Slashdot Mirror
Microsoft 'Trustworthy Computing' Turns 10
gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."
Windows is far more secure now. Nowadays malware mostly comes either via third party programs like Flash and PDF reader or via social engineering - like those sites which claim you have a virus and need to install this program or you need to install codec. Windows itself is very secure.
Interestingly it was also one of the reasons why people initially hated Vista. The security model of Windows changed so much that many legacy apps stopped working and driver needed to be updated. Windows users also weren't adjusted to having to work under non-admin account. That was the reason most people had issues with Vista, and by the time Windows 7 came out, application and hardware vendors had fixed their issues. Windows 7 is a very good OS, actually so good that Microsoft really needs to step up their game in windows 8 so that W7 won't become the new XP.
In my opinion Microsoft has really fixed their issues with security. Internet Explorer 9 is one of the most secure browsers around. It is currently sharing the first position with Chrome. IE9 has sandboxing, JIT hardening and other ways to make vulnerable plug-ins like Flash and PDF reader have less access to the system. Firefox is currently lacking any of these, so if you use Firefox and you are being hit with Flash or PDF vulnerability, your changes of being infected are much larger than when using Chrome or IE9.
Given that Apple is using Microsoft's Azure cloud services for their iCloud platform, I have no doubt that they can both secure the platform and develop good software to developers that can help developing secure software. After the security disaster at Microsoft tens years ago, they have added security features to both their internal tools, but also to the likes of Visual Studio. VS nowadays has many features that can help prevent the most usual security problems. Since Visual Studio is integrated with Azure, many developers will be using it and also having the advantage of those features.
Cheers,
David E. Sell
Troll because it's true.
A new user profile with a very fast first pro-MS post about the successes of MS and Windows? Can't possibly be a shill. I'm actually curious whether these people are paid for this stuff or they're just insecure MS employees with nothing better to do.
Like them or not, at least you don't see Google and Apple stooping to these levels.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
Security is not selling more copies of a product, but all the "executives" who can sign purchase orders will be willing to shell out money if they can see a laundry list of new features.
Most companies have only one imperative: increase sales in the short run and feel good. Collect fat bonuses for the former. Security does not drive sales, does not increase bonuses.
Spending 100 million dollars on security is puny as compared to the total revenue of MS, even in a single month. If they really wanted to be a leader in terms of security, they would have had to change their processes, tools and management approaches radically. Instead they did something to achieve security levels which were good enough to continue selling their stuff.
Imagine writing software in a language which is inherently safe - MS did some research into that, but the technology never made it into Windows or Office. Just using an STL with checked vectors, strings and other containers would have immediately fixed thousands of exploits, but that would have meant changing the C++ coder mindset, which still is "my code will never overrun any array and bounds checks are a waste of precious CPU time". The truth is of course that even the best guys are sometimes tired or a little sick and that bounds checking only increases CPU load by about 10 %.
This is all marketing talk - the only thing where MS is excellent.
Windows users also weren't adjusted to having to work under non-admin account.
by using a non-admin account for the last couple of years i learned that the system is much less secure this way.
on windows the only program that could auto update was google chrome. firefox, flash, thunderbird, java, etc, all required manual update checks (which a non too computer savvy user, like my wife, won't do). firefox actually shows that there's an update available when chacking manually, but requires to be "run as administrator" to actually install it.
same problem for the mac. system update checks won't happen automatically in non-admin accounts.
eventually i got pissed of having to update everything manually and switched my accounts to admin.
That Your Laziness could possible switch accounts for a minute to perform the updating ? Yes, security is a process which requires effort, ya know.
It's true that Win 7 is a step ahead for windoze systems. It' practically workable! That is if you happen to like the way it works, because to tweak it even just a bit, you need to either be an expert or then buy a customising software.
But "Trustworthy Computing" has much more heinous objectives than making your windoze box more secure. It wants to make UEFI standards so that no other OS's can be run on a machine that uses M$ OS. It wants to make listening to your own music dependent on the presence of a TPM chip that takes care of all the critical security stuff, like Digital Rights Management. I guess it's in their interest to suck up to MPAA, RIAA and book publishers?
If George Orwell had had the vision, he'd have Micro$oft working for the Big Brother monitoring the people they don't like. I'm sorry, but I'll never again give M$ direct access to my hardware: it will always run in a virtual machine. I need to do it now and again to make sure that my stuff will also work with M$, specifically Internet Exploder. Granted, there are some pluses in IE9 over IE6, but they're negligible, basically eye candy.
Get behind FOSS or get left behind, is what I say.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
The profession of inventing numbers has always intrigued me. The article says, "The hiatus cost Microsoft $100 million." Well, sure they can figure out how much money they usually make in a time frame, and how much money they didn't make during this time frame, and BAM you've got a number. But that number, $100,000,000, just seems a bit too ... round. It seems like someone said, "Hey, call the department that makes up numbers. We need one that's not so small it seems insignificant but not so big no one believes it. Not too cold, not too hot. Not too lumpy, not too soft. Something that's juuussssssttt right." Which is certainly a shorter route to 'news' than actually doing the work to figure out what it actually cost. It also sounds like something a 7 year old would say on the playground in a screaming match about fathers' occupations, "OH? Yeah?! Well! My dad works for Microsoft and they lost a hundred million dollars!"
And how can they know that's what it would have been? Maybe that was the month, had they asked, that Apple would have sold out to Microsoft. But they didn't ask and no one will ever know. Would have been more than a hundred million dollars, for sure.
Yes, wildly off topic, but it's the crazy shit that goes through my brain.
No sig for you. YOU GET NO SIG!
"With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised."
Isn't it interesting how much has changed in the past 10 years. Now the U.S. government has given itself the right to warrantless wiretaps on all communications and almost every device on any of the digital networks gives them a back door. Telephony is as available as ever, but I don't think of it as secure any more.
No, just that the well-written post of four paragraphs was written in less then 45-seconds of the original poster. Need not worry I'm a stupid American idiot, and I'm not aware of how the Neo-cons control all forms of media information.
Ignorance Is Strength.
"Bill Gates" and 'trustworthy'...the greatest oxymoron of our time...
or perhaps tied with:
'Microsoft' and 'trustworthy'...
only the illiterate burble this kind of junk.
MS Windows may be far more secure but since we have levels of malware infection far exceeding what was observed ten years ago then it becomes clear that is not enough to solve the problem. Applications need to be more secure and some mind-bogglingly dumb choices are still being made which imply that a lot of developers are still thinking of single user machines that are not on a network.
Nice advertisement above however it's a little misplaced. Can we get to details about what is happening now instead of hype pretending that it's all going to be better tomorrow please?
Why, oh why, does the logo for TwC's tenth anniversary look like a dangling dong, or standard medical journal iconography for a penis and bladder??
Even worse, it's got the outline of testicles underneath... with GREAT BIG BLUE BALLS...(wow, is that supposed to say something about the org?)
And a yellow drip at the tip???? Is it peeing itself? Or maybe it's a giant orgasmic blast of security!!!!
No kidding, I couldn't make this crap up. Go look at http://www.microsoft.com/twc in the funny purple box.
How in the hell did this sort of Ariel+Phallus/LandOLakes-Boobies image get thru Microsoft PR review?
What's the tagline for the next ten years? "TwC Next, UUUNNNH!" or maybe "TwC Next: It Burns!"
Fewer points of failure. Yay Cloud!
Windows fundamental design is so olde worlde and just fundamentally flawed they have no hope whatsoever of turning into a real and secure OS. As a media player and games loader, and support backplane for their Office product, it works quite acceptably. But it will never be 'real' software.
"A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. link
So does XP, & Server 2003 also. It's often called "The Poor Man's Firewall" @ times online too, lol! GUI driven easy...
HOW TO USE PORT FILTERING IN WINDOWS 2000/XP/Server 2003 (Sorry, no longer done this way in VISTA/7/Server 2008):
1.) Start Menu /click the PROPERTIES button there)
2.) Connect To Item (on the right hand side) -> Local Area Connection (whatever you called it, this is the default, iirc) 3.) Open it via double click OR, right-click popup menu PROPERTIES item
4.) Properties button on left-hand side bottom, press/click it
5.) NEXT SCREEN (Local Area Connection PROPERTIES)
6.) "This connection uses the followng items" (go down the list, to Tcp/IP & select it &
7.) Press/Click the Advanced Button @ the bottom Right-Hand Side (shows Advanced Tcp/IP Settings screen)
8.) OPTIONS tab, use it & Tcp IP Filtering is in the list, highlite/select it
9.) Beneath the Optional Settings, press/click the PROPERTIES button on the lower right-hand side
10.) Check the "Enable Tcp/IP Filtering (on all adapters)" selection
11.) In the far right, IP PROTOCOLS section, add ports 6 (tcp) & 17 (udp)
12.) In the far left "tcp ports" list - check off the radio button above the list titled "PERMIT ONLY"
Then add ports you want to have open (all others will be filtered out, & for example, I leave port 80,8080, & 443 here open, only on my standalone, non-networked home machine (for a HOME or WORK LAN, you may need to open up ports 135/137/139/445 for a Windows based network for file & print sharing PLUS enable NetBIOS over Tcp/IP in your network connection properties & ENABLE Client for Microsoft Networks & File and Print sharing too) - you may need more if you run mail servers, & what-have-you (this varies by application)) -> I leave the UDP section "PERMIT ALL" because of ephemeral/short-lived ports usage that Windows does (I have never successfully filtered this properly but it doesn't matter as much imo, because udp does not do 'callback' as tcp does, & that is why tcp can be DDOS'd/DOS'd imo - it only sends out info., but never demands verification of delivery (faster, but less reliable)) -> DONE!
You'll need to reboot 2000, for sure, & it's optional for XP onwards (MS took a page from the MacOS X dept. on this one (they both took the BSD IP stack though, lol)).
APK