Posted by
CmdrTaco
on from the you-can-do-it dept.
Rantastic writes "In a recent interview with Wired Magazine, Microsoft Security Program Manager Stephen Toulouse, when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline." He also reveals that he runs Firefox."
Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.
I dont know if he really *uses* firefox...
by
angst7
·
· Score: 4, Interesting
The context made it seem more like he saw an opportunity to mention a flaw in the competing product.
Buy a car from my company now!
by
tie_guy_matt
·
· Score: 3, Interesting
Yes buy a car from me today. Look at all the great features! The controls are so easy to use! Any idiot can drive one!
Of course we won't perfect the brakes or the air bags for another 10 years or so, but hey the seat belts work most of the time. So buy my car version "XP" now so you can get a taste of what a safe car of the future will be like
Comment removed
by
account_deleted
·
· Score: 4, Interesting
Comment removed based on user account deletion
Re:In case you're wondering... why?
by
4of12
·
· Score: 3, Interesting
the idea that an MS head is using firefox
and that he projects such a long time for security to happen gives him greater credibility among IT people that have a clue.
MS has lost so much credibility in so many ways in the past that they have nowhere to go but up. Why pretend anymore?
-- "Provided by the management for your protection."
It's the fundamental APIs
by
msobkow
·
· Score: 4, Interesting
The heavy use of anonymous pointers, multi-function entry points, and DLL initialization/release interactions create an absolute nightmare to maintain.
Even for a relatively small project, you have to spend a fair amount of time just getting code separated into mainline and DLL. Then you get the joy of dealing with the weirdities of the Windows variation on process interaction with DLLs.
I can't imagine any way of securing that spaghetti except to scrap the Win32 API and make the.Net framework the Windows programming layer. Then you can get rid of those holdover APIs from DOS-thunker days and replace the kernel with one that was designed for multi-user security.
You can be grateful Microsoft is finally taking security seriously if you like. I look back on 10-15 years of pager calls, system recoveries, and late projects because of bugs, many of which have never been fixed. My patience with their problems and excuses ended a long, long time ago.
Don't forget Microsoft has been around almost exactly as long as GNU.org. Linux is a pup compared to Windows, yet look how much faster that team addresses problems than the much larger team at Microsoft.
If Microsoft's market share begins hurting because of their security issues, they've no one else to blame but themselves. If the industry demands POSIX server APIs and Windows can't deliver, Microsoft has no one to blame but themselves -- the Cygwin team seems to have managed the task.
Microsoft and a lot of other companies need to get back to re-verifying their core business and refocus on producing marketable products and services. Times change, and last decade's sure winner is last year's end-of-life product. A little less focus on the stock market, and a little more on realistic business models and long-term viability.
-- I do not fail; I succeed at finding out what does not work.
Re:I security really that important?
by
EinarH
·
· Score: 4, Interesting
Melius mori in libertate quam vivere in servitute.
"Secure" is an end user decision - a balance
by
cheros
·
· Score: 3, Interesting
Although I agree with you questioning the definition, I disagree with your subsequent line of reasoning. An end user should not be expected to have to become a car mechanic to just run a car, but this is precisely what Windows is presently asking.
I've switched people (end users, not techies) to both Mac and Linux, and in both cases there was a general relief of not having to patch so much (I let them try for a month first). "So much" is the defining factor here - it's way, waaay too much for a common end user (and now well beyond the capability of an average modem to cope with, see SecurityFocus.com). To stay with car analogies, the Windows end users now run cars that need a brake fluid change every half mile. And when they ask the dealer they are told that the next car they buy will be better - out in the next couple of years or so.
Ask yourself: would you really, really like to buy another car of that make when there is a growing mountain of evidence that it can be different? Those I switched over didn't want to go back once they passed that first "It's new and scary" hump. That tells me more than marketing campaigns or "facts" give me.
Enough is enough - they had their chance. Anyone responsible for running a business should start to look at the risks they run - and insurances should start to have a good look at how much risk they insure if the business runs Windows.
-- Insert.sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
Re:Doubledge sword
by
Anonymous Coward
·
· Score: 4, Interesting
How can MS be 1 step ahead in features when they are struggling to put into Windows by 2006 what is already in OS X?
They aren't.
The only thing I can think of that you might be referring to is Avalon. And that is considerably more advanced than Quartz Extreme. Quartz Extreme is like the current Windows rendering engine on steroids - it does more in hardware, it does more fancy stuff, but at heart it's still 2D bitmap-based software rendering with some fancy anti-aliasing, alpha compositing, and Expose bolted on top. Avalon is fully vector-based and done entirely in hardware. You simply can't compare the two directly.
Re:Download.Ject -- CORRECTION
by
SlowMovingTarget
·
· Score: 3, Interesting
Hee hee hee... I find the following bit from Microsoft's instructions on how to clean the trojans funny:
Note If you have difficulty running the Download.Ject removal tool from this page, it may be due to your browser's security settings. You can also try downloading the removal tool... (emphasis added)
Basically, they're saying that you don't have IE in pants-down mode, so their ActiveX scripty-do can't run. Is that ironic, or just amusing?
Re:Doubledge sword
by
PocketPick
·
· Score: 5, Interesting
Those are all nice features for some, but not features that will sell an operating system to Joe User. When a user boots up thier computer, they want three things:
-To Read Email
-To Use Office (or other word processing/spreadsheet/presentation application)
-To Surf the internet.
That's all. My grandmother doesn't care if KDE provides quick access to the console terminal, nice configuration of profiles or quick ways to make system level modifications. And she definitetly wouldn't care about ports or tcp-ip (even if she had a vague idea of what they were). In short, she would have no intention of touching these features in the first place even if they were present in Windows.
Your case of installation is another excellent example. Windows install methods are kept basic for the simple reason that even your most average user has to be able to perform it (and Microsoft knows it). Having a variety of installation methods and added complexity tends to scare people away from any product in general. Whether it's simply choosing 1 application from hundreds that you want to install or telling someone to setup partitions and swap space, they'll be terrified if you put too much in thier face.
Linux Distribution companies realize this, and are working hard to simplyfy thier installation methods. Based on what i've seen when I picked up SuSE 9.0 a while back, this is certainly true.
In time, people will come to become more computer literate, and perhaps these features will have some meaning. Till then though, it's not going to be all the fancy under-the-hood features that sell a product. It's going to be simplicty.
Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.
The context made it seem more like he saw an opportunity to mention a flaw in the competing product.
StrategyTalk.com, PC Game Forums
Yes buy a car from me today. Look at all the great features! The controls are so easy to use! Any idiot can drive one!
Of course we won't perfect the brakes or the air bags for another 10 years or so, but hey the seat belts work most of the time. So buy my car version "XP" now so you can get a taste of what a safe car of the future will be like
Comment removed based on user account deletion
the idea that an MS head is using firefox
and that he projects such a long time for security to happen gives him greater credibility among IT people that have a clue.
MS has lost so much credibility in so many ways in the past that they have nowhere to go but up. Why pretend anymore?
"Provided by the management for your protection."
The heavy use of anonymous pointers, multi-function entry points, and DLL initialization/release interactions create an absolute nightmare to maintain.
Even for a relatively small project, you have to spend a fair amount of time just getting code separated into mainline and DLL. Then you get the joy of dealing with the weirdities of the Windows variation on process interaction with DLLs.
I can't imagine any way of securing that spaghetti except to scrap the Win32 API and make the .Net framework the Windows programming layer. Then you can get rid of those holdover APIs from DOS-thunker days and replace the kernel with one that was designed for multi-user security.
You can be grateful Microsoft is finally taking security seriously if you like. I look back on 10-15 years of pager calls, system recoveries, and late projects because of bugs, many of which have never been fixed. My patience with their problems and excuses ended a long, long time ago.
Don't forget Microsoft has been around almost exactly as long as GNU.org. Linux is a pup compared to Windows, yet look how much faster that team addresses problems than the much larger team at Microsoft.
If Microsoft's market share begins hurting because of their security issues, they've no one else to blame but themselves. If the industry demands POSIX server APIs and Windows can't deliver, Microsoft has no one to blame but themselves -- the Cygwin team seems to have managed the task.
Microsoft and a lot of other companies need to get back to re-verifying their core business and refocus on producing marketable products and services. Times change, and last decade's sure winner is last year's end-of-life product. A little less focus on the stock market, and a little more on realistic business models and long-term viability.
I do not fail; I succeed at finding out what does not work.
Read this.
Melius mori in libertate quam vivere in servitute.
Although I agree with you questioning the definition, I disagree with your subsequent line of reasoning. An end user should not be expected to have to become a car mechanic to just run a car, but this is precisely what Windows is presently asking.
I've switched people (end users, not techies) to both Mac and Linux, and in both cases there was a general relief of not having to patch so much (I let them try for a month first). "So much" is the defining factor here - it's way, waaay too much for a common end user (and now well beyond the capability of an average modem to cope with, see SecurityFocus.com). To stay with car analogies, the Windows end users now run cars that need a brake fluid change every half mile. And when they ask the dealer they are told that the next car they buy will be better - out in the next couple of years or so.
Ask yourself: would you really, really like to buy another car of that make when there is a growing mountain of evidence that it can be different? Those I switched over didn't want to go back once they passed that first "It's new and scary" hump. That tells me more than marketing campaigns or "facts" give me.
Enough is enough - they had their chance. Anyone responsible for running a business should start to look at the risks they run - and insurances should start to have a good look at how much risk they insure if the business runs Windows.
Insert
How can MS be 1 step ahead in features when they are struggling to put into Windows by 2006 what is already in OS X?
They aren't.
The only thing I can think of that you might be referring to is Avalon. And that is considerably more advanced than Quartz Extreme. Quartz Extreme is like the current Windows rendering engine on steroids - it does more in hardware, it does more fancy stuff, but at heart it's still 2D bitmap-based software rendering with some fancy anti-aliasing, alpha compositing, and Expose bolted on top. Avalon is fully vector-based and done entirely in hardware. You simply can't compare the two directly.
Hee hee hee... I find the following bit from Microsoft's instructions on how to clean the trojans funny:
Basically, they're saying that you don't have IE in pants-down mode, so their ActiveX scripty-do can't run. Is that ironic, or just amusing?
Those are all nice features for some, but not features that will sell an operating system to Joe User. When a user boots up thier computer, they want three things:
-To Read Email
-To Use Office (or other word processing/spreadsheet/presentation application)
-To Surf the internet.
That's all. My grandmother doesn't care if KDE provides quick access to the console terminal, nice configuration of profiles or quick ways to make system level modifications. And she definitetly wouldn't care about ports or tcp-ip (even if she had a vague idea of what they were). In short, she would have no intention of touching these features in the first place even if they were present in Windows.
Your case of installation is another excellent example. Windows install methods are kept basic for the simple reason that even your most average user has to be able to perform it (and Microsoft knows it). Having a variety of installation methods and added complexity tends to scare people away from any product in general. Whether it's simply choosing 1 application from hundreds that you want to install or telling someone to setup partitions and swap space, they'll be terrified if you put too much in thier face.
Linux Distribution companies realize this, and are working hard to simplyfy thier installation methods. Based on what i've seen when I picked up SuSE 9.0 a while back, this is certainly true.
In time, people will come to become more computer literate, and perhaps these features will have some meaning. Till then though, it's not going to be all the fancy under-the-hood features that sell a product. It's going to be simplicty.