Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft vs. Computer Security

Posted by Zonk on from the looking-for-the-right-tactic dept.

ArieKremen writes "The Slate has a piece written for the average user attempting to explain why Windows is `still` grappling with security issues. Although Gates made security and privacy top priority four years ago, not much progress has been made." From the article: "Microsoft customers haven't stopped worrying. A year later, Windows was hit with several nasty worms, including Slammer, Sobig, and Blaster. The viruses caused major traffic bottlenecks throughout the world, which cost tens of billions of dollars to clean up. Vulnerabilities deemed 'critical' have forced the company to release an almost unending stream of patches and fixes to the Windows operating system, Microsoft Office, and Internet Explorer." An interesting look at the whole issue.

3 of 439 comments (clear)

  1. Security is damn hard.. by Ckwop · · Score: 5, Informative

    Computer security will get worse before it gets better. It's the second hardest problem in computing, coming second only to DRM; which is provely impossible to do properly.

    The problem comes from many quaters: some theortical, some practical, some managerial. For example:

    1. We know that it is possible to write secure code in any language and we also know it is possible to write insecure code in any language.
    2. We know that people are generally more prepared to pay for features than security but features are the enemy of security. The more features you have, the more code-paths you have and the more chance that you have a defect in any one of those paths.
    3. We know that schedule pressure leads to crappy code and crappy code breeds insecurity.
    4. We know that the attacker only needs to find one attack that works. We have to defend against all attacks..

    I could go on for quite sometime.. the point to appreciate here is that it isn't all Microsoft's fault but they could do a whole lot more. If we could just get rid of the overflows that would be a good start!

    Simon

  2. Re:It's no secret... by toadlife · · Score: 5, Informative

    "That's the big problem with many of the Microsoft glitches. They're not limited to the vulnerable Microsoft application. The vulnerable app provides a gateway for compromising the whole PC."

    I would like to know where everyone heard this crap, and why they keep repeating it vebatim., because it's a bunch of bullshit. Flaws in Microsoft products have no greater danger than equivalent flaws in any other Windows application.

    A remote code execution flaw in IE executes code with the users rights, and therefore gets access to what the user has access too.

    A remote code execution flaw in Firefox executes code with the users rights, and therefore gets access to what the user has access too

    There is no special conduit that Microsoft apps have to the windows kernel or any other windows system object.

    If you browse the web using firefox while running as administrator and you get hit with an exploit that exploit will have full access to your system.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  3. Re:It's no secret... by pete-classic · · Score: 5, Informative

    Microsoft has a long history of secret APIs used only by their applications. I remember some sort of hubbub about this around '94 when they were taking over the office suite market.

    More recently the DOJ at least accused Microsoft of using secret APIs in support of IE, Messenger, Media Player, and Outlook Express.

    I don't necessarily think that you are wrong, but the situation is certainly not as cut-and-dried as you seem to think it is.

    -Peter