the buffer is handled and access controls that make sense. At least on the M$ side they still have not recovered from the code mangling idiocy with MSIE and Explorer co-mingling.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Does the same speech writer work for both Bill Gates and George Bush?? The both seem to be making some pretty preponderously dumb speeches lately.
So does the company that runs slashdot have an obscene amount of stock in Redhat or something? This is like the fifth outright trolling news story they've had today. And yes, I know I'll get modded down to infinity for posting something that's not bashing MS or Gates or saying Torvalds can walk on water.
slashdot, news for crazed liberal socialist zealots
What kind of message does that send to the developers who work for Gates?"
That Bill Gates likes to smoke meat cigars?
Spread the RC luvin'
Yes I am well aware that condoms are not a 100% effective protection against anything, and if you were about to say so, you're missing my point.
my windows has the worst code, but i keep the power off constantly on that box. it's the most secure operating sys^H^H^H mode indeed
my blog
Much as I hate to find myself agreeing with Bill, there is an element of truth in what he says. I'd never leave my Linux box on the net without a firewall.
Adding this extra layer of security doesn't mean you don't need to have perfect code, but it does mean that a lot less of your code has to be perfect.
In other words, I can never be reasonably sure that all the services running of my box are secure. But by having a firewall and blocking services, it suddenly matters a lot less whether those services are secure or not. It does matter a lot whether the firewall code itself is secure, but that is a much smaller amount of code than all the services I am running.
Let me put this whole thing to the side and just say... that is the smile of a rich man.
"Ain't I a stinka..." - Bugs
1. Write poor code, and put security on the unwitting user's shoulder's.
2. ???
3. Profit!!!
You *can't write perfect code. Luckily, you *don't* have to write perfect code, if you write everything in a language that properly handles exceptions. This doesn't mean you shouldn't try to write perfect code...just that if, like every other programmer that has ever touched a keyboard or punch card, you have bugs in your code, you're much better off if your tools are watching your back.
.1% off your linpack benchies...
A good example is the number one favorite tool of the hacker, the buffer overflow. I don't care what OS you have, if you have buffers that can be overflown, you have insecure code. It doesn't matter what "user" the code is running as when it gets full access to your memory and command stack.
So use one of the dozens of languages that won't let you write unchecked code. And you can write as sloppy as you like -- nobody's going to be able to bust down that door. To be honest, i think in the next few years we'll see more of this sort of problem with LINUX than we will with Microsoft. Microsoft is trying to get everybody to write for a virtual machine in languages like C# and VB.NET (which is significantly less of a joke than you think it is). Whereas open source developers seem to pride themselves in sticking to archaic C code...shit, that language was old when I was in MIDDLE SCHOOL (in fact, the computer librarian would only let you check out books on C++). It's not "faster" in today's world, where machines are three clock cycles FASTER than the fastest common interconnect...coding in C is simply some bizarre combination of laziness and bravado. Hey, if you guys want to code in a masochist's language, there's always PERL. The rest of the time we should all be in C++ and Java wherever possible. Sorry if those overflow checks take
Hey freaks: now you're ju
That sounds like a Microsoft way of thinking. Leave the code we have the same, just have add-ons to protect that and add-ons to protect that.....
The core of Windows is so bloated by patches or quick fixes I was confused on the column on Linux Hacks. Maybe it was ment as not to go down the same path. But the code that seems to be quick fixes rarely breaks anything, only makes it better.
No code is perfectly secure and I don't expect worms and such to stop on any OS, IMHO I feel that security needs to be a vital part of Windows' thinking, if they want to keep their market share.
So you install a firwall, you install the latest patches and then you go and use Outlook, letting the worms and viruses bypass all your hard work. In the end the easiest way to by pass security is to be withing the walls to start with. Admitidly, this is going to an issue most places, but you need to do your best to avoid them hitching a free ride through the main entrance. Smart programs are nice, being too smart on the hand it just as bad as not being smart at all.
Am I bitter - yep, especially when management insists on me using Outlook, in place of my less issue prone copy of Mozilla.
Jumpstart the tartan drive.
Actually, that's true. For security, you want to minimize the amount of code that's important for security, and the security-relevant pieces have to be right in the sense that they don't allow security to be broken. Even the critical pieces can be imperfect as long as the imperfections don't harm security. But there's a danger here - typically the bar is set far too low. My fear is that this will be interpreted by his developers as "slipshod implementations are still okay." Which is not true - the parts that matter, still matter.
Tools and security audits can help, as can firewalling and keeping up with patches. But that's not enough. Training developers how to develop secure software , and giving them the time to do, is probably even more important. I know Microsoft has done at least some of that, though I don't know how widespread it is and how well it's compensating for all the years they did not do that. Techniques other than the ones he's listing are frankly more critical, too. In particular, the system needs to be broken down into smaller, mutually suspicious pieces with minimal privileges, so that breaking one component doesn't break everything. There needs to be multiple layers of defense. The system needs less tight integration, and it needs to be easier to disable and remove everything not strictly necessary for a particular task. In contrast, firewalling is only a first baby step - his competitors (like Red Hat Linux) enable that by default as a starting point, and so Microsoft is only just catching up there. Besides, viruses are almost entirely an Outlook-unique problem, other systems are designed to not have that weakness in the first place. Patch management is important, but given Warhol worms, they won't be enough - if attacks take a few seconds or minutes, we won't be able to patch every system around the world fast enough.
I hope that Microsoft is doing much more than Mr. Gates is saying here.
- David A. Wheeler (see my Secure Programming HOWTO)
Is BG really saying that Microsoft has invented Internet communication between software apps? This sounds to me like a sly twisting of the State Of The Art. Hmmm... TCP / IP is just moving bits, but
Part of the problem may be that I don't understand
Please clarify my fuddled brain, or translate Bill-speak for me.
Insert witty saying or aphorism here.
Well, you can have less than perfect and still perfectly secure code. Consider, for example, performance issues. Copy-pasting code into 10 places instead of making a function is bad coding, but it does not necessarily mean loss of security. We can even make one further step and say that you can have secure systems with insecure code. If programs are executed in managed and protected environments, they can only (a) crash themselves (b) corrupt output. If you always validate the input and do not critically depend on insecure parts, there is still no loss of security.
Examples are plentiful. There are crappy applications for Linux, like X-Windows, which may (did) crash relatively often, but that doesn't mean the system was insecure. It only had an unstable shell.
Future Wiki -- If you don't think about the future, you cannot have one.
You are a religious zealot and your religion is open source. Believe it or not, proprietary software has its place in the world. Insisting on all open source software is a pipe dream.
"What kind of message does that send to the developers who work for Gates?"
Apparently nothing they don't already know, given Microsoft's dubious past achievements in security.
Those who can, do. Those who can't, write technology blogs.
"... he suggests that users acquire and properly configure firewalls"
Windows FireWall
1980s Hey Were cheap, dependible, and prevent you from a single platform (Just as long it is using the x86 processor).
1990s Hey Were cheap, and prevent you from being stuck to a single platform (Just as long you are using the x86 processor).
199(5-9)s prevent you from being stuck to a single platform (Just as long you are using the x86 processor).
2000s just use our stuff OK, it is not like you have a good choice. If something happends then its your fault.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
When a program doesn't meet your standards, there's only one thing to do--lower your standards!
Chris Mattern
> What kind of message does that send to the developers who work for Gates?
a) That the crap^H^H^H^Hprojects you are working on only have one constraint: the deadline.
b) What you're doing doesn't matter. What marketting says is all that matters.
c) Thought you were hired because of your capabilities of writing good code? Nope. It was because you can get something slapped together and out the door quickly.
d) some combination of the above.
EVEN if users have to jump through hoops like not executing from inside the mail program, saving it to the desktop, unzipping, scanning -- they'll screw something up. It is the nature of the beast.
I can't agree with that. If the default behavior of all common mail programs so discourages people from executing attachments, I think the worm problem (at least as it exists today with things like sobig) would be effectively solved.
That's not to say that nobody will find a way to execute such a program. The problem with sobig, though, was that so *many* people ended up running it, because of how easy it is to do in mail programs.
"640KB should be enough for anybody"
"This software is good for capitalism/communism/free software" is a cause for dismissal at my company.
We don't do politics. We do software. Tread carefully.
...is it okay with Bill if his daughter is a little bit pregnant?
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
in a corporate environment.
If a computer in the act of being installed is exposed to the net unprotected, your System Admin's need to be dragged out and shot.
If it's getting infected by an infected computer INSIDE the corporate firewall, your IT department needs to be dragged out into the street and shot.
There is absolutely NO GOOD REASON that a computer should be freely attackable in a corporate environment unless the IT Department is grossly incompetent.
ahhhh..yes, good ole slashdot...as always, microsoft hater...if a linux supporter had said the same, you guys would be down on knees...
loosers...
So does this mean that Microsoft's problems with security are a business decision?
His comments are not that bad when compared to past comments. Keeping firewalled and running your updates is sound advice even to Linux admins. He says perfect code is not required. I have heard of his "slave" campus his idea of perfect software would be perfect software. No one has released any of that yet. He is stating that by proactively configuring your firewall and watching his update site you will be significantly more secure. He even adds that "But did we have the tools that made that easy and automatic and that you could really audit that you had done it? No. Microsoft in particular and the industry in general didn't have it." He himself adds that MS was a PARTICULAR part of the problem. I think the work done between 2000 and 2003 is very promising in terms of security.
I can't agree with that. If the default behavior of all common mail programs so discourages people from executing attachments, I think the worm problem (at least as it exists today with things like sobig) would be effectively solved.
That's not to say that nobody will find a way to execute such a program. The problem with sobig, though, was that so *many* people ended up running it, because of how easy it is to do in mail programs.
Except many worms are spread through more than one means.
A real case I dealt with: the I LOVE YOU virus.
The ILY virus spread through local network shares and e-mail attachments. The parent office of a corp I worked for (2,000 PCs) was hammered with it. It took them two days to clean up.
Then, the next day, some idiot who originally *thought it was a real love note and saved the attachment to his desktop* executed it again -- out of the context of an e-mail attachment.
The shame and humiliation heaped upon him was enough to ensure he wouldn't ignore IT memos again. However, it brought the e-mail servers down a second day while it was fixed. Again.
In a LAN environment, all it takes is one idiot.
Learning HOW to think is more important than learning WHAT to think.
He is absolutely right. You don't need perfect code for security. You need well-designed security procedures in your operating system, and more importantly, a fail-safe(*) core system.
(As in: It always fails towards the secure side. Design software like you would an elevator: Always take failure into account and make sure the people/processes inside are still safe.)
Assorted stuff I do sometimes: Lemuria.org
Bill Gates says 'You don't need perfect code to avoid security problems.' Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date.
Come on now. I deal with end-users all the time. They have problems finding their damn "start" buttons, and the illustious Mr. Gates is suggesting that these users install and configure their own firewalls?
True, there is no perfect OS and all OS's are going to be vulnerable in some way. True again that Windows holds the desktop market in it greasy hands, but instead of attempting to meet "corperate deadlines" and wasting time and money by adding functionality into the OS consequently putting other companies out of business, lets start writing some quality code. Screw the deadlines.
This annoys me.
Enough spin, and people will believe that MS's lack of security is a bonus!
Just like the chaos in Iraq ACTUALLY means the Iraq war is a success!
Now, all he has to do is blame Clinton, and he'll be assimilated into a RW pundit!
And there's nothing wrong with this as long as the computer users are vetted through. I hate to break the news, but owning a network capable computer in the future is going to be licensed: run only approved software and pass an exam. Yeah, I'm drunk as a skunk but I'm in the know. I work for MS. Ok, I'll shut up now...
thats the only way they could be more secure than linux, right? if security isnt based on good(perfect, whatever) code, then windows has a chance!
i hate most of what ms does, but that man(evil as he is, of course) gates is some kind of businessman. could you sell an inferior product for hundreds more and make money at it?
i sell illegal drugs
"I mean, people act like some other systems don't have vulnerabilities; actually all the forms of Unix as well as Linux have had more vulnerabilities per line of code."
;)
You know, I can think of at least two ways to take this.
This tagline brought to you by 1500 monkeys in just under 17 years.
I really liked the quote at the end of the article:
ITB: How worried are you about the number of attacks on Microsoft software?
BG: Actually in a sense it's very good to have this maturity, saying that a high volume operating system will be the one that people have tried to attack. Low volume software is always attackable. It's only attacked when somebody wants to be malicious. High volume software is attacked when somebody wants just visibility and glory, and the fact is that the hardening is part of the process of having the level of reliability guarantee that we need to make.
This is just so typical.
Of course you can get enhanced security on a security focussed operating system.
What the world needs is an operating system that is both accessible to all (easy to use) and secure. That's where Windows is aiming at. Unix may be secure but it is arcane and difficult to learn and use.
five hundred ph.ds running fuzzers and testin'
to ensure that nt's security features keep progressin'
sixty billion dollars can't build you a trusted computing base
when you outsource all your code from bangkok to outer space
before palladium's nexus has you all distressin'
learn this lesson: the price to own microsoft eip is 50 rupee
but there's no price that will buy something that's free
-dave
Another wonderful illustration of what is wrong with Microsoft's stance on security. I think the quote says it all quite succinctly.
No sig.
Let's say you go out and buy a car. You find out a month later that the rear axle has a tendency to crack and cause horrific accidents. The car company issues a recall and has the part replaced.
In this case, BG would be telling all of the auto owners "Tough Shit. We don't have to be perfect. You should have fixed it yourself." That type of mentality is likely to get a car company pile driven into the ground by law suits. I pray that no one's life depends on Microsoft products.
Most good companies offer warranties and an excellent means to get problems fixed. Microsoft's warranty: If it doesn't work, you must unistall it from your system and pray for a refund.
You remember the days of the Ford Explorers and the Firestone tires? You can bet that the survivors were well compensated for their losses. I know it's different, an OS vs. a car that can kill, but in the end, you have to pay for both. Should both offer the same assurances?
Fuck you terrorist. I hope you live in the States and you'll be hunted down as a dissident. We don't need your kind at a time of war.
to smell which way the winds of change are bullowing?
add to that, most of the rest of the felonious execrable whoare making US look real bad all over the wwworld.
but you might be able to see just how badly they knead you?
billyonerrors' ?pr? ?firm? FUDgeFest?
you can tell where this guise homepage is?
14-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.56 - $25.65 per share. $25,605,0002
14-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,600,0001
13-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.53 - $25.77 per share. $25,650,0002
13-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,730,0001
12-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.54 - $25.76 per share. $25,650,0002
12-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,610,0001
11-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.58 - $25.85 per share. $25,715,0002
11-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,580,0001
8-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.58 - $25.88 per share. $25,730,0002
8-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,710,0001
7-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,650,0001
7-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Sale at $25.49 - $25.78 per share. $25,635,0002
6-Aug-03 GATES, WILLIAM H. III
Chairman 1,000,000 Planned Sale $25,660,0001
6-Aug-03 GATES, WILLIAM H. III
Chairman 443,418 Sale at $25.64 - $25.85 per share. $11,416,0002
6-Aug-03 GATES, WILLIAM H. III
Chairman 325,246 Sale at $25.851 - $26.03 per share. $8,437,0002
6-Aug-03 GATES, WILLIAM H. III
Chairman 231,336 Sale at $26.04 - $26.16 per share. $6,038,0002
meanwhile, fuddles' hostages pay big bucks to remain captive, whilst fuddles spends their money, trying to asphyxiate their rescuers, the hobbyist dogooders, buy use of corepirate nazi softwar gangster execrable MiSdeeds. lookout bullow. tell 'em robbIE?
And I don't think anyone has admitted that the only path to security is "perfect code", which for all we know is an impossible goal. However, the path to good security is multiple layers of protection. Which is certainly more than just a firewall.
Right now "firewall" is synonymous with "NAT box with rules." We can argue the true meaning of firewall, but the current crop of products marketed as firewalls are basically just this. And there is no One True Configuration for this firewall that will protect from all intrusions. Obviously blocking every port from the DMZ is a good start for most, but the configuration varies depending on the user's needs (some, for example need to make available ports for P2P networks or game servers). And no NAT rules could have prevented someone from being infected by the Nimda worm, where the Windows boxen were purposely offering an HTTP port to the outside world.
The path to good security involves reusing proven code, privilege separation for services using sockets, bounds checking, IP rules, and a whole host of other things. Windows scores poorly in these areas, and Linux, although it does have some high points, isn't that much better.
Fred
"A fool and his freedom are soon parted"
-RMS
billgates is a fcukNUT
/owned/
Do you know Joe Wang? He's a friend of Bill Gates I hear..
Heaven forbid that anyone should read the article before posting.
Taken out of context, what Gates said sounds ludicrous. You also have to remember that this was an off the cuff remark. Read the whole article and it makes more sense. His point is that despite the holes in Windows code, patches were provided prior to the hole being exploited and the people who patched their systems and had reasonable security (i.e. many layers) in place had no problems.
My experience would seem to support this. I see a lot of networks in my travels. The folks who are on top of things don't seem to have a lot of problems. The folks who aren't have lots of problems, viruses and otherwise. I would say that the quality and quantity of the people involved is more important than the OS that you run at this point.
The biggest problem that I see is IT departments that have people with insufficient skills. The right person with the right skills can make all the difference in the world. Many companies deploy systems in a haphazard fashion without thinking about maintaining the systems. Before you know it they have a big stinking mess that is going to cost a lot of money to clean up when it could have all been avoided if the right people had been involved from the beginning. Once the mess is there, they can't afford to go back and fix it. They have systems everywhere that aren't patched and were never locked down properly anyway. They have no way to centrally manage the systems and don't monitor their network traffic.
If you have your shit together and pay attention to detail, you can maintain a pretty secure environment with Windows. I would say that this is the same for most major systems out there. Look at the security patches available for Linux, Apache, and most other software out there. If you are lax then you likely have security vulnerabilities no matter what you have installed. There is no perfect code out there. Any complex system is bound to have holes.
I think that it is unwise to underestimate Microsoft. In the past, stability was the main issue. They have come a long way in improving stability. Now the main issue is security. It is going to take a couple of years but I would say that you will see a level of improvement that is comparable to the stability improvements seen in NT. It won't be perfect but it will be good enough to keep people buying.
In other words, Windows' security is broken.
Yet Another Web Site
and what happens when your Microsoft firewall is found to be insecure?
Common sense is not so common.
... you need XML in as many places as possible, all code written for .NET, and um, C#. And you definitely need Windows for security, because nothing else is secure, that's for sure! You also need to stay away from iTunes, which is like totally insecure. QuickTime is also not secure. Windows Media Player is like totally secure, dude. You also need to be sure you have a Passport account and use MSN on a daily basis, because those will increase your overall security. You must also take care to book all travel through Expedia, or you might sacrifice the security of your personal information!
In summary, keep giving us money, because all your security are belong to us.
If you are a developer and you believe that code can be perfect or that it even NEEDS to be in order for users to be protected then I would suggest that you've never worked on any projects of any size. If you are a developer who claims to write perfect code then I invite you to send me your resume.
The truth of the matter, and anyone who has done professional software development knows this, is that it is impossible to write perfect code. Yes, even under our beloved Linux. Indeed, EVEN our beloved Linux. The challenge is to implement within that imperfect code solid security procedures that deal with, and protects the end user from that code.
Really folks, I hate Gates as much as the next guy, but he isn't wrong in EVERY single thing he says. Sheesh.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
Hey Bill!
When we built your Gulf stream 5, we didn't do it "perfectly". In fact we didn't even do it well. We figured these things are over engineered anyway, so we only put in half the rivets. Oh yeah, see that cockpit full of doo dads, well they don't work. We know you asked for all those features, but only got half of them to work margianlly. The others will just cause the plane to plummet of the sky like a brick. In fact, we just wired them to random stuff. In the near future we'll be sending you out some wiring diagrams to make it all work we "promise!"
Also, by taking the plane out of the package, you obsolve us of any damages this plane may cause. Oh yeah, and the use of JAVA on hardware that runs critical applications like life support and nuclear power plants will cause us all to die.
Yes Francis, the world has gone crazy.
That's why I find free software to be superior to non-free software. With non-free software you must "rely on someone else to keep your computer secure" because only one person or organization has the source code and the legal authority to improve the software. If a program is Free Software for me, I get to choose how much time am I willing to spend developing the skill to improve my software to suit my needs. It doesn't matter to society how much of that freedom I leverage, what matters is that I have the freedom. But I want that freedom for everyone else too. I benefit from more people having these freedoms because I benefit when those people leverage those freedoms in clever ways.
This is also where I somewhat part with the Open Source movement. On the one hand, I'm glad for all the attention they've helped bring to Free Software licenses (particularly the GNU GPL), but on the other hand I (as a user) want the freedom to share and modify software. I'm not against businesses having the freedoms of Free Software, but I don't want to tailor my message for them or pitch chiefly to them. The GNU project tells about an interesting episode in their their essay on the difference between Free Software and Open Source:
stratjakt wrote:
Nothing is perfect, so arguing about our need for perfection seems to me to be a moot point. I think we need a system to give as many people the freedoms to inspect, share, and modify software so software can meet people's needs. The proprietary model of software development and distribution does not give us these freedoms.
Digital Citizen
Locking the front door and leaving the "Windows" open to me.
Sincerely, Czephyr
Anybody who kept their software up to date didn't run into any of those problems
I didn't think that #emerge -u world would make such a big difference to security, but I'm glad I'm in the habit.
Thanks, Bill!
sounds like W^X..
it's a valiant and good idea, but not Microsoft's invention.
Users want software that works, that does the job it's supposed to do. What should users be expected to know and do? Basic security, such as updates and securing against somewhat standard threats (such as Outlook attachments) might be reasonable, but I was under the impression that the documentation for changing these features was less than outstanding. In some cases, the updates may either not work or may come with onerous EULA (WMP 9.0).
I didn't RTA, but BG seems to expect users to know as much as the virus/script writers and perhaps more than his own engineers to secure their computers. While there is a lot of avoidance of responsibility on the part of users for security flaws, it seems unreasonable to have to spend significant amounts of time to know the inner workings of their system to use it, particularly when Microsoft seems more interested in adding "features" such as "trusted computing" than to write correct code and patches.
In order to drive, I have to look at the oil, gas, and tire pressure to keep it OK, and I have to know how to drive competently, but I don't have to understand my transmission much to run the car. It would be harder for lots of people to secure their cars if, in addition to the locks, the engine had multiple overrides to allow other users access which would either be listed on p.600 of the Advanced Mechanics' Maintenance Manual for your car or available by downloading from the manufacturers' website along with great features such as a governor that limits you to 55 mph or which rejects non-Exxon gas. MS sells its OS to people solely interested in using it, yet it neither is willing to clarify the requirements for maintaining security nor to write working software or patches. Instead, MS is better at blaming or hindering its users than in actually achieving the "security" they trumpet so loudly.
If you want users' help in improving security, BG, a good start might be to work with your users rather than against them. Whatever legitimate points you make are diluted by your cavalier attitude about the flaws of MS software and the antagonistic attitude of MS towards the users of its software with respect to security (trusted computing again) - improvements at security seem to secure software from use by legitimate agents rather than from use by illegitimate agents (virus writers and crackers). Users should be your customers, not the enemy. If you believe that users should behave differently, than clarifying the correct behavior to users without a BS in EE/CS would help; setting insecure features to default off might help too.. Then if users want to shoot themselves in the foot, they might have to learn something (and thus might learn not to do that). MS warnings about user security sound like "don't engage in unsafe sex" talks from condom makers who make defective products.
Gates said:
I mean, people act like some other systems don't have vulnerabilities; actually all the forms of Unix as well as Linux have had more vulnerabilities per line of code.
Now, that is the best justification for MS code bloat I have ever heard. It reduces your security vulnerability density!
Gates just continues to prove how little he understands what he says.
All of my customers have firewalls. All of my customers systems log to external syslogd. All of my customers get regular patching.
Some of my customers carry MS OS craptops on and off of their networks and bring trojans, viruses, and worms that I must deal with.
Not a problem on ANY of the Macs, Linux, or SunOS/Solaris systems I support.
But hey, its billable, so I guess I should feel some gratitude towards Gates.
I don't.
~8^]
His second part is way off the mark. Firewalls and timely patching are not what result in security. What does lead to security? Security by design.
What is security by design? Isolation and containment. The best way to achieve isolation and containment is with a capabilities-based system (Eros for example). This way, when one piece of the system has an error, it is contained and cannot cause harm outside of itself. Another system that has many levels of containment is a virtual machine system like Java. Java does not allow access to memory or manipulation of pointers, and bytecode correctness is checked by a theorm prover before it is run (among many other security features).
These approaches lead to security. They accept that code will not be perfect. Timeliness of patching has nothing to do with this.
In other news, architects announce that you don't need "perfect construction" for bridges. As long as all drivers are careful to install additional supports before driving across the bridge, we can avoid problems.
perfect code either. Ahhh!!! Imperfect code protecting imperfect code. This sounds like something I'd expect to hear from Darl McBride...
Any one know of projects that do this? Wouldn't it be ideal to have many firewalls running with differing code and whenever a firewall was breached remove that code from the gene pool and evolve a new firewall?
Posthuman since 2001.
This is just a tacit admission of failure. And a promise that it isn't going to get any better in the future.
As many have noticed already, this shifts the burden onto the user and absolves the code developer of all blame. I don't agree with that and I don't think most of us here agree with that.
Look, I am capable of securing my systems. I went through Blaster, Slammer, et al with no problems. However, my Internet connection still suffers from endless probes looking for vulnerable Windows systems. My e-mail box is filled with spam delivered by co-opted Windows machines. In short, although I have made sure that I am not part of the problem, I still suffer from the problem caused by Bill and company's stupid approach to security (which basically amounts to ignoring it!) over the last 10 years.
On top of that, so much of what he says is bullshit!
Anybody who kept their software up to date didn't run into any of those problems, because the fixes preceded the exploit.
That is nonsense, Bill. Most of the worst e-mail viruses were not patched until after they had become a problem in the wild. To say otherwise is just a lie. I myself saw Blaster probes in the logs of my firewall (although I wasn't smart enough to recognize what they were before Blaster hit) before any mention of a patch from Microsoft. Now the buffer overrun patches that immediately followed Blaster patches were prior to any exploit, but Microsoft doesn't deserve credit for that: they were found by a third party that went looking for other vulnerabilties and reported them to Microsoft. Their tech bulletin about those patches gave them credit for finding and reporting them.
But there are two other techniques: one is called firewalling and the other is called keeping the software up to date.
Firewalling would have prevented, specifically, Blaster and Slammer. Basically, firewalling would have helped with any buffer overrun except those on ports that are specifically required to do the software's job. In short, none of the many, many buffer overrun exploits in IIS would have been helped a damned bit by firewalling because IIS's very job is to accept and answer requests on some ports from the Internet so the firewall would have deliberately been open to those ports!
We have already covered keeping the software up-to-date: for this to help, Microsoft must take a proactive rather than reactive approach to vulnerabilites.
Certainly there are whole classes of vulnerabilities like buffer overruns that are very well understood at this point, and the scanning tools are very good and the compiler switches are very good.
Then why Blaster? and why were XP and server 2003, your latest and greatest produicts, vulnerable to it?
Is that the problems are too big for Microsoft to fix. That is, Windows is and will be insecure, by design. Nothing can change that.
You can try to remedy the effects, but you can not fix the cause.
Can anyone translate this into English? Even American English would do, I'm not fussy....
If m$ would just look into their crystal ball and predict all of the exploits that might be found and outmaneuver the hackers Windows would be a much better product.
For those folks who got code red, soBig, etc., they deserve it. Patches we out for months. Companies who were hit should immediately fire their worthless NT admins and seriously consider moving to Linux.
But guess what.. you still need multi-layered protection even if you are on Linux.
Anyone who relies on the OS to stop all attacks and keep you safe at night deserve the havok that follows.
Karma means nothing to me, so suck it...
Nobody requires 'perfect' code you wanker. What they require is code where at least it is foreseeable to understand where plausible security problems will arise out of and how plausible fixes will be made.
In MS code you have neither. Severe problems can come from literally anywhere. Nothing can ever be set aside. Shit, the icons for your clipbook are probably exploitable. And similarly MS does a pretty awful job of telling you what patches might fix. From the obscure 100k dll-ette to the 170MB service pack, no one God's grey earth can tell you the fixes that are there. Everything's practically a goddamn leap of faith.
And let's be honest. MS security 'problems' are becoming lectures about starving gits in Asia. One is much like the last 3 million. No one is really listening all that hard anymore.
What kind of message does that send to the developers who work for Gates?
A conflicting one. As said before, What does Gates know about security? Sure firewalls and applying patches may keep your system secure, as long as you apply the patches before a vulnerability is taken advantage of. Preemption is not always possible. What it appears Gates is (unintentionally) saying is that if security is a critical concern, stay away from Microsoft products, because security is not an important design aspect to us.
Moving forward with Gate's vision of a more transparent user experience: "We're going to take that to a whole new level in terms of going out to get information, and yet be able to do it in such a way that you know you're getting secure information, that the right things can happen even as you go out to the internet."
This won't be possible until security is transparent. Automatic updates help a little, but they are still just a kludge for a lack of security in the first place.
"...the times between when the vulnerability was published and when somebody has exploited it have been going down..."
And will probably continue to as long as the holes are so incredibly easy to exploit. Might not be a problem if the patches are few and small, but recently we have not seen that.
Gates seems to be placing the blame mostly on 3rd party developers and applications, not the poorly designed APIs they are forced to use. This attitude will not likely lead to a more secure platform.
TallGreen CMS hosting
The best way to protect M$ systems has been to place a firewall in front of them and lock down all ports for years. Nice to see the head honco admit this.
This coming from the man who also said '640K should be enough for any user.'
... I use Windows, too, but I don't trust Bill Gates to ensure my security. Especially not when he's so short-sighted. He sees things as they are, not as they will be -- that's never a good thing, especially in terms of the science of technology.
He lost his credability with that one statement (said in the early 80's)
Seth Anderson BTW, I'm not 23 anymore -- I am TexasCowboy26 now. =)
Basically, Gates is telling developers to do what they have been doing and clean up the mess if it gets smelly.
The more things change, the more they stay the same...
Well, most all these posts are alike; the guys that say "yeah, this just shows Bill is an idiot" and the guys who say "no, Bill is right, it *is* the users' fault."
But I think to some degree this back/forth misses the point. Which is, it's both. The user/administrator has security responsibilities, no question. And so does the coder/vendor.
Now that said, I blame Microsoft. Why? Because they sold a system that requires a system administrator to my grandmother, and didn't sell her a system administrator, or even suggest that she get one. In fact, the marketing guys go on all day about how any idiot can use Windows...and then the apologists go on about how everyone needs to be a sysadmin to secure their own box...because security is the user's problem.
Which is exactly what this amounts to..."you don't need perfect code to have security" is what was said, but what was meant was "you can have security even while using software with known vulnerabilities." And that's just BS. Maybe you can, but not while keeping the functionality of the software in question...you can block port 80 to deal with an Apache vulnerability, but, um, you won't be serving web pages.
And while we're at it, ok, sure, no code is perfect. Big deal. Some code is very secure, and some isn't. Microsoft's, by and large, isn't.
And if you don't believe that Bill is shoving the responsibility away from them, just look at the messenger vulnerability. The MS response to this REMOTE ROOT EXPLOIT was to recommend that all *users* turn off the service "while we evaluate the need for a patch."
EVALUATE THE NEED FOR A PATCH? It's a REMOTE ROOT EXPLOIT!
Anyway, I almost never shout, but man...Bill's statements in this article and that response to that vulnerability really do show how these guys feel about this stuff. And it's pretty scary.
Given a choice between free speech and free beer, most people will take the beer.
If Windows had worked well, in v2.0, Linus might never have thought of writing Linux!
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Bugs are important because they allow UNTESTED paths through the code. In themselves they are not a important source of insecurity; but the bug may allow a program path far away from the bug to be accessed which can be a security problem.
The real source of insecure software is DESIGN. Much software has insecurity designed in. Regretably Microsoft thinks that automatically running code provided from a stranger is a feature; the rest of us consider it a huge hole in the castle wall.
Insecure by design.
It is hard for Micosoft to write a secure operating system and have total control of your PC at the same time. After all, if they made an OS that no one could hack into how would they keep tabs on what your doing with their software.
Who is Bill Gates?
I would like to hear what a real security expert like Jeff Goldblum had to say, though. After all, he managed to interface a Mac with an Alien computer. I mean, he's no Sandra Bullock, but he's still a pretty good "hacker". (That's the correct term, right?)
indeed..
'You don't need perfect nuclear plants to avoid security problems'
Peolple should build radiation safe bunkers in their basements, in order to keep their families completly safe.
I was warned about it during a military driver training course many years ago. They told me that high-speed cornering in a Jeep was a quick way to kill yourself.
Mea navis aericumbens anguillis abundat
Let's see a show of hands. How many of you think that not having a clear indication of where a piece of information came from is a good idea?
Anyone?
Anyone?
Nope, even Ferris won't bite on this one.
Mail? Put "slashdot" in the subject to pass the spam filters.
Well...in recent years I have started to appreciate the idea, design well and include good details consideration early on and you avoid bugs. Avoiding bugs means less need to hack/patch a fix for the bug, which means less chance of having to add layer upon layer of patches. A good design also means less time spent searching thoughout your code for those hard to find bugs like a buffer overrun and the likes.
Although I will give, he made it sound as though in this new version of development tools, that they had an audit tool useful in analyzing and preventing many ikely security risks in code...but this is probably the old, search for buffer overruns, looking for uncatch execptions/errors, etc.
Eric B
ebresie@gmail.com
If Gates ran a door manufacturing company he say this:
"Well, our doors don't have to be perfect to keep your home safe. In fact, the locks don't even need to function properly. If you want security, you should invest in a fence."
A Pipe dream?
:)
Like the pipe dream of one day having low cost computers in every home, interconnected into a huge network?
Bill Gates has used poor code to enrich himself from the first time he touched a keyboard. In high school, he broke the first system he got to use, then charged them to fix it.. Are you surprised to see the same thing over and over again? His typical answer, "Blame the user" and "blame anyone but me" is the ultimate cop-out.
Friends don't help friends install M$ junk.
I'm hungry.
Healthcare article at Kuro5hin
Knuth has a standard policy that if he publishes something, The Art of Computer Programming, Tex, etc... and you find a bug, he will write you a check. Admittedly for only $2.56 US, but he puts his money on the line.. He will even write you a check if the issue you raise is that of clarity.
Some similar policy needs to occur in other software developers.
1. Write flawed email servercode that can't check its own buffers.
2. Profit!!!
3. Rather than fixing software, write firewall software that checks packets being sent to email server for it.
4. Profit again!!!
Just because Microsoft is the most successful company at amassing a fortune, does not mean that their approach is technically superior. In fact, since they have catered to the least common denominator, their approach, while certainly 'new' when compared to Unix, is definitely not superior.
I use Windows NT and XP on a daily basis in my work. I also was an original DOS user back in the 80s, and migrated up through various windows distributions including Windows 3.1, Windows for Workgroups, Windows 95, Windows 98, and Windows ME. There is not much I don't know about the windows implementation from a practical hands-on standpoint.
I also use Unix on a daily basis at work - in the form of Sun Solaris, and SCO Unixware, and Linux (Slackware, Redhat). I loaded my first Linux box (a 486) at home back in 1992 - always having at least one Linux box in my stable, only recently converting all of my home machines over to Linux.
I have been a system administrator and a software developer on both platforms.
Over years of comparisons I came to the conclusion that having a full featured workstation and server machines was more important than foregoing a few video games not available for Linux. In this time of freely available and configurable operating systems, I see no advantage to having Microsoft over Linux. I have not regretted my decision.
One of the major reasons I switched completely was because of Microsoft's 'all or nothing' business practices. I believe this is a key element that has led more and more technically savvy people away from the Microsoft operating system. I am probably stating the obvious here, however, I believe that if Microsoft had tried to build tools that were truly compatible with existing standards and tried to work with the existing internet and development community (that has a long history, and a longer memory) instead of trying to co-opt and conquer them, then I think you would not have seen all the backlash against Microsoft and the resultant anti-trust case.
It boggles the mind that so many people posting on this site don't get it; I can only surmise that they are either ignorant of other options, or willfully misrepresenting the facts based on some vested interest (Microsoft employee or OEM?)
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
IS NOT
'you can't rely on perfect code for security'
First, imperfect code is a security problem. M$ has many flaws and they know it each time they ship code. The kind of problems M$ has extends to poor design as well, so it would break even if it were perfect.
Second, Bill's statement implies that his company never will get better. That's something anyone familiar with M$'s history and hype knows, but it's kind of in-your-face for him to put it that way then blame the users again.
Get back in your hole, appologist troll.
Friends don't help friends install M$ junk.
Yes i often find that you dont need perfect code, merly bodging things together with spagetti code if and obscure variables and blocks of code that you quickly set up because you were testing something and wanted to get it working, but then were left there to because you went home and forgot to redo it the next day works fine infact you dont need even to write good english, notice my lack of full stops and i only put a few commas in for the sake of it, also i left afew words in that i forgot to take out when i retyped the line but thats ok because you can still read it right?
No Mr Gates you dont need to write perfect code because your company has the perfect business model - monopolise the market and persude people who dont know better that your software is the best, then leave gaping holes (outlook) and hype up the "hacker" blame until your next upgrade that promises to fix the problem (that you created) by adding totally un needed layers of drm. Then lock out competition and complain everytime a government looks into open source while making sure computer manufactures pre install only your OS or they dont get squat from you and get locked out of the market.
This comment does not represent the views or opinions of the user.
Could it be that they are age group most likely to be the parents of teenagers, especially teenaged boys, who will click to open anything that promises to show them naked women.
And they are most likely to be spouses of middle aged men ... who will click to open anything that promises to show them naked women.
Proof: What virus vector email was wildly effective: one with "Anna Kournikova Screensaver" in the subject line.
With that freshly revealed philosophy of Bill, it makes me wonder what if the developers of BSD thought that? What if IOS developers at Cisco thought that? Or the people working on any router that works with the BGP or OSPF routing protocols that run the Internet?
Or what if the developers of Apache, Qmail, heck even the Linux kernel thought they will just shift the burden of network security to the vendors of some other software. Now imagine the catastrophe if Microsoft can legally block the development of BSD and Linux, and buy out Cisco.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
"High volume software is attacked when somebody wants just visibility and glory, and the fact is that the hardening is part of the process of having the level of reliability guarantee that we need to make."
I like the fact that he thinks people attack M$SFT software just for glory. Not because:
1) It's easy.
2) A valuable exploit is one that can be used. More machnes - more opportunities to use the exploit.
I also like the fact that M$FT should make a "guarantee" according to Gates. I haven't heard of M$FT giving a "level of reliability guarantee". Nor do I think they will.
I could be wrong.
I believe he may in fact be right.
I'm sure microsoft has reviewed linux's code many times over, and have found exactly what all intelligent people find - a REALLY crap code base.
the code of the linux kernel is laughable that it astonishes many intelligent people, like me, how linux has still survived.
MS has never had the concept of seperating O/S functions from application functions.
Not quite.
Earlier public statements by Microsoft executives indicated a "Chinese wall" [11,2] that separated the application developers and operating system developers. Professing such a separation was meant to allay fears of unfair early access to vital API's by Windows application developers.
It seems their public statements can be at odds with reality; certainly it was the case in the context that particular "firewall" policy.
Take heart: maybe Bill's lying again and really thinks code should be perfect, in which case we'd be better off than we are with "acceptably imperfect" code.
"Provided by the management for your protection."
You don't need perfect code, you need a secure design. If you have a design that fails "closed", that defaults to not allowing access and requires an exception handler to function correctly for access to be granted, then most bugs will result in a denial of service rather than a security failure.
The problem that Gates isn't dealing with is that Windows has traditionally used security mechanisms that "fail open". For example, Internet Explorer used the same file type - application bindings as the desktop, and then added a bunch of rules to prevent insecure apps from being opened. Internet Explorer, again, allows local objects full access and then has exceptions to cover objects that aren't really local (like attachments in cache directories).
So, on the one hand, Bill is right that if you have a good design you don't need perfect security. On the other hand, he's selling a system with a lousy design. So where does that leave us? Well, it doesn't leave me with any warm fuzzies about Longhorn...
blah blah blah ...
And so it's pretty fundamental to think about Web services and how that's built in. That's what really takes the Internet to the next level where you're going out and getting price quotes or the latest results on customer satisfaction, and having software interaction. All those information sources are brought into one rich visualization. That was the demo we did this morning.
www.cnn.com/2003/TECH/biztech/02/01/microsoft.secu rity.reut/
"Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said of the Microsoft initiative. "I gave it a 'D-minus' at the beginning of the year, and now I'd give it an 'F."'
The worm, which exploited a known vulnerability in Microsoft's SQL Server database software, spread through network connections beginning January 25, crashing servers and clogging the Internet.
Public reminded of risks
It hit a year and one week after Microsoft Chairman Bill Gates sent a company-wide e-mail saying Microsoft would make boosting security of its software a top priority.
Microsoft placed responsibility on computer users who failed to install a patch that had been available since at least last June.
"The single largest message is: keep your system up to date with patches," Microsoft Chief Security Officer Scott Charney said.
But the philosophy of patching is fundamentally flawed and leaves people vulnerable, Cooper said. For example, Microsoft didn't follow its own advice as executives confirmed that an internal network was hit by the worm.
"Microsoft was completely hosed (from Slammer). It took them two days to get out from under it," said Bruce Schneier, chief technology officer of Counterpane Internet Security, a network monitoring service provider. "It's as hypocritical as you can get."
Just because their code is bad doesn't mean they don't understand security, it may just mean it is not profitable to write perfectly secure code.....and they get money from upgrades :)
Hell, even the commercial Linux distros earn money on upgrades. Service and support is basicly about that. If there was a security errata once every three leap years, who'd pay for support?
Of course, they don't write most of the code themselves. But if you want to get all conspiracy-theorist about it, they wouldn't want to make a too stable product either.
Kjella
Live today, because you never know what tomorrow brings
This is the same as Micro$oft selling new and improved clean dirt. Yes it's dirt but it's clean dirt!
:D
What's wrong.. can't fix the code so they call it good? If Microsoft can't do it then someone else will. It's called competition
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
That code is almost always found and exploited around within a few weeks.
I'd like to think online game developers are getting smarter about this...
Frank Grimes:Whats this? Extremely High Voltage? Well I don't need safety gloves because I'm Homer Simps--!!! Believing what Bill Gates says about how computers works will always lead you to a Microsoft solution. Perfect code isn't required for security but imperfect code is inherently a potential security violation. If it doesn't do what it is suppossed to, what DOES it do? What IS it doing?
Regular Meta Moderators are not more likely to get mod points.
Now, for Bill to say "You don't need" instead of "we'll never have" is certainly a rather underhanded piece of spin control, because responsible vendors have to at least try to get it right, and the fact that we're busy putting processes in place to pick up the pieces when they blow it doesn't absolve them of that responsibility.
I'm not a big M$ fan but we're taking this out of context. The man just said the "perfect code" was not the answer. He's just saying that everyone shares blame. You have to patch, have firewalls and virus scanners, and work to improve code. If a Linux guy had uttered the same sentence we would have cheered. Come on guys, this isn't some conspiracy.
You just can't make up stuff like this! Bill Gates has you don't need perfect code to be secure. Does anyone else take this the same way I do: he's not gonna strive for any perfection cause security ain't his problem.
I suppose everyone can now just lean back, say "Bill Gates has spoken and it really isn't Windows' fault" and continue to use this same old shitty bug-ridden OS.
But my choice is clear. I was committed to Linux before; I am doubly committed now.
There is no such thing as "perfect" code.
To disagree with his statement is equavalent to saying you need perfect code for security.
Thus, if you need perfect code for security, and there is no such thing as perfect code, then you cannot possibly have security.
"If you had your firewall set up the right way -- and when I say firewall I include scanning e-mail and scanning file transfer -- you wouldn't have had a problem."
.NET thing is based upon letting the kitchen sink through any firewall just because its running over port 80, avoiding typical firewall functionality. How can we have our "firewall setup the right way" when M$'s business strategy is to circumvent properly manged firewallls ? I guess we'll all need to buy layer 7 scanners/filters to protect against the bad code.
This is funny to me because the whole
1. Write insecure code
2. Send it over port 80 to bypass firewalling
3. Profit
"Nothing is impossible for the man who refuses to listen to reason"
Software doesn't have to be perfect to be secure. It's quite possible for software to think that 2+2=5 and yet be unable to grant root privileges to an unauthorized user.
Despite the fact that Microsoft Windows is intended for use by computer experts and novices alike, the true onus of security still falls on the user.
billg wants your technophobe grandmother to buy and learn to use a PC bundled with Windows (which is great), and yet it's up to her to be responsible for security issues and preventative actions she cannot hope to understand until she gains a certain amount of expertise (which is ludicrous)... the kind of expertise that Microsoft has been claiming for years people shouldn't have to have to use Windows software.
So essentially, if Microsoft writes crappy software from a security point of view, it's still the user's fault if his or her computer is compromised.
Good one, Bill. I know your business resume pretty well, and your accomplishments are impressive, if not the tactics used to acheive them, but then what _exactly_ are your technical credentials again?
Stop making excuses for your company's LACK of a software architecture. At the end of the day, programs that run on Window still essentially own the machine, and since Windows is exposed to the internet by virtue of its networking, that exposes tens of millions of users to fatal security flaws, most of which stem not from subtle bugs deep in the extremely complex operating system code, but fundamental flaws in the design of the software. It is not for nothing that Microsoft Office is nicknamed the Microsoft Virus Developer's Kit.
Admit your mistakes, and quit with the annual so-called commitments to stopping all work to address the quality of security that only seem to result in a higher number of critical errors found, but no overall gains in stability.
I'll give Microsoft credit for finding and fixing more critical flaws in their software, but I think they'll only deserve more respect when they stop _making_ so many critical mistakes in the first place.
Of course, billg, it's not a problem for you because I'm sure you have lots of sharp networking professionals to secure the company network against Outlook viruses and SQL Server worms and all the other garbage we poor peasants deal with on a monthly basis.
If every copy of Windows came with a dedicated and competent computer professional to install and maintain it, I'm sure very few of us would ever have serious problems with our computers, but if that's the case, then perhaps you should admit that Windows is not intended for non-technical users.
Maybe those people should just use Macs.
You are in a maze of twisty little passages, all alike.
Funny how only hours after this is posted, an IRC worm begins to spread (at least on GamesNet), disguised as a girly jpg picture. It starts with someone pasting a link to jessica_alba.jpg. Clicking the link with IE automatically downloads a trojan which proceeds to delete critical system files, and make your IE home page gay pr0n. It also scripts your irc to make you /amsg the link, spreading itself further (and you can not see yourself spamming it).
.jpg link in IE. Do note that Mozilla is immune, and many other browsers probably are as well. "Firewalls and System Patches" do jack shit, the trojan will even disable any firewalls you may have.
All of this, simply by opening a
Once you have it, its too late. Critical system files are gone. When you reboot (if you can), you'll be bombarded with gay porn. Your basically screwed, and have no choice but to reformat.
How's that for Security?
Just when 640k stopped being enough for everyone...
Whether Gates is a security expert isn't the point. It's news because he is founder, face, chief executive, majority stockholder, and policy maker of the largest OS developer in the world.
/.'s anti-MS bias.
If the GM CEO said "we don't need to make safe cars, just safer drivers and roads" not only would it be newsworthy, but the sales and sock would be hurt, and it might be a breach of fiduciary duty to the corporation.
Gates might not code (anymore), but he is Grand Poobah, and he sets policy. What he says, goes, and all security coding monkeys follow suit.
The original story was very relevant and newsworthy, and not just due to
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Writing "perfect" code is not possible. You can certainly aim for perfect, but the best you can realistically hope for is "good enough". Gates is right in the sense that because there is no such thing as perfect code (especially not in commercial software, which, among other things, doesn't get the benefit of peer review like open source software does), users are very well advised indeed to use firewalls, anti-virus apps, et cetera, to help keep their systems safe. As for the stuff that still leaks through, well, keeping backups and using common sense takes care of most of that. Has for me, anyway. And yeah, I do run Windows.
Quality, performance, value; you get only two, and you don't always get to pick.
There's a line between convenience and leaving the whole system completely open. This is on the wrong side of that line.
Yeah, well I make firewalls, and I feel that firewalls don't need perfect code to avoid security problems. Instead, I suggest users acquire and properly configure Operating Systems which aren't vulnerable to as many threats, and that they patch these operating systems regularly.
What a crock, I worked for a security company all last year. Number one problem I saw during that time? Yup, garbage that got inside the firewall because of all those laptops running imperfect code. A vulnerability inside the firewall is still a vulnerability. And as any security consultant worth the rate he's charging you will tell, defense in depth, not just at the edge.
And people let this guy sell them software...
Well, so much for faith in your fellow man...
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
Have you ever stopped to consider that you might be a Steve Ballmer Ballsack Chomping Astroturfer?
You're not insightful or interesting. You're a bore.
Please crawl back into your troll hidey hole before the moderators see you.
test
What kind of message does that send to the developers who work for Gates?
The message to the devlopers who work for Gates has already been delivered by Bill Gates. Ten years of abyssmal quality and poor security attest to that fact. This is just public confirmation.
Expect change and a less-buggy, more secure Windows when hell freeezes over!
...and then sell them another band-aid.
Typical of The Beast to try and turn a liability into a profit center.
I would think that if the OS was doing its job, then these software apps would be put out of business. Boy how wrong I must have been. Well for goodness' sake, thanks for clearing that up Bill.
OpenBSD people were arguing over this point a year or two ago. C is known far and wide as the number one source of buffer overflows. Theo de Raadt postion for a while was that competent C programmers and a "secure by default" configuration was the way to go. But then there were a couple of embarassments in the OBSD camp, and Theo got sick and tired of repairing buffer overflows after the fact, so he added in stack protection and noexecutable pages to give OpenBSD users another "layer" of protection. FreeBSD has added support for ACL's to go with LOMAC and PAM (Linux), all of which are arguably redundant by Unix standards, but the demand for them is there. If people really trusted the network daemons running on their machines, why would they need firewalls?
Don't take my position to be that tracking down bugs and instabilities isn't important. It's just that you have to have a little more insurance when any one of 100 or more links in a chain could break.
Call me crazy, but since when does a firewall protect you against a script kiddie with GETROOT.EXE logged into your windows machine from its physical location?
Karma: It's all a bunch of tree-huggin' hippy crap!
First they call executable code (.net etc) through firewalls, if possible on port 80. RPC's over a (previously) relatively safe port that is open most of the time.
Then they say they will only update once in a month..
And then Billy comes along; install a firewall and keep your software up to date. Right, your company just made it pretty sure that both won't make much impact.
He should get more hands on experience, cause comments like this are not hitting their mark. Actually, it sounds like a blind man whacking around with a small table tennis bat.
It's interesting that the highest quality (in the sense of low bug count) code I've ever encountered is the source for TeX. IIRC, Knuth used to offer a financial reward for identifying bugs in the code, and a few people did get one, but after a while it was remarkably clean and he pretty much froze it at that point. No big development process. No ISO-certified XP-based integrated-team-managed fuss. Just a good guy, writing good code, and making a genuine effort to have it reviewed by enough competent people.
It's not the only way to make great code, but it's a shining example of what can be done with a bit of talent and a bit of effort in an otherwise pretty dim world.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
now try to apply ol' Gatesy's logic if u were one of the two unlucky pigs of the three.
"Straw huts are security as long as you patch it constantly." I hope you have speedier-than-speedy-gonzales hands when the big bad wolf comes with a leave blower.
Same to the twig houseowner.
Gates: pon todas las tuercas a todos los tornillos, no dejes ningun tornillo sin tuerca, me entiende usted?
open4free
No arguments hear, even calling gates a coder is a stretch, that's like calling DOS an enterprise ready OS. What we need is established consistency in the way things are handled, instead of a new stack and response for every bloody call. Even if I knew that calls were vulnerable I could then begin to address the situation as a whole, ie comprehensive firewalls, code staging servers, review and testing of patches prior to application, instead of dealing with every new issue as a discrete problem, when it is really the methodology at fault... BG's use of 2003 server as a comparision is ludicrous, it has not EVEN BEEN RELEASED to the public, and they are claiming an increase of a factor of 10 ?!?! Heck if I didn't release code in the wild it would be really secure too. I speak as one who has seen 2 alphas and several beta version of 2k3, they are getting better, given another 10 years or so they might be stable, solid and reliable, say like a 30 year old UNIX code base :) :(
BTW as for patches from winupdate, can I suggest using the redisributable downloads and staging them locally. I personally don't apply any patch from M$ without research, and a test machine...too many times a SP or patch has broken some other application, usually a M$ one
errr....umm...*whooosh* *whoosh* Is this thing on ?
> Then, the next day, some idiot who originally *thought it was a real love note and saved the attachment to his desktop* executed it again -- out of the context of an e-mail attachment.
Doesn't your organization require that the PCs have antivirus s/w installed on them? That would have stopped that filesave of the ILU virus cold.
Yes, all it takes is one idiot on a computer not protected with AV software.
"Theo de Raadt postion for a while was that competent C programmers and a "secure by default" configuration was the way to go."
Whereas Microsoft has an "inherently insecure design and a wide open configuration".
OpenBSD and FreeBSD *added new layers of security* in response to people's concerns.
In other words, when challenged, they rose to the challenge and modified the system to allow it to be locked down so that even if someone *did* break security they would have to deal additional layers to get through.
They also added a far more sophisticated client firewall than Windows has, immutable file systems, and the FreeBSD jail.
What has Microsoft done? Added code to try to detect if the security model has been broken and replace corrupted files if that happens, whereupon some virus writers apparently decided that the place to attack was where Microsoft was keeping the secure copies of files.
His point is technically true BUT completely irrelevant to Windows. The response to "all software has bugs" isn't "so we're no worse than anyone else". It's "how do we design things so the bugs don't lead to a security failure"? That's what everyone else does, but "We're Microsoft, we don't have to care".
It takes a village to secure a MS server?
---------
I had a point when I started but I . . . what am I doing here again?
It's time for some good marketers to hoist this statement sky-high! And use it to "relieve" MS of some of that responsibility. Basically they've just admited they can't [or won't] handle the responsibilites of being a "benevolant" monopoly! Add up some other MS gems like Steveie theatening to stop selling windows at one point and you have a case even the most jaded CEO would have to consider.
What we're seeing is that MS wants to make money, but wants [like so many other businesses] to make the liabilites for installed base "go away" The REAL market for OSS is in replacing all those Win98 boxen. MS doesn't want them, but can't afford to loose them either [stocks will plunge!] MS is trying to position itself as a premium brand..or if they aren't the FREE MARKET is doing it for them. After all, the price for Office 2003 just went UP Again...from only 2 years ago! That's a premium product, but it means admiting that Jobs is right to keep his price high and market small, but still make profit numbers. Real Business isn't about having it ALL, but being very profitable at what you're doing NOW. Although with the installed base of 90%+ the govt may have to step in with some monopoly regulation to protect the infrastructure...or just stand aside and let OSS take over!
That was exactly the same thing the auto industry of the 70's told it's customers...Until the Japs swooped in and showed them how to build cars right! The same thing will happen to MS...and we're watching Billy G. repeat the same mistake of every other US industry in the last 50 years. Seems to be a problem with US companies...20 years of brilliance then they self-destruct from their own incommpetence. It's the beginning of MS "whipping" period. It's not a big deal for the rest of us! And THAT is MS's problem.
It seems their public statements can be at odds with reality; certainly it was the case in the context that particular "firewall" policy.
Umm.. look again at what the parent commenter said.
The Microsoft Office team is cited as adding 'operating system' functionality to Office. That implies that there is indeed a chinese wall, and that since there was 'operating system' level functionality missing that they needed, they rolled their own.
That's not significantly different from a novice programmer (I have been guilty of this in the past) writing up his own routines to perform certain functions, when it would be more efficient use of time to use library functions that already exist.
The fact that the Office development team 'rolled their own' functionality actually validates the notion that there's a Chinese Wall in place.
However, your version is more useful for bashing Microsoft, so maybe I'm out of place here in making my comments.
A Good Intro to NetBS
Billy Boy is a blood sucking leach,
who happens to have pockets about
$500M deep, in a total of $35B.
Should we pitty such a misanthrop? No.
Souuld we excuse such a misanthrop? No.
Haha.. He's right and you're wrong. He's modded up and you aren't
Go lick a dick
I think they mean "They don't propogate as much because they're not as dunce as our system is...".
All kidding aside, I have no idea how accurate that statement is and wonder what the actual reality of it is. My first instinct is that this is an outlandish exaggeration (more Microsoft marketing FUD) but how can you really tell? Anyone can view *nix code but not everyone can view windows code. Has some unbiased group studied both sources and come to this conclusion?
Maybe Gates was talking all forms of Unix and Linux combined has more vunerabilites than windows...who knows?
-Pat
So are we going to make this kind of thing a yearly event? Sort of a ... Halloween is Microsoft day or something?
[signature]
I've generaly supported MS but for me this is rock bottom, when they don't even aim for reliable software.
VENI, VIDI, VICI, DIXI
Easy, apparently. Bill has an army of minions around to patch his entire corporate network... probably an entire department specifically for applying software patches. Why would he care, just another business expense, not like MS can't afford it.
But try that on a small business budget, or a non-profit budget. I work at a mid size non-profit that has been around for 110 years. We are well-respected and well-funded, but our technology budget does not allow for the full time job required to patch all of our Win 9x/NT/200x/XP machines. So we get out of date on one freaking Outlook patch; an email comes through with an auto-executing vbscript that isn't blocked by Outlook; the virus then spreads through the unpatched RPC hole onto 10 other unpatched machines. You get the point. Even a perfect firewall is USELESS when your email client and OS are swiss cheese! And come on, you have to let some stuff through; take email for an example!
Firewalls and ever-constant patching are not the answer!
We need more QA (Quality Assurance, a.k.a., bug-testing) in the software industry, no doubt about it. The current trend in software is upgrade, upgrade, upgrade (which drives hardware in turn, and vice versa). That is the business model that currently pulls in the big $$$ for Microsoft and the other big industry leaders. Problem is, they don't test anything, they just throw it out there, and then let US test it out for them. If we're lucky, we'll get the patch from MS, and install it, *before* the exploit comes out.
Bill Gates, this is crap. Worst. Policy. Ever.
Yes, security must be layered, but the "Crunchy on the outside" / "soft on the inside" model advocated by His Billness does nothing to help. All this barking about firewalls sounds like more trying to distract from the real problems which for the technical side of MS-Windows center on fundamental design flaws. On the financial side, fines, penalties, cancelled/delayed products, cancelled services and shrinking markets are becoming mainstrean knowledge.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Got to love it - Microsoft is saying "Security is job #1" and yet they say that the code does not need to be bug free to be secure because you should buy a firewall. Hey, if the firewall provides the security, what is the Microsoft code doing? Or, even better, what if the Firewall has the same quality standards as Microsoft? Would you then need a Firewall for your MS-Firewall?
Maybe "Job #1" for Microsoft is not the top priority - maybe they really ment that "Security is Job #0"
The joke is that many of those firewalls are running Linux or xBSD. Is BillG advocating non-microsoft software then?
See my journal, I write things there
Message, what message.....thats their whole philosophy @ microsoft...
What's another word for Thesaurus?
-Steve Wright
even calling gates a coder is a stretch
I couldn't google the link up quickly, but I started giving Gates credit as a coder when I read how his BASIC interpreter worked. I've done just a touch of assembly programming as a hobby, and Gates apparently, to save space, was able to cleverly reuse bits of the interpreter when newly written portions of his code matched previously written portions closely.
That is to say that he scoured the code he'd already written to see if there was any place he could JSR to reuse code -- essentially using functions in a language where there wasn't any such thing.
Sure, perhaps this was common practice then, but the point is that he got the concepts. And he, along with Allen, wrote something usable and sellable, and didn't shoot any blanks before becoming profitable. If you can't call Gates a programmer without stretching, people like John Carmack (afaict) are probably the only fellows that deserve the title around here. Which means not very many of us.
(Now this fact, of course, makes Microsoft's attitude towards security even less forgivable; it's not like they have some naive corporate exec running the ship. And, like I said, this makes Gates' comment about "perfect code" even worse. I don't think he's talking about "Code a la Plato's Forms". Rather, he seems to be justifying the security issues his reused, legacy code that didn't have networking in mind has when used in today's world! That's lazy and fairly irresponsible.)
It's all 0s and 1s. Or it's not.
No, of course not. There is always going to be an inherant tolerance level.
In windows' case we (most sensible users) will rely on a properly configured firewall. Equally, in linux we rely on user seperation etc. It is impractical to think that a software code base will ever become perfect. This will just not happen with the current generation of IT equipment and programming languages.
Taking this stance is definitely a wise decision. If every user had a firewall, we wouldnt get any of these current breed of worms attacking open windows ports etc.
But of course, do we then rely on the firewall *too much*?
Before anyone rants about the article, take some time to understand the context it was written.
Uh, we had to destroy the village in order to save it.
One of the computers in this house has xp on it. I prefer to do the updates manually. One of the critical updates was a DRM suite I purposelly avoided (more to do with polictial conscious in one form or another). Automatic updating mysteriously got turned on and their DRM scheme is in place.
Solution was to go on line and find out how to manually remove this crap from the computer cuz I simply don't trust the buggers enough to simply let me turn off and on services I choose.
Filthy bastards.
Did you guys know that the license (in terms of M$) was originally tolerated by because it was the easiest compromise between ownership and distributor-meaning I have an abolute right to do with my property as I see fit including copying and sharing. That by the US constitution it is illegal to license (to another individual) anything paided for or given.
Funtionality and ease of use do NOT go hand in hand. I'm so fucking tired of people bringing home the point that if an application is hard to use, then that means only inteligent people are behind the helm of that program. WRONG!! I've ment many Unix admins who understood the book smarts of running Unix, but when it came to trouble shooting, where clueless. In OS should be simple to use, that way you shift the burden of security to the developers. Then, you as an admin can focus on other endeavors to better help out the company whom employeed you.
Life is not for the lazy.
... get in to your computer using Microsoft's "features", its your own damn fault.
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
but it helps.