Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft No Longer a 'Laughingstock' of Security?

Posted by ryuzaki0 on from the set-the-bar-high-guys dept.

Toreo asesino writes "In a Q&A with Scott Charney, the vice president of Trustworthy Computing at Microsoft, Charney suggests that security in Microsoft products has moved on from being the 'laughing stock' of the IT industry to something more respectable. He largely attributes this to the new Security Development Lifecycle implemented in development practices nearly six years ago. 'The challenge is really quite often in dealing with unrealistic expectations. We still have vulnerabilities in our code, and we'll never reduce them to zero. So sometimes we will have a vulnerability and people say to me, "So the [Security Development Lifecycle (SDL)] is a failure right?" No it isn't. It was our aspirational goal that the SDL will get rid of every bug.'"

3 of 282 comments (clear)

  1. Re:Says who? by morgan_greywolf · · Score: 0, Flamebait

    That's Gentoo. This is unnecessary on Ubuntu, which uses 'sudo' instead of kdesu

    --
    My blog
  2. Re:I say, set a standard by the_humeister · · Score: 0, Flamebait

    I don't think that's quite fair since the base OpenBSD distribution that's audited doesn't include things such as X Window. Maybe a better comparison would be Mac OS X?

  3. Re:Says who? by dave562 · · Score: 0, Flamebait
    Parent is spewing FUD. I just did a net view on three different DCs and the only two shares advertised by default are NETLOGON and SYSVOL. Both of those are necessary shares for a DC to provide DC functionality to the clients they are supposed to serve.

    Remote Desktop is not enabled by default on a Win2K3 box. You need to explicitly turn it on. In fact even after you turn it on in default configuration, the Domain Admins group isn't even given rights to log on and needs to be explicitly granted those rights.

    I'm not quite sure what advertising the parent is talking about. The whole purpose of file servers and domain controllers is to serve up resources to network clients. The clients need to find those resources some how. Therefore the servers broadcast their status. Following the assumed train of logic, NBC has a huge problem. They're advertising these wacky TV programs that anybody can access... and they don't even authenticate who accesses them. Newflash... Microsoft more security than major television broadcasters!!