Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Delays Stirling Security Suite

Posted by CmdrTaco on from the what-an-exciting-morning dept.

An anonymous reader writes "Microsoft's long-awaited integrated security suite, codenamed Stirling, has been delayed by months and will now not be available until the fourth quarter 2009. According to Microsoft, the delay is due to the further development of the firm's behaviour based technology, the Dynamic Signature Service, 'to help deliver more comprehensive endpoint protection for zero-day attacks,' and efforts to add interoperability with third-party solutions, as per customer requests. When completed, the suite will combine a number of tools, such as the ISA Server and multiple Forefront products."

84 comments

  1. In other words by NaCh0 · · Score: 4, Insightful

    It doesn't work yet.

    There is so much legacy cruft in Windows I doubt it will ever be secure. MS has too many conflicting priorities.

    1. Re:In other words by saleenS281 · · Score: 5, Insightful

      No, in other words they've got so much extra work to make sure they don't violate anti-trust they've had to go back to the drawing board 30 times to satisfy symantec, mcafee, etc.

      Because hey, it's horrible that I have to buy anti-virus software, but it's even worse if MS gives me something to replace third-party for free!

    2. Re:In other words by Capt+James+McCarthy · · Score: 2, Insightful

      Where do you get "free" from? You are paying for it.

      --
      There are no loopholes. It's either legal or it's not.
    3. Re:In other words by saleenS281 · · Score: 1

      Refer to previous anti-trust comment...

    4. Re:In other words by Cube+Steak · · Score: 1

      I think he's pointing out the fact that Microsoft Forefront isn't free it's something you have to buy.

    5. Re:In other words by saleenS281 · · Score: 1

      I think you're both missing the point that it isn't free because of anti-trust law. I didn't realize I was going to have to spell it out.

    6. Re:In other words by Cube+Steak · · Score: 1

      I think you're both missing the point that it isn't free because of anti-trust law.I didn't realize I was going to have to spell it out.

      No, I'm not missing any point at all. You're just making something up without any evidence your statement up with. This is an enterprise-level tool and they aren't going to make such a thing and give it away for free. This is no different than for any other enterprise tool that they sell.

    7. Re:In other words by FaxeTheCat · · Score: 1

      ISA server was never free, and will be part of the suite, so spelling it out really does not help you at all.

    8. Re:In other words by causality · · Score: 2, Insightful

      I think you're both missing the point that it isn't free because of anti-trust law. I didn't realize I was going to have to spell it out.

      In my opinion this entire thread misses the point because plenty of operating systems manage to maintain security without any sort of anti-virus or anti-spyware scanner. Those things are forms of damage control and are not actually security at all. With Windows they are used as a substitute for a proper security system because they are much better than nothing. That is, real security is about prevention; damage control is about detection and removal.

      So how about if Microsoft makes the OS itself inherently more secure? If they made something comparable to the Unix security system (even if its mechanisms are quite different) then you would not need all of these scanners to double-check every last action taken or file opened or e-mail viewed etc. That would neatly avoid any anti-trust issues that might be raised by the likes of McAfee or Symantec and would be a significant performance boost as well. Of course such cottage industries may complain for a different reason, in that a more secure Windows could put them out of business, but if they really are obsolete then this is what should happen.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    9. Re:In other words by Chyeld · · Score: 1

      It was unlikely to have been released for free, period. The target audience for Stirling wasn't one which thrived on 'free' products.

      And to clarify for you and those who either haven't quite caught onto the history of Microsoft or have forgotten it, the reason Microsoft isn't suppose to release products bundled with Windows (as opposed to a free product you can go online to download) is only peripherally tied to anti-trust law.

      Specifically, Microsoft got caught blatantly abusing their monopoly of Windows to push sales of MS-DOS. When they got called out on it by the government, rather than fight it out in court, they chose to settle with the DOJ with the specific agreement to never tie their products together again.

      This is why IE got them in trouble, if they had released a free version of IE that you could install AFTER Windows, they wouldn't have had issues. But instead they bundled it with Windows in an attempt to kill off Netscape and did a lot of hand waving in an attempt to pretend it was completely integrated into Windows and not a separate product.

    10. Re:In other words by Anonymous Coward · · Score: 0

      Microsoft was unable to kill off Netscape despite anything they did, including bundling IE with windows. However Netscape was extremely successful in killing off Netscape by making itself into a slow and bloated POS.

    11. Re:In other words by Runaway1956 · · Score: 2, Insightful

      Actually - my operating system offers an anti-virus package with the installation media that is pretty damned reliable, gratis as well as libre. Starting with a decent security model, and reliably enforced security policies, and ending with an anti-virus software, which I never even use. When Microsoft can offer all of that, I may consider paying a couple hundred dollars for their operating system. Oh - wait - uhhh - why would I want to pay MS for what I already have at no cost? Ooops, I think I had a blonde moment! :-(

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    12. Re:In other words by cayenne8 · · Score: 1
      "So how about if Microsoft makes the OS itself inherently more secure? If they made something comparable to the Unix security system (even if its mechanisms are quite different) then you would not need all of these scanners to double-check every last action taken or file opened or e-mail viewed etc."

      THANK YOU!

      Geez, I was on one project where we were on windows that was locked down pretty badly....trying to do some dev work...and McShield was on scanning every fscking thing or file you'd touch...got ridiculous. We finally got some waivers on a couple of folders, but, sheesh...you should NOT need that kinda crap.

      Thankfully now...on the windows box I got...I have full admin, and can turn that crap off so it doesn't interfere with my work. I wish I could do a linux box, but, for now, cygwin on windows into linux servers is kinda nice.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    13. Re:In other words by ivucica · · Score: 2, Insightful

      I'm an active Debian user on desktop, so I think I am pretty unbiased when I put these few things out:

      • NTFS provides pretty neat ACLs, and Windows Exploder provides a nice way to configure sharing/security. Much more detailed than three octal digits specifying R-W-E. (More confusing, too, but if someone needs it...)
      • People going through with the default of running their desktops as administrators is not Microsoft's fault.
      • Third party developers requiring users administrative privileges to install any kind of software (e.g. games which can be otherwise ran under non-admin privileges) are at fault as well.

      I don't like Vista one smokin' bit, but the problems people are having with UAC are not only coming from improperly written Microsoft software; I'm pretty sure many times it comes from improperly written third party software as well.

      Please give concrete examples of how you would improve Microsoft's security model. I, for one, would prohibit the simple means of obtaining access to other process' memory space... but I'm not competent to speak about that either, since I have zero idea how other OSes have that solved.

      So don't just bash Microsoft and say "they did something wrong". I know this is Slashdot, but still, say what can be improved. Don't just bash around. It's what makes FLOSS users look bad.

    14. Re:In other words by CarpetShark · · Score: 3, Insightful

      they've got so much work to do to make sure they don't violate anti-trust

      Yeah, right, because they've always worked so diligently on that.

      it's even worse if MS gives me something to replace third-party for free!

      You have that backwards, bub. Third-party was charging to cover microsoft's glaring omissions.

    15. Re:In other words by hairyfeet · · Score: 5, Insightful

      The problem with making the OS more secure is the dancing bunnies which is of course a PEBKAC problem. No matter how secure you make the OS ultimately it comes down to the user. If the user happily clicks through your warnings and does something stupid, well stupid is as stupid does. Unless you are ready to allow MSFT to hand out thin clients that THEY control and manage then extra security just won't work. I have many customers as well as this going on 9 years old Win2K box I'm typing on that has NEVER had a bug. Not one. Zilch nada squat. Why? Because I don't open email attachments, or go to warez or pron sites, or allow stupid folks on my machine, that's why.

      And all the security in the world won't save MSFT from the seriously fucking dumb users you have out there. Believe me, as a Windows repair man, I know this. I have found this can be broke up into 3 main categories. 1-The "my BFF Jill sent me this so I know it is safe" 2- The "I'll click on anything that'll give me teh hot lesbos" guy, and 3- The "Kid running some P2P that will click on any .mp3.exe if it is labeled as whatever trashy pop hit of the day they want to hear".

      Notice a pattern there? In all 3 of those major cases of Windows pwnage extra security would NOT help. They would bitch and moan and keep right on clicking through warnings until they got the dancing bunny and a nice infection to boot. But I do know the feeling, I too once believed that "if it was just made secure" but then I learned the hard way. I have a customer that is one of the "I'll click on anything for teh hot lesbos" types, so i talked him into trying Linux. I can't remember which distro off hand but I think it was either PCLOS or Mepis. Whichever one had released a new version later. Anyway, Linux is more secure, right? Surely that will fix the problem, right? WRONG. He STILL managed to completely bone the system to beyond bootability in less than a week. How? Because he didn't like getting software through the package manager so he typed in "Linux Software" into Google and downloaded a bunch of stuff off Freshmeat and ended up in dependency hell. So now I just keep him in a locked down XP account and clean it out a couple of times a year when he fills it with malware.

      The point is you just can't build foolproof anything, much less a foolproof OS where the users have the right to install software, because the fool will out dumb you every single time. It doesn't matter about education level either, as I had a buddy that manages a fairly big company have to go to the regional head because his PHB was threatening to fire him because "You WILL stop blocking my emails from Melissa right this instant! I am your boss and you have NO RIGHT to tell me who I can talk to!". And the simple fact is more and more attacks on Windows is using the SOCIAL engineering tricks to get installed. because you will never write a virus that will be able to jump through as many hoops as a user trying to see the bunny. All you can do is try to clean up the mess. Just as I think JavaScript is a mistake of ActiveX proportions but I can holler that on the roof tops until hell freezes over but it ain't gonna keep places from using it. And if you look up "JavaScript infection" in Google the amount of hits you get is simply staggering. But as long as places like Youtube use it I can't block it on my customers because they want the bunny. All the security in the world ain't gonna help if the user happily turns it off.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    16. Re:In other words by purpledinoz · · Score: 1

      Good thing, because that'll just be another thing Microsoft has to patch every month.

    17. Re:In other words by Joe+U · · Score: 2, Insightful

      So how about if Microsoft makes the OS itself inherently more secure? If they made something comparable to the Unix security system (even if its mechanisms are quite different) then you would not need all of these scanners to double-check every last action taken or file opened or e-mail viewed etc. That would neatly avoid any anti-trust issues that might be raised by the likes of McAfee or Symantec and would be a significant performance boost as well. Of course such cottage industries may complain for a different reason, in that a more secure Windows could put them out of business, but if they really are obsolete then this is what should happen.

      Like forcing the users to run under limited accounts and then prompting them when they need elevated privileges http://en.wikipedia.org/wiki/User_Account_Control. Or locking down the kernel http://www.toptechnews.com/news/Vista-Security-Still-Issue-for-McAfee-/story.xhtml?story_id=11300C1NIA8R

      Good ideas, might get some complaints though.

    18. Re:In other words by vistapwns · · Score: 1

      I love posters like you. They always allude to the fabled 'lack of a secure system in windows' without any proof or idea of what they are talking about. Windows Vista supports ACLs, MACs (for sandboxed applications like IE), ASLR, DEP, pointer encryption, heap and stack protection (cannary values to detect corruption), exception handling white list, user accounts that are 'security boundaries' (look it up on wikipedia or google), site zoning in IE so untrusted sites can't launch browser plug-ins, a firewall turned on by default and so on. Many of these things, many linux distros and Mac OS X STILL lack, two and a half years after Vista's debut. No matter what security you provide, you are still only human and you will make a coding mistake and malware will find a way in (though this can be greatly reduced it can never be eliminated completely,) not to mention social engineering attacks that NO OS can defend against. Windows, being 100 times more popular than linux and 20 times more popular than OS X, gets attacked orders of magnitued more than those other operating systems. That is why anti-malware is necessary. So take your clueless, over wordy nonsense and stuff it. You are no better than any other fud spreader, despite what slashdotters think of themselves, fud is fud, so stop spreading it.

      --
      "...I think the Microsoft hatred is a disease." - Linus Torvalds
    19. Re:In other words by ericrost · · Score: 1

      Ahhhhhhhhhh.... Stroturf!

      --
      My Babylon
    20. Re:In other words by zx-15 · · Score: 1

      WRONG. He STILL managed to completely bone the system to beyond bootability in less than a week. How? Because he didn't like getting software through the package manager so he typed in "Linux Software" into Google and downloaded a bunch of stuff off Freshmeat and ended up in dependency hell. So now I just keep him in a locked down XP account and clean it out a couple of times a year when he fills it with malware.

      The difference between dancing bunnies and installing software from freshmeat is that people that open attachements with dancing bunnies don't expect their computer to be fucked up because of it, whereas when you start compiling and installing random packages, you know that you're compromising the system, that's why sudo dialog pops up - there is conceptual difference that's also tangible.
      And in the case of locked up windows machine, how reinstalling a linux distro without giving him root password or sudo access is different? Actually what I describe is even better, since you don't have to clean out his computer periodically.

    21. Re:In other words by vistapwns · · Score: 1

      A one word rebuttal? LOL. Guess you don't want to overwork that tiny brain of yours. And it's the same tired crap that always gets trotted out when the open sores and crapple cultists run out of arguments...

      --
      "...I think the Microsoft hatred is a disease." - Linus Torvalds
    22. Re:In other words by MMInterface · · Score: 1

      Yeah, right, because they've always worked so diligently on that.

      They have always worked diligently on making money, so if breaking anti-trust is going to be less profitable in a given situation, then it is no stretch to suggest that they are trying to avoid it in that case.

      They did back down on the Vista security plans because of antitrust threats from 3rd parties. MS doesn't want to get sued, especially in cases where it thinks it might loose, so yes they spend a lot of time making changes so they don't get caught violating anti-trust law. Nobody said they were doing it to make the world a better place.

      it's even worse if MS gives me something to replace third-party for free! You have that backwards, bub. Third-party was charging to cover microsoft's glaring omissions.

      Both statements are true and not mutually exclusive.

    23. Re:In other words by hairyfeet · · Score: 1

      But they DO know it is a risk, they simply decide they don't fucking care or they want the bunny more than they care about the risk. I have sat there with me saying "If it is a password protected zip it is an infection! Do NOT OPEN THAT!" and had the user (One of my former bosses "best customers" Little Velma the disaster area) say "But this is from Jill! She wouldn't send me something bad!" Can you guess what she did with me sitting right there? Can you say boned, boys and girls? I think you can.

      The point is blaming MSFT for pwned machines is like blaming the car manufacturer when you got crabs from a hooker because it was in the back of your Ford. unless you make it IMPOSSIBLE for the user to do ANYTHING, aka take away all their rights to actually own their machine and give them a thin client, then the simple fact is a very huge section of the population is going to fuck them up. Why do you think there are so many Windows repair shops? Do you honestly think if the mass migration of dumbasses off of Windows onto Linux happened tomorrow we wouldn't see "hotlesbos.sh" and other malware spread through Linux like wildfire? because if so I'm sorry, but reality is this way->.

      Social engineering works. Stupid people want the bunnies. Unless you take away the right to do anything other than run what is installed(and even then JavaScript can punch a nice hole through the browser) then the stupid users are going to fuck stuff all up. Which is why we call them stupid. And you can give up on education: it ain't never gonna happen. If it would work we wouldn't still see 419 scams after every major news corp has talked about them in length. They work because stupid people are often greedy. The way I have seen infection after infection, and being a repairman for going on 15 years I've have seen just about every way to fuck up Windows that there is, is by appealing to one of several vectors: Trust(my BFF Jill sent me this!) Lust(If I click on this I'll get passwords to hot porn sites!) Greed(I can get a Mac if I run this toolbar and talk my friends into running this too!) Free Stuff(I use this P2P thing and look! I got the new Britney.mp3.exe! Now I can hear it before everybody else!)

      In NONE of those cases listed above, which in my experience has been the vast majority of Windows infections, would extra security help. Because the user WANTS the bunny more than he/she cares about the risk. They WANT the porn, or the song, or the 6 million from some guy in Nigeria. And as long as they have ANY way to get around whatever roadblocks you stick in their way they will do so to get what they want.

      You want to make Windows and the Internet in general a safer place? Get rid of JavaScript. Mark my words JavaScript is going to be ten times worse than ActiveX ever was. Look up "JavaScript exploit" in Google and see how many results you get. Page after page after page. If JavaScript was a MSFT only technology, would you run it? Or would you consider its piss poor track record on security just too nasty? And trying to sandbox it is just putting a bandaid on a bullet wound. But as long as sites like Youtube use it I can't block it on my customers machines, because they too want to see the bunny. So just like when they click on the mp3.exe or open the password protected zip file all I can do is clean up the mess afterwords. But locking them into an OS where they are unfamiliar and nothing they own runs doesn't fix anything. It just gives them whole new ways to fuck up. And trust me, if you moved the stupid users in mass to Linux? The malware writers would be right behind them. Because it ain't the OS that is the problem. Just like so many of life's other difficulties the PEBKAC.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    24. Re:In other words by LordLimecat · · Score: 1

      Im not clear on which of his points you were so eloquently refuting. Last time I checked, many desktop linux distros lacked at least some of those features, so whatever massive flaws vista had, Im not sure security was one of them.
      Binaries are binaries, and stupid users running them from untrusted sources will screw up just about any OS so long as tools are able to do the sorts of things 'dd', 'rm', and 'sh' can.
      His comment may have come off as slightly fanboyish, but thats probably because this is slashdot, and anything that doesnt mock windows will come off that way.

    25. Re:In other words by CarpetShark · · Score: 1

      They have always worked diligently on making money,

      This I have seen.

      then it is no stretch to suggest that they are trying to avoid it

      This I have not seen.

      Both statements are true and not mutually exclusive.

      On a most basic level, yes. On a more conceptual and ethical level, you cannot give as a gift something that was already owed.

    26. Re:In other words by Anonymous Coward · · Score: 0

      When you state that Windows' problems are effectively entirely due to its popularity, you are completely ignoring the (IMHO) biggest security difference between Windows and Linux - the repository system.
      If I'm a sensible Windows user who doesn't click on dancing bunnies or open unexpected email attachments, I'm still at risk every time I install any software apart from that obtained from MS update, Adobe website directly or similar. E.g. If I want a better CD/DVD burner, I have to research carefully to make sure not only that the program I am trying is not malware as such, but also that it's not a clean product which has had malware added by the download site. Over time, the chances that I'll get it wrong add up to near certainty. If I'm lucky it'll then be spotted by an anti-malware tool before it does any damage.
      With Linux, especially a major distro such as Ubuntu, I can (and do) get 99%+ of my needs from the repositories. There might be 5 or 10 different CD/DVD burning programs, for example. In practice, the repositories are virtually guaranteed malware free.

      Regardless of popularity, Windows will never be as secure as Linux unless it has some sort of equivalent of the repository system, so users no longer have to trawl the net for most of the software they install. MS should, in its own commercial interests if it wants to maintain dominance and spend less time fighting malware, spin off an independant trust which would create and maintain a repository system open (at no cost) to any freeware provider (possibly extending to paid software later). The only vetting would be to perform extensive anti-malware checking and possibly some sort of id check on the submitter.

    27. Re:In other words by zx-15 · · Score: 1

      This doesn't answer question about simple worms that could infect machine that is just on the internet, without any actions on the part of the user. Still, in your example everything that goes under user account should not completely hose the machine, just the user account.

      The major difference between java script and activeX is that javascript runs in a sandboxed environment and activeX is integrated deep into the system, so in an ideal world compromised javascript might kill your browser session but compromised activeX would completely take over your machine.

      The funny thing about googleling "javascript exploit" is that 4 links out of 10, actually the first four talk about ie 6-7 javascript vulnerabilities, one - about firefox, two - about acrobat reader, the rest describe the ways of building an exploit. In this completely unscientific test Microsoft gets things wrong more than everyone else - who would've thunk it?

      I guess the essence of your argument is that however sophisticated and secure programs are written, the public in general doesn't know any better and Microsoft is only blamed because it's the biggest player in the market, and what I infer from it, that there is no point in building better software because ingenious idiots would break it anyway.
      My view at this problem, is that Microsoft and many sloppy developers have programmed in a way that is easier for themselves rather than what is better for users, exploiting publics ignorance on the subject and instead of flashing warnings writing help windows and implementing things properly, just said - this is how it is - deal with it, so the ignorant public thinks that opening greeting cards with naked bunnies that then hose their computers is normal, because these gosh darn things are so complicated.

      I don't thing that we would persuade each other to think otherwise because these arguments based on our life experiences which are very different, so let's just leave it at that.

    28. Re:In other words by ericrost · · Score: 1

      You must be new here.

      --
      My Babylon
    29. Re:In other words by Anonymous Coward · · Score: 0

      Why not try something like Windows Steady State for those users who continue to infect their machines?

  2. Priorities! by grub · · Score: 2, Interesting


    Perhaps they realized that a good code audit and general cleanup would eliminate the need for much of the bolt-on "Stirling".

    --
    Trolling is a art,
    1. Re:Priorities! by MarkRose · · Score: 1

      But what about all the existing Serevers out there?

      --
      Be relentless!
    2. Re:Priorities! by causality · · Score: 1

      Perhaps they realized that a good code audit and general cleanup would eliminate the need for much of the bolt-on "Stirling".

      I notice that many of the Windows vulerabilities are buffer overflows. Aren't there automated tools and other procedures that can be used to locate and fix such flaws? Couldn't these tools, plus some auditing, enable Microsoft to produce a Windows codebase that has no buffer overflows? I know it's basically impossible to prove that a piece of code has no bugs but isn't it possible to prove that it has no buffer overflows? If so, wouldn't that alone go a long way towards a more secure Windows?

      I hope maybe a programmer out there will read this and can give me an answer, because I am honestly rather ignorant about these things. That is, I understand the basic concepts involved but I have never tried to actually take on a task like this and I don't understand the practicality of it. I just feel that with their incredible cash reserves and other resources, Microsoft could produce a more secure Windows if they wanted to do so. I think a more secure Windows would be one of the best things that could happen to the Internet, at least as long as it's so dominant on the desktop. I say this as someone who dislikes Windows and dislikes spam and botnets much more.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:Priorities! by Anonymous Coward · · Score: 0

      The OpenBSD team has been trying to make an out-of-the-box secure Unix OS for about 15 years now, and despite their admirable dedication and relentless efforts, they still end up with some bugs that have to be patched. They don't release as many bugs as Linux distros, and not nearly as many as MS Windows, but the bugs are there nonetheless.
      If you want to get real answers, and I mean well-reasoned technical answers, then the first place to ask is the OpenBSD developers. They are the experts in this domain. Incidentally they consider security holes to be simply a specific class of bugs, and their ultimate goal is a rock-solid Unix OS with traditional BSD roots.

  3. OneCare for Business? by KBlommel · · Score: 5, Insightful

    It looks like this is Microsoft's security suite for the business/enterprise environment, much like their OneCare is for the consumer market.

    I'd be careful buying any security software from Microsoft, not only because of their "track record" when it comes to security, but because it's not their main focus. When you've got such big priorities as Windows, Office, xBox, ect, you can't expect them to produce and support a security suite very well.

    They need to learn to leave the security products to those companies who specialize in it. They're the ones who do it day in and day out, and they're the ones who you can trust in an enterprise environment.

    1. Re:OneCare for Business? by Anonymous Coward · · Score: 3, Interesting

      it's not their main focus. When you've got such big priorities as Windows

      This is nonsense! They make an OS so security is their business.

      MS need to secure their software, and all these bottom feeds like Mcafee and Symantec need to die.

    2. Re:OneCare for Business? by Anonymous Coward · · Score: 0

      ha! those pesky eula. They couldn't sell a car without a piston and then sell you the piston add-on for the price of another car...

    3. Re:OneCare for Business? by topham · · Score: 1

      Their track record for security products is the strewn ruins of product after product.

    4. Re:OneCare for Business? by Anonymous Coward · · Score: 0

      Why is track record in double quotes?

    5. Re:OneCare for Business? by dave420 · · Score: 1

      Microsoft is not a company of 15 guys in a small office, fyi. :) I think they have more than enough resources to properly focus on security.

    6. Re:OneCare for Business? by Anonymous Coward · · Score: 0

      LAWL!

    7. Re:OneCare for Business? by Etrias · · Score: 1

      It looks like this is Microsoft's security suite for the business/enterprise environment, much like their OneCare is for the consumer market.

      Yes, and we know how OneCare was SO successful...

      An interesting question would be what Microsoft considers zero-day security flaws. Ones that are recognized by industry leaders, or ones that Microsoft magically declares zero-day the day after they rolled out the patch to fix it.

    8. Re:OneCare for Business? by UnknowingFool · · Score: 1

      I think they have more than enough resources to properly focus on security.

      It's not a question of resources. It's a matter of focus. Microsoft these days is very unfocused about they need to do. Their forays into areas other than operating systems and office productivity software have been less than successful. Even in the case of the Xbox, while it enjoys popularity as a game console, MS paid for that popularity with $7 billion in debt as the division has only been profitable in the last several quarters. Given that rate, the Xbox division will need a decade or more to recoup the initial investment.

      Now that lack of focus has crept into their main businesses. The five year wait for XP's successor was marked with delays and eventually removed but highly-touted features. Even when released, Vista clearly needed a lot of work still. The decision to label Intel video chipsets as "Vista capable" led to disaster and a class-action lawsuit.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    9. Re:OneCare for Business? by Anonymous Coward · · Score: 0

      ISA Server is their firewall which I was skeptical about at first. However I've never seen one compromised, and all the ones I've seen get HEAVY use.

      Usually comments like this come from people that just parrot anti-ms sentiment, but I'll give you the benefit of the doubt.

    10. Re:OneCare for Business? by BitZtream · · Score: 1

      It doesn't matter how well written Microsoft makes their product, if its popular it will be exploited and bypassed. Just like every other protection package out there regardless of who its from.

      This is one of the few cases where security though obscurity is a good thing. Not obscurity in the sense that its hard to figure out whats going on, but in the sense that if there are 10 different relatively equally used packages out there, it makes it 10 times harder than attacking one package, assuming that each security package is not just a rebranding of one of the others. If they all work the exact same its pointless to have multiple vendors. The protection comes from the fact that if they target one vendor, then 9 out of 10 people aren't likely going to be exploited.

      Right now, its like a 1 in 3 chance that the user will be running something the malware knows how to bypass if it only targets one package.

      If you follow the track record of those security companies, they pretty much ALL have left MAJOR flaws in thier packages for YEARS after they've been found and publicized. They don't fix bugs and flaws unless they HAVE to, just like MS.

      As was posted by someone else earlier however, none of these packages and nothing MS can do will protect a PC from the user who has to get his emails from Mellisa regardless of the fact that he doesn't know Mellisa and regardless of the fact he's been told that the Mellisa email is just a virus infection vector.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    11. Re:OneCare for Business? by Anonymous Coward · · Score: 0

      MS need to secure their software, and all these bottom feeds like Mcafee and Symantec need to die.

      Agreed. And Linux needs to secure their software, and all these bottom feeders like iptables and SELinux need to die.

  4. The server at slashdot.org is taking too long to by Anonymous Coward · · Score: 0

    I guess this is not href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105

  5. The Big Switch by XaviorPenguin · · Score: 1, Interesting

    Since their defunct Microsoft Live OneCare is leaving in June of 2009, this Stirling is replacing it. It kind of makes one wonder if this will fail just like OneCare did.

    --
    Friends help you move...
    REAL Friends help you move dead bodies... ^_^
    1. Re:The Big Switch by westlake · · Score: 1
      It kind of makes one wonder if this will fail just like OneCare did.

      OneCare was a paid subscription service for the consumer market. To be replaced by a free - lightweight - solution code-named Morro.

      It's likely your ISP already offers something similar to its residential customers. There just isn't any money to be made here.

  6. Privileges by number17 · · Score: 5, Funny

    All it does is removes your user from the "Administrators" group and adds you to the "Users" group.

  7. Re:The server at slashdot.org is taking too long t by x2A · · Score: 1

    Dude... you forgot the '<a'... there was a '<a' first, it looked like this:

    <a href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105

    *reminisces*

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  8. Will it be free, or just a protection racket? by Anonymous Coward · · Score: 0

    If they want to make money by giving stirling away and thereby strengthening the credibility of their OS, then I'm for it. If they stirling itself as a profit center, then I'd rather give my money to the mob.

  9. Windows virus devastates millions of idiots by David+Gerard · · Score: 4, Funny

    A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.

    Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."

    Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.

    Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.

    "It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."

    "Yes," said Phagge. "Yes, they do."

    Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.

    --
    http://rocknerd.co.uk
    1. Re:Windows virus devastates millions of idiots by Anonymous Coward · · Score: 0

      I bet this will be marked Troll or Flamebait but it's really humor. Please mod this Funny!

    2. Re:Windows virus devastates millions of idiots by David+Gerard · · Score: 1

      Frankly I'm just fucking sick of dealing with people's fucked-up Winders boxes. "NO. You get UBUNTU. Because you won't FUCK IT UP." Kubuntu 8.04 with all the restricted extras is pretty much ideal - it's stable, it gets security updates, it's KDE 3 so it looks and works just like XP.

      --
      http://rocknerd.co.uk
    3. Re:Windows virus devastates millions of idiots by le_sean_moon · · Score: 1

      If you give them the ability to install anything, guaranteed they'll break it. Especially when they start googling to find out how to get device X or program Y to work, and then follow a 4 year old tutorial and issue a ton of superuser commands, the last of which finally breaks their grub and then they just install windows over ubuntu again

  10. Summary typo: the correct name is "ISA Severer" by Anonymous Coward · · Score: 0

    Somebody please fix the typo. It is "ISA Severer", not "Serever" (or "Server")

  11. Delaying? by gmuslera · · Score: 3, Funny

    How much could take to Microsoft to relabel an Ubuntu install CD?

    1. Re:Delaying? by David+Gerard · · Score: 1

      http://mslinux.org/

      --
      http://rocknerd.co.uk
    2. Re:Delaying? by icannotthinkofaname · · Score: 1

      And guess what - modify KDE a little, and this would be exactly what you get.

      As an April Fools' joke, I left live CDs running Kubuntu 8.04.2 live sessions in school computers. I had to leave immediately after, but according to a friend of mine, all people noticed was that there was no flash player installed. Other than that, no one was really lost at all.

      This was at a community college that is 100% Windows XP machines.

      Replace some of the images in KDE with the MSWindows equivalents (like, for example, replacing the K Menu icon with the one for the MS Start menu), and it can and will look exactly like Windows.

      --
      Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
    3. Re:Delaying? by anjilslaire · · Score: 1

      Maybe if they did that, they could save budget to retain their employees, rather than shutting them out the door during the worst economy of the last 60 years. They have the cash, and are just going to rehire 1000s more when the economy picks up in a year or two... That way they could actually finish their projects, maybe.

      --
      Need more useless stuff to read on teh internetz?
    4. Re:Delaying? by owlstead · · Score: 1

      BIOS open and/or closures not locked down -> shoot admin.

  12. Reading between the lines by mangu · · Score: 2, Insightful

    "efforts to add interoperability with third party solutions, as per customer requests"

    Is this spelled "DRM"?

  13. I knew this guy... by Munpe+Q · · Score: 0

    ...and his name was Stirling. He was a ding dong. This can't be a happy coincidence.

  14. the delay is just a by Anonymous Coward · · Score: 0

    feature of their product! So good, they make you wait for it.

    I think this is the end of malware people.

  15. Spammer by Anonymous Coward · · Score: 0

    Posting links to his monetized blog. Moderators: please do not reward this behaviour.

    1. Re:Spammer by Anonymous Coward · · Score: 0

      I thought you guys all got laid off.

  16. Or maybe... by roc97007 · · Score: 2, Funny

    They found a virus on the CD and have to reprint.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  17. Actually The Problem Is Dancing Bears by EXTomar · · Score: 2, Insightful

    The actual problem is that Windows is a "dancing bear" ala "The Inmates Are Running the Asylum". The real problem is Windows is the bear and it shuffles around never really dancing well at all but people are amazed by its activities instead of questioning the entire endeavor in the first place. Asking the users to make sound decisions about permissions and other settings given way Windows works is like asking people at the circle to critique the dancing bear.

    Stop blaming the user. Users of other electronics devices are not required to understand intricate security feature yet apologists for Windows continue to blame "the dumb user" for not recognizing dangerous security situation. Browsing a web page, looking at email, clicking on items on a desktop are normal user activities. A user shouldn't have to know ahead of time a link is bad news nor how would they really know before they get there and inspect the page. Asking them "Is this okay?" is a dumb question anyway.

    We really need to stop blaming the user for all the security issues on home pc desktops and put the blame back on the system design. Expecting a user to activate functionality, then ask them "Is this okay?" is insanity that is a feignt for shifting the blame from the poorly designed system back to the user.

    1. Re:Actually The Problem Is Dancing Bears by Your.Master · · Score: 2, Insightful

      The only possible way to account for the user's actions is to set up what amounts to a very strict DRM scheme where the entire system is controlled by one party (Microsoft, or perhaps some blesséd parter of Microsoft) and the licenses to let other users install this software are doled out with barriers to entry so high that typical users cannot cross them on their own. This strictly-controlled system is why video game consoles, or DVD players, etc., rarely get infected.

      Other than that, for all of your grandstanding you literally ask the impossible and declare reality to be an insane apology.

      Only by utterly eliminating the user's ability to do things, can you eliminate the user's ability to do bad things. It doesn't matter what OS you use.

      Now, that said, a responsible OS maker should do what it can to knock out every vulnerability that does not rely on the user, and should even put into place what barriers to entry that it can without making computing an immensely frustrating experience and without violating the law.

      Here's a car analogy: you can make the safest car in the world, and you're still in a heap of trouble if the user drives it off a cliff into the ocean. It's not blame-shifting, it's a driver going off a cliff. The only way you're going to avoid that is by putting all the cars on railway tracks, that is, eliminating the user's ability to drive. And we have that too.

    2. Re:Actually The Problem Is Dancing Bears by Anonymous Coward · · Score: 0

      You dont need a fancy DRM system, just re-think how the OS works. Currently, the OS functions to run applications. The problem is that users are morons who dont know how to use a computer, so the solution is to build a OS that only runs what the OS wants the user to run.

      No installing new software. Existing software confined to a jail with all user files stored as the OS sees fit. In other words, persistent applications. The user would end up doing only what a application enables, and the OS restricts applications to basic file operations, no ability to browse the filesystem (outside of 'home' anyway), no ability to perform file management (a special application does this, the shell the OS will provide).

      Of course what user could such a computer be? It would take someone who knows how to use a computer well to be able to create such a system, and such a system will be unless to such a person. MS sure as hell is not going to do it, it would require gutting most of the OS's functionality, something that software makers will not like. Same with Apple, they need software makers, so will not likely risk putting them off (altho Apple is more likely to do such a thing then MS).

      *yawn*.. I cant really see thing changing. The very least a new library for some high-level language would need to be made, then transform the language's VM into a locked down system, then only write software in that language. Sure, it would be easier then making a new OS, and placed on top of a *nix or other secure system it could be fairly secure. But it would still require work, and the end result would be of little use outside of educational software for kids. Hmm, still, it could be fun to remake a whole language API, so someone might be intrested, but would such a project really catch on? It would, at the very least, need to compete with KDE and GNOME.

  18. see Stirling in action by viralMeme · · Score: 1

    'See "Stirling" in action'

    I can't cause I don't have Silverlight installed and am using Chrome, so I most probably don't need it ..

  19. Here we go again... by hyades1 · · Score: 2, Interesting

    Why do I get the feeling that using this is going to be like half killing yourself with a steady intake of chemotherapy drugs just because some day you might get cancer?

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:Here we go again... by anjilslaire · · Score: 1

      I used to go through computing life like that when I had Norton installed on my Windows 2000 pro system back in 2001. I don't know about now, but Norton was a nightmare back in the day about using up all the system resources to the point that your box was too slow under the weight of the AV suite get anything done, including getting infected. Been on Linux since 2006 at home, haven't looked back.

      --
      Need more useless stuff to read on teh internetz?
    2. Re:Here we go again... by hyades1 · · Score: 1

      I think you're completely right. When this XP Pro installation finally croaks, I'm moving to Linux.

      I know exactly what you mean about Norton, too. Scrubbing it out of XP after it let me get infected was more of a pain than getting rid of the damned virus. Between a firewall and a weekly scan with Avast, I've never had another problem in two+ years.

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
    3. Re:Here we go again... by drachenstern · · Score: 1

      Just so you're aware, Norton hasn't REALLY changed their game lately, but they have begun to suck less. If you can hear a little more clearly lately when you go outside, that was it. If not, well, consider yourself lucky you're not close enough to hear it constantly.

      Still drags a box down though...

      --
      2^3 * 31 * 647
  20. Its what they get for the layoffs by anjilslaire · · Score: 2, Interesting

    Maybe if they didn't cut the 1400 employees and thousands of vendors the last couple of months they'd be able to have the staffing to actually finish this security suite on time. I imagine the other 3600 will fall after Win7 RTMs...

    --
    Need more useless stuff to read on teh internetz?
  21. RE: Stirling ... Security ... Microsoft???? by Anonymous Coward · · Score: 0

    Surely my eyes are getting crossed ... or its just the /. malformed java script loop forcing continuous loading which causes the page to jump up ... down ... up .... down.

    Q: Did the javascript kiddy at /. mind-meld during a viewing of WATCHMEN?

    Rorschach is pissed ... and snooping. (:))

  22. Windows can be secured, to a 99/100 CIS Tool score by Anonymous Coward · · Score: 0

    "There is so much legacy cruft in Windows I doubt it will ever be secure" - by NaCh0 (6124) on Monday April 06, @12:30PM (#27477443)

    Untrue, because w/ a LITTLE work on the users' part, Windows can be made very secure, & stable (+ faster as well, as a bonus)...

    Case in point/example:

    http://www.xtremepccentral.com/forums/showthread.php?s=34a1a7feef74b8afb3e13f68a49f703d&t=28430&page=3

    PERTINENT QUOTE/EXCERPT:

    ----

    "Its 2009 - still trouble free!

    I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point.

    So from 2008 till 2009, No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

    Great stuff!

    My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

    APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

    THRONKA

    ----

    Thus, as you can see, Windows can be made secure, quite easily, via using the CIS Tool Security analysis multiplatform security benchmark system (based on industry 'best practices' for securing various Operating Systems), as outlined in this guide (which is what THRONKA, the person quoted above, used in fact) -> http://www.tcmagazine.com/forums/index.php?s=28c75dd785e7ae225a4ccd092e4155b5&showtopic=2662

    APK

  23. Good job & well said hairyfeet... apk by Anonymous Coward · · Score: 0

    "And all the security in the world won't save MSFT from the seriously fucking dumb users you have out there. Believe me, as a Windows repair man, I know this" - by hairyfeet (841228) on Monday April 06, @02:15PM (#27478909)

    Agreed (albeit, unfortunately): I have to concede, that on THAT particular point you made, you ARE completely correct... &, the only thing you can do is what you stated, clean the mess up for them (&, get paid to do so).

    Yes, one CAN secure a Windows system, to the tune of a 99/100 CIS Tool score (as I noted in my 1st reply in this thread here today, here -> http://it.slashdot.org/comments.pl?sid=1189359&cid=27490345 ) but, you can't stop folks from being foolish, OR, ignorant (I hesitate to call them "dumb" outright though, they just aren't aware of the risks, or don't care, because they have guys like YOU around, & can afford to pay you to correct their mishaps/mistakes).

    Even though I can demonstrate that a "good intelligent user" such as THRONKA from the URL above? There are others who are not... & know it.

    E.G.-> I have a pal named Jack whose system I "security-hardened" for he, using CIS Tool guidance & beyond (per the URL above), & he used to literally get 200++ infections a week, now though? He ends up with MAYBE 1 every 6 months, & is aware of how to use Process Explorer to kill most of them, manually, IF his antivirus &/or antispyware don't cut the mustard... still, eventually?

    He ends up with ones he cannot get rid of... why??

    WELL, YOU SAID IT BEST:

    Javascript...

    It gets he into hassles, & he knows it, but, apparently cannot do without some sites that require it (such as some Pr0n ones are), & that is what gets him, everytime... I suggested he find equitable "substitute sites" for those he uses now, but in the end? He takes his chances... & eventually gets burnt!

    APK

    P.S.=> Nice post though, all in all, hairyfeet... If I could "mod you up", I would, but us "A/C" posters cannot so, a "good job, well said on your part" is all I can give you man... apk