Slashdot Mirror
Microsoft 'Trustworthy Computing' Turns 10
gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."
WOW,
you posted that entire comment in under 1 minute. You sir win an internet.
For the past decade, Microsoft has been where it is now: equal or worse. Internet Explorer shares the browser market with Chrome. Windows 7 shares the desktop market with XP and OS X. XBox shares the console market with PS3 and Wii.
Being as good as your competitors means that when something bad does happen, like a new zero-day exploit in the wild that makes the headlines, the company drops back to second place. Regardless of its current improved security, Microsoft will never regain lost reputation until they produce a series of spectacular products that are consistently better than any competitor. I don't see that happening anytime soon.
You do not have a moral or legal right to do absolutely anything you want.
Shill or not, he has a point. Security within Windows and Internet Exploder have improved over the years. It may not be all wine and roses but it's not as bad as it once was.
Of course, there still is a long way to go...
To rebut specifically:
1) While most users do not need admin access and by default Vista and 7 do not give it to you, I still see people assigning admin rights to themselves and deactivating UAC as a prerequisite to using the computer, which puts the lie to your top two paragraphs. Once they take those two steps, the machine might as well be XP. They actually do it for (to them) legitimate reasons - software related and habit being the two largest.
2) IE9 still runs any script presented to it that passes a very crude ruleset based on zones. You Microsoft shills (sorry, that's how you come off) always try to compare Firefox without plugins with IE. IE has no facility for blocking scripts and flash selectively that doesn't cost more than a browser is worth. Noscript and ABP are a few mouse clicks away. You can have all the sandboxing in the world, but not letting the script run in the first place is the only effective defense against drive-by malware installs.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
No, sorry, I'm not the same guy, I don't work at Microsoft. Seems like we just share the same name.
David
He is apparently a paid cheer lady, but nevertheless there is about 80-90% truth in his comment. The newest VS2010 is so far one of the best IDE, there are a lot of MS libraries, tools, etc., that helps the poor developer doing his job, even if the MS environment is so clumsy and bloated.
did you mount your hard drive too?
The idea that windows 7 is the best thing since xp is silly because it fails to take in account all the exact same issues you have had since XP and windows NT.
Back in c.o.l.a. days (is that still around?), the Windows fans went through endless rounds of "Yeah, the last version of Windows was crap, but *this* one is the best OS money can buy!" New release, same old song.
Sheesh, evil *and* a jerk. -- Jade
I know replying to myself is bad form, but after posting I looked up the stock growth for Microsoft and its competitors. Over the past 10 years, Microsoft is more stagnant than Slashdot (the site, not Geeknet as a company).
You do not have a moral or legal right to do absolutely anything you want.
Since this is Slashdot, I expect the above well-written post to be marked flamebait within 10 minutes, because it dared to speak well of Microsoft.
Yet oddly enough, as I write it's modded "4, Interesting".
Slashdot doesn't suffer from groupthink nearly so bad as a lot of people like to (group?)think it does
.
Sheesh, evil *and* a jerk. -- Jade
That's not true at all. I remember those days and DirectX was a steaming load of crap. It just happened to be what MS was using at the time to make it less convenient to program cross platform.
Windows was really popular amongst gamers for the simple reason that it was the largest platform and attracted the most developer attention. It wasn't any better than the other options at that point, in many ways it was inferior. But, MS had the ability to crowd out the competition and get its OS installed on the vast majority of computers sold. In those days, MacOS was pretty much crap and required paying a premium for Apple hardware.
But, ultimately, I'm not sure why I'm bothering to replay to an obvious shill.
DirectX 9 was released 9 years ago, and hasn't been replaced because of the stagnation of Windows. OpenGL is cross-platform, and with OS X's adoption, sees growing use. New versions of DirectX do not add any vital features over old versions, so Microsoft still has no clear advantage in that field.
Windows does currently hold the gaming market, but OS X is gaining ground, with the porting of Steam and generally-growing user base. A multi-platform release is now an important goal for new games, just as it was in the early 90's.
Apple is also providing a platform, for which Microsoft has yet to provide a comparable answer. They call it iOS, and it's now the hip new place for budding programmers to make their debut into professional development.
You do not have a moral or legal right to do absolutely anything you want.
I don't get why people have a problem with UAC, I've found it to be only a bit more annoying that the Linux equivalent. It's not like with Vista where it would be asking for a click every 5 minutes or so.
Not the same person as the poster. Sorry.
If I used a sig over again, would anyone notice?
"1) While most users do not need admin access and by default Vista and 7 do not give it to you, I still see people assigning admin rights to themselves and deactivating UAC as a prerequisite to using the computer, which puts the lie to your top two paragraphs."
That's an issue of users trading security for convenience, not an inherent weakness of the OS.
"Ask not what your country can do for you." --John F. Kennedy
To rebut specifically:
1) While most users do not need admin access and by default Vista and 7 do not give it to you, I still see people assigning admin rights to themselves and deactivating UAC as a prerequisite to using the computer, which puts the lie to your top two paragraphs.
I still feel Microsoft needs to be given credit for implementing the UAC by default to begin with. Nobody can drop the single-user paradigm that's dominated consumer-grade computing for the past 30 years overnight and expect end-users (let alone developers) to go along with it swimmingly. At home, XP was typically the first experience most users had with a true multi-user environment to begin with.
UAC makes the best of a bad situation that is not strictly (or at least not exclusively) Microsoft's fault. You'd sooner eliminate spam before you'd train all computer users to use runas.
always try to compare Firefox without plugins with IE. IE has no facility for blocking scripts and flash selectively that doesn't cost more than a browser is worth. Noscript and ABP are a few mouse clicks away. You can have all the sandboxing in the world, but not letting the script run in the first place is the only effective defense against drive-by malware installs.
NoScript is still relatively unique to Firefox, but IE9 has most (if not all) of the capabilities of AdBlock Plus out-of-the-box. You can subscribe to your favorite flavor of EasyList without installing any additional add-ons, third-party or otherwise.
While the OP is clearly a shill, your refutations ring hollow.
Using Firefox's own usage stats, only about 0.5% of users use NoScript. Comparing that tiny segment to the standard IE install makes no sense.
Then, on the other side, you focus on people who turn off UAC, and ignore the hundreds of millions who leave it on.
Basically, from each group, you're cherry picking whichever segment best supports your argument, even when that segment is in no way representative.
If an operating system marketed at users gives users a better interface, how exactly is this a bad thing?
You are not their demographic, the "luser" is. As a developer, I would hope that you would understand the need to cater to the users, instead of maligning them for not being as knowledgeable as yourself.
As an aside, the issues that I recall everyone complaining about back in the day were blue screening and degradation over time. I can't speak to your experience but I haven't need a reformat since getting Windows 7, and blue screens and black screens are a thing of the past. The BETA was more stable than previous iterations, the only problem being its lack of driver support.
I guess the fact that I notice and appreciate these things makes me a Luser. Uh... down with MS. Here's a hilarious picture of Nazi Bill.
I WANT TO NAME MY FOLDER 'CON'
It's true that Win 7 is a step ahead for windoze systems. It' practically workable! That is if you happen to like the way it works, because to tweak it even just a bit, you need to either be an expert or then buy a customising software.
But "Trustworthy Computing" has much more heinous objectives than making your windoze box more secure. It wants to make UEFI standards so that no other OS's can be run on a machine that uses M$ OS. It wants to make listening to your own music dependent on the presence of a TPM chip that takes care of all the critical security stuff, like Digital Rights Management. I guess it's in their interest to suck up to MPAA, RIAA and book publishers?
If George Orwell had had the vision, he'd have Micro$oft working for the Big Brother monitoring the people they don't like. I'm sorry, but I'll never again give M$ direct access to my hardware: it will always run in a virtual machine. I need to do it now and again to make sure that my stuff will also work with M$, specifically Internet Exploder. Granted, there are some pluses in IE9 over IE6, but they're negligible, basically eye candy.
Get behind FOSS or get left behind, is what I say.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
John Smith? Around here we prefer to call him Anonymous Coward.
Pain is merely failure leaving the body
The profession of inventing numbers has always intrigued me. The article says, "The hiatus cost Microsoft $100 million." Well, sure they can figure out how much money they usually make in a time frame, and how much money they didn't make during this time frame, and BAM you've got a number. But that number, $100,000,000, just seems a bit too ... round. It seems like someone said, "Hey, call the department that makes up numbers. We need one that's not so small it seems insignificant but not so big no one believes it. Not too cold, not too hot. Not too lumpy, not too soft. Something that's juuussssssttt right." Which is certainly a shorter route to 'news' than actually doing the work to figure out what it actually cost. It also sounds like something a 7 year old would say on the playground in a screaming match about fathers' occupations, "OH? Yeah?! Well! My dad works for Microsoft and they lost a hundred million dollars!"
And how can they know that's what it would have been? Maybe that was the month, had they asked, that Apple would have sold out to Microsoft. But they didn't ask and no one will ever know. Would have been more than a hundred million dollars, for sure.
Yes, wildly off topic, but it's the crazy shit that goes through my brain.
No sig for you. YOU GET NO SIG!
The problem is that most OSes will shine in some area and the only areas in which Windows shines are the direct result of years of monopoly abuse. In short the only reason I use Windows at all is because I paid for a copy and the only reason I paid for a copy is that it's hard to find decent laptops for a reasonable price that haven't at some point paid for a license.
For MS the fact that Win 7 is regarded as good or mediocre is something that they should be celebrating after 15 years of garbage releases.
But, they aren't particularly secure like OpenBSD is, they aren't stable and reliable like a good Linux Distro is. They lack the just general well rounded flexibility and reliability that FreeBSD is known for. In short, apart from benefitting from years of monopoly abuse, I have a hard time thinking of anything particularly compelling about Windows that would lead one to conclude it was anything other than mediocre.
That's the thing Win 7 is a good, but not great OS, and is solidly mediocre in most respects.
It's far more secure than it used to be but still lacks things like security levels and separate configuration files like has been the case for many, many years with Linux and *BSD. For as long as I've used FreeBSD I've had security levels to work with, and one program doesn't need to be able to write to a configuration file for another. If it's needed then I, myself, have to make it happen.
Windows has gotten a lot better, but it is indeed mediocre.
??? Normally I don't think much of Windows security, but the OS has had most of the ACLs and other security level systems it has needed since NT3 -- that's not really the problem. The problem is that nobody uses these features. Windows 7 made that a bit better by forcing programmers to use some of them, or end up with code that wouldn't work. Full use of mandatory access controls, ring levels, etc. that are ALREADY THERE would significantly improve security. Unfortunately, most people don't understand how to use these tools, and Microsoft still doesn't make it easy with the development environments it provides... they want to make things easy for the programmer, not more difficult.
the only areas in which Windows shines are the direct result of years of monopoly abuse
I'm not convinced of this personally. I personally, and from observation of those around me, find that the areas where Windows shines are that it's easy to use (although there is inevitably some confusion each new release which changes things around for no real reason), and that software built for one version rarely breaks on a newer one. By contrast, OS X will tell you to piss off if you want to run old PPC software (I can still run the 25 year old Commander Keen on Windows 7. I cannot say the same for OS X), and Linux - well, let's just call it unpredictable and leave it at that. It may not refuse to run it, but it may not run correctly either.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
So Unix has ASLR, DEP, compiler exception handling bounds checking?
VMS is the only other OS that has DEP support fully. XP has partial support by SP 2.
Checklist wise Windows is the most secure kernel
I tend to doubt that. Have you checked out PaX and Grsecurity? I personally use Gentoo Hardened. It's a source-based distro so everything in userland is also built with SSP which provides the bounds checking (one nice thing about having the source). It also includes support for SELinux (see the Resources section of that first link I provided).
It is a miracle that curiosity survives formal education. - Einstein
You are not their demographic, the "luser" is. As a developer, I would hope that you would understand the need to cater to the users, instead of maligning them for not being as knowledgeable as yourself.
I do appreciate your point. Much of the "maligning" of users is unwarranted. But there is one legitimate form of it that occurs not because they are ignorant, but because they actively resist learning. Do I expect them to become expert technicians overnight? Of course not. But it's just not natural to use a system for five years and know nothing more about it than when you started. That ... that takes work.
It's the most natural thing in the world to slowly pick up new tidbits of knowledge with increasing experience and to remember at least some fraction of them. There's really no excuse not to. I believe this failure comes from yet another entitlement mentality. After years of public schooling most people are not conditioned to cherish natural curiosity and to see learning as a wonderful, exciting, fascinating opportunity of discovery that opens doors and makes new things possible (see my sig).
No, instead they think it's hard tedious work because instead of learning a few general principles and reasoning from those in a dynamic and flexible way, they memorize long series of steps by rote that fail if one step in the series is incorrect. Incidentally that's why minute interface changes require "retraining" to update the memorized list, because such users have been rendered too helpless to find the new location for the old feature on their own. Since they think it's hard tedious work to be avoided whenever possible, they feel entitled to never do it unless a boss or other authority figure demands it.
It is a miracle that curiosity survives formal education. - Einstein
WOW,
you posted that entire comment in under 1 minute. You sir win an internet.
He could be a subscriber or saw the article in the firehose.
How did this get marked insightful? Boy the geeks treating corps like ballclubs just gets worse by the quarter, don't it?
As for how Win 7 is better, as someone who has been working on the things since before there even was a Windows let me count the ways. 1.-ASLR makes it damn hard to use buffer overflows. 2.-DEP keeps software from writing in non executable locations, again helping kill buffer overflows dead. the fact that before 7 I'd see a hell of a lot of buffer overflow exploits and now its all social engineering tells me a lot. 3.- Both IE and Chromium based browsers by default are in low rights mode, which is even lower than a *nix standard user, this helps kill drivebys dead and is why I no longer recommend Firefox because it doesn't support this security feature even after being introduced FIVE years ago. 4.-Action center which creates a "one stop shop" for security and by default reminds the user they need to have a scheduled backup plan which brings me to 5.- Windows backup being image based now makes it MUCH easier for the user to have a solid backup plan in place that will actually restore the machine even on drive failure. It also by default includes the folders most used by people to store their important data like My Docs, pictures, and their music folders.
Now as for the non security features we have 1.-Jumplists, how in the hell did we live without these? these are the best damned thing since the DVD burner as far as I'm concerned, when I want to get back to what I was working on yesterday just right click on Explorer and BAM! my folders are back up, right click on Dragon and BAM! all my websites are back up, its just too damned quick. 2.-Breadcrumbs, man i love the breadcrumbs because when you have a file and folder setup several level deep breadcrumbs make navigation fast fast fast. 3.-Superfetch, with RAM so cheap Superfetch can really give Windows a hell of a speed boost along with ALL your apps. the longer you run the system the smarter it gets thanks to its DB of usage patterns so it knows for example that between 9-5 I'm gonna be running Dragon and after 5 I'm firing up WMP to play my music so BAM! Its already loaded into RAM and ready. With 8Gb of RAM I even have the core files of my current favorite games loaded into cache so when I fire up Just Cause II BAM! there it is, that's damned nice. 4.- Readyboost when combined with Superfetch gives a hell of a speedboost to mobile devices like laptops and netbooks. not so much desktops as you have fast RPM drives there and fatter caches but on a netbook you can pop a fast cheap SD card into the card reader and just leave it there and it really makes you apps load quick.
Now I could probably name off a good two dozen more of each but do I really have to AC? There are plenty of things to bitch at MSFT about, like Vista being rushed with serious bugs, their mobile strategy is pretty much "Ape Apple" but Windows 7 ain't one of them. I've converted just about all my customers to Win 7 and to a man I've not had a single complaint about 7, in fact most ended up buying the family packs later just so they could get rid of XP completely. Once you've used the new features in 7 going back to XP feels like Win98, its THAT backwards.
ACs don't waste your time replying, your posts are never seen by me.
Besides, 32-bit Windows 7 can and does run 16-bit DOS applications.
No it cannot, try running something like kknd, syndicate wars or the like on 32-bit windows 7, it won't even try to start up let alone work properly.
Things like that need proper dos (or an emulated environment like dosbox, or a VM with dos on it), which no version of windows has supplied since windows ME.
As for running ppc apps while having lion installed, here provides a few solutions. Mostly it is either virtualization or dual booting.
But hey, dual booting win98/win2k or win98/winXP was how people remedied wanting to play their dos games too, and you've already said that work-arounds such as dos box and virtualization are acceptable.