Slashdot Mirror
Craig Mundie Blames Microsoft's Product Delays On Cybercrime
whoever57 writes "In an interview in Der Spiegel, Craig Mundie blames Microsoft's failure in mobile on cyber criminals. Noting that Microsoft had a music player before the iPod and a touch device before the iPad, he claims a failure to execute within Microsoft resulted in Microsoft losing its 'leadership.' The reason for the failure to execute, in his words: 'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering. The criminal activity in cyberspace was growing dramatically ten years ago, and Microsoft was basically the only company that had enough volume for it to be a target. In part because of that, Windows Vista took a long time to be born.'"
Yep, cyber criminals armed with chairs...
If MS had wanted to start a new division for mobile devices, it had the cash to do it. Mundie's excuse doesn't cut it.
If what he is saying is that he and Balmer are so much of a micromanagement team that they couldn't handle one more project and still tell everyone what to do, I can buy that as an excuse.
Windows (and MS-DOS before it) was not originally designed to be network-aware, much less network-safe. MS-DOS was a thinly disguised clone of Digital Research's CP/M, circa 1974. CP/M, as a personal computer operating system, was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).
It was no surprise to anyone that an operating system that treats all programs and operations as fully privileged, when connected to a global network, treats everyone in the world as a sysadmin. Microsoft's campaign, then, was to somehow graft basic security features into an o/s that never had them, without horribly breaking every existing application.
That they succeeded even a little is a triumph of engineering.
But they would have saved everyone, including themselves, a huge amount of time and money by using something more UNIX-like as the design basis of Windows NT in the early 1990s. Apple learned that lesson with OS/X. Microsoft had Xenix years before, but threw it away. We, and Microsoft, are still suffering the consequences.
As so-called "smart" phonecomputers and tablets further fragment the marketplace, it won't be the PC that "goes away" but, at long, last, Windows and the CP/M heritage. The UNIX way wins at last... Huzzah!
Noting that Microsoft had a music player before the iPod and a touch device before the iPad.
Yes, the Zune was shit. And so are Microsoft's mice, depending on which part of the world they're manufactured in.
He's discussing the time period right about when I finally bailed on MS. I had been trying to be a security advocate for my group for a couple of years - and was told over and over again that users don't want security, and who cares? (Admittedly, the group I'd worked for before that, which was more server focused, was also more security focused.) ...and then the security initiative began, and while I was cheerfully packing up my office, I suddenly had coworkers stopping by, picking my brain and trying to get me to give them my phone number so I could, continue to work for the company I was so eager to depart from, for free. And, of course, the security infrastructure they produced was incredibly annoying and non helpful for most users. (Somewhere in here my not particularly computer literate mother switched over to linux.)
Of all the stupid statements I've heard coming out of Microsoft about why they have made lousy products and terrible missteps which were, inaccountably, not embraced by customers, this has got to be the stupidest.
Mobile? The core problem continues to be that mobile is much more about hardware (which Microsoft itself has finally acknowledged). And even aside from the hardware, more about clean interface design than market dominance.
What bufoonery.
With security out of the way, it looks like they can knock out a new version about every 18 months now. Lucky us. Especially if you happen to be in the business world and they screw you over and say they are not even going to offer more service packs for an operating system a lot of businesses just installed.
Microsoft needs a new business model that doesn't involve forced, non-needed upgrades. Don't know what that exactly is, but the current method is not working.
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
What a whiney rant to cover up his own malfeasance.
In other words the corners cut ignoring the lessons learned on *nix and other systems before MS Windows even existed eventually needed to be at least partially dealt with.
It's a pity they could not keep up with apple gadgets, but at least all that time they diverted to fixing security holes in Windows means that they now have an operating system that can't be hacked into by cyber criminals. The only question is: will they ever ship this operating system?
The reason for MS's failure in that field was clear to all. Even it the poor company it shared, it still stood out as a crock.
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
"Microsoft was basically the only company that had enough volume for it to be a target"
Tying security to volume of installs shows, to me, a lack of understanding of the actual models underlying the operating systems.
Windows is an entirely different creature from say Linux. Linux is merely the kernel, everything else is a package. A properly secured linux box, (proper PAMs, selinux, permissions, Least user privs, and minimum packages) != a hardened windows box. They are not even close. Volume has little to do with the security models. I hate that is always pops up. As if.
Too bad they didn't use that extra time to abort...
You took an OS which effectively ran with superuser privileges (DOS) all the time, and added a graphical shell on top of it (Win95, Win98). You then tried to switch it to a more secure user / superuser model, but you made it so inconvenient that it was easier for everyone to just run as superuser all the time (NT, 2k, XP). Finally you started trying to enforce running as a regular user except when needed (Vista). But the industry had had a decade to acclimate to running as superuser, so you were met with so much resistance you had to scale it back (7). Of course you're going to have a huge security problem.
You should've just bitten the bullet and enforced the user / superuser paradigm as early as you could have. i.e. Back when the Internet became big, around when Windows 95 came out, you should've realized the future was for all computers to be networked, and that user vs. admin privileges were going to become very, very important. But no, you took the easy way out and stuck with the one-computer one-user model, and you've been paying the price for it for the last decade and half. You made your own bed; it's disingenuous to now blame someone else for having to lie in it.
Part of being a good leader (of a group, country, market, whatever) is to foresee and recognize what's going to become important or a problem in the future, long before your followers do. A good example is what the NSA did with DES. They had done enough secret research into DES that they knew of a vulnerability; and when DES was proposed as a standard they made some secret changes to it which eliminated that vulnerability before the public was even aware of it. Your job as a leader is to act on that foresight, even if your followers can't see what you see and complain about it. If you can't do that, you just aren't cut out to be a leader.
Actually ti sounds like this guy reads Slashdot.
How many times has it been stated here that because of PC monoculture, MS' market dominance, etc ... all the viruses, trojans and other exploits are targeted towards MS products? And used that argument for the need of multiple OSes on the market - and also as a reason why Apple and Linux aren't targeted as nearly as much.
Is Linux more secure? Maybe. But it's hard to tell because when there's an exploit somewhere, you very rarely hear (at least in the non-security lay press) what OS it is unless it's an MS product..
Although, Apple is starting to get the same treatment with the recent exploits on iOS - because they have the dominate market share of handheld computing devices.
If you release a lot of crappy software, sooner or later, somebody will have to pay the bill. The secret of Microsoft is that make so the customer is the one paying this bill, but sometimes Microsoft has to pay part of it. Imagine if Microsoft where forced to retroactivelly pay for all the lost because of OS crash, and all the expenses because of antivirus software. But we don't live in a world where Microsoft is being forced to pay for his crappy products faults.
-Woof woof woof!
The OS was horribly insecure. That it took them a decade to (more or less) fix that is their fault, not the fault of their market-share.
Awesome term. Can anyone translate into human? I think he's saying that they done fucked up, but for all I know, he's talking about literally killing employees who didn't fit in with the corporate culture.
If you were blocking sigs, you wouldn't have to read this.
Microsoft came out with a tablet and it did everything you liked about a laptop but less. Apple came out with a tablet that did everything you liked about a smart phone only more. Apple was a bit more clever.
When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.
All of Windows competitors competed in the same market with the same 'cyber-criminals'. They built products that better withstood attack. All of the parties building products for sale in all of these markets were subject to the same market forces. By the time we got to the world of touch surfaces, music players and phones, Microsoft had a few things it could have used to its advantage: $49B in the bank and market dominance. They are complaining that they had to re-direct resources to make Windows secure. Then they should have tapped into their reserves and gotten more resouces!
Maybe if they didn't waste money on ads for churros and running shoes with Jerry Seinfeld and put that money towards product development they would have succeeded.
Microsoft failed in these markets because they failed to understand what consumers wanted. They have no one else to blame but themselves.
Build procucts people actually want to buy.
Microsoft is a Marketing Operation With Some Shoddy Software. They are very good at polishing the surface of crap-balls so that the naive/dumb/ignorant "management talent" with their MBA "degrees" buys their crapola. Just look at their MFC container classes - they don't have a fecking clue about complexity analysis. They don't know what an automatically growing hashtable is. So they employ tons of software developers who apparently never went through a proper CS fundamentals course.
Google knows their stuff because they weed out those who have no grasp of basic CS concepts when interviewing them. If you look for a technology leader, look at Google. Or NSA; actually those two are more or less two faces of the same coin. And yeah, I don't like them collecting like mad. But MS, they are all amateurs in the business of drawing nice glossy pictures and making tools for that end.
Wasn't Vista the one where the network ground to a halt whenever you played music?
TFA and Craig Mundie believes his own spin.
If MS managed to avoid having security loopholes, what makes anyone think that Zune or Touch would've made it? How easy it is to forget DRM and playing by MS rules, proprietary file types, half-baked software, codecs and technology that dosen't fit anything else.
Oh, and just insert Apple pretty much anywhere if you're not a fanboi.
What troubles me the most is the attempt to rewrite history. Much like modern politics I suppose....
Don't be apathetic. Procrastinate!
It's everyone else's fault. Not ours.
I was under the impression that at least early on Microsoft kinda sorta turned a blind eye to pirating - that way they could spread their stuff far and wide. Only after everyone was "hooked" did they start tightening the screws.
I remember how easy it was to install ms office (and other sw) throughout a business with a single set of installation CDs/diskettes + add extra bogus seats/connections/licenses to your server etc.
Just sayin'
Redmond wants everybody to believe that everybody else is equally insecure as their products. Which is bonkers if you look at the Apache server, Linux and BSD. It runs 90% of the internet that matters and it doesn't get collectively shut down every three weeks. I am referring to the infrastructure, not the PHP crap built on top of it.
So he just regurgitates the Redmond Propaganda Line. The truth is that they sit on a huge crap-pile of software which they don't properly understand themselves. It's full of insane features, full of decades-old insecure code running in the kernel, full of half-arsed architecture decisions which came out of politics and not from proper technological reasoning. Just look at the Stuxnet virus and you know what I mean. As a nugget, they simply ran "guest" user print jobs with "Admin" privileges because that was most convenient way of implementing it. This is just one example of their insane decision making.
Disk quotas are not a security measure.
Password file was encrypted.
Application ownership of a file isn't security.
Damn it, 'ma! I told you stay out of my 'puter!
... that in XP, all the users you created at install time (up to 4, IIRC) in addition to the "Administrator" root account, were members of the "Administrators" group, that the account type for newly created users in control panel defaulted to "Computer administrator", and you had to change that on purpose to "Limited" (who - if they are not computer experts, wants to be limited?); the new naming convention ("Standard User" instead of "Limited") in Win7 is much better.
Obviously, the fact that a lot of programs that originated in Windows 3 or 95 by default wrote their configuration to an *.ini file in the install directory, and that most games would not run for limited accounts at all, contributed to this: if MS had made users run as limited accounts, lots of old programs and games that used to work on the user's old machine would have stopped working, and users would have blamed MS.
BTW: Win2K, before XP, put all limited accounts by default into the "power users" group, which had a similar effect - almost - as making them administrators.
And the number of rants on the internet about annoying UAC prompts - "It is my machine, and I'm damn well decide which programs to run and what to do", and the articles about how to turn UAC off, often by quite proficient computer users, only prove that some people are just too plain stupid to use a networked computer.
Yes, it was. I believe that's what Clueless Craig would term an "executional misstep".
Pain is merely failure leaving the body
> During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.
Unlike Unix who thought about security from very early on, with file protections, separation of OS and user privs, etc.
From what i remember, it wasnt designed to be all that secure, and beisdes, it wasnt theirs anyway. It was rebranded/licensed from SCO, back when they were still a legit company producing code.
And dont forget even MSDOS wasnt original in the beginning, they bought ( stole ) it from another company.
Hell they even had to buy SQL server from another company to get that started.. ( have they ever had a true original thought from the beginning? )
Overall microsoft is a huge joke, and would have never had a chance if it wasnt for their founding unfair advantage with ibm that give them the upper hand in the market.
If he didnt have the inside track and CP/M was given a fair chance with the PC, the landscape would be far different today.
---- Booth was a patriot ----
If anyone truly believes this at MS, they need to leave.
News to me. I think this is a case of rewriting history to not admit abysmal failure across the board.
Incidentally, I think that if MS had any real competition for Windows and Office, they would fail about as bad. The technology is still decades behind.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
But then the common thread is the protection and defense of Microsoft in the face of their explicit incompetence.
Mundie's bio. He was an engineering manager and CEO in the minicomputer business before coming to Microsoft. Impressive background, but kind of a weird fit; contrast that with Apple's relentless focus on consumer design.
Mundie, Mundie (ba-da ba-da-da-da)
So good to me (ba-da-da-da-da)
Monday morning, it was all I hoped it would be
Oh monday morning, monday morning couldn't guarantee (ba-da ba-da-da-da)
That monday evening customers'd be here with me
- John Phillips, Mamas and Papas
Yeah Microsoft, stop committing cybercrimes and cyberespionage, and focus on providing the operating system and honoring the purchased licences.
1) Create company
2) Manufacture substandard product
3) Whine about piracy and cybercrime when said product flops
4) Get law passed (lobbying) or cash money (Bailouts)
5) ?
6) Profit!
"'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering."
Because there never was a move to secure the OS when it was initiated, and it only became a priority after numerous public attacks forced it.
But really, to say that a corp the size of Microsoft can't develop new products and secure their existing ones at the same time is naive at best and more like;y propaganda.
"If any question why we died, Tell them because our fathers lied."
If Vista had been released sooner, Microsoft would have been worse off. If Windows's glaring security issues were overlooked for so long, it's their own fault for letting them fester instead of addressing them initially. What's this guy's point again?
Victimhood.
Have gnu, will travel.
Actually, Windows NT 3.51 was in good shape on the security front. It was intended to run 32-bit programs only. The 16-bit subsystem, which was an optional add-on (you could install NT without it), was intended as a short-term conversion aid for legacy code. It didn't support many of the vagaries of Windows 95.
The Intel Pentium Pro had a similar problem. It was a good 32-bit CPU, able to run 16-bit x86 code as well, but not with full performance. Reviewers gave it bad reviews running Windows 95 with 16-bit applications. Both Microsoft and Intel overestimated how rapidly the industry would convert to 32-bit applications.
Recovery from this was done by dumping vast amounts of Windows 95 code into the NT line, to the detriment of security. This resulted in NT 4 (a turkey) and, after a huge effort, Windows 2000 (reasonably good). That's where the effort went.
Also, remember, Microsoft went into the game console business. That cost them a lot more than they expected. The original Xbox was a PC. It ran a version of Windows 2000, and you could run XBox games on Windows 2000 (if you were a developer, had the development kit, and were developing your own game; the DRM prevented running the games of others). It lost money from launch to discontinuation. The XBox 360 was a new design, was incompatible with Windows, required much new software, and finally made money for Microsoft. It sucked up a lot of talent.
(Not as bad as the PS3, though. Developing tools to deal with the Cell architecture sucked up all the talent in SCEA's R&D operation for years. Sony is dumping the Cell for the next round.)
During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.
Why did Microsoft have to shift focus? Because Microsoft had taken a "features have priority over security" mindset previously. That mindset led to software that was so full of security issues, it is amazing it wasn't exploited more than it was.
.
This premise is substantiated by the fact that other vendors have software in the marketplace and appear to weather the cyber-criminal attacks much better than Microsoft does.
Microsoft will fix its strategic problems only when it stops trying to blame others for the missteps that Microsoft has taken. My for a first step: fire Mr. Ballmer.
Microsoft has never taken security seriously until the point that Mundie mentions and even after that one can hardly given them a glowing review. That Microsoft failed to build in security from the start was clearly a gamble of some sort. Clearly Microsoft knew of computer security issues; that MSFT choose to ignore serious security for the sake of profits, market share or whatever other factors only to have to stop and fix things, isn't the fail of hackers; that MSFT choose to ignore security is what made it easy for black hat hackers to thrive.
http://www.hawknest.com/
I remember Redhat 6.x from the ealy 2000's. It installed with all services+listeners running by default. Stuff like SMTP and RPC and bind was listening. For a Redhat install, the only safe way to install was from CD. Then run "lsof -i" and see what services are listening to the internet, and spend the better part of an hour shutting them down, and/or uninstalling them altogether. Worms like L10n and Ramen were rampant. After a lot of yelling+screaming Redhat finally listened, and stopped installing that stuff by default. Installs could be done without needing a firewall. The worms went away.
Microsoft was run by a bunch of idiots who wanted everything to "just work". One of the advertising claims for Windows 3.1 was "ease of administration". You could send a script as an email to all users in the office, and they simply had to click on it and it would re-configure their PC as you desired. This worked great in a 10-person office before the WWW. On a hostile web/internet, it was a disaster waiting to happen.
In order to make things "just work" for home PCs, Windows defaulted to NetBIOS/NetBEUI and RPC all turned on. This was one of the causes of all the worms that spread by portscanning. To make things worse, by Win98SE, *YOU COULD NOT TURN OFF RPC EVEN IF YOU WANTED TO*.
The "Autorun" mentality was another problem. We all know about sticking a USB key into a Windows machine, and it "automagically" ran stuff. That was not the only such problem.
Excel had "autoexec macros" that ran when you fired up the spreadsheet. MS' first response was to change Excel to set a bit in the file header of the spreadsheet, flagging that it had autorun macros, and Excel shouldn't run them if the user had changed his Excel config to disallow autorun macros. It didn't require genius for bad guys to save a spreadsheet with autoexec macros, and edit the file header of the spreadsheet with a hex editor, telling Excel that the spreadsheet was "safe". Excel then proceeded to run the autoexec macro when loading the spreadsheet, regardless of the user's settings. That was eventually fixed.
Outlook Express (known "affectionately" as "Outhouse Excuse") also "auto-rendered" files. This allowed photos to be displayed inline, and music files (WAV, etc) to be played automatically. The "security" consisted of filtering against a list of safe file extensions (WAV, JPG, etc), and then handing off the file to the OS to run. The OS ignored the extension, and determined the file type by checking the file header, then it handed off the file to the appropriate program. So the bad guys renamed "virus-installer.exe" to "song.wav", and it was automatically executed. This is how SirCam and Bubble-Boy wormed their way around the web.
And then we get to Active X, known "affectionately" as "Active Hacks". This was the mechanism behind so many "drive-by-downloads". What made it worse was that Active-X was rammed down people's throats by Internet Explorer. Let's say you disabled Java, Javascript, and Active-X in IE.
* Java was Sun's product. You launched a webpage with a Java applet, the applet didn't download and run, but the rest of the page displayed properly. IE "degraded gracefully".
* Javascript (originally called "Livescript") was Netscape's baby. You launched a webpage with javascipt, the javascript didn't run, but the rest of the page displayed properly. IE "degraded gracefully".
* Active-X was Microsoft's baby. A lot of webpages had Active-X code. When IE came across a page with Active-X, and IE had Active-X, then IE came to a screeching halt, and put up a modal dialogue about how "This page may not display properly". It would not budge until you clicked OK. With all the Active-X applets on the web, IE was effectively unusable with Active-X disabled. Just like UAC several years later, people got sick and tired of clicking "OK" every 30 seconds, and simply enabled Active-X in IE. That was what kept drive-by-downloads going.
Microsoft have only themselves to blame.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
1. NO. Disk Quotas ARE NOT SECURITY. They may halt a DoS if, for example, the partition fills up that holds your data cache, but root keeps a reserve of 5%.
2. Password file was encrypted. That is what security meant. That the brute forcing of encryption dropped from a billion computer years to a few hundred hours AND there were not more than a few hundred computers at the time meant this was ENTIRELY SECURE. As secure as 256-bit AES encryption used to secure high-classification documents stored on media.
And when the situation changed, you got /etc/shadow.
Jeez, you really DO have to hate on, don't you?
Microsoft was basically the only company that had enough volume for it to be a target
Crap. Volume is not the only value of import here at all. Volume isn't insignificant, but the overall problem is more proportional to volume * ease-of-attack. If it were just volume then Apache would have been in the news for security problems more than IIS rather than the other way around.
You built Windows starting with DOS and slapped Windows on top. With each release, it was a new evolution which mixed in the result of Microsoft's collaboration with IBM's OS/2 to create NT.
The Apache web server got its name because of how it was built and developed. But if any one product deserves the name, it's Windows. It is simply far too patchy to be secure.
The whole idea of "The UNIX Way" is that files are just files ... and that you accomplish tasks by running files as streams through various pipes and filters. This is utterly at odds with requiring file associations to any particular program. You can use vi or Emacs or pico or whatever you like to edit a .c file. You can use Emacs to edit a PostScript file... you can use any of half a dozen common programs to edit a .docx file... It's the "Apple way" of forbidding anything but the Anointed Holy Programs from operating on my files, that is broken.
Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.
hahahahahahahahahahahahahahahahahahahahahahahahahahahaha
Stop please, it hurts.
"The main problem is that user space and app space are orthogonal."
This isn't a problem any more than "legality and morality are orthogonal".
"Good security requires the ability to say "this file shouldn't be touched by anyone other than joe blow using acrobat reader""
No, ASSININE security requires that. Why should only acrobat reader be used to touch that file? Are you just making up a problem so as to be able to "prove" UNIX security is bad as you claim?
"In fact this deficiency is what eventually lead to the deprecation of su in favor of the sudo command"
Nope, tracking the specific ID of someone using an administration level privilege is why sudo was done.
"sudo command, itself an 80s addition to Unix"
So pre-dating Windows by how many years? Do you have ANY IDEA what the subject of this thread is about?
And how is "UNIX improved its security" ANY indication that the OP was incorrect? Is good security only possible in your mind if it were PERFECT at the outset and never had to change???
"This way for example, the java sandbox would be created by the OS rather than by the JVM sandbox kludge."
Oh dear. You don't understand this either, do you?
1) chroot.
2) that has fuck all to do with the JVM. "they are orthogonal". You like that word. Find out what it means.
"The OS knows that the browser is not allowed to write to disk except to ~/.cache and ~/,download"
The OS knows that the user isn't allowed to write to /etc nor into /root but IS allowed to write to disk in ~.
The program can decide to not allow writes to anywhere other than ~/.cache (which shouldn't frigging exist) and ~/.dowmload (why the hell is it "hidden"???)
"All of these things were already available in 70s mainframe operating systems and greatly increase security."
Yeah
1) UNIX
2) Don't greatly increase security.
get yourself a bottle of Jim Beam and erase all that baggage from your tortured mind. After that, get yourself a whore and have some fun. If your don't follow that advice, I worry you will be routed through the next mental institution.
The notion that Windows is targeted by criminals because of marketshare dominance seems to contradict this claim. The Zune never had any real market share, neither has their phone. Windows 8 is already a flop. So why would criminals bother to target such a small market.
Microsoft can't have it both ways. They just need to come to terms that they are becoming increasingly irrelevant.
I'm glad Mundie is sorting me out here. All this time, I've been thinking Windows' security problems were due to stupid decision making - creating the Administrator account without a password by default; having an SQL server running and listening to the outside by default; stuff like that. Nope - now I know it's just that Microsoft was big, and any other OS would've had the same issues if they were just used more.
#DeleteChrome
We were all drunk at the time? Any sort of noble gesture or even quiet shame are off the table.
That's a pretty lame excuse and from what I've observed totally without basis in fact. Of course, nobody ever accused Microsoft of having very much in the way of brains. There were always quite successful but they also generally sold a lot of crap which is why their music player did so poorly and why their tablet failed as well. You know what their real problem is? They just don't get it. Apple get's it. They sell products that are easy to use and that are designed with the user in mind. Personally, I don't like Windows but it's success speaks for itself. It's easy to use and up until the soon to be released Windows 8, kept a consistent interface.
I think part of the confusion comes from that fact that despite NT having had some of these things first, people still ran into them first on Linux. I mean, up until 2000 (or was it XP?) the first user you made was setup to run all applications as administrator by default. Microsoft has a ton of really smart people creating some incredible stuff. Then marketing seems to get a hold of those ideas and drive them into the ground or hobble them.
^I'm with stupid.^
One of the questions that comes up all the time is: How enthusiastic is our support for UNIX?
Unix was written on our machines and for our machines many years ago. Today, much of UNIX being done is done on our machines. Ten percent of our VAXs are going for UNIX use. UNIX is a simple language, easy to understand, easy to get started with. It's great for students, great for somewhat casual users, and it's great for interchanging programs between different machines. And so, because of its popularity in these markets, we support it. We have good UNIX on VAX and good UNIX on PDP-11s. It is our belief, however, that serious professional users will run out of things they can do with UNIX. They'll want a real system and will end up doing VMS when they get to be serious about programming. With UNIX, if you're looking for something, you can easily and quickly check that small manual and find out that it's not there. With VMS, no matter what you look for -- it's literally a five-foot shelf of documentation -- if you look long enough it's there. That's the difference -- the beauty of UNIX is it's simple; and the beauty of VMS is that it's all there. -- Ken Olsen, president of DEC, DECWORLD Vol. 8 No. 5, 1984 [It's been argued that the beauty of UNIX is the same as the beauty of Ken Olsen's brain. Ed.]
MS' claims that they had to shift their focus to security engineering and had to delay release of new products is BS. It's like the republicans claiming that we need more tax cuts for the rich to create jobs in the US. If they had really done an security research and development Windows might now actually be the stable, reliable platform that they keep claiming it is.
MS deserves it's long overdue death.
Wayback in 2003, Microsoft achieved dominance in the mobile consumer electronics market with TRON, the real-time OS, or they would have if they didn't perceive it (and everything else) as a threat to the Windows platform.
Microsoft v. Tron
AccountKiller
"Windows (and MS-DOS before it) was not originally designed to be network-aware, much less network-safe
Windows has been 'network-aware' since at least Windows for Workgroups 3.11
AccountKiller
Its clearly unfair to blame Microsoft for losing this opportunity to dominate another space. Its not their fault that criminals chose to exploit their wildy insecure and unstable software. They can't be held responsible for the quality of product that they develop.
No one (at Microsoft) should lose their job (or CEO-ship) over such activities.
Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
.. "The problem isn't that NT-based operating systems are inherently insecure. The problem is that .. NT had to be backwards compatible with existing applications" ..
Why didn't they run older apps inside a virtual DOS machine like on OS 2?
AccountKiller
So Microsoft is still pretending that the reason why their software has so many security bugs and holes is NOT to make it so that anyone who isn't running Windows Update is guaranteeing himself a continuous plague of malware, thereby guaranteeing that everyone running Windows will activate it, reducing if not outright eliminating piracy of their wretched software? Because that's the only way they could have been working on an operating system for upwards of 20 years, and still find holes in it on a weekly basis. It's either that or gross, maybe even criminal negligence or incompetence of the people programming it, and therefore the people who supervise them, who are ultimately responsible for it.
Microsoft has a tradition of doing things this way, starting at least as early as when they programmed an early version of Windows, 3.0, possibly, to produce random errors deliberately, if it did not detect it was being run on a copy of MICROSOFT DOS, rather than a competitor, (and superior product, DR DOS). I'm sure that they pulled other stunts like this from time to time.
Idiot. Microsoft did not "invent" ACL's. Just as they did not invent ASLR or other memory hardening protections.
Second, SELinux is not just an ACL. If you knew what it did, you would understand that.
If microsoft had designed security in from day one, like say, Unix (which even in it's most nascent days had support for things like chroot and segregated memory), they wouldn't have lost so much time cleaning up their technical debt. The whole problem here is that they failed from the beginning.
http://en.wikipedia.org/wiki/Stuxnet#Windows_infection
USG clearly had a field day with Windows - 4 zero days !
..Linux had a few exploits historically, while Windows is a bag of fleas ? Yeah, that is exactly my point.
"Idiot. Microsoft did not "invent" ACL's. Just as they did not invent ASLR or other memory hardening protections" - by Anonymous Coward on Sunday October 28, @03:22AM (#41794855)
I even noted OS that had ACLs in place BEFORE MS EXISTED -> http://mobile.slashdot.org/comments.pl?sid=3212505&cid=41790769
(Man - You're TOO STUPID to live, either trying to put words in my mouth I never said, OR, you're just dumb!)
---
"Second, SELinux is not just an ACL" - by Anonymous Coward on Sunday October 28, @03:22AM (#41794855)
WTF? Did I say that was ALL IT WAS?? No again...
LEARN TO READ!
APK
P.S.=> Seriously - and now, you have "egg on your face" too, chump... lol!
... apk
Per my subject-line - You/re MORE THAN WELCOME to attempt to disprove THEIR points I stated here -> http://mobile.slashdot.org/comments.pl?sid=3212505&cid=41788931
and here -> http://mobile.slashdot.org/comments.pl?sid=3212505&cid=41790769
but ESPECIALLY HERE (where the obvious idiot ac troll with a registered 'luser' account is the one that did those bogus unjustifiable downmods) -> http://mobile.slashdot.org/comments.pl?sid=3212505&cid=41795381
* Best part is, I KNOW YOU CAN'T (and you know it too)...
(All you've got' s are effete downmods that have NO SUBSTANCE behind them @ all, period)
APK
P.S.=> “If you know your enemies and know yourself, you will not be imperiled in a hundred battles.” - Sun Tzu (in “The Art of War”) ...
... apk
Look, just because you might have had a crappy music player and some junky tablet before someone else doesn't mean you had any idea how to engage your users on the platforms. If we turned back time and you got a redo, it would end up the same way because they wouldn't "just work" for people, and therefore people wouldn't buy them.
As far as it goes.
NT was designed from the ground-up to be a secure, multi-user system. A LOT of thought went into making it secure and robust. And it was very secure for an OS designed in 1992. However. When it was designed no one (at least at MS) had even heard of a "buffer overflow" attack. The internet was very new and definitely not well-understood. A lot of people give Bill Gates a lot of grief over "missing the internet" - but he didn't. How else do you explain MS's dominance? If there's blame there it's really that he (and MS) did not understand the threats represented by the internet. He understood the opportunity but no one considered the security implications of having a *large* number of uncontrolled decentralized computers hooked up together on a network.
Around the time XPSP1 was released and Vista was about 2 years into development, the chickens were coming home to roost. XP was being attacked in numerous ways and buffer overflows were the main avenue - certainly there were others, but that was the big one. Nearly all developers were pulled off of Vista to work on XPSP2 and their main focus was to fix all of the buffer overflows and other known security vulnerabilities. This took about a year and a half or so. Then everyone went back to Vista - btw, these fixes went into Vista too.
So Mundie is correct in implying that cyber criminals caused MS to stop development on Vista to work on XPSP2, and this represented a huge delay for Vista.
However, it was not the only one. There was lots of infighting between Allchin's "everything must be managed code" and the "managed code sucks" groups. Valentine was asleep at the wheel. The great "get ahead by stabbing your co-workers in the back" movement started. Ballmer was as clueless then as he is now. And all the while Apple was working away.
Microsoft's culture is a poisonous one. Despite what they say their entire focus is turned inward. How to get promoted. How to make someone or some group look bad. How to get ahead in *some* way. They barely glance at the competition long enough to get an idea of what they should be working on next. They compete against themselves in so many bizarre and unexpected ways - but they do not try to compete against their actual competitors.
Despite all that there are good people there. Just about anyone under level 64 are just trying to work on cool things. Lots of people are trying to get the thing to move faster, to catch up, to beat the *real* competitors. But they're overpowered by the money-grubbing, power-hungry "managers." Ultimately they will go elsewhere to work on cool things like I did and MS will slip into obscurity.
- Guy who was there
Craig is lying through his teeth: Its the reengeneering of the customer hostile digital restriction management which took vista so long to be in the making besides the typical execution failures.
the iPod was released in 2001
Zune was released in what.... 2006?
Diamond Rio in 1998, but it was from Diamond
Creative Nomad in 2000 but it was from Creative.
What is this guy talking about that MS had a music player before the iPod?
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Deserves to be read!