Microsoft vs. Computer Security 439
ArieKremen writes "The Slate has a piece written for the average user attempting to explain why Windows is `still` grappling with security issues. Although Gates made security and privacy top priority four years ago, not much progress has been made." From the article: "Microsoft customers haven't stopped worrying. A year later, Windows was hit with several nasty worms, including Slammer, Sobig, and Blaster. The viruses caused major traffic bottlenecks throughout the world, which cost tens of billions of dollars to clean up. Vulnerabilities deemed 'critical' have forced the company to release an almost unending stream of patches and fixes to the Windows operating system, Microsoft Office, and Internet Explorer." An interesting look at the whole issue.
What is this? (Score:5, Funny)
It's no secret... (Score:3, Interesting)
Their solution about how to shore it up: don't use IE, Media Player, Outlook, etc.
I hate to sound like a kid, but DUH!
Given, I use Firefox, Thunderbird, and other non-Microsoft programs because I like them better and they tend to work better, but the fact that they're less likely to compromise my system is also a consideration.
Note, though, that I say less likely. We have had bug/security fix releases of Firefox and there was a brouhaha with the GreaseMonkey extension inducing a vulnerability, BUT for the most part it seems the fixes were less frequent than with IE-related patches, plus they usually only compromised the browser, not your whole PC.
That's the big problem with many of the Microsoft glitches. They're not limited to the vulnerable Microsoft application. The vulnerable app provides a gateway for compromising the whole PC.
- Greg
Comment removed (Score:5, Informative)
Re:It's no secret... (Score:2, Informative)
Re:It's no secret... (Score:2)
Re:It's no secret... (Score:2)
A prime example! oops!
Re:It's no secret... (Score:2)
WRONG!
I sent their tech support a nasty email pointing out that only sloppy coding practices would cause a game to need this.
Re:It's no secret... (Score:2)
Re:It's no secret... (Score:5, Informative)
More recently the DOJ at least accused Microsoft of using secret APIs in support of IE, Messenger, Media Player, and Outlook Express.
I don't necessarily think that you are wrong, but the situation is certainly not as cut-and-dried as you seem to think it is.
-Peter
Re:It's no secret... (Score:3, Insightful)
Of course, you still can't show us the RunMSApp10PercentFaster() function call, can you?
Re:It's no secret... (Score:3, Informative)
"Microsoft teams identified a few hundred undocumented Windows interfaces or parameters that were used by one or more of the Microsoft Middleware components."
Re:It's no secret... (Score:2)
Administrator has full control of the computer and unlimited access to the registry
Limited has next to no control over anything besides just "using" the computer.
There is no middle ground, no permission system on comparable grounds to Linux. I run as Admin on my Windows box primarily due to the fact that I don't want the hassle of logging out ever
Re:It's no secret... (Score:2)
Re:It's no secret... (Score:5, Funny)
Don't worry, we stopped saying that years ago. Now it just makes you sound old.
-Kids
Re:It's no secret... (Score:2, Insightful)
Security is damn hard.. (Score:5, Informative)
Computer security will get worse before it gets better. It's the second hardest problem in computing, coming second only to DRM; which is provely impossible to do properly.
The problem comes from many quaters: some theortical, some practical, some managerial. For example:
I could go on for quite sometime.. the point to appreciate here is that it isn't all Microsoft's fault but they could do a whole lot more. If we could just get rid of the overflows that would be a good start!
Simon
Re:Security is damn hard.. (Score:5, Insightful)
Actually it is all Microsoft's fault. Whether or not they deserve to be villified for it is another issue. But consider the following:
1) They don't fix bugs they know about so they don't break compatability with programs that rely on the bugs.
2) They don't submit their code for review by the public.
3) They don't follow security best practices, like turning off services by default.
4) They make their OS less secure by obfuscating design to make it difficult for competitors.
5) They use propriety data formats.
6) They alter the OS to make it work with their programs instead of designing a solid OS so that anyone can make programs run with it.
etc.
Re:Security is damn hard.. (Score:2, Interesting)
Unless the bugs are vulnerability vectors this is called 'doing business'. Unlike FLOSSies, software companies write code for profit and part of that means finding workarounds for stupid design mistakes (like using undocumented internals) made by other companies that write software for your platform. Breaking some shareware author's tray icon is not the same as killing Photoshop or Lotus Notes. Read R
because its design is "obfuscated". Yes. (Score:3, Insightful)
Arguably, a clearly, concisely, well-defined data structure or format would al
Re:Security is damn hard.. (Score:5, Interesting)
They often become vulnerability vectors, and it is admittedly difficult to take a company seriously that says that they are interested in making a secure system when they cannot even factor that into the "cost of doing business". That's a nice philosophical point, but philosophical nonetheless. If I follow your logic then Firefox would have had zero vulnerabilities the day it was released, and that's not the case now, is it? The "many eyes no bugs" mantra goes south in a hurry when you have a 10-million line codebase and a few hundred actually qualified people looking at it.
Post hoc, ergo propter hoc: One doesn't follow the other.
Having the code available means a larger number of people can find vulnerabilities and a larger number of people can contribute fixes. It does not follow that a less vulnerabilities will be found, although it might follow that a less number of vulnerabilities will be exploited.
However, it may also be that the reason a less number of vulnerabilities are exploited are due to the lower deployment size.
Consider then Apache which has a larger deployment than IIS but fewer critical vulnerabilities. They didn't, but they do now. Server 2003 ships seriously locked down.
That's still under debate, although I suspect you'll refer to your first argument for rationale. Yes... no one writes applications for Windows because its design is "obfuscated". Yes.
Very few people write applications that directly compete with Microsoft. There you go again with the philosophy.
By having additional lockin, Microsoft surely makes it harder for people to compete with them. This does indeed represent a security risk because formats, when understood, can reveal a great deal of information about the programs that interact with them.
In general programs that parse more, tend to have greater bugs.
By intentionally attempting to make their formats more complicated, they have certainly blocked compatability, but they've also decreased security by (again) making their software more complicated. First you complain on (1) that they don't fix bugs to avoid breaking applications and now you postulate that they break compatibility whenever they feel like it so that it works only with theirs. Which is it?
The parent doesn't postulate that at all. You are again exhibiting faulty logic.
By altering the operating system to meet the needs of the applications, they are introducing more parallel, nearly identically developed subsystems, all with increased potential for bugs. This does indeed cause security problems.
None of those would be problems (Score:2)
You can create bullet-proof software in a totally proprietary fashion. The problem is that bullet-proof code requires far more designers and coders than most companies can throw at the problem. Open Source is good, from that perspective, in that a single company doesn'
Re:Security is damn hard.. (Score:2)
Examples?
2) They don't submit their code for review by the public.
That's the nature of a company that is closed source. As has been pointed out many times before, there is no concrete evidence that having the source be open results in greater security.
3) They don't follow security best practices, like turning off services by default.
They certainly didn't used to, but they do now. Take a look at their
True enough (Score:5, Interesting)
It was noted elsewhere that Microsoft spends six billion a year on R&D. If they hired mathematically-inclined software engineers at 100,000 a go, they'd be able to keep a small army of 10,000 such programmers. You can probably reverse-engineer a specification, prove, then re-engineer the code for about 10 lines an hour. Assuming a 40 hour week, that means they could formally re-engineer 208 million lines of Windows per year. Even with all of the standard applications, libraries and utilities, the team should have an iron-clad damn-near-bugproof Windows within 2-3 years. It wouldn't cost them any more than they're already burning on patents for stuff nobody else cares about, and would save three times the total cost of the bugs to the country within a single year.
The overflows are easier. You compile all the applications with something like ElectricFence, dmalloc, or some other debugging malloc. A few tests at Microsoft should then collect a lot of the overflows. You then recompile such that the debugs won't cause fatal errors but will still generate alerts. You have the Windows error reporting tool collect all those alerts and either notify the user at the time & allow them to send, or send in bulk on the next major error. Microsoft can then fix the overflows BEFORE someone exploits them, because the odds are high that they'll be accidentally triggered long before any black hat learns about them. If only because there are several hundred million users, and most will be trying to do things that are impossible or - at the very least - seriously warped.
Of course, they could also get a copy of the Stanford Code Validator, or even just download a copy of splint off the Internet. Both would pick up the majority of coding errors and allow Microsoft to fix them.
Regardless of which of these solutions is used, a company the size of Microsoft should be able to completely and utterly clean their software of 98%-99% of its defects within three to four years. As the article noted, it has now been over four years since the proclamation of taking security seriously, but yet there is no sign of any kind of rigorous campaign to really erradicate faults. Rather, there seems to be much more of a campaign to make users more accepting of the fact that there are faults.
Not everyone can guarantee 99% fault-free software within a reasonable timeframe. There aren't the mathematician/software engineers, for a start. However, maybe it would be possible to have a standards authority that could certify a software product as "mid-grade" (50% bug-free), "high-grade" (75% bug-free) or "mission-critical" (99.99% bug-free). Software providers could elect whether or not to be certified and consumers would then be free to decide how much quality they want to pay for, because they'd know how much quality was there. Consumers would also be in a stronger position to interpret the lack of such certification.
Thoughts?
Re:True enough (Score:3, Interesting)
Even IF you're completely unfounded speculation had any basis in reality, you ignore the fact that every line of code changed has the potential to impact other parts of the system. You fix one bug here, another bug pops up there. You go there and fix it, and another pops up elsewhere. The more code you have, the worse it becomes. No person on this planet can keep 200million lines of code in
Re:True enough (Score:3, Interesting)
Well I'm not really so sure about your quoted time frames for "re-engineering" Windows - in practice it would porably be easier to start from scratch using best practices from the outset (like, say Singularity [microsoft.com]). One point does stand out though:
Not everyone can guarantee 99% fault-free software within a reasonable timeframe. There aren't the mathematician/software engineers, for a start. However, maybe it would be possible to have a standards authority that could certify a software product as "mid-g
Re:Security is damn hard.. (Score:2)
What can you do to protect yourself? (Score:3, Informative)
I thought most importantly users should be responsible enough not to simply click on or open anything in front of them.
Re:What can you do to protect yourself? (Score:4, Informative)
Ummm... the recent WMF vulerability needed no user interaction, other than visiting a web page or getting an e-mail with a "specially crafted" WMF file disguised as a
Your first bit of advice was correct - security is a process, not a product, and as such needs to be maintained and thought out in advance. I'd add "Educate users why people want into thier machine and here's how they get in" to the list too.
Soko
Re:What can you do to protect yourself? (Score:2)
The WMF vulnerability only affected applications that used the Windows GDI built in WMF rendering API. Other WMF renderers (there are a few) were not affected (at least not in the same way.)
And since when did CAD programs use WMF format?! I've never se
Re:What can you do to protect yourself? (Score:2)
And thanks for the clarification regarding MIME types, though the effect is still the same.
Soko
Whomever Geeks and Nerds Find Evil... (Score:2, Insightful)
Re:Whomever Geeks and Nerds Find Evil... (Score:2)
Re:Whomever Geeks and Nerds Find Evil... (Score:2)
So where are the Apache worms? (Score:2)
Re:So where are the Apache worms? (Score:2)
Re:So where are the Apache worms? (Score:3, Insightful)
I'd point out that the majority of geeks who code Windows viruses are Windows geeks, and the majority of geeks who genuinely loathe Microsoft mostly use a UNIX variant - either Linux or one of the BSDs. Are you seriously suggesting that there's a large number of Linux geeks who are buying Windows, investigating the grisly depths of the Windows API at painful length and wasting their
Funny, Free Software Does Not Fail This Way. (Score:5, Insightful)
The popularity argument is pure bullshit. Non Microsoft runs most of the web and anything that's mission critical. Those foolish enough to try making M$ do things live to regret it and it has nothing to do with popularity, Geeks and Nerds but everything to do with marketing and crappy software. Apple, Sun, Linux and every other kind of software works better and non have had the kind of automated worm problems M$ has.
From the above, you can imagine that the functionality and features excuse is also bogus. Operating systems robust enough to provide services over the network can also be made with pretty GUIs that are equally robust. There is nothing a Windoze user can do that I can't do better with free software and many things that I can do that they can't without lots of effort and money. I share my classwork with anyone who's interested and I share my music and movies with myself without any of the problems Windoze users suffer just connecting to a network, reading their email or browsing the web.
When is the big Linux worm coming? Never, thanks to the diversity of excellence that a truly free market for software provides. Free software writers also don't make the mistake of mixing content with executable code, unless they are copying someone else's bad implementation for compatibility sake. Still everyone makes mistakes but that still won't do to free software what it does to M$. As an example, imagine Firefox had a problem. It would get about 1/3 of GNU/Linux users. Why? because the rest of them are using other browsers and all of them can stop using the browser with a problem until it's resolved one or two days later. Because Free Software is all about code, binary problems don't automatically propagate across distributions. A Red Hat exploit might not work on Debian and probably won't on Gentoo and won't do anything to a BSD box. The Free Software fix is always easier too. When things go wrong on a free software box, the user downloads the latest and greatest to fix it. The worst case is a rebuild, which preserves all user data and takes less than 20 minutes. In the Windoze world, the user takes out their "original CDs" or blows a few hundred bucks at the computer store for software that's at least two years old and probably has the same problems. Things are much much more difficult for crackers outside of the M$ monoculture of binary crap.
Re:Whomever Geeks and Nerds Find Evil... (Score:2)
Re:Whomever Geeks and Nerds Find Evil... (Score:5, Informative)
"Robust" is not an adjective I would ascribe to Windows.
If Macs were what windows is today, the story would be the complete opposite I assure you. You see the SAME thing in popular games as well. The most hacked games are the biggest and best, not because it is easier, but there are far more people attempting to exploit the system.
Homogeneity is weakness. Stop being so damn homogeneous (x86, Windows, the most popular software, etc.), and start being more diverse (POWER, SPARC; Linux, *BSD; good but not most popular software; etc.); otherwise, you're just bringing this upon yourselves.
I know that the herd mentality still affects humans' decisions, but please do try to balance your cognitive biases out.
saying != doing (Score:5, Insightful)
Gates urged that new design approaches must "dramatically reduce" the number of security-related issues as well as make fixes easier to administer. "Eventually," he added, "our software should be so fundamentally secure that customers never even worry about it."
Fair enough, but regardless of what is happening in the way of "new design approaches", the current installed base is the problem. The best ways to show dedication to the reduction of security issues would be a) rigorous code review + pre-emptive bugfixes and b) more rapid response to issues that are found elsewhere. There have been improvements, but the sum of the successes will not outweigh the sum of the failures.
Re:saying != doing (Score:2)
So, all technical arguments aside, Gates has failed to the achieve the managerial decision he has made.
We geeks can worry all we like about the minutiae; Gates, as a manager and businessman, has failed to deliver.
Re:saying != doing (Score:2)
When have I heard this before? Oh yeah, Win95, Win98, Win98SE, WinNT, WinNT4, Win2k, WinXP, Win2k3
(I would have gone further back, but Win3.1 was the original problem; 3.11 seemed to manage to add features without adding serious security problems, somehow)
Extending tendrils? (Score:2, Funny)
An interesting look at the whole issue (Score:5, Funny)
Yeah, baby. Tie me to your platform and make me pay.
SHOW ME THE MONEY (Score:5, Insightful)
you know we as a tech community lambast the **AA whenever they (and the media) say a "hacker" did millions of dollars pirating
why do we not do the same when crap like this gets printed?
tens of billions? prove it, thats our job, thats what we do
Re:SHOW ME THE MONEY (Score:5, Insightful)
Re:SHOW ME THE MONEY (Score:2)
Re:SHOW ME THE MONEY (Score:2)
The Only Thing... (Score:2, Informative)
Microsoft Software Bad (Score:3, Funny)
There, I've just saved you from having to RTFA.
Re:Microsoft Software Bad (Score:2)
First: "[...]it has long been established and thus is well-known that this is because there are so many more people attempting to locate exploits in Microsoft software."
Second: That's a bunch of bullshit. There really are more holes in Windows, and it really is because Microsoft is fucking lame, doing things wrong at every potential opportunity.
Maybe you were just making some
Easy fix not (Score:2)
Except if we all do switch then FF and TB will become the most common browser/e-mail clients, and there's no reason to believe that Mozilla's coders are that much better than MS's. FF has gone through how many versions these last 12 months?
Re:Easy fix not (Score:5, Insightful)
There IS reason to believe that Mozilla's coders are that much better; The most serious hole found in Firefox in some time actually ended up being a hole in Windows.
FF has gone through more versions because they don't release incremental security patches, and because their code is subject to public review. Microsoft does release patches, meaning there are less versions, and their code is not subject to public review, meaning they fix problems only when someone finds one accidentally.
Your arguments are universally specious.
My Favorite Part of TFA (Score:2, Insightful)
I have never read a more scathing remark of Bill outside of /. :
And the next time Bill G. promises to make software that is so fundamentally secure that customers never have to worry about it, ask him what decade he plans to release it.The article is piece of crap (Score:2, Insightful)
But beyond that, my biggest issue is there are no FACTS in the damn piece. Everything is anecdotal. How are Microsoft product's better/worse? Why? By what measurement?
All this article does is pick on Microsoft because it's the biggest and easiest target, so any flaws make the news. It's like
Microsoft's Fundamental Choices Are At Fault. (Score:3, Insightful)
Microsoft made the choice to tie things closely to the OS. In particular, their Netscape killing plan was to essentially make IE part of the OS. Outlook also requires the presence of IE to render html mail, or at least it used to. Similar decisions were made regarding hooks to the OS for other Office programs. These decisions were made for reasons of competitive advantage over competing software such as WordPerfect and Lotus.
The consequences of these decisions is an OS with fundamental security issues. Microsoft has an opportunity to change this with Vista, but I'm betting that they haven't.
Re:Microsoft's Fundamental Choices Are At Fault. (Score:2)
Massive progress has been made (Score:4, Insightful)
It doesn't matter who the dominant OS / company is, the biggest threat to security on anyones computers is the person sitting in front of it.
You can't win a fight against ignorance, misunderstanding or plain stupidity. Microsoft has made some pretty damaging blows and that is commendable.
I think it's time the end users' took just a little bit of responsibility for their security issues. It's callous to assume (and blame) Microsoft when so many 'issues' are avoidable with a little common sense.
God help the *nix world if they ever get bundled with the masses of ill-informed, ill-prepared and irresponsible people who use Microsoft software.
Re:Massive progress has been made (Score:2)
Good point. But is *nix an operating system or a philosophy? Why has it spent the last 20 years losing market share to Windows? My guess would be that there are only so many people with the patience, curiosity and abstract reasoning to grok the philiosphy of "worse is better [jwz.org]".
I like this whole "vs" thing. (Score:2, Insightful)
Re:I like this whole "vs" thing. (Score:3, Funny)
At least it's got Security on the run.
Not really that accurate (Score:2, Insightful)
Yeah they have... (Score:5, Insightful)
One thing to help would be a default account type in the Users group, and if currently an admin, switch your group to Users. Third parties need to fix their programs that requires more privileges (not necessarily admin) after the program is installed because of write access to system folders and HKEY_LOCAL_MACHINE. Vista fixes this, but if you ask me I think MS is only encouraging the bad behavior of alot of third party programs by providing this method of keeping non-compliant applications compatible with least privilege. (Keep in mind, there are a$$holes like Even Balance who purposely wrote their anti-cheat to require true admin privileges)
Sure they have a firewall... you're screwed as admin because the code that launched can also create an exception for itself via netsh command or damn it all to hell and disable the firewall via "net stop". Malware does do this today, and sad how easy it was stopped.
Don't want to run as non-admin? XP can run specified apps automatically with User privileges even if you are admin (and I am not talking about Run As with a lower privileged account). And for fuck's sake, don't take the default of "SYSTEM" for your apache or whatever server software services.
"Why the software giant still can't get it right"? (Score:3, Insightful)
Methinks the question is not... (Score:3, Interesting)
I tend to prefer the question, why are Windows customers still grappling with security issues?
Relax. Don't worry. Be happy. Your daily stress will be less if the main server crashes.
The reason Microsoft doesnt care about security (Score:2, Interesting)
Why is the NUMBER of patches released an issue (Score:3, Insightful)
Ubuntu quite frequently tells me there are updates available for a large variety of packages I run, so what's the difference. This close-minded MS hating mantality gives me the shits. Everything is fallible to some degree, it's just a question of how much that degree affects you.
Evolution vs. Intelligent Design (Score:3, Funny)
What about the 15 years before we knew about this? (Score:3, Interesting)
How much privacy has been violated in the last 15 years using this exploit?
Before info on the exploit was splashed on news websites, it may very well have been known to intelligence agencies, Microsoft, and organized crime. We will likely never know. However, it is the window of time between when an exploit is privately found and it is made common knowledge that the real mischief occurs. For the WMF exploit, that window may have been 15 years!
It's not hard to see how this simple exploit could have been used for corporate espionage, perhaps against you or your company, and you would be none the wiser today. Government agencies at every level use Windows. Your doctor probably does. Your bank probably does. Someone with knowledge of this exploit before it was widely known would have been in "god mode" in the monoculture of Windows. They could have made a ton of cash rooting a few stock brokers.
There's LOTS of nasty things that could have happened, that it is just as reasonable to assume happened as to not. We'll never know, because digital tracks are very easy to cover up. Why the press isn't asking the bigger question: how could Microsoft (or someone else) NOT have known about this, and how do we deal with a world where some people, right now, might know about the next WMF exploit and might currently be using it to make a quick buck.
So let's not focus totally on the cost to clean up the mess once the problem is known to the script kiddies. The unknown cost of the undetected zero-day exploits is quite possibly much higher.
(And for those who say "there's nothing we can do about that!", I suggest you compare Windows security to something like SELinux.)
Oxymoron: (Score:3, Insightful)
That Microsoft has security like a cheese grater has bouyancy is a very well known fact, but the interesting point underlying the well known fact is _why_ Microsoft has such lousy security.
I suggest it's their attitude towards security. For example, last Thursday Microsoft released a patch for the
This is the way Microsoft does security: They wait for users to get hammered and scream, _then_ they might fix it, but just that one thing, anything else related is ignored until the cycle starts again with users getting hammered and screaming about it.
After the past two years of Microsoft "security," the only people who still run that junk are the ones locked in by their PHBs and the clueless pubic who buy PCs based on what they see on TV. Oh yes, and the willfully locked-in Microsoft fanbois who are out in droves today defending their sinking ship against the crush of reality.
Microsoft fans are much like the "Intelligent Design" people: They believe and insist their belief is the same thing as knowledge. This gives them the excuse to ignore reality with it's rather unpleasant (to them) consequences.
Face the reality of the situation with Microsoft products: They want your money first and foremost, anything and everything else is, at best, second thought. This includes security, quality -- everything else.
That's your reality, deal with it in a constructive way by getting off the Microsoft Gerbel Wheel from Hell (tm): It's the only way to be sure.
Cheers.
Re:No Progress? (Score:4, Insightful)
Re:No Progress? (Score:4, Insightful)
Its filled with 'feelings' and 'impressions' by people cited as experts, without examination of their claims - nor an inquiry to factual matters. It describes a dislike, without addressing the basis of the problem, nor posing any other solution beyond disliking Microsoft.
The fact is, you still have millions of Win9x and NT boxes, hanging their gut out on the 'Net. This is and has been the principal problem. Slammer worm? Christ, I blame the crappy network border management, that allowed a local service-discovery broadcast protocol to come in from the Internet without being blocked.
I trust Rich Forno on Unix security. To use him as a source on Windows secuity is ridiculous. He is anti-Microsoft in bias - irrationally so. Microsoft could buy OpenBSD tomorrow, stick IIS6 on it, and Forno would still rant about the thing.
The WMF problem is a legacy file format. Let's not give MS a free pass on this, but seriously. It's like the zlib problem we had across distributions, a couple years back.
There are some other gross inaccuracies claimed by 'experts' and 'analysts' in this piece. "It is still built on the same legacy code, it is still written without adhering to secure coding practices, it is still thrown to the masses without adequate security testing." That's an assertion without supporting evidence. It doesn't have a factual basis. The MS SDL is a very good security development and testing process, implemented company-wide in 2003. Don't take my word fo it. Read the damned thing. This is how to do it in commercial software.
http://msdn.microsoft.com/library/?url=/library/e
I wish I saw similar efforts from Oracle, or any of the other major commercial software vendors.
It remains to be seen if this methodology is well-executed. Server 2003 is the first full-blown OS released thouh a full SDL cycle. So far, it has been a reasonably secure system, with limited exposure of default "attack surface", and intelligent choices about vunerable service and connectivity configurations.
Vista will be the first full SDL derived client. While I may not like the policy enforcement of "Digital Rights" and whatnot in userland, as a system I expect that it will be difficult to exploit or escalate privileges - and that attacks will be localized at isolated in effect. Let's hope so.
Re:No Progress? (Score:5, Interesting)
The other day, we had to have a little talk with one of our developers; he didn't understand why it was bad that his application generates an error message that writes the administrator password to the Event Viewer logs. What was that I heard about every developer being thoroughly trained in secure coding practices?
Even though security is supposedly top priority, we find ourselves unable to force our developers to adhere to policy and write code that can run under a non-admin or non-system account. The higher ups steam roll over us when we fight the fight.
The problem is that there are two groups at MS; the business side, and the technical side. The business side calls the shots, and they don't listen to the technical side.
Sure, there's plenty of talk about security, but no real action. PR is cheap.
"The whole article is a troll....Its filled with 'feelings' and 'impressions' by people cited as experts, without examination of their claims - nor an inquiry to factual matters."
The article is correct. The reason it is not filled with objective evidence is because there currently no objective, agreed upon method of measuring code or system security. In the absence of objective data, the opinions of experts are the best thing we have.
Re:No Progress? (Score:3, Insightful)
Fixed that for you.
WMF (Score:4, Insightful)
No, the WMF problem is an incredibly silly code insertion technique that was designed in - deliberately allowing the image to embed its own arbitrary code - in the days when anything on a machine was deliberately put their by the user and could arguably be trusted. There's no buffer overflow or anything here - just a windows object which is insecure by design.
This kind of code shows how little windows was designed with networking in mind. It wasn't a problem in 1985, but still working that way 20 years later shows how Windows still includes horribly insecure legacy code that should have been revisited if they were serious about 'secure by design'.
Justin.
Re:No Progress? (Score:5, Insightful)
Re:No Progress? (Score:3, Insightful)
Requiring a reboot after every update is not my idea of "seamless"
Re:No Progress? (Score:5, Insightful)
Re:No Progress? (Score:2)
Re:No Progress? (Score:3, Funny)
Re:No Progress? (Score:5, Funny)
-JMP
Oh, THAT explains it... (Score:2)
Re:No Progress? (Score:5, Insightful)
Re:No Progress? (Score:5, Insightful)
Perhaps even more accurately, windows application designers have made no progress. Windows has supported multiple users & permission sets for quite some time, but it's still considered acceptable for normal applications to spew garbage into the registry and write to system folders. Until its easy (not merely 'possible') to run limited accounts & control permissions, we're going to see major problems.
Re:No Progress? (Score:3, Informative)
Until its easy (not merely 'possible') to run limited accounts & control permissions, we're going to see major problems.
The use of limited accounts only goes so far. It will prevent a virus from doing damage to some areas of the machine; it will not prevent the creation of "zombie" DDOS networks, infection by spyware, or OS exploits. Correct me if I'm wrong, but the WMF exploit will work regardless of whether or not you're running with full or nil permissions.
Re:No Progress? (Score:4, Insightful)
Re:No Progress? (Score:2)
News to me. You of course has sources to back that up.
Re:No Progress? (Score:3, Informative)
It was written to be "OS/2 v3", once Gates poached Cutler's development team.
It was grafted onto the Windows shell as a long-shot, after tensions between MS and IBM began to manifest themselves over the success of Windows 3.0, the failure of Presentation Manager and the differing visions for the future of OS/2.
Drivers for NT were still alot like drivers for VMS, from the API point-of-view.
Re:No Progress? (Score:3, Insightful)
You have provided zero evidence to support your claims that:
* Windows NT is poorly designed.
* Windows NT was written as a "test bed for new technology"
* Windows NT wasn't written for production use
There is no argument Windows NT and VMS have very similar architectures. They were both designed by the same development team. But that's com
Re:No Progress? (Score:3, Interesting)
Quite possibly. But since you go on to agree with him, it all works out in the end.
I was just providing reading material that shows a few minor facts.
Trouble is, it doesn't show any relevant (or disputed) facts.
NT is poorly designed.
Why ?
In fact it wasn't designed (from the ground up) at all. It borrowed(depending on your use of the term borrowed) heavily from VMS, [...]
NT was designed and written from scratch by the same team who de
Re:No Progress? (Score:2)
Doesn't Win2K have a firewall? What was lacking was a GUI that normal users could use. So, yes, progress, but not really very much.
Re:No Progress? (Score:2, Insightful)
MOD PARENT DOWN (Score:2, Insightful)
Excuse me? No Progress? Including a firewall with Windows is no progress?(emphasis mine)
There's this thing called reading comprehension. There was never the claim that there was no progress made, only that there was not much, ie little, progress made. Considering how many and how deeply worms have been able to attack in spite of said firewall, I'd have to concur. Feel free to try to disprove his "not m
Slow progress (Score:5, Insightful)
Of course that is progress but the real problem with Windows is the fact that it carries a burden of bad design decision at a fundamental level made for all sorts of business and marketing reasons. Why does a process like Microsoft Internet Explorer (Which is mainly a bigger gateway for malware than Firefox because it is badly written not becaue it is a Microsoft product) have to run with admin privileges? There is a reason why that is going to change in IE7 on Vista. Come to think of it, why the hell does the normal Windows user even have to have Admin privileges for day to day work to begin with? Thousands of Linux and Mac users get along just dandy with restricted user privileges apart from the occasional annoyance of having to either log in as root or in the case of OS.X feed a nag window the root password so that the occasional installation program can touch sensitive parts of the OS. You can try to write this off as *NIX evangelism but it is hard to deny that in the ancient past this sort of shoddy design work solved complicated problems for MS quickly and cheaply and for that reason it was allowed to happen without contemplating the long term effects. Unfortunately MS has since learned the hard way that thinking ahead sometimes pays but now they are also learning that back-pedaling is hard work.
Re:Slow progress (Score:3, Informative)
I would say that this comes under uneducated users again. You can do exactly as you said in windows. I run as a limited user, and everything works fine. Sure, sometimes I need to login as admin to install some
Admin vs. root on OS X (Score:3, Informative)
root has much greater (and usually unne
Re:No Progress? (Score:5, Interesting)
It's funny this should come up. I wrote a response to someone's newsletter earlier today.
Here's what amounts to a primary copy|paste:
As far as things loading slowly, a lot of it has to do with the code which is being loaded. In many shops, things such as code reviews are non-existent. And when they occur, they're cursory at best. Programs written in Visual Basic don't have "Option Explicit" (requiring you to declare variables) and when you force someone to add it, it won't compile. One of the biggest gaffes Microsoft made was for programmers to make declaration variables in this fashion. It should be the other way around: force the declaration of variables unless you turn this off. This is a subtle, but crucial indicator of their internal decision-making system and vision.
And speaking of Microsoft, "Patch Tuesday" would be a shadow of its former self if they learned one thing in programming: buffer overflow For those unfamiliar with the term, it means permitting someone to type more than a variable is allocated to handle. The extra characters then alter the program's execution, including turning scenarios turning complete control over to someone running the software. There's a lot of humor about the questions Microsoft asks in their interviews; "Why are manhole covers round? How many gas stations are there?" My joke has become, "Demonstrate code which handles buffer overflows [because we don't know how to do it]".
Gates attempted to demonstrate the priority of security by publicly declaring all software development to be put aside and focused entirely on security issues in February 2002. (Google has started a new event known as "Summer of Code". Students are tapped to gain real-world experience and write OS (Open Source) code during their Summer breaks. I've since referred to Microsoft's dedicated activity aas "Month of Code". Has the error profile changed? No. Has the number of errors changed? Yes. More software on the market with the same error foundation means there are more copies of that problem in everyone's hands. It's not a trick question. Were their code architecture to prevent retro-fitting the solution, they could build it into each no product to hit the market and you'd see the patch count drop over time as new products were released with the underlying fix. This is not a particularly difficult technique to implement and wouldn't add a significant change to their schedule. In fact, the time factor would approach the current schedule as they become familiar with the mindset.
Why don't they do it? No one knows. Programmers with no more than three or four years of experience have learned this shortcoming is the reason Microsoft software is so buggy. And this is without access to Microsoft's source code. No one has put the question to Microsoft. Put their foot down and asked why this is company-wide shortcoming exists. Everyone (media) seems focused upon where Microsoft is going and perhaps afraid they'll commit seppuku (suicide) if they really push it. And if they requested time to investigate it, they should have an answer after a reasonably short period of time, removing, "We'll have to look into why this isn't done" as a response. Were this single issue to be addressed across their product line, I would estimate 98% of the currently reported errors would vaporize. That's not to say a new class of bugs wouldn't develop, but almost all of the reported errors today have a big gathering at every family reunion. We're not dealing with sudoku here; besides, standard sudoku is single digits.
Shortcomings aside, Microsoft has started one internal program: "Blue Hat" - annually bringing hackers in and showing how easy it is to peel open their vaunted software. Apparently, they expected a rah-rah session the first time and it was heard the gasps increased as the spirits fell.
Today's Quiz.
Name each quotation's author.
1. "Success is a lousy teacher. It makes smart people think they can't fail."
2. "People
Re:No Progress? (Score:4, Insightful)
After four years of effort and $40,000,000,000 worth of revenue from their long-suffering customers, Microsoft succeeded in including a simple firewall with their operating system.
You're right, it is progress but somehow - and I can't quite put my finger on why - I'm feeling a little underwhelmed.
Re:Whats even more amazing... (Score:5, Insightful)
I don't know if I'd chalk this all up to lazy sysadmins. While that's a factor, there's also the IT director at whatever firm who wants "stability." Sure, some of it is sysadmins not paying attention. But some of it is also sysadmins at war with the suits because, "that system cannot go down... not even for maintenance. I don't care if nobody uses it between 1 and 4am or on the weekends." (Yes, I've seen shops like that... those are VERY costly errors on management's part.)
Critical patches should ALWAYS be installed as soon as it is feasible. You should have a test system available where you can install them and run your regression testing, if you're in software development. If all you do is use your computers for word processing, data entry, specific applications, etc, you should, for the most part, be installing those critical patches as they come out. I tell family and friends to do that. My seldom-used windows box here at work gets done by corporate IT, and they seem to stay on top of a lot of that.
Re:Whats even more amazing... (Score:2)
People don't patch. More news at eleven.