Slashdot Mirror
BBC Bill Gates Interview Part 2: Security
securitas writes "In the second of two parts, the BBC's Stephen Cole of the technology show Click Online interviews Bill Gates about Windows, viruses, security, spam, 'trustworthy computing', Longhorn and being anti-competitive. Sample quote: 'Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are. That's why we made trustworthy computing the top priority.' Streaming media in Real format is also available. [Video: Broadband | Narrowband]
You can read the first half about the 'digital lifestyle' in Part 1: Bill Gates plots a Windows future. Here is the Slashdot discussion of the first part of the interview."
Q: "did you underestimate the value of security?"
...
A: [translated from Billspeak to reality]:
I'm not going to answer that. I mean, come on, we all know that Windows wasn't designed with security in mind. So, I tell you what, I'm going to turn your negative into a positive, like a good salesman.
Here, for a start, I'll get you to focus on the nasty people out there that are exploiting Microsoft software - they're the bad guys, ok, not us!
Next, I'll tell you about auto-update, and that millions of people are using it. You don't have to worry because Windows updates itself. It takes away the hassle, right? And doesn't it make you 'feel' safer?
And of course, Microsoft has marketed the fact that security is its business. Even if Microsoft software isn't secure, we like to give that impression.
Q: "Nevertheless, a lot of our viewers still say to us: 'Microsoft didn't take that threat seriously enough and we are having problems.'"
A: [translated from Billspeak to reality]:
Ok, I don't want to answer that either, as it makes us look bad - and how can I refute something that's a fact?
Instead, I'll get you to focus (yet again) on the positive fact that Microsoft makes it easy to sit back and do nothing, letting Windows auto-update itself. Remember, Microsoft software is used because it's easy to use (not because it works).
I couldn't be bothered to read any further.
Linux/Open Source/Anti Microsoft News
"Microsoft Security" is an oxymoron.
If they cared about security (remember them saying that Windows XP was the most secure operating system ever?) they would have shipped it with the firewall on by default and most services off by default.
Why oh why did they think it was a good idea to have an RPC server on by default when there's probably less than 1% of users who would use the feature?
How many insecurities has Internet Explorer had since it was launched with XP? I lost count. Even now, there are still holes in there wide enough to drive a truck through but they are not patched. Microsoft want to keep things quiet until they get around to fixing the bugs, and they only fix the bugs when they see the problem being exploited in the wild.
And, thanks to Microsoft integrating the Internet Exploder engine so tightly into their OS, if a bug affects IE then it probably also affects Outlook, Outlook Express, MS Help and gawd knows what else.
This is security?
Ha!
Sorry, but my karma just ran over your dogma.
"Certainly you can never underestimate the level of malicious people out there"
And he can?
Of course he can; Microsoft has been GROSSLY UNDERESTIMATING the motivation, depth of knowledge, speed to exploit, and I guess overall 'level' of malicious people for years.
Perhaps that's not what he meant..
455fe10422ca29c4933f95052b792ab2
The only challenging question was around the Euro case and Billy completely dodged the question as expected.
Surely Bill often agrees to interviews with stipulations concerning what questions can be asked in advance - lame, but that's what you get with power. I find it odd that the BBC gets a 2-part interview with Gates and the topic of free software isn't brought up at all. Perhaps Bill is afraid to let slip another ignorant 'commie' remark.
There is only one word to describe this interview...
B O R I N G
OK, "security is top priority". As a security professional I think it's good that they've woken up.
However, I'd really like to know what are they going to DO about it, apart from the traditional "we'll train our programmers". This is a key question especially considering that they have millions of code lines written before security was any kind of priority.
I predict no radical changes to the number of discovered Microsoft software security flaws in the short term.
That's why we made trustworthy computing the top priority.
/. land.
An illuminating quote to choose because it is a complete non sequitur. And perhaps this isn't that obvious to everybody, even in sceptical
In reality, there is no requirement for Microsoft to trust the software on my machine in order for me to trust it. The two relationships are quite distinct. I may choose to trust software that Microsoft has never heard of. Conversely, I may distrust software that MS has endorsed.
The "trustworthy computing" soundbite has to be this vague because to pin down who is trusting whom to do what would immediately give the game away. The game is, of course, to encourage users to give up control of their PCs.
The way Bill Gates takes credit for the advances of PC hardware.
The marketshare of Windows is the reason for many "hardware advancements". Without a standardised operating system, hardware would have never been standardisted, and thus would have been unable to progress.
How the solution to crappy software si faster updates.
Almost any company will only make products that are as good as the customer wants them. This is why people buy economy priced cars and everyone is not driving BMWs. Sure a BMW is better, but it costs a lot more to produce and few people are willing to spend the extra money to own one. Would you be willing to pay three times as much for Windows if it were a much better product? I doubt it. Everyone complains because it costs $99 now.
How the price of windows is pretty much dependent on how big you are (compare the retail price with the price paid by big companies)
This is true for everything, in every business. When you buy in bulk, you get discounts. It's a common business practise.
So, screw the little and small, cuddle the big !
Would you buy a car that your neighbour built himself for one fifth the price of a "mass produced" car that you knew you'd never be able to find anyone to work on it? That doesn't make any sense. When you're buying a product that is going to need support you'll generally want a product that will have support available. Buying/using products that aren't widely used isn't a great practise. Especially in business.
An if anybody try to complain, file a lawsuit for patent infringment..... surely there is a patent covering what you are doing now !
Big companies will have a cartel of patents, only the small fish will be left out. A pity that the "people" do not know/care about this.
Big companies get patents because they come up with original ideas and they patent them. It isn't their fault that someone else didn't come up with the idea first or was too lazy to patent it.
Just remember that Microsoft was, at one time, a small company. They obviously did *something* right.
Quit your bitching, because it really doesn't matter. Microsoft is here, they own a majority of the desktop market, and they're not going away anytime soon. Linux, or other free software, is not a viable replacement at this point. I believe everyone already knows that.
Microsoft is not the first huge company to dominate an entire market.
I suppose that Linux users really are virgins, then.
No although Linux Security is better and more manageable then windows security. It is not like a Linux system was hacked. I know my system was back when I first started using Linux on a college T1 line, back in the mid 90s. They used a buffer overflow threw the print server to gain access to my system. Shortly after that I got wize and closed all unneeded services. (The stupid college MIS Department forbid people installing firewalls at the time). But still the default linux at the time had a lot of ports open much more then windows did at the time. But now with more user-friendly personal firewalls and most of the ports blocked by default it is better but still never put your faith in your os or your own administration abilities, always get other opinions on how your security is setup, because what you may think is tight may still have a gaping hole.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Unless I missed something he didn't once say that Windows was currently secure, or that it has been in the past.
What he did say was "we can always do better" and "There is a lot more to do."
He also went on to say that Longhorn should be more secure.
Since none of you actually think about anybody but yourselfs in terms of what people want, let me explain it to you.
Most people (see: Users, Windows), don't want to give up usability for security. I currently use Linux, and have for years. I'm pissed off about the recent local root exploits and thought about switching to a BSD (namely OpenBSD), for security. But, after talking to a good friend of mine decided that I didn't want to compromise some of the usability of Linux for the security of *BSD.
Sure Windows sucks for a lot of reasons, but there's obviously more reasons that people are still using it.
It's the same reason that people drive cars with automatic tranmissions. A manual transmission has a number of benefits, but people just don't want the hassle.
Windows is prone to a lot of problems due to the default "administrator" account. But do you really think people want to log in to it to install software? Do you think they actually understand the difference? I doubt it.
So you didn't see the Paxman' Gates interview a few years ago then? Whoever researched for Paxman should have been fired. The questions were so vague that Gates could have said anything and it seemed like an answer. Secondly, Paxman (great though he is) could't really full understand the answers and so wasn't in a position to say "you are just avoiding the question" because he wasn't sure enough.
Honestly, Paxman is brilliant, but I could have interviewed Bill Gates better than that. (and that's saying something)
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
BSD (even if it's dead, hehe) and Linux aren't usable for most people.
A machine running MS DOS with no internet connection is even more secure, but it isn't useful.
A car with no engine won't get stolen, but I can't drive it anywhere to use it.
Look at it this way:
I could give my girlfriend a new computer, sans operating system and a windows disc, she could install it, install her software and do all the things she wants to do with it in a couple of hours. I can't give her a linux cd and expect the same results.
Now do you honestly think she'll give a fuck about how secure the system is if she can't even use it?
Of course not.
The problem with microsoft security is not what they are doing but more how they are doing it. Security needs to be #1 in design. Then you build features on top of that (Without breaking security). For example some application want to run as administrator even if they don't need too (Like word perfect spell check) I can understand installing applications as administrator but administrator should not be allowed to run these application. Windows need a redesign for high security not plugging the holes in the existing version. Expect there will be holes in your OS but make it to minimize the dammage. Windows is like Setting up a Linux Apache Server where the user access it runs on is Root not Nobody. So if someone breaks into Apache then they get this limited access where they could at worse mess up and steel data from the website. But with the windows settings all services are under administrator when someone breaks in they have full access to the system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Once you've seen a child having to become adminstrator to play a Microsoft game, you quickly realise just how serious Microsoft are about security and usability.
_O_
.|< The named which can be named is not the true named
Are you dreaming? (Assuming your girlfriend is not a geek) Have you got any idea how many drivers won't be found (even by XP) with current hardware (you said "new"). If XP will detect it, it will be sub-optimal at best. Then I'm not even speaking about the fact that installing XP will probably not be XP2. Has your (non-geek) girlfriend a CD handy with SP2 on it?
Look, I can understand what you try to prove, but let's be reasonable: installing a PC from scratch is not easy.... not with Windows, not with Linux. There will be questions that the user can't respond to.
As for "not possible with Linux": I'm typing this from an Ubuntu Linux machine. (Installed yesterday, I'm getting my first impressions) The only thing that I needed to install separately was the SMP packages, but a normal user doesn't have SMP in the first place. Still, the questions asked during the install were easy (even for an average user) but my girlfriend couldn't do it.
Users do not install machines, and if they do the machines won't last long. Admins install machines... That's the way it is (for the moment)
Notable exception would be Mac OS X, where you just stick in CD's and answer newbie questions. Apple just has the "known-hardware" advantage.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Without a standardised operating system, hardware would have never been standardisted, and thus would have been unable to progress.
You sure as hell got that backwards! First came the standard hardware, then came the standard OS. IBM created the standard hardware environment and Microsoft rode the crest of that wave to where they are now.
Big companies get patents because they come up with original ideas and they patent them. It isn't their fault that someone else didn't come up with the idea first or was too lazy to patent it.
First of all, this is totally irrelevant in a discussion about Microsoft. They seldom came up with original ideas. Secondly, too lazy to patent? yeah, that must be it; all them lazy inventors out there that just let companies steal their ideas. Why didn't I think of that?
Just remember that Microsoft was, at one time, a small company. They obviously did *something* right.
There it is again. The old "They are rich, they must be right!" argument.
Linux, or other free software, is not a viable replacement at this point. I believe everyone already knows that.
You are absolutely right! I urge you to sink every penny you have into Microsoft stock.
Precisely
The key question is "did they do it legally?"
And the answer on two continents is no
Don't argue
That's precisely what those two court cases mean. Microsoft dominates the market due to its illegal activities.
And they don't need your baby-Adam-Smith philosophy to defend them. They're quite big enough to do it on their own (by buying the politicians they need)
(Was written before I realized the comment talked about a Microsoft game. My point still stands - it's the Game Publisher Microsoft that's at fault, not the Operating System Developer Microsoft.)
In Microsoft's defence, this isn't their fault. It is perfectly possible to run games under a restricted user account, if you give up one feature.
Copy protection.
The reason nearly every game needs administrator access is that the game publishers' "nifty" protection tricks need to hook into the more advanced features of the CD-ROM drivers.
But of course, no major publisher will ever consider removing that "feature" to give users more flexibility.
Secondly, if they truly were the best, they wouldn't have all those security problems, now would they?
This is my ongoing number one gripe about Microsoft: they cannot admit their mistakes. Though every OS has security issues, MS is practically the only one that keeps lying about it. Technical quality aside, I'll rather deal with honest people and honest businesses.
Escher was the first MC and Giger invented the HR department.
Indeed.
Trustworthy Computing isn't a way to secure your computer. It's a way to take its control away from you.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Windows is hopelessly broken. The fact that a binary compiled against Windows 3.1 will work on Windows XP just goes to show that XP is laden down with unnecessary legacy support. It is not any kind of benefit. It is a bad thing, because those dregs of Windows 3.1 that persist into Windows XP are exactly why we have the malware problems we have. In the DOS days, programmers could afford to use techniques that relied on some heavy assumptions since falsified: that a machine would not be connected to a network, and that there were some operations that no user would ever have a legitimate need to perform. {Unix always was network-aware, and always gave its system admins more than enough rope to hang themselves and trip up anybody who came looking for bodies.} DOS, and Windows afterward, ended up being more tolerant of shoddy programming than proper "industrial" operating systems. In some cases, bad programming was actually encouraged by DOS/Windows design blunders. As desktop PC power overtook the first Unix mainframes, and Internet connectivity became the norm, the vectors were lining up for disaster.
You do not need for systems to be backward compatible with ancient binaries. As long as you have the source code, you can simply re-compile it against your latest kernel and libraries, and it will Just Work. If something really has changed so much that it won't compile without editing, then it was already broken in the first place.
Stable closed-source drivers running in or with a closed-source kernel will never exist. Perfection can only be achieved when the driver developer and the kernel developer each have access to the other's code. Anything less than the full, annotated source code is just incomplete documentation.
Closed source is destroying computing. If everything is closed source, then it makes sense to build machines with the kind of processor and the I/O ports in the same addresses. Otherwise you need to supply different versions of essentially the same software just to work with different manufacturers' computers. {Think back to the cassette-based software on the 8-bit computers of the 1980s, and the racks in W.H.Smith full of similar games in versions for the Oric, the Spectrum, the Commodore 64, the BBC model B and the Amstrad CPC464. Come to think of it, why didn't they just record all the different versions on the same cassette one after another, for crying out loud?} All machines built the same way is one way to do it. It is not the only way. You can eliminate architecture-dependence by distributing the source code. Then, any architecture for which a suitable compiler exists can potentially run it.
If there were more machine architectures -- by which I mean physically different instruction sets and/or port addressing schemas -- out there, then we would instantly reduce the susceptibility of the worldwide user base to viruses, worms and trojans. Call it electronic biodiversity. In an environment like that, software would pretty much have to be open source to survive; it would hardly be economically viable for a vendor to release many versions of the same software. You would obtain a package in source form, audit it if desired, compile it, then have to perform some deliberate hardware action {like pressing a small, recessed button; or moving a jumper on the motherboard} to allow it to be installed.
Microsoft will get their comeuppance, though. Sooner or later they will have to launch a new version of Windows that will totally break compatibility with legacy software. Buyers will now have the choice: spend a lot of money buying the latest Windows system, not be able to use any of your old Windows software, have most of your old documents rendered totally unreadable and worry about the next time Microsoft pulls this kind of stunt; or spend not mu
Je fume. Tu fumes. Nous fûmes!
No one spends the time looking for the mistakes
People do spend time looking for mistakes in Linux; a vast amount of which view software as a scientific effort as opposed to cash cow. If you look at this fundamental difference, you see the the former strives for the best possible solution to a problem. The latter merely wants to sell the product that buyer views as being tolerable or a fairly safe operating system.
Here's an idea, find your great deal many more exploits for the Linux OS. And I'll even give you the source code!!!
"Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are." - Mr. Gates
If you can "never underestimate" said level, it drops to zero... I think he means that you can never OVERESTIMATE the level - which means that no matter how many people you think will try to break your stuff, there will always be a couple more, or their skill will always be a little greater.
If he honestly thinks that the level of malicious crackers in the world is so low as to be unable to underestimate it, he shouldn't be in the computing business (yes, yes, I know - he shouldn't be in it at all, but whatever).
If he means level like "stoop to their level"-type level, well, perhaps, but you don't have to be "evil" to be good at breaking things...
I [may] disapprove of what you say, but I will defend to the death your right to say it.
I'd like to see the anti-trust lawyers going after something that'll make a real difference.
.doc file. Not to say that I'm detracting from Openoffice's achievement so far but unless it's flawless people don't care because they don't want to open, remake and save 5 years of Word docs.
All this pratting around over media player is wasted time when the real corner stone that holds Microsoft's monopoly up is Office. Everywhere I've tried to deploy Linux the response is favourable until people ask about Office. I'm sorry, but the claim that OpenOffice is Office compatible falls apart when you're opening a heavily formatted
Why should a commercial company have to open its document formats? Simple. They are a monopoly, they have abused and are still abusing their position and despite the new cuddly image they're trying to portray they are still bullshitting in their adverts and are still using their position and wealth to control the marketplace.
Office is the key, M$ knows it withn their "we're using an open XML format now so we must be nice" redfining the term open to mean closed. The competition knows it as they all try to offer MSOffice compliance and the fact that this is ignored by lawyers and anti-trust courts is probably the biggest indicator that someone high up is on the make.
After the start of the DoJ case I felt quite optimistic but Bush having let MS off and the EU case looking like a bit of muscle flexing leaves me feeling fairly depressed at the whole business.
At least living in the EU I can go Germany, France or somewhere else where they're a bit more imaginative than the UK. Come on Prime Minister, Bill will let you be photographed with him for another £100,000,000 order. Won't that help you to feel important.
Hmmmmmm..... Deep fried and look like Squirrel.
You know, the Linux executable file format and syscall interface have been stable enough since version 1.0 that you can still run binaries for Linux 1.0 in 2.6.
Win 3.1 and DOS compatibility is provided by a VM with its own libraries and code. NTVDM is just a program that provides the legacy interfaces; other than the special controls for putting the CPU into V86 mode, the environment has exactly the same privileges as any other application. You can remove NTVDM at your leisure, therby breaking any compatibility and removing all the old code. NT doesn't have any code from DOS, Win3.1 or 9x in the underlying OS. NTVDM for DOS/Win3.1 on NT is like Carbon for MacOS 9 on OSX.
The 64 bit CPUs that NT supports don't have a V86 mode anymore; NTVDM isn't supported, so DOS/Win3.1 compatibility is broken.