Slashdot Mirror
BBC Bill Gates Interview Part 2: Security
securitas writes "In the second of two parts, the BBC's Stephen Cole of the technology show Click Online interviews Bill Gates about Windows, viruses, security, spam, 'trustworthy computing', Longhorn and being anti-competitive. Sample quote: 'Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are. That's why we made trustworthy computing the top priority.' Streaming media in Real format is also available. [Video: Broadband | Narrowband]
You can read the first half about the 'digital lifestyle' in Part 1: Bill Gates plots a Windows future. Here is the Slashdot discussion of the first part of the interview."
"Certainly you can never underestimate the level of malicious people out there"
And he can?
It takes one to know one!
Bill Gates talking about secuity is like the corner whore talking about the evils of premarital sex.
"Certainly you can never underestimate children out there who can easily take advantage of the big flaws in our code."
I wonder if Billy would ever tell us something isn't a "top priority"? I can just imagine it:
"Yeah, stability, we aren't really keen on that right at the moment, actually that's way down the list."
Thanks Bill, but with an inbox full of virus I get the feeling your "top priority" isn't as "top" as we would like.
I like the way he sums up the Microsoft corporation and it's company culture:
"Certainly you can never underestimate the level of malicious people out there who are going to try to take advantage of whatever things there are."
Q: "did you underestimate the value of security?"
...
A: [translated from Billspeak to reality]:
I'm not going to answer that. I mean, come on, we all know that Windows wasn't designed with security in mind. So, I tell you what, I'm going to turn your negative into a positive, like a good salesman.
Here, for a start, I'll get you to focus on the nasty people out there that are exploiting Microsoft software - they're the bad guys, ok, not us!
Next, I'll tell you about auto-update, and that millions of people are using it. You don't have to worry because Windows updates itself. It takes away the hassle, right? And doesn't it make you 'feel' safer?
And of course, Microsoft has marketed the fact that security is its business. Even if Microsoft software isn't secure, we like to give that impression.
Q: "Nevertheless, a lot of our viewers still say to us: 'Microsoft didn't take that threat seriously enough and we are having problems.'"
A: [translated from Billspeak to reality]:
Ok, I don't want to answer that either, as it makes us look bad - and how can I refute something that's a fact?
Instead, I'll get you to focus (yet again) on the positive fact that Microsoft makes it easy to sit back and do nothing, letting Windows auto-update itself. Remember, Microsoft software is used because it's easy to use (not because it works).
I couldn't be bothered to read any further.
Linux/Open Source/Anti Microsoft News
I thought we could get everything we needed to know just from analysing his doodles!
"Microsoft Security" is an oxymoron.
If they cared about security (remember them saying that Windows XP was the most secure operating system ever?) they would have shipped it with the firewall on by default and most services off by default.
Why oh why did they think it was a good idea to have an RPC server on by default when there's probably less than 1% of users who would use the feature?
How many insecurities has Internet Explorer had since it was launched with XP? I lost count. Even now, there are still holes in there wide enough to drive a truck through but they are not patched. Microsoft want to keep things quiet until they get around to fixing the bugs, and they only fix the bugs when they see the problem being exploited in the wild.
And, thanks to Microsoft integrating the Internet Exploder engine so tightly into their OS, if a bug affects IE then it probably also affects Outlook, Outlook Express, MS Help and gawd knows what else.
This is security?
Ha!
Sorry, but my karma just ran over your dogma.
OK, "security is top priority". As a security professional I think it's good that they've woken up.
However, I'd really like to know what are they going to DO about it, apart from the traditional "we'll train our programmers". This is a key question especially considering that they have millions of code lines written before security was any kind of priority.
I predict no radical changes to the number of discovered Microsoft software security flaws in the short term.
Ford: 'Quality is Job 1' Qwest: 'The Spirit of Service' Microsoft: 'trustworthy computing'
That's why we made trustworthy computing the top priority.
/. land.
An illuminating quote to choose because it is a complete non sequitur. And perhaps this isn't that obvious to everybody, even in sceptical
In reality, there is no requirement for Microsoft to trust the software on my machine in order for me to trust it. The two relationships are quite distinct. I may choose to trust software that Microsoft has never heard of. Conversely, I may distrust software that MS has endorsed.
The "trustworthy computing" soundbite has to be this vague because to pin down who is trusting whom to do what would immediately give the game away. The game is, of course, to encourage users to give up control of their PCs.
The way Bill Gates takes credit for the advances of PC hardware.
The marketshare of Windows is the reason for many "hardware advancements". Without a standardised operating system, hardware would have never been standardisted, and thus would have been unable to progress.
How the solution to crappy software si faster updates.
Almost any company will only make products that are as good as the customer wants them. This is why people buy economy priced cars and everyone is not driving BMWs. Sure a BMW is better, but it costs a lot more to produce and few people are willing to spend the extra money to own one. Would you be willing to pay three times as much for Windows if it were a much better product? I doubt it. Everyone complains because it costs $99 now.
How the price of windows is pretty much dependent on how big you are (compare the retail price with the price paid by big companies)
This is true for everything, in every business. When you buy in bulk, you get discounts. It's a common business practise.
So, screw the little and small, cuddle the big !
Would you buy a car that your neighbour built himself for one fifth the price of a "mass produced" car that you knew you'd never be able to find anyone to work on it? That doesn't make any sense. When you're buying a product that is going to need support you'll generally want a product that will have support available. Buying/using products that aren't widely used isn't a great practise. Especially in business.
An if anybody try to complain, file a lawsuit for patent infringment..... surely there is a patent covering what you are doing now !
Big companies will have a cartel of patents, only the small fish will be left out. A pity that the "people" do not know/care about this.
Big companies get patents because they come up with original ideas and they patent them. It isn't their fault that someone else didn't come up with the idea first or was too lazy to patent it.
Just remember that Microsoft was, at one time, a small company. They obviously did *something* right.
Quit your bitching, because it really doesn't matter. Microsoft is here, they own a majority of the desktop market, and they're not going away anytime soon. Linux, or other free software, is not a viable replacement at this point. I believe everyone already knows that.
Microsoft is not the first huge company to dominate an entire market.
So you didn't see the Paxman' Gates interview a few years ago then? Whoever researched for Paxman should have been fired. The questions were so vague that Gates could have said anything and it seemed like an answer. Secondly, Paxman (great though he is) could't really full understand the answers and so wasn't in a position to say "you are just avoiding the question" because he wasn't sure enough.
Honestly, Paxman is brilliant, but I could have interviewed Bill Gates better than that. (and that's saying something)
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
The problem with microsoft security is not what they are doing but more how they are doing it. Security needs to be #1 in design. Then you build features on top of that (Without breaking security). For example some application want to run as administrator even if they don't need too (Like word perfect spell check) I can understand installing applications as administrator but administrator should not be allowed to run these application. Windows need a redesign for high security not plugging the holes in the existing version. Expect there will be holes in your OS but make it to minimize the dammage. Windows is like Setting up a Linux Apache Server where the user access it runs on is Root not Nobody. So if someone breaks into Apache then they get this limited access where they could at worse mess up and steel data from the website. But with the windows settings all services are under administrator when someone breaks in they have full access to the system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Are you dreaming? (Assuming your girlfriend is not a geek) Have you got any idea how many drivers won't be found (even by XP) with current hardware (you said "new"). If XP will detect it, it will be sub-optimal at best. Then I'm not even speaking about the fact that installing XP will probably not be XP2. Has your (non-geek) girlfriend a CD handy with SP2 on it?
Look, I can understand what you try to prove, but let's be reasonable: installing a PC from scratch is not easy.... not with Windows, not with Linux. There will be questions that the user can't respond to.
As for "not possible with Linux": I'm typing this from an Ubuntu Linux machine. (Installed yesterday, I'm getting my first impressions) The only thing that I needed to install separately was the SMP packages, but a normal user doesn't have SMP in the first place. Still, the questions asked during the install were easy (even for an average user) but my girlfriend couldn't do it.
Users do not install machines, and if they do the machines won't last long. Admins install machines... That's the way it is (for the moment)
Notable exception would be Mac OS X, where you just stick in CD's and answer newbie questions. Apple just has the "known-hardware" advantage.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
In comparison, right from the outset, open source desktop platforms and applications have relied almost wholly on closing the infectable vectors, the exploited vulnerabilities used by malware, as quickly as possible.
Read the following Usenet thread from 2000 that covers the argument in detail. David Harley and Robert Moir are two Anitvirus industry leaders. It also includes the prediction that Microsoft would eventually get into the antivirus industry.
If you have a spare hour, listen to Dr Dobbs' technetcast:
Hey
:)
Can't we organize a Slashdot interview of BG? (titter
Both Bill Gates and drug dealers
Maybe off topic but may as well say: Click Online is a very Microsoft centric TV programme which is shown on BBC World internationally and on BBC News 24 in the UK. It tends to be very dumbed down and barely scratches the surface on a lot of subjects. I remember one show where they were discussing distributed computing, and had a cluster of Windows 9x boxes (!) all of which duly blue-screened. Ahh, memories. If only the BBC actually did a serious tech show :(
By summer it was all gone...now shesmovedon. --
Secondly, if they truly were the best, they wouldn't have all those security problems, now would they?
This is my ongoing number one gripe about Microsoft: they cannot admit their mistakes. Though every OS has security issues, MS is practically the only one that keeps lying about it. Technical quality aside, I'll rather deal with honest people and honest businesses.
Escher was the first MC and Giger invented the HR department.
Windows is hopelessly broken. The fact that a binary compiled against Windows 3.1 will work on Windows XP just goes to show that XP is laden down with unnecessary legacy support. It is not any kind of benefit. It is a bad thing, because those dregs of Windows 3.1 that persist into Windows XP are exactly why we have the malware problems we have. In the DOS days, programmers could afford to use techniques that relied on some heavy assumptions since falsified: that a machine would not be connected to a network, and that there were some operations that no user would ever have a legitimate need to perform. {Unix always was network-aware, and always gave its system admins more than enough rope to hang themselves and trip up anybody who came looking for bodies.} DOS, and Windows afterward, ended up being more tolerant of shoddy programming than proper "industrial" operating systems. In some cases, bad programming was actually encouraged by DOS/Windows design blunders. As desktop PC power overtook the first Unix mainframes, and Internet connectivity became the norm, the vectors were lining up for disaster.
You do not need for systems to be backward compatible with ancient binaries. As long as you have the source code, you can simply re-compile it against your latest kernel and libraries, and it will Just Work. If something really has changed so much that it won't compile without editing, then it was already broken in the first place.
Stable closed-source drivers running in or with a closed-source kernel will never exist. Perfection can only be achieved when the driver developer and the kernel developer each have access to the other's code. Anything less than the full, annotated source code is just incomplete documentation.
Closed source is destroying computing. If everything is closed source, then it makes sense to build machines with the kind of processor and the I/O ports in the same addresses. Otherwise you need to supply different versions of essentially the same software just to work with different manufacturers' computers. {Think back to the cassette-based software on the 8-bit computers of the 1980s, and the racks in W.H.Smith full of similar games in versions for the Oric, the Spectrum, the Commodore 64, the BBC model B and the Amstrad CPC464. Come to think of it, why didn't they just record all the different versions on the same cassette one after another, for crying out loud?} All machines built the same way is one way to do it. It is not the only way. You can eliminate architecture-dependence by distributing the source code. Then, any architecture for which a suitable compiler exists can potentially run it.
If there were more machine architectures -- by which I mean physically different instruction sets and/or port addressing schemas -- out there, then we would instantly reduce the susceptibility of the worldwide user base to viruses, worms and trojans. Call it electronic biodiversity. In an environment like that, software would pretty much have to be open source to survive; it would hardly be economically viable for a vendor to release many versions of the same software. You would obtain a package in source form, audit it if desired, compile it, then have to perform some deliberate hardware action {like pressing a small, recessed button; or moving a jumper on the motherboard} to allow it to be installed.
Microsoft will get their comeuppance, though. Sooner or later they will have to launch a new version of Windows that will totally break compatibility with legacy software. Buyers will now have the choice: spend a lot of money buying the latest Windows system, not be able to use any of your old Windows software, have most of your old documents rendered totally unreadable and worry about the next time Microsoft pulls this kind of stunt; or spend not mu
Je fume. Tu fumes. Nous fûmes!