Slashdot Mirror


Windows Not Expected Secure Until 2011, Says MS

Rantastic writes "In a recent interview with Wired Magazine, Microsoft Security Program Manager Stephen Toulouse, when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline." He also reveals that he runs Firefox."

7 of 627 comments (clear)

  1. Palladium? by onree · · Score: 5, Interesting

    Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.

  2. I dont know if he really *uses* firefox... by angst7 · · Score: 4, Interesting

    The context made it seem more like he saw an opportunity to mention a flaw in the competing product.

    --
    StrategyTalk.com, PC Game Forums
  3. Comment removed by account_deleted · · Score: 4, Interesting

    Comment removed based on user account deletion

  4. It's the fundamental APIs by msobkow · · Score: 4, Interesting

    The heavy use of anonymous pointers, multi-function entry points, and DLL initialization/release interactions create an absolute nightmare to maintain.

    Even for a relatively small project, you have to spend a fair amount of time just getting code separated into mainline and DLL. Then you get the joy of dealing with the weirdities of the Windows variation on process interaction with DLLs.

    I can't imagine any way of securing that spaghetti except to scrap the Win32 API and make the .Net framework the Windows programming layer. Then you can get rid of those holdover APIs from DOS-thunker days and replace the kernel with one that was designed for multi-user security.

    You can be grateful Microsoft is finally taking security seriously if you like. I look back on 10-15 years of pager calls, system recoveries, and late projects because of bugs, many of which have never been fixed. My patience with their problems and excuses ended a long, long time ago.

    Don't forget Microsoft has been around almost exactly as long as GNU.org. Linux is a pup compared to Windows, yet look how much faster that team addresses problems than the much larger team at Microsoft.

    If Microsoft's market share begins hurting because of their security issues, they've no one else to blame but themselves. If the industry demands POSIX server APIs and Windows can't deliver, Microsoft has no one to blame but themselves -- the Cygwin team seems to have managed the task.

    Microsoft and a lot of other companies need to get back to re-verifying their core business and refocus on producing marketable products and services. Times change, and last decade's sure winner is last year's end-of-life product. A little less focus on the stock market, and a little more on realistic business models and long-term viability.

    --
    I do not fail; I succeed at finding out what does not work.
  5. Re:I security really that important? by EinarH · · Score: 4, Interesting

    Read this.

    --

    Melius mori in libertate quam vivere in servitute.

  6. Re:Doubledge sword by Anonymous Coward · · Score: 4, Interesting

    How can MS be 1 step ahead in features when they are struggling to put into Windows by 2006 what is already in OS X?

    They aren't.

    The only thing I can think of that you might be referring to is Avalon. And that is considerably more advanced than Quartz Extreme. Quartz Extreme is like the current Windows rendering engine on steroids - it does more in hardware, it does more fancy stuff, but at heart it's still 2D bitmap-based software rendering with some fancy anti-aliasing, alpha compositing, and Expose bolted on top. Avalon is fully vector-based and done entirely in hardware. You simply can't compare the two directly.

  7. Re:Doubledge sword by PocketPick · · Score: 5, Interesting

    Those are all nice features for some, but not features that will sell an operating system to Joe User. When a user boots up thier computer, they want three things:

    -To Read Email
    -To Use Office (or other word processing/spreadsheet/presentation application)
    -To Surf the internet.

    That's all. My grandmother doesn't care if KDE provides quick access to the console terminal, nice configuration of profiles or quick ways to make system level modifications. And she definitetly wouldn't care about ports or tcp-ip (even if she had a vague idea of what they were). In short, she would have no intention of touching these features in the first place even if they were present in Windows.

    Your case of installation is another excellent example. Windows install methods are kept basic for the simple reason that even your most average user has to be able to perform it (and Microsoft knows it). Having a variety of installation methods and added complexity tends to scare people away from any product in general. Whether it's simply choosing 1 application from hundreds that you want to install or telling someone to setup partitions and swap space, they'll be terrified if you put too much in thier face.

    Linux Distribution companies realize this, and are working hard to simplyfy thier installation methods. Based on what i've seen when I picked up SuSE 9.0 a while back, this is certainly true.

    In time, people will come to become more computer literate, and perhaps these features will have some meaning. Till then though, it's not going to be all the fancy under-the-hood features that sell a product. It's going to be simplicty.