Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Most Successful Failure

Posted by Zonk on from the win-some-lose-some dept.

m4dm4n writes "As we near the end of mainstream support of Win2k The Register looks back at what it has achieved. What was meant to be Microsoft's most secure OS ever turned into a disaster. Worm after worm changed the face of internet security in Win2k's first 2 years. Five years down the line the battle is far from won, but the improvements are dramatic." From the article: "Things were different in the year 2000. Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal. We made it past January 1st, and then it was time to move on. Windows 2000 came out that first quarter, just as security was becoming more interesting to more people -- and Windows was a good place to start. It was also seemed to be the start of a new breed of Windows hackers."

29 of 354 comments (clear)

  1. Learning Experience by strongmace · · Score: 4, Insightful

    If only I could make as much money from my mistakes as Microsoft does from its learning experiences.

    --
    "If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
    1. Re:Learning Experience by toddestan · · Score: 4, Insightful

      Many people did not *want* to upgrade to Windows 2000, but had little choice due to the lack of other options.

      Windows 2000 is one of the rare times in the Microsoft world when you actually want to upgrade due to it actually being a clearly superior product than its predecessors. There is no question that Windows 2000 is a better OS than any of the Dos-based ones. It's also more stable and easier to install than NT4, and has better driver support, plus it adds some of the nice touches introduced with Windows 98. This is completely unlike the Windows 2000->XP "upgrade", or the essentially identical last 4 versions of Office.

    2. Re:Learning Experience by NanoGator · · Score: 3, Interesting

      " Step 1: Build a monopoly for a required commodity"

      You can't build a monopoly without producing something a lot of people will come along and buy.

      --
      "Derp de derp."
  2. say what you want... by msh104 · · Score: 5, Interesting

    but atleast it didn't took me 4 years to get my printer up and running... all in all I am very happy with linux, but why does it always have to be win=bad lin=good everywhere.

    1. Re:say what you want... by KoReE · · Score: 4, Insightful

      It's because of Star Wars. Everyone wants a guy with a red lightsaber, and a guy with a blue lightsaber. Gates has been handed the red one, and Linus the blue one. It's really quite dumb.

      I'm a big fan of the "best tool for the job". I like Windows for a desktop, Linux for a server environment...but Windows server environment is improving. I still think it sucks, but it's improving....

      --
      Instant Karma's gonna get you...
    2. Re:say what you want... by Anonymous Coward · · Score: 3, Funny

      On this website, I read posts by quite a few people complaining about GNU/Linux bias. Doesn't that mean there are enough of the so-called "non-biased" readers that your complaints are almost null and void? Maybe we need some real statistics here?

      Are you a biased pro-GNU/Linux reader?
      A. Yes.
      B. No.
      C. I'm a troll.

  3. 2k was excellent except for one thing.... by zanderredux · · Score: 3, Insightful
    ... IIS and those stupid ActiveX controls that bridged Office docs into a web page.

    Users (including the usual PHBs) got used to that paradigm and now do not value a proper web server setup!

    And people think something does not work when a link points to "C:\Dave\Projects\budget.xls" does not work on their computers!

    1. Re:2k was excellent except for one thing.... by TheRealMindChild · · Score: 4, Interesting

      A slightly off-topic comment, that I feel I have to make to someone somewhere...

      My boss and I were talking a week or so back, and we were talking about taking a bunch of our libraries and somehow making them into something we can use everywhere. Now realize that we, unfortunatly, have about 200 applications to maintain, across Visual Basic, Delphi, Java, C++ in many flavors (Borland and MS are the majority) and a slew of other crap, including some VB scripts.

      Now, obviously, a plain DLL isn't going to cut it... VB would be a pain in the arse to translate all of the declares to, and Java would need something similar to use a native library.

      This IS where ActiveX control/libraries come in. And thanks to even automation, I can EVEN use said libraries in the windows scripts via a magical CreateObject.

      The nightmare of using ActiveX controls on a webpage shouldnt blur the actual usefulness of the technology possibly elsewhere.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    2. Re:2k was excellent except for one thing.... by metlin · · Score: 3, Interesting

      I agree.

      Most people who bash ActiveX controls haven't really been in enterprise development environments where they have used them.

      While their security aspect is a bad thing, they're quite useful in their own way.

  4. MetaEditing? by bc90021 · · Score: 4, Funny

    So we've got a Slashdot palgiarism of two paragraphs of a Security Focus story that was posted on The Register. Is this like "meta-editing" or something?

    --
    libertarianswag.com
  5. Failure -- A bit harsh? by Blahbooboo3 · · Score: 5, Interesting

    I won't make an arguement about security problems in Win2k, since the article is correct. However, I will say that I think Windows 2000 is the best MS OS to yet come out. The GUI is far better then XP (IMHO), has support for all the latest "bells and whistles", and it is FASTER than the equivalent XP machine.

    1. Re:Failure -- A bit harsh? by zbuffered · · Score: 4, Informative

      Turn off the Themes service, Automatic Updates service, Error Reporting service, Help and Support service, Windows Firewall... Pretty soon you'll be getting near win2k memory loads, and your XP box will look pretty good. I once would have agreed with you -- I resisted the 2000 -> XP conversion for quite some time, but I have adequate resources and XP runs like a champ for me.

      --
      Synergy is your friend
  6. Pardon me, but weren't most of the worm issues in by Assmasher · · Score: 3, Insightful

    ...2000-2003 the fault of applications which happened to run on 2000? I'm not too familiar with 'OS worms'... IIS and SQL worms, oh yeah, lots of those; but, those aren't Windows 2000.

    --
    Loading...
  7. Re:Pardon me, but weren't most of the worm issues by OhPlz · · Score: 5, Informative

    IIS and the repeatedly exploited index server were distributed with Win2000. The RPC port exploit was also a Win2000 issue.

    I think it's a shame that they're twilighting the support for the OS. I still use it and have no real reason to upgrade to XP. I tend to wonder if the only "big deal" with XP is that it included a software firewall.

  8. Win2k, a failure? by JeffTL · · Score: 5, Interesting

    I can't see how you can honestly call Windows 2000 a failure -- Microsoft didn't spend more making it than they made off of it, and it was actually (in my experience, at least) more reliable than XP.

  9. It was successfull, kind of... by adolfojp · · Score: 5, Interesting

    I was the first STABLE windows platform that could handle multimedia apps.

    Security became a joke, but stability was superb.

    It was a gigantic leap from the 9x series.

    Cheers,

    Adolfo

  10. Oh for one last time..... by Boss,+Pointy+Haired · · Score: 4, Insightful

    Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal.

    It was a big deal. Lot's of us here worked very hard to make sure that nothing bad happened and this really gets to me when people throw around the opinion that it was all a fuss over nothing.

    Get a clue.

    1. Re:Oh for one last time..... by Chris+Burke · · Score: 4, Insightful

      Absolutely, and it's all an after effect of the way it was presented in the media.

      It's kinda like there's a big office building on fire downtown. The news reporter is standing in front of the blaze, speaking in a calm voice layed thinly over barely-contained hysterics: "As you can see behind me, the fire continues to burn! If left unchecked, this fire could spread to nearby buildings, and from there continue to spread, until eventually the entire metropolitan area is burned to the ground. From there, who knows how far it could spread! Civilization itself hangs in the balance! Flee, flee for your lives! And buy duct tape!" Meanwhile, fire fighters work like hell to put out the fire, and it eventually dies. The next day everyone is wondering what the hell the big deal was and what they are going to do with all the duct tape they bought. Feeling gullible and duped, they forget that there really could have been a disaster if the fire fighters had just sat on their thumbs watching the building burn...

      --

      The enemies of Democracy are
  11. Win 2000, a worthy OS by Anonymous Coward · · Score: 3, Insightful

    Flame all you want, but Windows 2000 was a much improved OS over Windows NT as well as significantly better as a desktop OS than unix/linux was at the time.

    Windows 2000 is the high water mark in increasing feature creep for MS operating systems.

    Future systems, especially on the server side will be significantly easier and simpler.

    MS has learned that combining a large number of different recently written technology together causes more problems that it is worth.

    I look to see MS developing much simpler desktop and server operating systems with a focus on security, ease of use, ease of administration, and TCO.

    I also look to see MS taking BSD licensed code and using it as the basis for future OS versions and/or subsystems.

    MS is also leveraging future development by making the API, languages, and dev tools easier to use (C#, .NET, ASP, .NET Framework - instead of straight win32 api).

  12. Microsoft's Most Successful Failure by ArielMT · · Score: 3, Insightful

    Microsoft Bob! Oh, wait. Successful failure... hmm... Ah! Windows Millennium Edition (ME), without a doubt! This insecure, rushed, overhyped, bug-ridden excuse for an operating system should've gone the way of Bob and New Coke even before it was officially released.

    --
    It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
  13. Even more "successful" failures by jmulvey · · Score: 3, Insightful

    One word: Solaris.

    How's that NIS treating you for security?
    Kernel "user/group/world" security should be enough for anybody.

    You guys need to realize that you can't have credibility without objectivity. You would have a lot more success convincing people to switch to Linux if you didn't come across as zealots all the time.

  14. A Failure? by 4of12 · · Score: 3, Insightful

    I'm a fervent Linux fan, but I'm also logical.

    Win2K was by far much better than Microsoft's earlier OS offerings in terms of reliability and security.

    It's like they finally realized that desktop PC monopoly didn't get them a free pass into the mainframe and server market. Realizing that, they actually produced a credible OS that wouldn't get themselves laughed at. MS has intelligent people that can do a great job (if they're not tasked with creating obstacles and artificial cross-ties in the company's product lines.) Like they did with IE before the Netscape threat was effectively vanquished.

    Win2K will be humming along for many years to come.

    --
    "Provided by the management for your protection."
  15. How can you knock Windows 2000? by zbuffered · · Score: 3, Insightful

    Think about what Win2k gave us! Plug and Play, protected memory (when apps crash, the OS survives), NTFS, and USB support. All these things were necessary to help the OS do more for the end-user. Not to mention Active Directory, and Group Policies! All good stuff for Windows users. As for security issues, windows update is a much better solution than what we had with previous OSes. So what Windows 2000 did is integrated everything good about NT and 98. Yes, there were security vulnerabilities in IIS. A lot of websites got broken into. Waah.

    --
    Synergy is your friend
  16. Was it Win2K, or IE/OE? by Frangible · · Score: 3, Insightful

    IIRC, Win2K didn't have too many vulnerabilities, mostly they were just in IE and Outlook Express. All the more reason to run Firefox and Thunderbird even today, as it seems exploits for IE/OE keep cropping up.

  17. Re:where would we be.... by AKAImBatman · · Score: 4, Interesting

    just imagine if the nature of the stack wouldn't allow [buffer overruns]. If some kind of mechanism beside a simple jump had been used. Like registering an address in the CPU via an instruction and then calling that jump.

    Would it annoy you to no end if I explained that you've just described the segmented memory model that has been available on the 386 and up since 1986? It just so happens that today's "Modern OSes" (right load of bull that is) map only two memory segments, then completely ignore the GDT, LDT, and TSS after that? It is, of course, done all in the name of "Performance", the mini-god for which many a programmer has sacrificed his first born for, but has never actually managed to show that this "performance" was worth it.

    <sarcasm>But wait, we must claim that Java is slow in order to appease this mini-god! </sarcasm>

    --
    Javascript + Nintendo DSi = DSiCade
  18. That whole story is a myth by The+Cookie+Monster · · Score: 3, Interesting

    They've got security confused with reliability.

    Before Win2k, reliability was what everybody complained about, blue screens of death, constant crashing, runing out of resources, that sort of thing.

    Microsoft listened, claimed reliability was their priority, and eventually released Win2k which fixed all of those problems. Win2k has crashed on me all of 3 times while using it both at work and at home for nearly five years, twice due to worn out CPU fans, and once due to hard drive failure. So while my experience is anecdotal I must say Win2k was an incredible success - more than I thought was possible from that company, it certainly changed my view of Microsoft.

    Fast forward a few years (2002 - 2003ish), BSODs are now a thing of the past, leaving the increasing viruses and malware as the #1 headache on Windows.

    Microsoft listens, claims security is now their #1 priority...

    Will their security push be as effective as their stability push? only time will tell, but after the magic they worked with Win2k I'm no longer putting it above them.

    Personally I care little, Windows boxes I've had connected to the internet for years without a virus checker are still clean. It appears Windows viruses so far have been limited to inexperienced users and boxes that aren't behind a proper firewall.

  19. Warning by geekee · · Score: 4, Funny

    parent post severely affected by Linux reality distortion field.

    --
    Vote for Pedro
  20. Lol took them long enough to "get concerned" by Stumbles · · Score: 3, Insightful
    just as security was becoming more interesting to more people

    You mean more interesting to Window users. Other operating systems have always been concerned about security

    --
    My karma is not a Chameleon.
  21. "More innocent times" .. yeah right by dustmite · · Score: 4, Insightful

    Article is pure MS propaganda.

    - They're trying to divert attention away from all the security problems that XP has had. XP is BY FAR the "biggest disaster" of any OS in the history of humankind when it comes to security. Something like 25% of XP boxes are still to this day infected zombie machines. Typical time-to-infection of any pre-SP2 XP system hooked up to the Net was something in the order of seconds or minutes. But wait, let's rewrite history by claiming that 2K was far worse, so that people think don't XP was so bad in retrospect, and that people think MS were already improving their security between 2K and XP.

    - They're trying to pretend, yet again, that 2K and XP were written in "more innocent times" when "security problems" were unknown - so that the public is tricked into thinking that their shocking neglect of security was somehow excusable. Spin, spin, spin. All of today's security problems were very well-known by any IT professional even by the 80's; even Java in the 90's touted security over and over as one of its major selling points, and when started pushing their ActiveX-based "trust" model in response ('hey, we have an object model, let's just pretend it's secure and market it heavily') anyone who knew anything was already warning that that was going to be a disaster.

    Microsoft knew that security was going to get this bad, but they ignored it in favour of pushing for better time to market to be ready for upgrade cycles and attrition sales.