Slashdot Mirror
Microsoft Says "War on Terror" is Overblown
SlinkySausage writes "The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley. He made the comments in a talk at day one of Tech.Ed Australia about software security. Riley also fessed up that Microsoft cocked up XP from a security perspective. "We let you down with XP," he said.
Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised."
Or think Crossover: http://www.codeweavers.com/products/
-- lol pwned
-b.
Microsoft didn't issue a press release, one guy voiced his opinion.
SoftGrid isn't new, nor is it a particularly close relative of WINE as some Linux enthusiasts suggest. It was a Microsoft acquisition, the former product name being Softricity. It's not just virtualization, it's packaging, so a single file, streamed from a server as needed, encompasses the program and all of its settings, creating a layer over the regular file system, registry, etc. with copy on write functionality; if the program tries to change the host OS in any way, it just adds to the shell of program specific settings within the single packaging file. Extremely handy for network admins who need to distribute programs, and want the performance of local apps (once the whole package is streamed, it runs locally, with the streaming order prioritized based on what the user is doing), but want the simplified administration of centralized programs with standardized configuration.
He's giving a lecture called:
Making the Tradeoff: Be Secure or Get Work Done.
With reasonable design choices, I get both. With sftp and konqueror, I can transfer files without worry. With real user and process separation, I can do a lot of other things without fear. If he's forced to chose between security and convenience, his system offers neither.
Friends don't help friends install M$ junk.
I would suggest using automobile accidents in the US as well, since it only takes about three-four weeks of US automobile fatalities (~45,000/year) to equal one 9/11.Hear! Hear!
Regards,
Ross
There already exist Windows software for virtualising applications; these are called sandboxing applications. Sandboxie is a great example. Sandboxie is gratis, but you are encouraged to register/pay. Only drawback with Sandboxie is that it isn't Open Source - although I seriously doubt that "SoftGrid" will be Open Source either...
SIG: TAKE OFF EVERY 'CAPTAIN'!!
I saw a chart on digg a while back that your comment reminded me of. Here is the link. It isn't 100% accurate, but it does a great job of illustrating the point.
http://stpeteforpeace.org/real.threat.html
I just wish people would listen to reason when it comes to all of this.
You're talking about Windows XP SP2, which was a huge leap forward for security. Before the service packs, XP was pretty bad, security-wise. It had a firewall, but it was disabled by default (IIRC). It didn't have any sort of monitoring of whether you were running a firewall/antivirus/antispyware program, that was added later.
So I guess the point is that Windows XP failed at security, and Service Pack 2 was Microsoft repairing some of the problems with the stock OS.
Comment of the year
First, ignore all the comments pointing out that WINE stands for WINE Is Not an Emulator. You're using "emulate" in a different sense than the WINE acronym is. By "WINE Is Not an Emulator" it means exactly your point: WINE does not emulate a physical machine - or, in other words, virtualize the process. WINE implements a compatible version of the Windows API, but it does not create a virtual machine. It's best called a compatibility layer or something like that.
Cygwin does something similar under Windows for UNIX. It emulates a UNIX environment under Windows, mapping standard UNIX calls to Windows equivalents. WINE does the same in reverse - it maps standard Windows calls to UNIX equivalents. (Pedantic note: I know I'm misusing the term UNIX. Someone else can come up with better terms.)
In any case, WINE is not a virtualization approach. A Windows program run through WINE is executed directly by the hardware the OS is running on. WINE simply provides a loader that can load and execute EXE and DLL programs, along with compatible implementations of Windows API.
Short answer: you're right. WINE is not virtualization.
You are in a maze of twisty little relative jumps, all alike.
Sorry, but did you just say you can have something be both secure and convenient? I'd love to see an implementation like that because it's never been done in the history of all things.
Not so fast. When was the last time you locked the bathroom door?
What is your source for this comment?
"Here in the US, in *most* (but not all) places, homosexuality is illegal. It's a technical matter that no one is ever prosecuted on, of course, but that doesn't make it legal -- there are sodomy laws all over the books here."
Because, despite the fact that you claim it as so, it is not so.
Those laws that you think make being homosexual illegal were declared unconstitutional. Four years ago.
http://www.cnn.com/2003/LAW/06/26/scotus.sodomy/
The rest of your post is just as ignorant, but the part about honor killing was especially grievous. Simply put, you don't know what the fuck you're talking about.
http://en.wikipedia.org/wiki/Honor_killings
A woman can be killed because she was raped, and in allowing herself to be raped, dishonored the family. It takes a a special kind of ignorant to equate that with capital punishment in the US.
I only go to buffets for the unlimited soft serve.
In the command prompt, type "runas /user:username program".
The hardest thing to do as an unprivileged user is to change your monitor power settings. The effects of this setting is VERY visible to the user, and very annoying if it is not set correctly. It gets more annoying when you can't change the settings, because you don't have high enough privileges.
So, you log out, and then login as an administrator, make the change to the power settings, log off and then log back in as your unprivileged user only to find out that the changes that you just made as an administrator only affect the administrator's user profile.
Sigh.
OK, Logout, login as administrator, grant your unprivileged user rights so he can change the power settings, logout, login as your new super user, change the power settings, remove the privileges so you are an unprivileged user again, log out, and then login as the unprivileged user once again.
Thankfully, there are ways to deal with this.
Please do remember that the United States and the "coalition" killed over a hundred thousand civilians in Iraq under the "shock and awe" doctrine of blowing everything and everyone up who were in our way.
Iraq had thirty million people. One tenth the US population. So to keep the perspective correct here, it would be as though Iraq had invaded the US and killed a million people. A. Million. People.
We've no moral cover. No place of dignity. We committed an act of terrorism that killed over a hundred thousand outright and have killed many tens of thousands more, destroyed their economy, stole whatever assets were worth anything, imprisoned and even tortured thousands more for looking at us funny, and wave the flag of righteous war against the 19 pipsqueaks armed with Home Depot box cutters. And it was all for a lie, the lie that the possessor of all that Asian-bound oil was somehow involved in the 9-11 crime. And they STILL tell the lie.
Our terrorism still goes on as the former peaceful nation devolves into the island of the Lord of the Flies as we look on, spitting on their unstable 'religious insanity' as though we had nothing to do with letting the demons of the mind loose on an innocent people. Any nation tortured to death as the Iraqis have been will devolve into savagery. And we did it.
Yes, but on Unix, user accounts generally aren't given administrator access, and on many "modern" distributions, you use "sudo" instead of "su", which makes it virtually impossible to accidentally give an application admin-level privileges, as you've got to explicitly call it for every root-level process that you execute.
The absolute worst you can do is to trash your user account. It's not pleasant, but it's a hell of a lot better than infecting your entire system.
This functionality is hypothetically available in Windows, but is often overlooked (and I believe the 'Run As User' context menu item is turned off by default). Therefore, for the sake of convenience, Windows users (and their processes) are more often than not given Administrator access. This way, every exploit is a root-level exploit.
-- If you try to fail and succeed, which have you done? - Uli's moose