Slashdot Mirror
BBC Bill Gates Interview Part 2: Security
securitas writes "In the second of two parts, the BBC's Stephen Cole of the technology show Click Online interviews Bill Gates about Windows, viruses, security, spam, 'trustworthy computing', Longhorn and being anti-competitive. Sample quote: 'Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are. That's why we made trustworthy computing the top priority.' Streaming media in Real format is also available. [Video: Broadband | Narrowband]
You can read the first half about the 'digital lifestyle' in Part 1: Bill Gates plots a Windows future. Here is the Slashdot discussion of the first part of the interview."
"Certainly you can never underestimate the level of malicious people out there"
And he can?
It takes one to know one!
Bill Gates talking about secuity is like the corner whore talking about the evils of premarital sex.
"Certainly you can never underestimate children out there who can easily take advantage of the big flaws in our code."
I wonder if Billy would ever tell us something isn't a "top priority"? I can just imagine it:
"Yeah, stability, we aren't really keen on that right at the moment, actually that's way down the list."
Thanks Bill, but with an inbox full of virus I get the feeling your "top priority" isn't as "top" as we would like.
I like the way he sums up the Microsoft corporation and it's company culture:
"Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are."
Q: "did you underestimate the value of security?"
...
A: [translated from Billspeak to reality]:
I'm not going to answer that. I mean, come on, we all know that Windows wasn't designed with security in mind. So, I tell you what, I'm going to turn your negative into a positive, like a good salesman.
Here, for a start, I'll get you to focus on the nasty people out there that are exploiting Microsoft software - they're the bad guys, ok, not us!
Next, I'll tell you about auto-update, and that millions of people are using it. You don't have to worry because Windows updates itself. It takes away the hassle, right? And doesn't it make you 'feel' safer?
And of course, Microsoft has marketed the fact that security is its business. Even if Microsoft software isn't secure, we like to give that impression.
Q: "Nevertheless, a lot of our viewers still say to us: 'Microsoft didn't take that threat seriously enough and we are having problems.'"
A: [translated from Billspeak to reality]:
Ok, I don't want to answer that either, as it makes us look bad - and how can I refute something that's a fact?
Instead, I'll get you to focus (yet again) on the positive fact that Microsoft makes it easy to sit back and do nothing, letting Windows auto-update itself. Remember, Microsoft software is used because it's easy to use (not because it works).
I couldn't be bothered to read any further.
Linux/Open Source/Anti Microsoft News
I thought we could get everything we needed to know just from analysing his doodles!
"Microsoft Security" is an oxymoron.
If they cared about security (remember them saying that Windows XP was the most secure operating system ever?) they would have shipped it with the firewall on by default and most services off by default.
Why oh why did they think it was a good idea to have an RPC server on by default when there's probably less than 1% of users who would use the feature?
How many insecurities has Internet Explorer had since it was launched with XP? I lost count. Even now, there are still holes in there wide enough to drive a truck through but they are not patched. Microsoft want to keep things quiet until they get around to fixing the bugs, and they only fix the bugs when they see the problem being exploited in the wild.
And, thanks to Microsoft integrating the Internet Exploder engine so tightly into their OS, if a bug affects IE then it probably also affects Outlook, Outlook Express, MS Help and gawd knows what else.
This is security?
Ha!
Sorry, but my karma just ran over your dogma.
The only challenging question was around the Euro case and Billy completely dodged the question as expected.
Surely Bill often agrees to interviews with stipulations concerning what questions can be asked in advance - lame, but that's what you get with power. I find it odd that the BBC gets a 2-part interview with Gates and the topic of free software isn't brought up at all. Perhaps Bill is afraid to let slip another ignorant 'commie' remark.
There is only one word to describe this interview...
B O R I N G
OK, "security is top priority". As a security professional I think it's good that they've woken up.
However, I'd really like to know what are they going to DO about it, apart from the traditional "we'll train our programmers". This is a key question especially considering that they have millions of code lines written before security was any kind of priority.
I predict no radical changes to the number of discovered Microsoft software security flaws in the short term.
Ford: 'Quality is Job 1' Qwest: 'The Spirit of Service' Microsoft: 'trustworthy computing'
"customers want" or more correctly "what he tells the customers they want".
I'd pay good money to have him say on tape 10 good things about a Linux distro. The fact that he can't be objective means anything he has to say is totally worthless.
Tom
Someday, I'll have a real sig.
That's why we made trustworthy computing the top priority.
/. land.
An illuminating quote to choose because it is a complete non sequitur. And perhaps this isn't that obvious to everybody, even in sceptical
In reality, there is no requirement for Microsoft to trust the software on my machine in order for me to trust it. The two relationships are quite distinct. I may choose to trust software that Microsoft has never heard of. Conversely, I may distrust software that MS has endorsed.
The "trustworthy computing" soundbite has to be this vague because to pin down who is trusting whom to do what would immediately give the game away. The game is, of course, to encourage users to give up control of their PCs.
The way Bill Gates takes credit for the advances of PC hardware.
The marketshare of Windows is the reason for many "hardware advancements". Without a standardised operating system, hardware would have never been standardisted, and thus would have been unable to progress.
How the solution to crappy software si faster updates.
Almost any company will only make products that are as good as the customer wants them. This is why people buy economy priced cars and everyone is not driving BMWs. Sure a BMW is better, but it costs a lot more to produce and few people are willing to spend the extra money to own one. Would you be willing to pay three times as much for Windows if it were a much better product? I doubt it. Everyone complains because it costs $99 now.
How the price of windows is pretty much dependent on how big you are (compare the retail price with the price paid by big companies)
This is true for everything, in every business. When you buy in bulk, you get discounts. It's a common business practise.
So, screw the little and small, cuddle the big !
Would you buy a car that your neighbour built himself for one fifth the price of a "mass produced" car that you knew you'd never be able to find anyone to work on it? That doesn't make any sense. When you're buying a product that is going to need support you'll generally want a product that will have support available. Buying/using products that aren't widely used isn't a great practise. Especially in business.
An if anybody try to complain, file a lawsuit for patent infringment..... surely there is a patent covering what you are doing now !
Big companies will have a cartel of patents, only the small fish will be left out. A pity that the "people" do not know/care about this.
Big companies get patents because they come up with original ideas and they patent them. It isn't their fault that someone else didn't come up with the idea first or was too lazy to patent it.
Just remember that Microsoft was, at one time, a small company. They obviously did *something* right.
Quit your bitching, because it really doesn't matter. Microsoft is here, they own a majority of the desktop market, and they're not going away anytime soon. Linux, or other free software, is not a viable replacement at this point. I believe everyone already knows that.
Microsoft is not the first huge company to dominate an entire market.
So you didn't see the Paxman' Gates interview a few years ago then? Whoever researched for Paxman should have been fired. The questions were so vague that Gates could have said anything and it seemed like an answer. Secondly, Paxman (great though he is) could't really full understand the answers and so wasn't in a position to say "you are just avoiding the question" because he wasn't sure enough.
Honestly, Paxman is brilliant, but I could have interviewed Bill Gates better than that. (and that's saying something)
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
BSD (even if it's dead, hehe) and Linux aren't usable for most people.
A machine running MS DOS with no internet connection is even more secure, but it isn't useful.
A car with no engine won't get stolen, but I can't drive it anywhere to use it.
Look at it this way:
I could give my girlfriend a new computer, sans operating system and a windows disc, she could install it, install her software and do all the things she wants to do with it in a couple of hours. I can't give her a linux cd and expect the same results.
Now do you honestly think she'll give a fuck about how secure the system is if she can't even use it?
Of course not.
The problem with microsoft security is not what they are doing but more how they are doing it. Security needs to be #1 in design. Then you build features on top of that (Without breaking security). For example some application want to run as administrator even if they don't need too (Like word perfect spell check) I can understand installing applications as administrator but administrator should not be allowed to run these application. Windows need a redesign for high security not plugging the holes in the existing version. Expect there will be holes in your OS but make it to minimize the dammage. Windows is like Setting up a Linux Apache Server where the user access it runs on is Root not Nobody. So if someone breaks into Apache then they get this limited access where they could at worse mess up and steel data from the website. But with the windows settings all services are under administrator when someone breaks in they have full access to the system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
No he isn't, Ingvar Kamprad, the founder of Ikea is. Gates's fortune took a hit with the slide of the value of the US dollar.
Are you dreaming? (Assuming your girlfriend is not a geek) Have you got any idea how many drivers won't be found (even by XP) with current hardware (you said "new"). If XP will detect it, it will be sub-optimal at best. Then I'm not even speaking about the fact that installing XP will probably not be XP2. Has your (non-geek) girlfriend a CD handy with SP2 on it?
Look, I can understand what you try to prove, but let's be reasonable: installing a PC from scratch is not easy.... not with Windows, not with Linux. There will be questions that the user can't respond to.
As for "not possible with Linux": I'm typing this from an Ubuntu Linux machine. (Installed yesterday, I'm getting my first impressions) The only thing that I needed to install separately was the SMP packages, but a normal user doesn't have SMP in the first place. Still, the questions asked during the install were easy (even for an average user) but my girlfriend couldn't do it.
Users do not install machines, and if they do the machines won't last long. Admins install machines... That's the way it is (for the moment)
Notable exception would be Mac OS X, where you just stick in CD's and answer newbie questions. Apple just has the "known-hardware" advantage.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
In comparison, right from the outset, open source desktop platforms and applications have relied almost wholly on closing the infectable vectors, the exploited vulnerabilities used by malware, as quickly as possible.
Read the following Usenet thread from 2000 that covers the argument in detail. David Harley and Robert Moir are two Anitvirus industry leaders. It also includes the prediction that Microsoft would eventually get into the antivirus industry.
If you have a spare hour, listen to Dr Dobbs' technetcast:
Hey
:)
Can't we organize a Slashdot interview of BG? (titter
Both Bill Gates and drug dealers
Maybe off topic but may as well say: Click Online is a very Microsoft centric TV programme which is shown on BBC World internationally and on BBC News 24 in the UK. It tends to be very dumbed down and barely scratches the surface on a lot of subjects. I remember one show where they were discussing distributed computing, and had a cluster of Windows 9x boxes (!) all of which duly blue-screened. Ahh, memories. If only the BBC actually did a serious tech show :(
By summer it was all gone...now shesmovedon. --
I hate windows and I can name several good things about it.
- Standard kernel API [a lot of what was written for as far back as win 3.1 will still work today]
- User interface [apis] are effective and the resulting "experience" is user friendly
- The kernel is largely stable except when errant drivers take it down
- Lots of games for windows
About gates personally?
- Donates considerable bank to charities
- Oraganizes sporting events for his employees
- Provides a challenging and innovative workplace
I'm sure working for MSFT has it's faults [namely you couldn't get away with using Gentoo] but if you didn't care about the OS wars then it wouldn't matter.
Tom
Someday, I'll have a real sig.
Secondly, if they truly were the best, they wouldn't have all those security problems, now would they?
This is my ongoing number one gripe about Microsoft: they cannot admit their mistakes. Though every OS has security issues, MS is practically the only one that keeps lying about it. Technical quality aside, I'll rather deal with honest people and honest businesses.
Escher was the first MC and Giger invented the HR department.
>I can't give her a linux cd and expect the same results.
This sounds like untested orthodoxy. Has anyone tried recently? I'd like to see someone set up an install race btn Linux (with a user-friendly linux distrib) & MS XP. The playing field would be as level as possible (something, btw, MS would never give you because they *own* the OEMs, that's why they're an illegal monopoly) and there would have to be independant judges. Say, two different *virgin* installer operators on different machines overseen by some worthy judges . It would be worth it - even if it failed - to see what happened.
All we need is someone's g/f(s) - something which would be hard to come-by on slashdot - although you claim to have one, which makes me suspicious. Maybe someone could volunteer their parents, grand or o'wise?
Patriotism is a virtue of the vicious
Windows is hopelessly broken. The fact that a binary compiled against Windows 3.1 will work on Windows XP just goes to show that XP is laden down with unnecessary legacy support. It is not any kind of benefit. It is a bad thing, because those dregs of Windows 3.1 that persist into Windows XP are exactly why we have the malware problems we have. In the DOS days, programmers could afford to use techniques that relied on some heavy assumptions since falsified: that a machine would not be connected to a network, and that there were some operations that no user would ever have a legitimate need to perform. {Unix always was network-aware, and always gave its system admins more than enough rope to hang themselves and trip up anybody who came looking for bodies.} DOS, and Windows afterward, ended up being more tolerant of shoddy programming than proper "industrial" operating systems. In some cases, bad programming was actually encouraged by DOS/Windows design blunders. As desktop PC power overtook the first Unix mainframes, and Internet connectivity became the norm, the vectors were lining up for disaster.
You do not need for systems to be backward compatible with ancient binaries. As long as you have the source code, you can simply re-compile it against your latest kernel and libraries, and it will Just Work. If something really has changed so much that it won't compile without editing, then it was already broken in the first place.
Stable closed-source drivers running in or with a closed-source kernel will never exist. Perfection can only be achieved when the driver developer and the kernel developer each have access to the other's code. Anything less than the full, annotated source code is just incomplete documentation.
Closed source is destroying computing. If everything is closed source, then it makes sense to build machines with the kind of processor and the I/O ports in the same addresses. Otherwise you need to supply different versions of essentially the same software just to work with different manufacturers' computers. {Think back to the cassette-based software on the 8-bit computers of the 1980s, and the racks in W.H.Smith full of similar games in versions for the Oric, the Spectrum, the Commodore 64, the BBC model B and the Amstrad CPC464. Come to think of it, why didn't they just record all the different versions on the same cassette one after another, for crying out loud?} All machines built the same way is one way to do it. It is not the only way. You can eliminate architecture-dependence by distributing the source code. Then, any architecture for which a suitable compiler exists can potentially run it.
If there were more machine architectures -- by which I mean physically different instruction sets and/or port addressing schemas -- out there, then we would instantly reduce the susceptibility of the worldwide user base to viruses, worms and trojans. Call it electronic biodiversity. In an environment like that, software would pretty much have to be open source to survive; it would hardly be economically viable for a vendor to release many versions of the same software. You would obtain a package in source form, audit it if desired, compile it, then have to perform some deliberate hardware action {like pressing a small, recessed button; or moving a jumper on the motherboard} to allow it to be installed.
Microsoft will get their comeuppance, though. Sooner or later they will have to launch a new version of Windows that will totally break compatibility with legacy software. Buyers will now have the choice: spend a lot of money buying the latest Windows system, not be able to use any of your old Windows software, have most of your old documents rendered totally unreadable and worry about the next time Microsoft pulls this kind of stunt; or spend not mu
Je fume. Tu fumes. Nous fûmes!
Actually, as an ISV, if you want to put the shiny "Designed for Windows XP" sticker on your application, you have to pass a few Microsoft-administered tests.
.ini text files? If MS wanted maintainability then why didn't they specify a standard way of handling them in WinNT and Win95 (file locations, syntax, etc) as a condition of meeting the "logo requirements"?
Some criteria: [...]
I've admittedly not looked very hard for the "designed for XP" logo, but that might explain why getting 3rd party software which truly meets that designation is still nearly like finding hen's teeth.
1) Isn't as large a problem as it used to be, but a good amount of software (especially "free as in beer" stuff you get on the 'net that is crappily written) still peppers C:/WINDOWS/SYSTEM32 with DLLs
2) I don't know a single, solitary person who has never had to run with elevated privliges for at least one application that is still currently distributed and advertised to work with XP (although the official logo probably isn't displayed). One of the worst offenders besides games is DVDs.
3) Half the stuff out there that runs as a service/resides in the system tray falls apart with fast-user switching.
4) That one makes me laugh...uninstalls are cleaner but registry residue is still a problem. The whole concept of a monolithic, binary file is absolutely stupid. Honestly, what was wrong with
Mr. Gates can talk all he wants about the wonderful plans he has for software, but it seems not even he can overcome the incredible resistive inertial forces that have built up around the Microsoft platform. XP has been out for YEARS and all the above-mentioned problems are STILL common. Longhorn could be completely rewritten from the ground up with a completely solid architecture (which would be great!) but the problems won't go away--not for a long time. I figure that even if the foundation for Longhorn were as solid as it is for BSD, Linux and OS X the world could be contending with legacy flaws and quirks until about 2010 (just a wild guess---not gonna eat my words 5 years from now).
"Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are." - Mr. Gates
If you can "never underestimate" said level, it drops to zero... I think he means that you can never OVERESTIMATE the level - which means that no matter how many people you think will try to break your stuff, there will always be a couple more, or their skill will always be a little greater.
If he honestly thinks that the level of malicious crackers in the world is so low as to be unable to underestimate it, he shouldn't be in the computing business (yes, yes, I know - he shouldn't be in it at all, but whatever).
If he means level like "stoop to their level"-type level, well, perhaps, but you don't have to be "evil" to be good at breaking things...
I [may] disapprove of what you say, but I will defend to the death your right to say it.
I'd like to see the anti-trust lawyers going after something that'll make a real difference.
.doc file. Not to say that I'm detracting from Openoffice's achievement so far but unless it's flawless people don't care because they don't want to open, remake and save 5 years of Word docs.
All this pratting around over media player is wasted time when the real corner stone that holds Microsoft's monopoly up is Office. Everywhere I've tried to deploy Linux the response is favourable until people ask about Office. I'm sorry, but the claim that OpenOffice is Office compatible falls apart when you're opening a heavily formatted
Why should a commercial company have to open its document formats? Simple. They are a monopoly, they have abused and are still abusing their position and despite the new cuddly image they're trying to portray they are still bullshitting in their adverts and are still using their position and wealth to control the marketplace.
Office is the key, M$ knows it withn their "we're using an open XML format now so we must be nice" redfining the term open to mean closed. The competition knows it as they all try to offer MSOffice compliance and the fact that this is ignored by lawyers and anti-trust courts is probably the biggest indicator that someone high up is on the make.
After the start of the DoJ case I felt quite optimistic but Bush having let MS off and the EU case looking like a bit of muscle flexing leaves me feeling fairly depressed at the whole business.
At least living in the EU I can go Germany, France or somewhere else where they're a bit more imaginative than the UK. Come on Prime Minister, Bill will let you be photographed with him for another £100,000,000 order. Won't that help you to feel important.
Hmmmmmm..... Deep fried and look like Squirrel.
You know, the Linux executable file format and syscall interface have been stable enough since version 1.0 that you can still run binaries for Linux 1.0 in 2.6.
Win 3.1 and DOS compatibility is provided by a VM with its own libraries and code. NTVDM is just a program that provides the legacy interfaces; other than the special controls for putting the CPU into V86 mode, the environment has exactly the same privileges as any other application. You can remove NTVDM at your leisure, therby breaking any compatibility and removing all the old code. NT doesn't have any code from DOS, Win3.1 or 9x in the underlying OS. NTVDM for DOS/Win3.1 on NT is like Carbon for MacOS 9 on OSX.
The 64 bit CPUs that NT supports don't have a V86 mode anymore; NTVDM isn't supported, so DOS/Win3.1 compatibility is broken.