Microsoft Executive Tapped For Top DHS Cyber Post

krebsatwpost writes "The Department of Homeland Security has named Microsoft's 'chief trustworthy infrastructure strategist' Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"

Microsoft and Security in the same sentence?

[BadAnalogyGuy]

Boy oh boy. Obama seems to be turning into a big disappointment with some of these appointments.

What'll he do next? Appoint Mike Tyson as head of Department of Heath and Human Services?

Re:Microsoft and Security in the same sentence?

[Praedon]

Nope. New department, which is Department for Cannibal Relations.

Re:Microsoft and Security in the same sentence?

[timmarhy]

what do you expect, you people carried on like it was the second comming when you elected him. no one can live up to that kind of hype.

Re:Microsoft and Security in the same sentence?

[BadAnalogyGuy]

What do you mean, "you people"?

Re:Microsoft and Security in the same sentence?

[Lumpy]

Why do you people think that the next new guy will be any different than the last one? I don't care WHO is elected. If they are Democrat or Republican, they will cater to their interests first and do the right thing last.

MSFT funded a lot of his campaign. This is paying them back by appointing one of their executives, or they use their buddies.
This happens every change of power.

I just get a royal kick out of all the "WOO CHANGE!" people all sitting in their chairs sober now with their mouth open at the TV sets staring in disbelief.

The only advantage is that this time our president is actually educated and articulate.

Re:Microsoft and Security in the same sentence?

The only advantage is that this time our president gives great speeches from a teleprompter.

There... fixed that for you.

Re:Microsoft and Security in the same sentence?

[Ihmhi]

The rest of us refer to that as the Internal Revenue Service.

Re:Microsoft and Security in the same sentence?

[El+Torico]

People who can use punctuation, capitalization, and spell properly. Actually, I think he was referring to those who voted the President into office.

Re:Microsoft and Security in the same sentence?

[Sj0]

(Score: -1, Keep facts out of this)

Re:Microsoft and Security in the same sentence?

[mi]

People who can use punctuation, capitalization, and spell properly. Actually, I think he was referring to those who voted the President into office.

Actually, no, most of the people voting for Obama didn't know some very basic things about him or the opposition. And what they did know, was often wrong.

In the particularly striking example, the vast majority attributed the infamous I can see Russia from my house! to Sarah Palin, when, in fact, the phrase was coined by Saturday Night Live, who were mocking her lack of foreign policy experience, while willfully ignoring Joe Biden's — whom Obama picked for the supposed foreign policy expertise — lunacies.

What's much worse, though, is that these supposedly educated and well-versed people are now trying their damnest to keep the truth from becoming known — people trying to add mentions of Obama's association with (unrepentant) terrorist Ayers to Obama's Wikipedia entry have their changes reverted within minutes and their accounts banned for days...

Re:Microsoft and Security in the same sentence?

[migla]

I wonder how long the people will put up with this?

I'd like to think that humanity is progressing (sure, there are setbacks and backlashes, but generally). I'd like to think that teh pendulum swings a little further towards enlightenment.

The internet revolution, not twenty years old yet, should facilitate this. I think a different, better world is possible.

If I'm wrong, at least I'm having a beautiful dream. What do you think?

... trustworthy computing?

Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft

Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?

Re:... trustworthy computing?

[erroneus]

To be fair, "trustworthy computing" was just a buzzword that meant "DOS with no network card on the PC." It was still a work in progress and clearly has not been released yet.

Re:... trustworthy computing?

[gadget+junkie]

Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?

I do not think it's forbidden, but it comes very close to the definition of Oxymoron, i.e. mutually contradictory terms.

Re:... trustworthy computing?

[jaredmauch]

If there was a law, it would be the justice department that prosecuted it.

Re:... trustworthy computing?

[cepayne]

At least the guy will be well aware of the exploits in the
worlds most popular operating system, which is most often
attacked in security breaches.

Having a microsofty on the payroll ensures that your security
breaches will be well accepted.

Keep your friends close, but keep your enemies even closer!

Microsoft and Security in a same sentence?

I foresee a lot of Microsoft Security jokes in the following threads.

Here is one

Do you allow Phil Reitinger to be the top cyber security official?

Allow | Deny

Re:Microsoft and Security in a same sentence?

[Narnie]

Do you allow Phil Reitinger to be the top cyber security official?

(Okay)

Fixed that for you.

Re:Microsoft and Security in a same sentence?

[lxs]

More like:

Retry, Abort, Fail.

Re:Microsoft and Security in a same sentence?

[WhiteHorse-The+Origi]

Do you allowing Phil Reitinger to top security official?

There, fixed that for ya.

Ah dammit...

[Narnie]

There goes any chance of the DHS switching over to an linux/unix environment in the next decade.

Re:Ah dammit...

[je+ne+sais+quoi]

Well, wouldn't a former Microsoft executive be in the best position to know how fucked up Microsoft security really is? You'd think this would be a case of the burned hand learning best, in this case, the burned hand is also the one who turned on the fire.

Well, alright, I'm blowing smoke and I know it. :) Odds are this guy has so much stock in Microsoft and their affiliates that it doesn't matter what he personally believes, his wallet will be speaking for him. Obama is turning out to be fairly disappointing in some respects. In other's he's doing alright, at least he had the decency to turn back a lot of the more idiotic Bush rules, like those signing statements. I suppose it's too much to ask for a president to both have common sense AND principles.

Re:Ah dammit...

[InsertWittyNameHere]

Well they were going to hire a FOSS candidate but M$ came in and offered Phil Reitinger at 75% off.

I hear they also threw in some CAL's and Vista upgrade licenses as well... at least that's how it worked out at my office

que 500 stupid M$ sux0rs posts

[timmarhy]

this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

Re:que 500 stupid M$ sux0rs posts

[Renraku]

If we could achieve with nuclear fusion what we have achieved with DHS, we'd all be living off of cheap and reliable energy.

Suffice to say, the DHS is rather self-sustaining. If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

Re:que 500 stupid M$ sux0rs posts

[timmarhy]

so let me get this right, government departments were shown to be poor are communicating, so your solution is to create yet another goervnment department for them all to mis communicate with?

Re:que 500 stupid M$ sux0rs posts

[BadAnalogyGuy]

The DHS is the over-arching agency containing the previously separate agencies you listed above.

Prior to the creation of the DHS, communication between agencies like the CIA and FBI was legally difficult because of the lack of transparency. But now that they are under the same umbrella agency, they can share information much more easily.

Re:que 500 stupid M$ sux0rs posts

[retech]

Did you mean: Cue or Queue?

Re:que 500 stupid M$ sux0rs posts

[Chas]

If we could achieve with nuclear fusion what we have achieved with DHS

What? A parasitic reaction that just consumes and consumes and consumes, is more of a hindrance than a help, and wastes tons of money in the process?

Re:que 500 stupid M$ sux0rs posts

[Arancaytar]

If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

So "re-settling to Mars now that we've blown the Earth up with fusion bombs" would be a more appropriate analogy than "living off of cheap and reliable energy". ;)

Re:que 500 stupid M$ sux0rs posts

[xouumalperxe]

It's a portmanteau! He's cuing the "500 stupid M$ sux0rs [posters]" to queue up, since there's so many of 'em!

Re:que 500 stupid M$ sux0rs posts

[gtall]

How about the Department of Miscommunication. The basic problem, it seems to me, is that miscommunication is spread out over the entire government structure. Now if we were to centralize it into a D. of MC., then all the other departments could rely on that sole department to implement their miscommunication and they would be left to do their jobs in peace.

It wouldn't do to have the other departments communicate with the new D. of MC. (the obvious paradox, eh). Instead, there would be D. of MC. staffers in all the departments. Any communication out of the depts. would run through these individuals and be subsequently lost, stolen, misinterpreted, injected with blatant falsehoods, eaten by mutant weasels, etc. There is no need to handle communication into the depts. since no one dept. could effectively communicate it to begin with.

And we could have this Phil Reitinger guy run the whole shebang. He'd feel right at home since when has MS ever effectively communicated with anyone without lying, misquoting, and being generally misleading.

Re:que 500 stupid M$ sux0rs posts

[Jane+Q.+Public]

And you honestly think that is a good thing? How old are you, anyway?

Re:que 500 stupid M$ sux0rs posts

[Narnie]

this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

DHS adds funding for the Coast Guard. Before the DHS nonsense, the CG was within the Department of Transportation. Not really enough money in the pot for the CG to keep a modern fleet and perform all of it's various rolls.

Actually, that's about the only good I've seen come out of DHS.

Re:que 500 stupid M$ sux0rs posts

[CaptainJeff]

Ummm....the CIA and the FBI are not under the same agency now. The FBI is an agency of the Department of Justice and the CIA is an independent agency that quasi-reports to the Director of National Intelligence. The other agencies mentioned, the NSA and the police, are also not part of DHS. NSA is an agency of the Department of Defense and policing is a local function, run by any number of local agencies. But by all means, keep talking about things you obviously don't know anything about and cannot be bothered spending ten seconds on Google to confirm. :)

Re:que 500 stupid M$ sux0rs posts

[retech]

Perhaps you give more credit than is due.

Re:que 500 stupid M$ sux0rs posts

[sunwukong]

Not really enough money in the pot for the CG to keep a modern fleet and perform all of it's various rolls.

If they'd stop scuttling their vessels they wouldn't have to keep replacing them!

Re:que 500 stupid M$ sux0rs posts

[Foofoobar]

Suffice to say, the DHS is rather self-sustaining. If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

Fear them? Why? Because they stand at every gateway in their suits shouting 'YOUR PAPERS!!' with a nazi accent before frisking you and sending you away to some internment camp in a foreign nation where they cant be prosecuted for waterboarding you?

Whats to fear?

Re:que 500 stupid M$ sux0rs posts

[Late+Adopter]

If we could achieve with nuclear fusion what we have achieved with DHS

What? A parasitic reaction that just consumes and consumes and consumes, is more of a hindrance than a help, and wastes tons of money in the process?

Only to be given up on when another disaster claims the lives of thousands?

Re:que 500 stupid M$ sux0rs posts

[xouumalperxe]

Due? Isn't it dueue? I'm confused now.

Good Grid!

[Jane+Q.+Public]

Isn't that like asking the head of AIG to be the officer of "financial responsibility"???

Re:Good Grid!

[Vectronic]

No.

Re:Good Grid!

[antibryce]

it'd be like appointing a tax cheat to head the IRS.

Re:Good Grid!

[mattwarden]

LOL!!!!!!11 Or how about a tax cheat as head of the Treasury Department

Re:Good Grid!

[mattwarden]

Yikes, you had beaten me to it by many hours. Please forgive the redundancy, but glad someone else was thinking like I was!

US-CERT mentioned in article

[daemonburrito]

I wonder if we will be seeing US-CERT standing up to Microsoft the way they did with this (a vector for conficker) with him in charge.

I have a sick feeling about this. This guy was surely part of the Microsoft effort to call this a feature. And what was this "political infighting" that the article alludes to? I hope it wasn't over whether to go after Microsoft for aiding in the creation of the largest botnet to date.

Re:US-CERT mentioned in article

[daemonburrito]

RTFA. I'm talking about about CERT and conficker.

FWIW, I don't like the very idea of DHS. Also, fuck you.

Re:US-CERT mentioned in article

[_Sprocket_]

And what was this "political infighting" that the article alludes to? I hope it wasn't over whether to go after Microsoft for aiding in the creation of the largest botnet to date.

It's not all about Microsoft. DHS is a new bureaucratic entity that's trying to establish itself by carving in to the fiefdoms of others. That alone leads to political infighting.

The Fine Article alludes to examples of this. A governmental body with a quick leader churn isn't a good sign - that's folks realizing they're in a bad situation and bailing. Effective organizations keep their leadership. Ineffective organizations that are comfy maintain ineffective leadership - yet the leadership remains. Within Government, an entity's funding is kind of a score keeper for their political capital, influence, and overall power. An organization that is budget-starved is an organization that is either ignored or under attack. If you go beyond TFA, you can find a whole history of wreckage.

In all seriousness

[Jane+Q.+Public]

While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable, I doubt that anecdotes about how Microsoft executives tried to make their systems secure will be equally valuable. This was a ridiculous choice, and further undermines my initial hope that Obama might indeed turn out to be a good President.

Re:In all seriousness

[Jane+Q.+Public]

The choice of an executive officer of a major supplier of operating systems -- Windows of all things -- to this position sends a clear message to those who have been involved in "security" issues for many years. And that message is: "We don't care about 'security' except to the extent that it affects our corporate friends."

I am very saddened by this news.

Re:In all seriousness

[Jane+Q.+Public]

Why? If you do not already know, then you aren't qualified to be in this discussion.

Re:In all seriousness

[Jane+Q.+Public]

Pardon me, I should qualify that statement. If you are referring to Vista, which arguably has respectable security, my reply is: maybe the security is okay but nobody wants to use it. If, on the other hand, you are referring to Windows 7, then my reply is: we'll believe it when we see it.

Re:In all seriousness

[drsmithy]

Pardon me, I should qualify that statement. If you are referring to Vista, which arguably has respectable security, my reply is: maybe the security is okay but nobody wants to use it. If, on the other hand, you are referring to Windows 7, then my reply is: we'll believe it when we see it.

Since the fundamental design of Windows security hasn't really changed since Windows NT 3.1, I still want to hear about why it's any more or less "inherently insecure" than other platforms.

Re:In all seriousness

[Jane+Q.+Public]

And I want to repeat: if you really don't know, then you are not qualified for this discussion.

Re:In all seriousness

[Jane+Q.+Public]

For some reason that escapes me at the moment, I have changed my mind and decided to be charitable, and explain some things that should be obvious to the merest idiot:

If Microsoft's basic security model has really not changed since NT 3.1, then there was really no reason to implement Vista's UAC... other than to unsuccessfully emulate the default security mode in most Linux distros. And, as so many people have reported in painful and repeated detail, the Vista UAC was indeed something that should have been aborted before it was born. Not only was it unsuccessful in emulating Linux default mode, it solved nothing and accomplished little but pissing everybody off.

Linux's basic security model has not NEEDED to change since NT 3.1. But if you really think Microsoft's basic security model has not needed to change, then you have no reason to complain about any virus or IE-exploit malware that you get between now and Windows 7. Or maybe 8.

Have fun with your "state of the art" OS... and don't come complaining to me when it fails to work with what everybody else is doing.

Re:In all seriousness

[drsmithy]

And I want to repeat: if you really don't know, then you are not qualified for this discussion.

I *do* know, which is why I want to hear what bullshit you're going to make up to pretend *you* know.

Re:In all seriousness

[drsmithy]

If Microsoft's basic security model has really not changed since NT 3.1, then there was really no reason to implement Vista's UAC...

Right. Just like if Linux's "security model" hasn't changed since 1991 there wouldn't be any need for those nice graphical sudo prompts and the like that everyone gets now.

UAC is little more than UI gravy. It's mostly about putting a prettier and more automated face onto "Run As", much like the graphical sudo prompts in OS X and recent Linux distros do. The underlying ACL-based multiuser security model that actually make it possible, has not changed since day 1.

But if you really think Microsoft's basic security model has not needed to change, then you have no reason to complain about any virus or IE-exploit malware that you get between now and Windows 7. Or maybe 8.

I've been running NT as a regular user since early 1996. As such, I've been no more worried about IE exploits than I have about any other userspace code exploits (on any of my machines, be they Windows, Linux, FreeBSD, Solaris, OS X, or whatever).

Oh, and I'm still waiting to hear about these "inherent problems", rather than rhetorical, anecdotal, FUD about problems in the UI and userspace programs.

Re:In all seriousness

[Macthorpe]

Only on Slashdot could asking a reasonable and polite question be considered 'flamebait' just because someone's simplistic view of the world is being threatened.

Enemy combatants.

[Snufu]

Anticipate all persons attempting to enter the U.S. to be screened for explosives, hazardous chemical agents, firearms, radioactive materials, and open source software.

I'd like to be objective about this. Let's try.

I like how this guy, whom I don't know much about, is painted a smart pick, coming as he does from the largest single computer security threat on the planet. Anybody recall that up to not very long ago at all security was not on their agenda? Simply because it made them more money not to care.

Oh, and that is remebering their own words and without mentioning the usual, such as that they are convicted monopolists too, their business practices suck, their code sucks, their customer service and sales techniques reminisces that of office depot, and so on and so forth.

The bottom line is that in politics you usually don't let the guy who fucked it up try and fix it. Unless perhaps the guy has friends in high places.

Re:I'd like to be objective about this. Let's try.

[gtall]

How do you explain the Congress then? They cannot all have friends in high places. Watch CSpan when they broadcast hearings sometime. It's amazing how clueless these morons can be, especially the House members. For some odd reason, Senators have two brain cells to rub together instead of a single loner.

Typical Committee Hearing:

Title: Investigation into Why Tarp Funds are being Misused.

Purpose: Figure out if Tarp Funds are being misused.

Dennis Kucinich: Blah, blah, blah, Ohio, blah, blah, I am NOT an idiot, blah.....

Each Member: Given 5 minutes to whine about how they don't understand anything.

Suspect Witness: Given 10 minutes to state why he isn't lying after being told he is going to lie.

Questioning: Isn't it true you beat your dog this morning after beating your wife and her mother?

Suspect Witness: We didn't use Tarp Funds in beating those individuals.

Dennis: Thank you for appearing here and assuming the position, we welcome you back to beat you up again at our convenience, 'cause, y'know, we have nothing better to do.

Re:I'd like to be objective about this. Let's try.

[roguetrick]

I swear they do that jerry springer shit just to get people to watch them for once.

Re:I'd like to be objective about this. Let's try.

[Dragonslicer]

I like how this guy, whom I don't know much about, is painted a smart pick, coming as he does from the largest single computer security threat on the planet.

Yeah, how dare they pick a human that uses a computer.

Re:I'd like to be objective about this. Let's try.

[HiThere]

On behalf of Office Depot, I would like to ask you to retract that statement.

Did anyone else misread...

[wayward_bruce]

Many in the security industry praised him as a smart pick, [...]

Did anyone else misread this as "smart prick"?

Re:Did anyone else misread...

[u38cg]

Several times, yes. I didn't actually question it, then I saw it again, and thought, that's a bit harsh...oh, I see.

Re:Did anyone else misread...

[mdm42]

Yes, I did.

Not only that, but

he will need to confront a culture of political infighting and leadership failures

made me think, "He should be totally at home with that, then."

Re:MS hate posts?

[retech]

Phil Reitinger is a supermod on /. and hand filters each one of thos posts in the firehose section.

Expect many new ISO standards ..

I think choosing someone from a company that is STILL under DoJ supervision for questionable behaviour has a couple of unwanted implications, especially since this guy was at board level.

It's only good news for foreign industrial espionage and botnet herders..

In other news

[Chas]

The president's DHS pick has brought on board a liason from Symantec. Now everything will STILL be insecure, but run twice as slow, cost even MORE "way too much", and bitch, moan and cry about being renewed every year.

Re:Try not to be too delusional.

[daemonburrito]

[...] just because this guy worked for Microsoft doesn't mean he lacks intelligence.

No, but it does mean that he was part of the team fighting US-CERT for months over autorun, at least. He likely helped resist an effort by a division of the department he is to head to fix a security problem that was so bad, they felt it endangered national security.

If Obama were serious about his duty

[Jane+Q.+Public]

then he would be hiring Bruce Schneier for this job. I know he is disliked by a lot of industry but he is the man with the facts and the plan.

Re:If Obama were serious about his duty

[drinkypoo]

If Obama were serious about duty, he would never have become president of the USA. Presidents who want to make a difference are not permitted to do so. A bit more cynically, I would say that presidential candidates who want to make a difference are demonized, like when they said Nader was responsible for the loss of Gore. Did anyone else catch that whole kerfluffle with the ballots in that election? You can't blame the stopping of a completely legal and by-the-book recount on the guy, can you?

Re:If Obama were serious about his duty

[Jane+Q.+Public]

Even that was not as blatant as the simple and direct refusal of the media to allow Ron Paul to participate in the more major debates this last election.

Re:If Obama were serious about his duty

[drinkypoo]

Even that was not as blatant as the simple and direct refusal of the media to allow Ron Paul to participate in the more major debates this last election.

People could reasonably (incorrectly, but whatever) interpret that as media bias. Wielding the new and improved Supreme Court to stop a completely legal ballot recount which almost certainly would have reversed the election, on the other hand, could not be construed by an intelligent individual as anything other than direct manipulation of the election system for the purpose of altering the result. When the well-substantiated reports of ballot fraud started coming in and they universally targeted primarily-democratic demographics, the point was really hammered home.

Re:If Obama were serious about his duty

[Jane+Q.+Public]

But there was already precedent for that, from the previous election. I was referring to something pretty new.

Re:If Obama were serious about his duty

[noidentity]

If Obama were serious about his duty then he would be hiring Bruce Schneier for this job.

Actually, Bruce Schneier would probably hire himself by forging a message from Obama that he should be hired, one so good that Obama even believes he wrote it.

Re:If Obama were serious about his duty

[mattwarden]

He is a paid adviser for the TSA

Re:If Obama were serious about his duty

[Ozlanthos]

I believe Jane was referring to the no-holds-barred media blackout of Ron Paul coverage in the MSM. I completely empathize as I feel that if he were allowed to participate in a few of the bigger debates he would have DESTROYED Obama, McCain, and Clinton.
-Oz

He could assist in international relations

[Centurix]

You know, with countries like Iceland. They sure need an insight from a Microsoft exec right now...

'smart pick' has one letter missing.

...already said it.

Re:Try not to be too delusional.

[jaredmauch]

A sad note on the autorun activity. The challenges US-CERT has are complex as they have little ability to enforce sane standards and are just as the name says a response team. Once you formulate a response, someone has to execute it, and the federal government is one of the largest enterprises out there, certainly if you include all the contractors as well. It will be interesting to see if there is a shift away from bah to career feds.

At the same time, everyone makes mistakes and Phil has always shown himself to be a person who generally "gets it" compared to others I've bumped into at GLB. The same is true for any org, fed or not.

To Anonymous Coward:

[Jane+Q.+Public]

You completely missed the point. If the UAC did not actually change the security model, then there was no real reason for its existence other than theater. You are merely confirming what others already know: it was a joke masquerading as "security". And if the security model did not really change, then the interface for it really did not need to change.

The fact is that some basic security assumptions needed to change but they did not. The UAC has little to do with that directly but it illustrates the extend that Microsoft will go to misdirect its users.

Fan the flames...

[bob5972]

Isn't sending Microsoft to fight insecurity like fighting fire with fire?

Re:Fan the flames...

[Muad'Dave]

No, it's more like fighting fire with gasoline.

Re:Try not to be too delusional.

[daemonburrito]

I don't know. Even if he just did nothing to stop Microsoft's resistance it would be bad.

If guys from CERT called me and said, "Hey, could you make The Autorun and NoDriveTypeAutorun registry values actually do something? We worried about this 10 million strong botnet," I'd probably comply. The reality was even worse; Microsoft wrote instructions for users to mitigate the problem which they knew were not effective.

The last thing I would do would be to start a PR war, which they did only to save face about something that has been criticized for over a decade. It's amazing... some slight marketing concern overrode what they were told was a matter of national security.

Funny... the wikipedia page on autorun was just stealth edited to remove all mention of the problem.

To THE OTHER Anonymous Coward:

[Jane+Q.+Public]

I haven't danced around anything. I did not say that the UAC "might" be security theater, or any of these things you accuse me of. Here is simple logic, okay? I guess at this level I have to ask: You accept that simple logic is valid? From what you have stated I am not sure.

*IF* the Windows security model hasn't changed, *THEN* the UAC is a joke. Okay? There is no reason for its existence OTHER THAN show.

Get it?

And the presence of such a major "feature" for nothing but show is ... well, "stupid" comes to mind but I am tempted to use another word.

If the basic security model of Windows hasn't changed, then there was no reason for the security interface to change... yet it did. So, which is the truth? Better security, or an illusion? You argue for the illusion. Okay. But if so, let's not pretend it's anything else.

I did not say that the basic security model of windows has changed. Others have. What I am saying is: if the basic security model of windows hasn't changed, then YOU shut up! You have nothing to complain about when you get a common virus via your Exhange server, or a piece of malware because you visited an unfriendly site via Internet Explorer.

I'm not talking bollocks... I'm not talking anything. I'm simply pointing out where YOUR talk is somewhat misplaced.

Let the jokes begin

[Master+of+Transhuman]

DHS calls on Microsoft for computer security.

BWAHAHAHAHAHAHAHAHAHAHAHAH!!!!

Re:There May Be An Upside

[maxume]

Things that you occasionally compromise are generally called preferences.

Alas no

[Mateo_LeFou]

The term might not be used as often, but the concept is alive and well

"the new chips will 'block unauthorized access to the frame buffer.' ...

There is a short list of parties who will be unauthorized to access your frame buffer: You. There is a long list of parties who are authorized to access your frame buffer, and that list includes Microsoft, Apple, AMD, Intel, ATI, NVidia, Sony Pictures, Paramount, HBO, CBS, Macrovision, and all other content owners and enablers that want your machine to themselves whenever youâ(TM)re watching, listening to, reading, or shooting monsters with their products. "

http://www.infoworld.com/article/07/03/28/14OPcurve_1.html

Re:Alas no

[im_thatoneguy]

You're missing one person on the long list. You. There is no prohibition on you choosing what data you want encrypted. It's not limited to movie companies.

It is possible to create content of your own you know. It's not you vs the world. You're a part of the world.

Here is just one example. (Beside the obvious case where you encrypt a movie file.)

This technology can be used for privacy adovcates as well. Want to make sure that no unauthorized applications are secretly recording your activities? This denies access to the frame buffer from remote viewing.

Re:Alas no

[spitzak]

Want to make sure that no unauthorized applications are secretly recording your activities? This denies access to the frame buffer from remote viewing.

Wrong. This is only possible if you control the keys to the TPM. If you cannot set the keys you cannot implement any method of making sure unauthorized applications (who do have the keys) are not running.

The reason you cannot set the keys is because it would also allow you to set the keys the same as another machine, and thus play media that is authorized only for that other machine. Otherwise it would be brain-dead obvious that the owner would be able to set their own keys. The fact that this is not allowed makes the lies behind this whole scheme obvious.

Re:There May Be An Upside - but

[INT_QRK]

Bet he still owns MS stock...

please stop!!

[Unlikely_Hero]

prepending "CYBER" to everything!! its so so wrong! *cries*

Re:MS hate posts?

[HiThere]

I thought it was like preaching to the converted. Why bother? They're not the ones who need to be convinced.

Yes, MS is evil. Yes, I won't work on MS systems (well, not past MSWind98) due to issues with the EULA. This isn't news, and most of Slashdot agrees, so why post about it? (Well, actually, most people on Slashdot have different major issues, but most of use have severe ones.)

Where do they get these names?

[Ozlanthos]

With this guys resume, it should be 'chief "Thurstworthy infrastructure strategist'

-Oz