Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Security Report Card

Posted by CowboyNeal on from the room-for-improvement dept.

Decaffeinated Jedi writes "In January 2002, Microsoft launched an initiative called 'Trustworthy Computing' aimed at building better security into its products. It's now two years later, and News.com serves up a report card evaluating Microsoft's efforts. Kevin Kean, a group manager at Microsoft's Security Response Center, points out that customers are better off now than they were before the company made the move to refocus on security issues. An analyst quoted in the article, Stephen O'Grady, agrees that he would give Microsoft 'improved marks,' but also notes that the company is not yet where it needs to be in terms of security. He goes on to suggest, however, that 'the numbers indicate that they are at least taking it seriously.' It sounds like Microsoft might have earned itself an Incomplete on this report card."

1 of 354 comments (clear)

  1. Re:Let's be honest by glh · · Score: 4, Informative

    1: Microsoft has been convicted of antitrust violations. Hence why .net can't be used by linux programmers.
    What's stopping them? The go-mono project is quite active- I get at least 50 emails a day from linux programmers that are using .NET on linux. There is also .GNU and some other projects. Rotor is only for "educational purposes" but it runs on OpenBSD.

    2: Blaster.
    The most popular platform, ran by the most people in the world, etc. is bound to have security holes that get exploited. Unfortunately when 95% of the people out there don't know how to patch, these are blown way out of proportion. One company can only do so much to prevent the problems- anything else and you get complainers (see point #4).

    Many linux groups are still nitpicky crazy people who instead of agreeing and copromising, they bicker. Even more are lazy, or greedy, or just plain stupid.
    I've presented at LUG's and I would somewhat agree with this point. There are some people that are just interested in getting things work, but many of them are hecklers, complainers, etc. It's just the sub culture. I used to be "on the other side of the fence" and I know the mindset. Once I graduated college and started working with business, my perspective changed quite a bit. People are drawn to anger/hate/etc. and unfortunately leaders in the linux community help foster this so it continues to pervade.

    4: Open source people see Microsoft's code signing as a way to enact DRM, which is a polite way of saying they want total world domination. Many linux guru's like the idea of code signing, they just don't like Microsoft and they have good reasons.

    Exactly. MS starts implementing security to eliminate things that happen in #2, and now the complaints start rolling in. No matter what MS does there will always be naysayers. They will never be satisfied.

    5: Linux, netware, and other operating systems are still used for servers more often than Microsoft's software. MS's software is only used on desktops because everyone knows it. I'v used KDE on suse 8.1, it works well for anyone accept power users and I see no reason for ma n' pa to spend $300 on a new copy of winxp so they can check their e-mail.

    In most companies that I have worked in or with, Linux tends to be used primarily for non-critical systems. Solaris is used on any other *nix based system for critical things (eg. production oracle databases), and the hardware cost is astronomical in comparison. We are converting to Win2K servers. The license cost for a business is not what a consumer would pay, in fact it is significantly less (ex-$100 instead of $300 for XP). Most new PC's that companies order (ie, dell) come with WinXP anyway.

    6: Coding tools for linux exist that are open source and that work well. Not everyone is coding in C. .Net isn't unique

    Ok, as a .NET developer I definitely have some comments on this one. One of the biggest reasons I "switched" to MS was because of the development tools available. Not only that, but also the support, and the willingness of the developer community (tons and tons of support- just do a google search), as well as Microsoft. There are MS dev leads that help support developers FREE of charge. Sure, the cost of the tool can be pricey, but you aren't just buying the tool. Also, I have never found a tool that has all the needed capabilities/performance/integrated environment of VS.NET in an open source project (for any language). Some open source Java tools come close, but they tend to be really slow and lacking one or two key features that I need to be productive.

    7: Linux is known for it's efficiency. On a server, efficiency > ease of use. Ms's software was designed for idiots,

    I don't think it was designed for "idiots" but I agree that there is definitely a level of abstraction that MS unnecessarily gives the sys admin that ca