Slashdot Mirror
Richard Clarke on Microsoft security
hizzo writes "Richard Clarke, former White House cybersecurity and counterterrorism adviser, harshly critized Microsoft's security track record. 'Given their record in the security area, I don't know why anybody would buy from them.' He also called for some regulation of security for ISPs in addition to better industry self-regulation, such as disclosing QA practices and becoming more accountable for secure code. I wonder if anyone will finally start listening to him?"
"I wonder if anyone will finally start listening to him?"
No. With all the spyware and worms and virii out there, people just won't switch. I just don't get it. I suppose they are just stuck in their ways, and don't want to learn anything else. I suppose for most people, it was enough of a trial to "learn" how to use Windows, so they would rather put up with the crashes, spyware, and everything Microsoft, and just call it the norm.
It's a shame. But people really are stupid and/or lazy. That's why they won't start listening to anyone about this stuff. If I were a customer of Microsoft, I'd be organizing class-action suits, writing letters, storming Redmond with torches in hand.... Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
Just something off the top of my head. Agree? Disagree? Discuss.
--- witty signature
Microsoft's bribes had nothing to do with that. He was competent, professional and honest. He didn't realize the crap Wolfowitz was pushing into the president's head until it was too late. Sadly, Rice sat there and lied to the Senate and still has been confirmed as the SoS.
As for Microsoft's bribing, they had a commendable record of trying to stay the heck out of politics for years, until it became evident that without greasing certain palms that Washington DC would turn on them. Now they make sure enough lucre is spread around Washington and they have many wagging tongues at their disposal and many ears to listen.
A feeling of having made the same mistake before: Deja Foobar
Treat me like a marketing stat, and I'll treat your movie like a series of ones and zeros
...why should be listening to him? The call for government regulation of ISPs is scary. They will surely have to ask the ISP they want to regulate how to secure their own government systems that by their own accounting have shabby security.
And this is from the same guy who must have done such a great job advising on security matters for the government that most of the government agenecies just recently received an awesome security grade.
http://www.msnbc.msn.com/id/6981279/
Oh wait, that didn't happen!
Whether he didn't have the power to make the necessary changes or he's incompetent the government obviously needs to take some serious steps to increase cyber security soon!
The security problem really has to do with flaws in software. Most viruses and trojans take advantage of defects in operating systems and applications such as email and browser programs. Microsoft is being targeted because they have a monopoly but all software is at fault.
Software is bad, period. And, contrary to what Frederick Brooks and others continue to claim, unreliability is not an essential property of complex software systems. Unreliability stems from a custom that is as old as the computer: the practice of using the algorithm as the basis of software construction. Switch to a synchronous, signal-based approach and the problem will disappear. For an alternative approach to software construction, see link below.
A friend here at college was having a spyware/virus problem that she wanted help with. I offered to help her if she'd use firefox afterwards to prevent this from happening again. She refused because she "likes using Internet Explorer." Even when I told her she could still use it for certain sites, but that it's best not to use it for web browsing.
I guess some people are too set in their ways. She couldn't name anything she liked about IE, just that she did, in fact, like it.
That's my experience trying to spread Firefox to some people who might be in your categories 1 or 2. The other people I've introduced to Firefox have all loved it.
*shrugs* She found someone else to fix it without the condition that she try to use Firefox. I guess it would be interesting to find out if she gets reinfected.
The framework established for the Cold War is not suited to the current realities. But knowint that is different than moving the huge icebergs that government agencies become as they expand and atrophy.
Read the EFF's Fair Use FAQ
Then he said two seperate things to the 9/11 committee that just happened to change when he cachinged on his book.
Mind pointing out those two things?
- Honestly Curious.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
Before resorting to foolish hopes I usually consider Fisher's Deduction:
"The more issues a person tries to artificially shoehorn down into a Liberal/Conservative dichotomy, the more certain you can be that the person is an American."
Then consider what percentage of Slashdot posters are from the US. Odds are if an article has any political aspects there will be a number of posters who feel the need to cast it into a false dichotomy. It's exactly this sort of situation that memes like Fisher's deduction were created to help alleviate. Do your part and spread the meme.
Jedidiah.
Craft Beer Programming T-shirts
No, I think it's just that people don't understand computer enough to make informed decisions about them on so many fronts that i'ts all they can do to just stick with what is most popular. I mean, to get people to switch to Linux, we have to start with explaining to most people what Linux is, and given how many times people told me their web browser was something like Word, Windows, or Google back when I was working tech support, I think you're going to find that to be difficult.
Much easier to suggest people switch to the Mac, on many levels. But to get people to seriously consider that, you have to get them to reconsider a whole host of things they've never really thought seriously about, such as:
-I need a fast CPU.
-Macs aren't compatible. (where compatible == 'the Platonic form for compatibility')
-Macs don't run the apps I need. (assume this means Word and a web browser)
-I have to play video games. A lot.
-Viruses are a serious problem for all computers.
-Spyware is a serious problem for all computers.
-Crashing is a serious problem for all computers.
-Constant headaches with system failures, bit rot, and software/hardware installation is a serious problem for all computers.
-Macs are too expensive. - cf.) "I need a fast CPU"
-etc.
Overall, I'd say most of this comes from ignorance born of laziness. I don't believe that it is difficult for most people to understand computers. I think most people are just too lazy to put out the effort to really learn how they work. I mean, Christ, my father - the guy who taught me how to edit config.sys and autoexec.bat files - now regularly calls me up to ask me to install new software (it's still shrink-wrapped when I get there) and how to do simple things once it's installed ("Hey, could you read this manual for me? I'm too lazy to do it myself.").
As a bona fide news junkie, my opinion after watching this guy across many networks for the last several years is that he is most interested in his own reputation. Not by exhibiting stellar ethics or by being correct on the issues, but by gilding the facts to best deflect the personal criticism of the moment.
As far as his statements in S.F. regarding Microsoft's security practices, he has a good point. But said security practices are so bad, someone mentioning it is akin to a toddler informing me that water is wet... it doesn't take a highly developed intellect to come to the conclusion.
Considering Richard Clarke's Clintonesque respect for 'the facts', why would anyone give him a serious ear? Most especially on a topic where he isn't saying something both true and unique from what other people are saying.
The left in America (I'm sorry, the People's Republic of America) seem to love the guy, but for the open minded who desire to learn more about him I submit:
Time Magazine article from 03/2004
Security Focus from 02/2003
The Daily Standard from 03/2004
Ethical men give you the facts like a recording, beware of folks who's version of what they call 'facts' develop over time, especially when they take a self serving direction.
I happen to own a 12" 1 GHz PowerBook running OS X. It happens to start up, load applications, and play World of Warcraft better then my girlfriend's 2.5 GHz HP laptop or my father's similar 2.5 GHz Compaq machine (both running Windows)
But I must just be a dolt thinking I'm getting my money's worth on a machine that seems faster and less buggy from my perspective.
one of the interesting parts was that, "looking back", much of the world had switched to open source software because it was more secure.
pr0n - keeping monitor glass spotless since 1981.
Huh.
Yeah, it couldn't possibly be the fault of the Clinton and Bush administrations.
Good call.
Oh, wait - no - bad call.
I'm not saying he was an angel, I'm just saying that you've leapt to the conclusion that he was to blame, and two politicians who were absolutely detested by opposing sides of the country (Republicans hated Clinton, Democrats hate Bush) were blameless.
It's too bad really. Imagine all of the things that Clarke could have stopped if other people realized that they actually had to work with him.
Education is the silver bullet.
Yes, lied to the senate. Let us all take the time to remember that Rice WAS the chief architect in recruiting Bush in the first place. Not that Wolfowitz had to 'fill the presidents head', Rice had already set forth the way that things were to be, and so it was.
I am amazed that she allowed someone as honest and decent as Richard Clarke to stay around as long as she did. Whenever anyone remembers her, let's remind ourselves that she has an Exon tanker named after her.
"I am a patient boy. I wait I wait I wait. My time is water down the drain..." Fugazi
It is too bad that he waited till he was the FORMER White House blah blah blah cybersecurity dude to say something...
Why didn't he say these things when it counted, not after the fact.
Ah, he disagreed with Bush, he must not have credibility. I get it now! And as a Republican he's a Liberal!
Vote Quimby!
The part where Microsoft greases palms is totally, 100% true.
No, it's not. Microsoft, like every other business in America, lobbies the government. Just like I lobby the government every time I write my Congressman a letter. It's called "representative democracy."
Lobbying the government is, unfortunately, a very inefficient process. There are lots of middle-men whose job it is to collect public opinion and communicate it to the representatives in Washington. These middle-men eat up a lot of money along the way. This is wasteful and disappointing, but it's completely wrong to describe it as "greasing palms."
And more than a dozen (Democratic) senators agree with the grandparent's analysis of what Rice did.
Are you seriously appealing to the authority of the United States Senate? Dude, if you polled the Senate, you'd find three Senators who think that desegregation was a bad thing, five who think nationalized health care is a grand idea, and a dozen more who think Elvis is still alive.
You don't have to be a brain surgeon to familiarize yourself with the events of the day and to be able to distinguish between truth and lies. That's why everybody's held to that standard, see? Because it's just not very hard to do. So when somebody (like, in this case, you yourself) fails that test, the ridicule is so long and so loud.
He left in disgust because the Bush administration is criminally incompetent to protect us, though it will instantly blame people like Clarke for its failures. The administration is very competent at media manipulation and killing the messenger. Look at Clarke's recently declassified 1/25/2001 memo warning Rice about al "Qida". He documented (for internal, secret consumption) the steps taken in the 1990s to stop bin Laden, and the steps necessary to stop him permanently. The month before al Qaeda had been documented as attacking the USS Cole, but even that escalation wasn't enough to keep them on anyone else's radar at Bush HQ. Clarke "covered his ass" because his ass was right, and everyone else ignored him. You're just repeating the neocon spin, blaming Clarke with a smokescreen designed to cover the rest of the "team's" failure to protect us, or even admit we'd failed.
--
make install -not war
A wasteful, but nessasary process. What a lot of /.er's fail to realize is that the industry lobbyiest goal is to educate the various law makers on the policies and their effects. While we may not like the idea that the discussions happen over expensive hunting trips or dinners, the fact remains that people have to educate the law makers. We cann't expect the Congresspeoples to become farmiliar with every aspect of thigns. And most people that know enough to educate a congressperson doesn't have the time, or the energy to make a run down to Washington to talk to law makers. So what happens? Lobbyists go and talk to the Congresspeople and edcuate them. We end up viewing this as "greasing the palms" or as the corruption of American politics. Everyone cannot be an expert at everything. So before anyone complains that lobbyists are completely evil and should be done away with think about your doctor. Your doctor knows medicine and the vast majority of people reading this post don't. You go in because you're sick and you don't know what to do. The doctor takes a look at the symptoms and makes suggestions for treatment. You then decided which treatment would be the best for you. With a congresperson they look at the problem and then defer to people that actually know what is going on. They then take the recommnedations back and decide on what to do.
/. Then a real person can express the general conscencus on such issues as software patents, fair use, the DCMA, and why Star Trek Enterprise (or whatever geek show has just been cancelled) should go back on TV. Just like a phone call is more effective than a letter, a person visit is far more effective than a phone call or a letter.
Now, if greasing the palms is in reference to campaign contributions, there are limitations set on those contributions. But shouldn't business be given the opportunity to express itself and give to a candiate that supports that business's view? Microsoft has thousands of employees, and they represent a special intrest group that has right to express its political agenda. While I disagree with RIAA/MPAA/Microsoft/Evil Empire Corp/etc., these are merely coalitions of people that have an interest to protect. Most of our problems with big business lobbying the government is because our interests disagree with their interests. Man tends to be selfish and wants to protect his self interest.
So before we complain that lobbyists are evil maybe we ought to think that the formations of some special interest groups would be an idea. That was instead of sending a bunch of letters which are read by interns, we can send a lobbyist to express the interests of
The views expressed are mine own and do not express the views of my employer.
He's definitely not a communist, but he is an idiot.
He devoted his time as Terrorism Czar to preventing a Digital Pearl Harbor. And while he worried that the sky was falling, planes were crashing into buildings. He was a perfect example of why you shouldn't let an amateur try to do the job of a professional.
If Bill Gates is smart, he will ignore him the same way that Bill Clinton did.
I'm not trying to spread FUD but I do know that many MS users fall over all kinds of security issues that don't seem to affect non-MS users. And Apache should stand out as a light on the dark claim that MS gets hacked because they are more popular. And a final point: I have yet to come across a Linux distro that does not practically force you to create a user account and warn you against running as root; why doesn't MS do the same -- tell users that they should create a non-admin account and use it for everything except reconfiguring the computer. Further MS should explain in more detail the risks that are associated with running as Admin.
Restore America: Dr. Ron Paul for President!
Clarke was talking in thinly concealed terms about a Windows worm being theoretically put out by America's enemies, resulting in a shift towards open-source operating systems.
I wonder if some of the viruses that cause so much trouble are in fact backed by scumbags like bin Laden -- there have been a lot more dangerous Windows viruses since roundabouts 9/11, it seems to me, so I wonder if that's a function of an increase in terrorism, or just the suckage of Windows XP, which came out October 25, 2001. If 19-year-old Russians, the usual suspects, can do so much damage, imagine what people who will not hesitate at suicide can do -- it is frightening at best.
Communism is a command structure
Huh? In true communism no (wo)man is greater than or lesser than any other. You may be referring to totalitarianism, which exists in both leftist and rightist variants.
What the hell are you talking about? Clarke had been fighting al Qaeda, and Bush demoted him to cyberterror because real terror wasn't important, and Clarke was too threatening to keeping it that way. It talked about the threat of al Qaeda, already well established, and asked for a meeting of the administration people to start specific actions aimed at stopping al Qaeda, rather than waiting for more threats. That request was ignored. And we were attacked, very specifically.
I didn't even mention anything that has to be "believed" about "Bush". You are an obvious, and sickly typical, Bush worshipper, who is so partisan that you come up with an attempt at an insult by calling me "progressive".
"No specific threats"... "terrorism sponsors like Iraq"... "disgruntled former employee"... NO ONE BELIEVES THAT BULLSHIT. Even Rice looks guiltier than Kissinger when she squeezes that crap out. Don't waste our time here with the talking points that lead to nowhere.
--
make install -not war
Under Clinton, we had one successful Al Qaeda Attack, which was the first one (and the first on the WTC) on our soil. It is known that there no less than 6 others (and possibly more), that was successfully stopped. One of the better well known, was for Y2K, over 300 FBI agents were sent to Seattle. It was to stop Al Qaeda. From what I have heard, it was the nearly the same Richard Clarke, CIA, NSA, and FBI that stopped this one, but failed just several years later. I am curious as to what you attribute this failure to? You really think that these groups under clinton did so well, but just hated GWB that they allowed this to happen? Likewise, many of these same people came out against GWB after 911 and said that he was ignoring everything that they were trying to do? If george tenet and richard clarke were so inept, we did GWB award them the medal of freedom?
Ummm, he was Counterterrorism Czar. In other words, he was in a position to represent the executive branch, and the executive branch had failed the public in the months leading up to 9/11. That's why he felt the obligation to apologize.
It's comments like this that remind us non-Americans just how far politics in the US is skewed to the right...
"Of course you can't get online in the first place without an approved operating system"
From a geeks perspective I'd look upon this as a challenge. In particular would it be possible to create a Pirate Internet, along the lines of Pirate Radio. Use unregulated wireless and create a mesh network that covers the U.S., and links to the rest of the Internet through Canada and Mexico, or maybe shortwave. Would it be possible to create a alternate network for everyone that opts out of trusted computing and corporate and government control of their computers and the network.
To the extent that radio has turned totaly corporate and boring, I find college radio to often be much more interesting and I suspect pirate radio would be to if I could find some in the area. Would the same be true of the the pirate internet. Would all the really interesting and bold stuff move there and today's Internet would continue down the road to sterile corprate websites and subscription only content.
Another interesting question is if the U.S. tried to unilaterally force trusted computed would the rest of the world follow. I suspect not. I could see China going for trusted computing but only if their government controlled it and not Microsoft, Intel and the U.S. If the U.S. had one brand of trusted computing and China another the Internet would fragment and stop being the internet.
Its also possible the U.S. would try to force trusted computing and the rest of the world would just ignore it leading to two outcomes:
- The rest of the world ignores it, it fails and the U.S. ignores it too
- The rest of the world ignores it, the U.S. clings to it and uses oppressive government regulation to inflict it within its borders, and the U.S. would turn in to a black hole in the internet. The rest of the world would ignore it and potentially block U.S. access to the rest of the world in retaliation. I'm wondering if instead of economic sanctions in a future world we might see internet sanctions where a rogue nation is shut out of the rest of the world's Internet as a form of punishment for bad behavior.
In the later scenario could a Pirate Internet spring up in the U.S. and continue to connect to the rest of the world's Internet in defiance of government attempts to suppress it. It would be pretty hard especially when the FCC sends trucks, full of armed goons, around the country hunting down wireless network nodes. A pirate internet would need a lot of redundancy and nodes that are relatively elusive and transient.
@de_machina