Slashdot Mirror
Microsoft Says "War on Terror" is Overblown
SlinkySausage writes "The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley. He made the comments in a talk at day one of Tech.Ed Australia about software security. Riley also fessed up that Microsoft cocked up XP from a security perspective. "We let you down with XP," he said.
Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised."
In the United Kingdom we lost fifty or so people in the carnage of bombings last-year, in the United States you lost four or so thousand.
I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective. In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed in gun accidents per year than 9/11.
Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true. This stuff is right in the noise level of the threats we encounter each day. It's dramatic when we see some idiots attempt to blow a car up at Glasgow airport but in terms of actual risk, these people are up there with being struck by lightning or having a bad reaction to asprin.
So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.
It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield in the face our adversity. We held our resolve!
And we should hold our resolve now. In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously. We should not give a shred of our liberty to these people - they are pathetic and worthless; you only need to look at the Glasgow "terrorist" attack to see this for yourselves.
Simon
They say this now, when there is Vista to buy. It's just part of Microsofts standard strategy... Release new operating system, try and make the old one look bad.
Open Your Mind. Open Your Source.
Or think 'operating system.' That's what an operating system does. It virtualises the computer's resources and multiplexes them for applications. It multiplexes memory and gives each process its own address space. It multiplexes disk and gives each process its own virtual disks (files). It (or a userspace delegate) multiplexes video and gives each process its own virtual screen (a window or virtual terminal). It multiplexes the speakers and gives each application its own sound device (a virtual channel). It multiplexes input devices and switches them between apps.
Everything old is new again.
I am TheRaven on Soylent News
Uh... on a real operating system that's called a "process". The only reason they need to think in these terms at all is because there is so much broken design in the basic OS. If everything wasn't welded inextricably from everything else, apps wouldn't take down other apps, nor the system when they misbehave, and you wouldn't need to "virtualize just the app! OMG! What a concept!"
Here's a little concept I've been working on. Why don't we use a real OS?
If you mod me down, I shall become more powerful than you could possibly imagine.
Consider what we COULD be doing with the money spent on this.
The Cold War ended. The world was as close to Peace as it has ever been. We could have been investing in so many things to help the human race as a whole.
Instead we're spending trillions of dollars "fighting" a few thousand nutcases who can't do any more damage to the world than we do to ourselves, every year, in traffic accidents.
It's large-scale immigration from countries that don't share British or American values. Both countries are taking in a lot of immigrants who don't want to integrate. That poses future problems for the culture in our respective countries. Even more so in Britain where it is primarily people from Islamic countries who are convinced that British culture can go to hell as far as they're concerned.
With immigration, we have too much of a good thing. Immigration is good, but only when it is limited to people who actually want to **abandon** their old culture in favor of the new one. Multiculturalism is bullshit. If you like the way it was done back home, then stay there.
The security craze has also been a vehicle for agendas that actually are about security, except it's overreaching, excessive, broken, and dysfunctional security for intellectual property owners against MS's customers. Defective by design "security" both for MS themselves (Windows Genuine Advantage), and for the entertainment industry. Any mention of Vista's shortcomings alongside the bit about XP being a security letdown?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
"It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem , bizarre as it may sound, it might not actually be worth it."
Hmmmm.... Maybe Microsoft really does understand why I refuse to intsall Vista on my network.
WINE?
Uhh, I thought we were already virtualizing applications with "http://www.winehq.org/"
I killed da wabbit -Elmer Fudd
Agreed.
Moreover, if one machine goes down due to security vulnerabilities, and it has my social security number on it...
+5, Truth
I love that false choice. If you have to chose between the two, you don't have either.
Friends don't help friends install M$ junk.
But now we have something *new* that fixes all those problems! Really! So hand us more money, now!
Chris Mattern
Vista is not selling, so XP must be killed. They do this with every OS, so you might as well imagine that it's 2011 and Win9 is out and they let you down with Vista.
Friends don't help friends install M$ junk.
Do you not understand the concept of a "slippery slope"?
Do you not realize that treating our fellow citizens with such severe suspicion causes much more damage than the "1/2 hour of lost time"?
The terrorists did not win at the moment the planes hit the buildings, the terrorists only won when Bush announced his war on terror and we sent troops over to Iraq. They continue winning each time someone takes off a shoe because "ooooo, if we don't do this, I might get bombed out of the sky!!!!!"
DON'T ignore the pattern of government abuses! Don't trivialize what's happening. Riley hits the nail on the head when he points out that cost is unaccountably high, and benefit is un-measurably low. Just say no!
"We think people rightly feel that once they buy something, it stays bought," --Suw Charman, Open Rights Grp
When I can't buy certain products because they are now placed on restriction lists, can't read certain materials because they will place me on a terror watch list and my child's education is stifled because once common knowledge is now classified as sensitive state secrets then yeah, my rights have been violated and I notice it.
People might get the wrong impression that I think all Muslims are murdering terrorists. Not so. There a lots of them who find the actions of the extremists repugnant. The problem is we rarely, if ever, here from them. Print a comic "insulting Mohammad" and there is rioting in the streets. An Islamic extremist murders a bunch of children and the silence is deafening. This MUST change.
-- Will program for bandwidth
How many AVERAGE Americans actually feel that the changes to security have affected them at all?
They have affected the ratio between the tax I pay and the government service I get in return.
I am paying extra taxes for things which benefit nobody.
That TSA screener may not be inconveniencing me that much, but the pothole he's not fixing because he wasn't hired as a construction worker instead may be.
Oh, wait.
It's Microsoft.
Question answered.
It's legal? Well goody then. It's a good thing our great society has invented this thing called law so we can do away with annoying things like "morality", "ethics" and "values".
I hate printers.
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
Since when did failure become a path to success?
Ever since scientific thinking birthed our enlightenment.
Now security and functionality can be achieved but make no mistake, security is not convenient, always has, and always will take a lot of work to maintain both in the physical world and in the electronic one. [several false analogies follow]
Like liberty, security is always easier than the alternative. A free and secure system works for me rather than the other way around.
With software, however, it's the programmer that has to put forth the effort, not the user and these don't have to turn up in the interface. When programmers share that effort, like they do with free software, the individual's work load is greatly reduced. It takes me less effort to use a nice free browser on a free system than it does for me to repair an insecure non free system because it's browser has gaping problems.
The kind of "security" M$ has to offer is little more than inconvenience designed to make the user think everything is their fault.
Friends don't help friends install M$ junk.
If someone comes into a country with the intent of murdering large numbers of its citizens, they should really expect to be well treated. Yeah.
Not to mention...
As Microsoft always does, now that the NEW version is out, they have suddenly become aware and willing to talk openly about how miserable a failure the OLD version was.
Microsoft continues to go to the bank on the basis of "You CAN fool MOST of the people ALL of the time."
How much longer will this formula work for them?
"Run As" is no solution at all. It is the Windows version of sudo, which is fine for things that SHOULD REQUIRE admin access.
But why should I require admin access to change file associations? Or to install a print driver?
"Run As" is just a crutch around poor design.
How much longer will this formula work for them?
3027 A.D.
"But this one goes to 11!"
If someone comes into a country and is falsely accused of having the intent of murdering large numbers of its citizens, they should really expect to have due process. You act like we can read peoples minds, and we never make mistakes.
Give me Classic Slashdot or give me death!
Ten years ago, this would be a really exciting development. Too bad that now, when MS talks about "security", they mean "DRM"... I don't care if I was "let down" with XP, I'm sticking with it into the forseeable future, because at least I know that XP isn't wasting CPU cycles to cripple my content on my computer.
Fuck Vista.
Dear Nannystate,
Please ban the sale and manufacture of foods larger than 1 centimeter in size. We could die!
Thanks,
The United Sheep of America
P.S.: This is urgent!! People are dying as we discuss this!
Buckle your ROFL belt, we're in for some LOLs.
That's why I said your solution cuts the password problem in half. If I use "Run As..." (which I did not know about, so thanks for the information), I don't have to log off, but I still have to enter my admin password repeatedly (which is about equivalent effort to "logging on"). I'm not trying to change the story, just highlight the relevant part. In your initial response, you ignored the most important part of my complaint: that the Windows privilege system seems arbitrary and interferes far too much with a user who's just trying to go about their daily business. By contrast, I very rarely resort to sudo or su on my desktop at home (though I do use sudo a lot on machines where my function is basically administration).
So yeah, maybe people who are more familiar with Windows know ways to make it more livable, but I work with a lot of serious hardcore Windows vets, and they all use admin accounts as their main logon. By contrast, only one guy here regularly gets a root shell on unix (and the rest of us strongly disapprove).
I'm awake! The answer is BONK!
I'm not an actor, but I play one on TV...
Microsoft's problems have largely lied in their management for the past 10 years or so.
/var/www, and is restricted from doing *anything else* at a very low level in the operating system. Windows apps tend to be able to do whatever the hell they want.
Whenever the management makes one big push, as was done with Vista, things get screwed up horribly. You'd better believe that Microsoft has some very smart people working for them that know a thing or two about security.
The underpinnings of Windows that kept it compatible with old software have made it inherently insecure, and every tiny bug can result in a system-wide breach thanks to the fact that until recently, it was the standard procedure to run every process with unlimited credentials (and most software was written with this assumption in mind)
On my Linux box, Apache runs under its own account that has the permission to serve web pages in
The decision to maintain backward compatibility was most definitely made by upper-management, and the security repercussions were almost definitely brought to their attention at some point. It's not at all surprising that there are factions in Microsoft that disagree with this decision
-- If you try to fail and succeed, which have you done? - Uli's moose
Well, you might be understating things a little bit.
No, there isn't going to be a Muslim army that lands on the beaches and "takes over" the USA. That is silly.
However, we are seeing court decisions implementing Sharia law in Germany for Muslims. What do you think it would take for this to happen in the USA? How far away are we actually from allowing Muslim men to beat their wives with impunity? Would you not call "taking over" our laws?
How about the idea of people having Driver's License pictures taken while wearing a mask? Well, some states now allow fully covered (hajib) women photographed.
How about cab drivers that refuse to take unclean animals (guide dogs) or transport banned beverages (alcholic)? Yes, there is right now a fight over this in several cities.
No, the Muslim army isn't landing anytime soon, but you can start to see evidence that the USA is making over its laws and customs to be more in line with Muslim beliefs.
Virtual machines per application?
So next they will want to save RAM and speed things up with pass-thru hooks like what is already done with the virtual network interfaces but taken to the next level... It seems like a bad progression towards an actually working OS... How about we get the OS to WORK with the memory protection and better manage abstracted hardware??
Am I the only one who sees virtual machines as a solution to problems that mostly shouldn't exist or at least not to the severity that one would seriously consider that a solution?
Democracy Now! - uncensored, anti-establishment news
Muslims have jobs, families, hobbies, STUFF TO DO. Like everybody else.
How about you just assume that your run-of-the-mill Abdullah is outraged and shocked by anything that shocks your run-of-the-mill john doe?
I don't feel guilty anytime a white person kills children and I feel no need to write letters to the editor condemning their actions or going out in the streets chanting "STOP KILLING THE CHILDREN!".
You have to stop thinking of muslims as some sort of borg collective that has decided to remain quiet about the actions of a statistically insignificant amount of crazies.
By your standards, the U.S citizens that elected, re-elected this U.S administration and have not, after almost 5 years, stopped the war in Iraq are even more guilty (count the deaths of muslims and those of americans, guess who wins?) I'm pretty sure that's a classic terrorist argument to justify killing civilians.
Stop judging people so rashly. Stop insulting the billion muslims who condemn terrorism. Kthx.
when MS talks about "security", they mean "DRM"
I always assumed that they were talking about 'financial security'... their own.
In the free world the media isn't government run; the government is media run.
It's becoming very clear the current US administration is unlikely to win the next election.
Microsoft needs the US government to protect it from standards, open document formats, antitrust prosecutions and any other similar inconveniences.
Expect Microsoft to continue distancing itself from the Bush administration. They need plausible deniability so they can cosy back up with Bush's successors.
"I've got more toys than Teruhisa Kitahara."
Which kinda gets back to that DRM thing ... they see their financial security in owning distribution of media (movies, music, whatever), and in their minds that means telling us what we can do with our purchases.
The higher the technology, the sharper that two-edged sword.
OK, if XP is so bad, does he wants us to go back to Windows 2000. Probably not, so this is just another marketing push to get us from XP to Vista. Yep, it all sounds very embracing, and "we are sorry", but funny coincidence that this talk happens at the same time a new version (which brings in new money) is just released. Duh, isn't this normally called product promotion and shouldn't it happen with Leno or Letterman :-) instead of down-under?
Browsers shouldn't have a back button!! It's all about going forward...
Actually, I read this as CYA for Microsoft in government. With computers being as important as they are for the financial health and other aspects of our country, the Dept. of Homeland Security is making cyber-terrorism a higher priority. With that in mind, one sure way to improve security of the world's most critical computer systems is to not having them running an operating system known as a dismal failure at protecting users from malicious attacks.
So, shock shock, Microsoft is going against the grain of it's pro-big-business overlords to say that efforts to improve security to thwart terrorism are overblown, before someone says, maybe "we should switch our government systems to BSD." Otherwise, they may be forced to spend even more time and effort to correct their legacy code mistakes.
"it's a FUD attack against the product with the largest market share, in this case WinXP. Never mind that the product in question is put out by the same company."
They did the same when Windows XP was launched by running a set of ads showing the Windows 9X BSOD, and a statement about them being things of the past. Irrespective of whether Slashdotters like it or not, the fact of the matter is that during the last decade, Microsoft's effective monopoly in the desktop OS and office automation markets has resulted in their only effective competition being older versions of their own products. People using these older products who aren't corporates don't make any money for Microsoft at all unless they buy said older products with a new machine, but an upgrade sold to 10% of them would earn as much as converting every OS X and Linux desktop out there to Windows, and they'd obviously like much more than 10% of their current users to upgrade, and they won't achieve that by telling them that what they already have is arse-kickingly fabulous.
I'm not going to change your sheets again, Mr. Hastings.