Posted by
CmdrTaco
on from the you-can-do-it dept.
Rantastic writes "In a recent interview with Wired Magazine, Microsoft Security Program Manager Stephen Toulouse, when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline." He also reveals that he runs Firefox."
Missing: Interview
by
RobertB-DC
·
· Score: 5, Insightful
What sort of "interview" only includes four loaded questions? Wired gets hold of the Microsoft "security program manager", and these are all the questions they ask? I'm no M$ fanboy (though I must admit I make a living writing programs for Windows), but surely they can do better than this obvious hatchet job:
WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?
In other words: So, when will you stop beating your wife?
Meanwhile, Firefox and Opera look awfully appealing.
Ok, the guy really stepped in it here when he plugged Firefox (though I'm an Opera fan, myself).
What about removing capabilities from IE to beef up security?
You think you'll get him to promise to cut off "capability"-dependent programs (and their programmers) at the knees?
Seems like you're fighting a losing battle.
Objection: counsel is badgering the witness. The only appropriate answer would probably be, "Yes, we are, f*** you very much."
-- Stressed? Me?
Of course not.
Stress is what a rubber band feels before it breaks, silly.
Re:Missing: Interview
by
MrMr
·
· Score: 5, Insightful
In other words: So, when will you stop beating your wife? Except that to make the analogy complete, you should add that in this case the question is put to somebody who is actually busy beating his wife...
Objection: counsel is badgering the witness Overruled, Wired reporters are not counsel but more like prosecution, and this guy is not a witness but a suspect.
Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.
Reading between the lines
by
El
·
· Score: 5, Funny
"it's more of a 10-year timeline... but my stock options will be fully vested in 5 years, so I'll be long gone before the shit hits the fan on security still not being fixed!"
--
"Freedom means freedom for everybody" -- Dick Cheney
Re:Download.Ject -- CORRECTION
by
romper
·
· Score: 5, Informative
Sorry to reply to my own post, but figured I should before the flamethrowers start in.
Download.Ject information is actually here. The exploit referred to above is actually the "what a drag" exploit. Still pretty scary if you ask me.
When will Open Source advocates realize that it's just this sort of behind-the-times technological gaffe that will keep Linux in single-digit marketshare forever?;)
-- I watched C-beams glitter in the dark near the Tannhauser gate.
Fat lot of good it will do...
by
darth_MALL
·
· Score: 5, Funny
According to the Mayan Calendar We'll only get a year to enjoy it!
No Time Toulouse
by
Otis2222222
·
· Score: 5, Funny
The first thing I thought of when I saw the guy's name. Still cracks me up everytime I see it. Am I the only one that thought of this sketch?
Security Update
by
MikeMacK
·
· Score: 5, Insightful
Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system.
But that's just it, at least he had an update to install, MS doesn't release security updates as quickly as it needs too, as the first question mentioned.
Actually, the exploit only worked on Windows Machines. Firefox for Linux, MacOS etc was not affected. It had more to do with native Windows security than it had to do with Firefox.
-- Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
They left the spinning to Slashdot. RTFA. The interviewee says:
It's not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline.
What me meant is that Microsoft is completely reworking the way their browser operates -- not just toughening a few system calls here and there. A total reconsideration of how a browser should be designed.
The Slashdot editors took that and spit out "AHAHA M$IE INSEKURE UNTIL 2011! LOL@GATES"
You may think that its funny that firefox doesn't support Download.Ject technology, but for the rest of us in the real world, how can we offer it as an alternative to explorer? My PHB will just say "Ignignot, I like this FireFox thing you have working on my computer. But I've read in the Wall Street Journal that it doesn't support Download.Ject. I'm afraid we simply can't afford to make this switch."
We need this feature fixed now if not sooner, otherwise we're all going to be stuck using this insecure MS offering!
When will there ever be a feature complete open source internet explorer??
-- I submitted this story last night, and it didn't get posted.
To be fair...
by
artemis67
·
· Score: 5, Insightful
he didn't say that FireFox was his primary browser, he just said that he had to patch it because of a vulnerability.
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
Among other browsers, I'm sure!
by
addie
·
· Score: 5, Insightful
He also reveals that he runs Firefox
Indeed, parent post is correct. Besides, the article doesn't say that he uses FireFox exclusively by any means. In fact he only mentions FireFox to prove that all browsers are susceptible to attacks.. Here's hoping he also uses NS, Opera, Safari, and whatever browser he can to do testing and research.
Yet more spin by/. zealots who don't take the article at face value.
What kind of pathetic headline is that? When did MS say "MS not expected secure until 2011"?!?! This is called sensationalist GARBAGE, people! Stop putting this swill up as headline material.
Having someone say "it's more of a 10-year timeline" does not equate to "MS not expected secure until 2011"...much less "MS says" 2011. The phrase "more of a..." connotes a generality. The headline is pure, conjured specificity.
Crap like this makes me become seriously disenchanted with Slashdot.
Even XP SP2 is easy to tamper with
by
mslinux
·
· Score: 5, Informative
Change the following registry value to 4 and the new "Windows Security Center" will stop working upon reboot... it runs as a service that any admin user can kill. Did I mention that by default all XP users are admin;)
Also, here's a Python script that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.
This is just two example of what MS does to "secure" their systems. God help us all.
Re:Firing offense?
by
brickbat
·
· Score: 5, Informative
This really needs to be modded down, as it's not only not insightful, it demonstrates a total lack of comprehension of Toulouse's response.
He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.
And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.
So, please mod the parent down -1, Needs a Clue.
Re:Bash away...
by
BenjiPenguin
·
· Score: 5, Insightful
"Microsoft is partly to blame, but they're the biggest fish in the sea. Every 'fisherman' is out to get them. When Linux or Mac or Mozilla or whatever becomes the primary player, they will be found out to have just as many liabilities in the security department, I'm sure... They may get fixed quicker because of the relative smallness and open source attributes, but the bugs are there. Just no one is looking/caring too much. Yet."
Linux is already one of the biggest players in the server department, and that's where a majority of viruses and exploits are aimed at... I still don't see announcements for all these business running Linux servers being compromised.... The fact is, Linux is theoretically and in actual practice more stable and secure. Windows isn't.. A virus won't JUST affect your user account files in Windows... I think they're mostly to blame...
"
No... so, maybe we should just START to take a little blame for windows security problems. Stop running that cute screensaver your Aunt Matilda sent you. Don't go to webpages that advertise 'warez' and 'free 3leet mp3z!'"
People aren't that smart.
Re:I security really that important?
by
hernyo
·
· Score: 5, Insightful
This sounds like "death is good because it makes us appreciate life"...
Non-security is a thing we don't like, so of course we want to get rid of it.
----- yeah, my englisk sucks
Re:I security really that important?
by
dodgy_knickers
·
· Score: 5, Insightful
"Has the horrendous security done anything other than support thousands of jobs and spawed a massive aftermarket security industry?"
By that logic, we should view terrorism as good for the economy since it creates jobs for the folks employed at the office of Homeland Security.
Think, real hard. What other effects came from from security flaws (in either case)? Anything bad? Anything at all?
Perhaps this is just crazy talk, but I submit that there are better ways to stimulate the economy.
-kev
Re:I security really that important?
by
mrchaotica
·
· Score: 5, Insightful
Those thousands of jobs are just running on a treadmill and sucking resources from companies that do real work. If Windows was secure, all that capital and talent could be used for something better.
--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:Firing offense?
by
calethix
·
· Score: 5, Insightful
That's what I'd like to know. The article summary makes it sound like he uses Firefox because he doesn't trust IE.
All I found in the article was: "Meanwhile, Firefox and Opera look awfully appealing.
Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
That sounds more to me like he's trying to point out that other browsers can have vulnerabilities as well. He doesn't say anything about exclusively using Firefox. Maybe he just installed Firefox just to see what the competition is like.
Re:What is unfair here?
by
danheskett
·
· Score: 5, Insightful
What spinning or unfair editing took place here?
No, the Microsoft guy said that the security goals set forth are not short term goals, but rather, long terms goals, aka 10 years.
The headline of the Slashdot article makes it seems like he said flat out that Windows will be insecure for 10 years. Which isn't true, and which isn't what he said.
At some point people on Slashdot are going to have to come to grips with the fact that there are levels of security. MS is in the middle of a big push to change how they themselves and more importantly their customers think about security.
It's a non-trivial thing. Windows developers haven't been thinking about security until recently. It's been a non-issue until the world and MS made it one.
Getting the core of Microsoft software, applications, services and servers up to date, as well as creating tools that forcefully prod developers into coding effectively and securely is the real big goal of Microsoft's security plan.
Now look at this very short interview. The original question was:
We asked Stephen Toulouse, Microsoft's security program manager, if Redmond is fighting a war it can't win.
That's clearly the question he is responding to in the final "question": "Seems like you're fighting a losing battle.".
Rethink it in light of that question. Security isn't a start at X, arrive at Y, and you are done thing. Any developer knows that.
MS has done the basic things they never did before: disable services by default, enforce passwords, use least privelage practices, and the like. That's step 1. They've gone a head and prodded developers to be more conscious of security problems - that's step 2. They've updated thier own software to be much more resilent to attack. This isn't about just buffer overruns and whatnot. It's about cross-site scripting, phishing, and the like. It's about redesigning things to be secure by default.
Getting everyone in the Windows world to that point is the stated goal of the MS security initiative. The Slashdot headline made it seem like a MS rep said point blank that to make Windows secure would take until 2011. And that is pretty clear.
When the question "Seems like you're fighting a losing battle" was posed the MS guy responded by saying "'s not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline."
Finally,as an FYI. The rate of security flaws in Windows itself isn't terribly bad. Windows XP is a decent product, and it's not terribly hard to harden. Take a Windows XP box, turn on auto-updates, run FireFox, and be done with it.
Re:Bash away...
by
Kent+Recal
·
· Score: 5, Insightful
Linux remote-root exploits just happen rarely and kernel exploits even more so.
But what excuse does the biggest software company in the world have to not fix the gaping security holes in their two most used and probably most sensitive applications, explorer and outlook? We are watching this weekly windows exploit drama not for months but for years now. It's getting really old and its not funny at all anymore.
The worms we have seen were pretty harmless in my book, I'm still waiting for the one that carries some more serious payload. Like wiping out all accessible drives (network volumes), saturating all network cards with malicious packets, stuff like that. MS probably needs that kind of wake up call but are they really that bone-headed to not see it coming?
Doubledge sword
by
superpulpsicle
·
· Score: 5, Insightful
Linux will always be 1 step ahead in security.
MS will always be 1 step ahead in features.
Guess what, features sell. Maybe in the year 3000 things might be different.
Re:Doubledge sword
by
PocketPick
·
· Score: 5, Interesting
Those are all nice features for some, but not features that will sell an operating system to Joe User. When a user boots up thier computer, they want three things:
-To Read Email
-To Use Office (or other word processing/spreadsheet/presentation application)
-To Surf the internet.
That's all. My grandmother doesn't care if KDE provides quick access to the console terminal, nice configuration of profiles or quick ways to make system level modifications. And she definitetly wouldn't care about ports or tcp-ip (even if she had a vague idea of what they were). In short, she would have no intention of touching these features in the first place even if they were present in Windows.
Your case of installation is another excellent example. Windows install methods are kept basic for the simple reason that even your most average user has to be able to perform it (and Microsoft knows it). Having a variety of installation methods and added complexity tends to scare people away from any product in general. Whether it's simply choosing 1 application from hundreds that you want to install or telling someone to setup partitions and swap space, they'll be terrified if you put too much in thier face.
Linux Distribution companies realize this, and are working hard to simplyfy thier installation methods. Based on what i've seen when I picked up SuSE 9.0 a while back, this is certainly true.
In time, people will come to become more computer literate, and perhaps these features will have some meaning. Till then though, it's not going to be all the fancy under-the-hood features that sell a product. It's going to be simplicty.
Re:Doubledge sword
by
Joe+U
·
· Score: 5, Insightful
And now I'll answer as the average Joe User.
how many ports (cpu architectures) does windows run on?
One, the system I own. I don't care about the others. I have no need to, this is not a hobby, this is my computer.
is windows tcpip more featureful and flexible than windows?
It works with everything I have.
which version of windows has more GUI features than the latest KDE or GNOME?
Without editing files and getting complicated? 95/98/Me/2000/XP/NT 4
does windows or dos support more different hardware than linux? (I have one pentium3 sitting right here that crashes on the HLT instruction. I can only run Linux on it, and quite well.)
Your hardware is broken, you should fix it.
how many different ways can you install windows?
One, the way it installs on my system.
is windows' threads implementation the best in the market?
As far as I'm concerned it is.
is windows memory management the best in the market?
As far as I'm concerned it is.
show me the most secure windows, I'll show you 10 more oses more secure than that.
Misleading statement.
by
halfabee
·
· Score: 5, Informative
From the article: "Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
I presume that Toulouse was referring to the update that fixed the "shell:" exploit.... this was only a problem with Firefox on Windows machines, because the flaw is inherit in the OS, not in the Firefox browser.
True, security is an issue about which everyone in the industry should be concerned. Call a spade a spade, though... Microsoft is well behind the curve.
-- --
Halfabee
Actually, you're wrong.
by
transops.net
·
· Score: 5, Informative
Your comment was:
"He doesn't "reveal" that he uses Firefox either. Nowhere in the article does it state such."
To quote TFA:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
Please RTFA before posting corrections to the comments of others. Thank you.
Slashdot Mirror
Stephen Toulouse also admitted he is retiring in 2010...
-- www.globaltics.net
Political discussion for a new world
What sort of "interview" only includes four loaded questions? Wired gets hold of the Microsoft "security program manager", and these are all the questions they ask? I'm no M$ fanboy (though I must admit I make a living writing programs for Windows), but surely they can do better than this obvious hatchet job:
WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?
In other words: So, when will you stop beating your wife?
Meanwhile, Firefox and Opera look awfully appealing.
Ok, the guy really stepped in it here when he plugged Firefox (though I'm an Opera fan, myself).
What about removing capabilities from IE to beef up security?
You think you'll get him to promise to cut off "capability"-dependent programs (and their programmers) at the knees?
Seems like you're fighting a losing battle.
Objection: counsel is badgering the witness. The only appropriate answer would probably be, "Yes, we are, f*** you very much."
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.
"it's more of a 10-year timeline... but my stock options will be fully vested in 5 years, so I'll be long gone before the shit hits the fan on security still not being fixed!"
"Freedom means freedom for everybody" -- Dick Cheney
Download.Ject information is actually here. The exploit referred to above is actually the "what a drag" exploit. Still pretty scary if you ask me.
Anyway, the editor (me) regrets this error. =)
Right is wrong when left is right.
Sadly, Firefox isn't affected.
;)
When will Open Source advocates realize that it's just this sort of behind-the-times technological gaffe that will keep Linux in single-digit marketshare forever?
I watched C-beams glitter in the dark near the Tannhauser gate.
According to the Mayan Calendar We'll only get a year to enjoy it!
The first thing I thought of when I saw the guy's name. Still cracks me up everytime I see it. Am I the only one that thought of this sketch?
But that's just it, at least he had an update to install, MS doesn't release security updates as quickly as it needs too, as the first question mentioned.
They left the spinning to Slashdot. RTFA. The interviewee says:
It's not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline.
What me meant is that Microsoft is completely reworking the way their browser operates -- not just toughening a few system calls here and there. A total reconsideration of how a browser should be designed.
The Slashdot editors took that and spit out "AHAHA M$IE INSEKURE UNTIL 2011! LOL@GATES"
Hardly seems fair.
Cretin - a powerful and flexible CD reencoder
You may think that its funny that firefox doesn't support Download.Ject technology, but for the rest of us in the real world, how can we offer it as an alternative to explorer? My PHB will just say "Ignignot, I like this FireFox thing you have working on my computer. But I've read in the Wall Street Journal that it doesn't support Download.Ject. I'm afraid we simply can't afford to make this switch."
We need this feature fixed now if not sooner, otherwise we're all going to be stuck using this insecure MS offering!
When will there ever be a feature complete open source internet explorer??
I submitted this story last night, and it didn't get posted.
he didn't say that FireFox was his primary browser, he just said that he had to patch it because of a vulnerability.
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
He also reveals that he runs Firefox
/. zealots who don't take the article at face value.
Indeed, parent post is correct. Besides, the article doesn't say that he uses FireFox exclusively by any means. In fact he only mentions FireFox to prove that all browsers are susceptible to attacks.. Here's hoping he also uses NS, Opera, Safari, and whatever browser he can to do testing and research.
Yet more spin by
What kind of pathetic headline is that? When did MS say "MS not expected secure until 2011"?!?! This is called sensationalist GARBAGE, people! Stop putting this swill up as headline material.
Having someone say "it's more of a 10-year timeline" does not equate to "MS not expected secure until 2011"...much less "MS says" 2011. The phrase "more of a..." connotes a generality. The headline is pure, conjured specificity.
Crap like this makes me become seriously disenchanted with Slashdot.
Change the following registry value to 4 and the new "Windows Security Center" will stop working upon reboot... it runs as a service that any admin user can kill. Did I mention that by default all XP users are admin ;)
w scsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
Also, here's a Python script that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.
This is just two example of what MS does to "secure" their systems. God help us all.
This really needs to be modded down, as it's not only not insightful, it demonstrates a total lack of comprehension of Toulouse's response.
He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.
And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.
So, please mod the parent down -1, Needs a Clue.
"Microsoft is partly to blame, but they're the biggest fish in the sea. Every 'fisherman' is out to get them. When Linux or Mac or Mozilla or whatever becomes the primary player, they will be found out to have just as many liabilities in the security department, I'm sure... They may get fixed quicker because of the relative smallness and open source attributes, but the bugs are there. Just no one is looking/caring too much. Yet."
Linux is already one of the biggest players in the server department, and that's where a majority of viruses and exploits are aimed at... I still don't see announcements for all these business running Linux servers being compromised.... The fact is, Linux is theoretically and in actual practice more stable and secure. Windows isn't.. A virus won't JUST affect your user account files in Windows... I think they're mostly to blame...
" No... so, maybe we should just START to take a little blame for windows security problems. Stop running that cute screensaver your Aunt Matilda sent you. Don't go to webpages that advertise 'warez' and 'free 3leet mp3z!'"
People aren't that smart.
This sounds like "death is good because it makes us appreciate life"...
Non-security is a thing we don't like, so of course we want to get rid of it.
-----
yeah, my englisk sucks
"Has the horrendous security done anything other than support thousands of jobs and spawed a massive aftermarket security industry?"
By that logic, we should view terrorism as good for the economy since it creates jobs for the folks employed at the office of Homeland Security.
Think, real hard. What other effects came from from security flaws (in either case)? Anything bad? Anything at all?
Perhaps this is just crazy talk, but I submit that there are better ways to stimulate the economy.
-kev
Those thousands of jobs are just running on a treadmill and sucking resources from companies that do real work. If Windows was secure, all that capital and talent could be used for something better.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
That's what I'd like to know. The article summary makes it sound like he uses Firefox because he doesn't trust IE.
All I found in the article was:
"Meanwhile, Firefox and Opera look awfully appealing.
Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
That sounds more to me like he's trying to point out that other browsers can have vulnerabilities as well. He doesn't say anything about exclusively using Firefox. Maybe he just installed Firefox just to see what the competition is like.
What spinning or unfair editing took place here?
No, the Microsoft guy said that the security goals set forth are not short term goals, but rather, long terms goals, aka 10 years.
The headline of the Slashdot article makes it seems like he said flat out that Windows will be insecure for 10 years. Which isn't true, and which isn't what he said.
At some point people on Slashdot are going to have to come to grips with the fact that there are levels of security. MS is in the middle of a big push to change how they themselves and more importantly their customers think about security.
It's a non-trivial thing. Windows developers haven't been thinking about security until recently. It's been a non-issue until the world and MS made it one.
Getting the core of Microsoft software, applications, services and servers up to date, as well as creating tools that forcefully prod developers into coding effectively and securely is the real big goal of Microsoft's security plan.
Now look at this very short interview. The original question was:
We asked Stephen Toulouse, Microsoft's security program manager, if Redmond is fighting a war it can't win.
That's clearly the question he is responding to in the final "question": "Seems like you're fighting a losing battle.".
Rethink it in light of that question. Security isn't a start at X, arrive at Y, and you are done thing. Any developer knows that.
MS has done the basic things they never did before: disable services by default, enforce passwords, use least privelage practices, and the like. That's step 1. They've gone a head and prodded developers to be more conscious of security problems - that's step 2. They've updated thier own software to be much more resilent to attack. This isn't about just buffer overruns and whatnot. It's about cross-site scripting, phishing, and the like. It's about redesigning things to be secure by default.
Getting everyone in the Windows world to that point is the stated goal of the MS security initiative. The Slashdot headline made it seem like a MS rep said point blank that to make Windows secure would take until 2011. And that is pretty clear.
When the question "Seems like you're fighting a losing battle" was posed the MS guy responded by saying "'s not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline."
Finally,as an FYI. The rate of security flaws in Windows itself isn't terribly bad. Windows XP is a decent product, and it's not terribly hard to harden. Take a Windows XP box, turn on auto-updates, run FireFox, and be done with it.
Linux remote-root exploits just happen rarely and kernel exploits even more so.
But what excuse does the biggest software company in the world have to not fix the gaping security holes in their two most used and probably most sensitive applications, explorer and outlook?
We are watching this weekly windows exploit drama not for months but for years now. It's getting really old and its not funny at all anymore.
The worms we have seen were pretty harmless in my book, I'm still waiting for the one that carries some more serious payload. Like wiping out all accessible drives (network volumes), saturating all network cards with malicious packets, stuff like that. MS probably needs that kind of wake up call but are they really that bone-headed to not see it coming?
Linux will always be 1 step ahead in security.
MS will always be 1 step ahead in features.
Guess what, features sell. Maybe in the year 3000 things might be different.
when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline."
I didn't read the article. This was Bush talking about Iraq, right?
free online diet tracking.
From the article:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
I presume that Toulouse was referring to the update that fixed the "shell:" exploit.... this was only a problem with Firefox on Windows machines, because the flaw is inherit in the OS, not in the Firefox browser.
True, security is an issue about which everyone in the industry should be concerned. Call a spade a spade, though... Microsoft is well behind the curve.
-- Halfabee
Your comment was:
"He doesn't "reveal" that he uses Firefox either. Nowhere in the article does it state such."
To quote TFA:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
Please RTFA before posting corrections to the comments of others. Thank you.