Security Community Reacts to Microsoft Announcement 471
A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.
It seems to me (Score:4, Insightful)
I have said it in the past, and I'll spew it backup now for those who missed it, MS do not make the best software - bu they do have the best marketing department and business sense.
You say paranoia, I say FUD (Score:2, Insightful)
I mostly think it's advertising. XP didn't sell nearly as well as they had hoped, and a bunch of people flying around with Madonna playing in the background didn't seem to send their message. And I'd be willing to bet that security concerns were most of the reason-they WERE the reason with my employer.
The tech world is full of reviewers and publishers who will publish Gates' statements as thought they were spoken from the burning bush. God only knows, they shill for advertisers just as bad as gun magazines.
Announcements.... (Score:5, Insightful)
And anyways, for those of us that are on some security mailing lists like NTbugtraq, we'll see how the people got their discovery handled by Microsoft, if they change for real, maybe we won't read as many "We notified microsoft 3 weeks ago about this matter and nothing was done, now it's time to bring it public" and then having the Microsoft PR and legal team on their back.
I think they are starting to feel the heat of people that are really not satisfied and claiming that buisness damage due to insecure OS should be fined to the creator of the OS, especially when they claim it's secure. Heh.. good thing.
If it affects the share price, MS will move fast (Score:5, Insightful)
I would look for MS to make at least two major acquisitions in order to shore up their security offerings - they have used acquisitions in the past to shore up problem areas.
Of course the caveat is that they are not so much concerned with security as an intrinsic value but in the selling of security, and there is an important distinction here. As with any growing software market, you can't underestiamte Microsoft's efforts, and I think it is largely naive for the readership here to snicker and write off MS in this regard.
Re:What about the potential implications for Linux (Score:3, Insightful)
It doesn't crash as often, and is a vast improvement over 98, but it does crash. Of course, this is a bog-standard Professional install with Service Packs 1 and 2 and a few fixes from Windows update applied, used mostly to play games, so YMMV. (In fact, once every few boots, it boots to a black screen and sits there indefinitely (this defined as being "beyond the limit of my patience", ie significantly longer than on a successful boot.)
To say that it doesn't crash at all, however, is as inaccurate as saying that Linux never crashes.
Cheers,
Tim
One other reason (Score:3, Insightful)
The revenue stream has to stay flowing and this will force IT people to upgrade. If they don't and they get hit by some nasty bug/virus/worm the CEOs will have their heads.
But does this leave MS open to lawsuits...nah not likely what with their EULA
Oh well
Re:It seems to me (Score:5, Insightful)
Well, duh!
It's the timing that gets me. They made the announcement shortly after a major OS release. So whenever somebody points out a bug in existing software (XP or earlier), they can shrug and say "That was the old Microsoft, the new Microsoft no longer makes those mistakes."
And since it'll be sometime before they release another highly-vulnerable product, nobody will be able to contradict them.
Re:Windows needs a clean break (Score:3, Insightful)
If Windows isn't too backwards compatible, people will complain like hell and use another OS.
Having a huge marketshare certainly have its advantages but it sure have a lot of disavantages.
Business practices are related here too.... (Score:2, Insightful)
Denny's (Score:5, Insightful)
Apparently, Denny's had intended to be a 24x365 operation, never closing its doors. Therefore, when they built the restaurants, they didn't bother putting locks on the doors.
One year, they decided to give their employees Christmas day off. In order to close the restaurants, they needed to be able to lock the doors. Therefore, they had locksmiths go out to all of the stores and install locks.
Now, instead of having spent about $10 per door when the store was built to have locks installed, they needed to send locksmiths to all of the stores and pay them for a couple of hours work resulting in a cost of a few hundred thousand dollars to give their employees a day off.
The moral: It's a lot easier to design security into a system in the first place than to try to add it on later.
Microsoft has their work cut out for them.
facinating... (Score:3, Insightful)
I find it just facicinating that CNet had to go with Microsoft in order to find someone willing to write an article for the "pro" half of the article pair.
It's just the old Embrace and Extend tactic... (Score:5, Insightful)
Step 1: Embrace some technology.
Step 2: Extend it in proprietary ways, locking the users in to Microsoft.
How long before we hear,
How long before the security protocols used are known only to Microsoft (for security reasons, naturally)?Three months—at the most!
Re:What about the potential implications for Linux (Score:2, Insightful)
Ahhh but we can always come up with new reasons for linux being better
And in addition to these reasons there are always the old standbys like "Microsoft is evil" and "I am 3733+3 cuz I use Linux."
The thing about being a zealot is that you can always find ways to justify your position. Although I think the Linux zealots are closer to the truth than the microsofties, I'm somewhere in between.
Security potential (Score:2, Insightful)
Re:Craig's article... (Score:5, Insightful)
If he's a Microsoft customer, yes.
Microsoft is very unusual in the sense that it doesn't follow the adage that the customer is always right. If any normal (read -- business that doesn't have a monopoly and can rest on the fact that >95% of the home users and >40% of businesses will buy their products because they see no alternative) business employed Microsoft's attitude, they'd soon be out of business.
Say you went down to your local grocery store to buy some Extra-Triple Fudge Fatty Ice Cream and they said "no, we're only going to let you buy plain Neopolitian -- and by the way, we're going to be changing the policy here, if you want ice cream, you'll take it whenever we want to sell it to you and we'll be instituting annual billing for 52 Gallons of ice cream a year. Oh, and if you want to give your kids some, you'll have to buy extra containers for them, only one user per container. Oh, and our profit margins are below what our shareholders are used to, so we'll be raising the price every few months and thinking of new ways to require that you only buy Microsoft Ice Cream."
How long would you remain a customer? In effect, this is what M$ is doing and as a customer you can't do a damn thing about it as long as you continue using Windows.
It isn't normal for the majority of a businesses customers to hate the product that make, but have to accept it anyway.
Security and stability are things that Microsoft's customers have been screaming for for years, so yes -- they should be doing it whether it's something that they want to do or not.
Unfortunately, the main focus of their development has been to add features that lock people into the Microsoft platform.
Security is only becoming a focus now because the biggest potential Microsoft lock-ins won't be adopted unless Microsoft can convince the public that they are secure. I don't think this is a genuine effort, except on the part of the PR department -- it's a sincere effort to convince everyone that they're going to be more secure, but I don't believe that it's going to happen -- well, they may become *more* secure, but that won't take much.
Re:Craig's article... (Score:1, Insightful)
You, as a consumer have options. Everyone, as a consumer has options. What makes you want to buy a Microsoft OS every time? What takes your wallet, runs you to the store, and makes you pick up a box with that dreaded logo on it? You don't have to buy it, there is no legal constraint for someone to make an OS to suit your needs, or, for that matter, anyone else's needs. I wish people would understand this.
If all you can do is sit in a *nix community bashing MS because YOU paid for an OS that didn't suit YOUR needs, then you, sir, are an idiot.
On the other hand, if you would really like to help us *nix people develop an operating system that doesn't BSOD every 5 minutes, then how about you pick up a book on OOP and c++ or C, and help us develop it?
It is one thing to constantly hear people bash MS, but this guy just admitted to buying the software.
IF IT SUX WHY DID YOU BUY IT??
Oh, the pretty logo, i see.
The best part from our friend Mr. Craig Mundie: (Score:4, Insightful)
"...they've helped transport people to the moon and back safely, they manage critical aircraft systems for thousands of flights every day, they support business operations at companies of all sizes, and they move trillions of dollars around the world to keep the global economy"
It's a shame that none of these run Microsoft software. MS didn't exist in the 60's (moon landing), has nothing to do with aircraft systems (most still in use run on late 70's mainframes and mini's), and god help the bank/brokerage who runs their mission critical software on an Wintel platform. End flame.
Mundie does have one idea right though; make it ubiqutous (sp?). He indicates computers should have the same reliability that requires no thought. I agree whole-heartedly. However I don't believe MSFT can do it without rewriting the whole damn thing over. I cannot count the amount of times an NT server had to be manually power cycled because a service hung and wouldn't restart. This wasn't some oddball, third party service; this was IIS ("WWW Publishing Service" I believe) Until simple things like the separation between kernel and application (EVERY application, no exceptions for the ones you need to tweak for benchmarks) is complete, NT will have problems
Toodles
Re:Schnier co-writes a bad column! -- firewalls (Score:2, Insightful)
The idea is unfortunately short sighted, and will result in holes to be opened in what was previously a manageable service port. This was for expediency, not security. The SOAP spec team followed along as the adoption would be accelerated, but again, this was done without any real eye towards security.
I seriously hope MSFT takes these comments to heart and at least begins to adjust their practice and products to be more secure.
'nix community standards (Score:3, Insightful)
Being quite the 'nix afficionado myself, I understand some of the rather hateful sentiments expressed toward MS. I take issue with some of Mr. Schneier's (whom I greatly respect) comments, however, as being opposed to the mindset of progress.
For instance, Implementation of Microsoft SOAP, a protocol running over HTTP precisely so it could bypass firewalls, should be withdrawn.
strikes me as an ill-conceived statement. SOAP [w3.org], for the uninformed, is just an XML-based protocol carried through HTTP. It doesn't BYPASS the firewall, it passes through the port generally held open for the use of web servers. We're packaging an XML envelope that a SOAP implementation can open and use, not passing some magic packet that your web server can use to format its harddrives. Firewalls can be made to use SOAP information to block SOAP packets, and servers don't have to respond to ill-formed, ill-conceived, or ill-meanings SOAP calls. How the heck can removing SOAP all-together be considered a practical security measure, anymore than simply removing the web server from the net entirely? Sure, you might get your C-2 rating, but is it worthwhile?
MS has attempted to create a high-functionality server platform, one that installs with the purpose of usability as its default. This simplifies the installation process, creating a process that relies less on the intelligence and experience of the user and more on the good nature of MS itself (as the one who created the installation system). MS does not necessarily have YOUR interests in mind, but the interests of a non-specific "user" in mind - a user whose needs profile may or may not fit your own. Microsoft needs to expand their thinking to include the needs of secure-minded individuals, granted, but the needs of ALL users should still be taken into account, and documentation created that explains the differences.
I'll be the first to admit that Windows has security issues, however, I contend that the nature of networking imposes security problems on ALL operating systems. I doubt too many persons could implement a secure 'nix OR a secure Win box. Intelligence and experience are required in both.
Re:How to secure Microsoft Windows: (Score:3, Insightful)
No, I don't. But I don't think they'll succeed with this security initiative either.
It's easier to say than to do. We all know this already. But I'm not sure Microsoft does. It's not like the sudden Internet shift.
Security is about adding limitations and restrictions. This is converse to the entire corporate direction, which has been stripping those away while trying to apply band-aid solutions to address security issues. It's a fundamental problem.
And you are right. They can't really go back. They can't completely rewrite Windows, IIS, or Office. The new products would be released with glaring omissions from past functionality. It would be missing things Microsoft never should have added in the first place (UPnP, for instance).
Perhaps they'll try to do it right. In fact I believe they will. But when it finally comes down to scrapping products and features with insecure fundamentals, I can't see them carrying through.
It'll be back to band-aids and PR coverups. The temptation is just too great.
Re:How to secure Microsoft Windows: (Score:3, Insightful)
Starting from scratch is what bad programmers do when they don't have the intelligence or patience to figure out what has been done and what has been learned previously. Well, let me state that there are cases where starting from scratch makes sense, but there are the far more prevelant "It's all crap, I'm starting from scratch" mentality, which roughly translates to "It's easier for me to impose my will and start with what I know than to try to figure out what the prior person did and learned". Beware a programmer who ever claims that they need to rewrite something: 9 times out of 10 it's because they are lazy, or they're just not smart enough to figure it out.
BTW: Who you are talking about is Joel, i.e. http://joel.editthispage.com [editthispage.com]. HA! Just visited there and hilariously enough he has a co-rewriting story up. You're thinking of this [editthispage.com] article.
Contrast Between Mundie and Schneir/Shostack (Score:4, Insightful)
I thought that looking at these two articles provided an interesting comparison. Mundie's idea of "trustworthy computing" is a world in which people don't think about the technology that makes their computing devices work. This seems to me to be pretty much the same philosophy that Microsoft has followed for a while now, ie lowering the level of knowledge required to operate computers.
By constrast, in the Schneir article, the viewpoint expressed seems to me to advocate people getting involved in the operation of technology. More configurability, plus more modular components, more transparent auditing/logging of OS functions etc. In the author's view, users should be aware of what their computer is doing.
This is the fundamental problem with Microsoft's view of security. Their focus on making things transparent to the lowest common denominator is at the root of all the architectural problems from lack of logging to Outlook viruses arising from scriptable email. They need to change their view that people should just view their computers as mysterious black boxes before their security record will ever improve.
So does Robert X. (Score:2, Insightful)
New products and upgrades based on increased security have a certain appeal. After all, you can never have too much security, so users can be convinced to upgrade over and over almost forever (just look at Mcafee). But there is a downside, too, which is that security and security performance are now firmly on the table. If Microsoft says it is going to make its products trustworthy and they aren't, then customers can rightly be upset. To this point, remember, Microsoft has pretty much disclaimed security, saying that all operating systems and applications are vulnerable. "It's not our fault." Well in the age of Trustworthy Computing, it WILL be their fault, though the cost to us will probably be continual and expensive upgrades.
Re:Schnier co-writes a bad column! (Score:2, Insightful)
One of the principal architects of SOAP was Henrick Frystick Nielsen, who certainly knows about more protocols than just HTTP since he implemented them all in the CERN libwww code.
The point is that running SOAP over SMTP or NNTP does not make a lot of sense except to looney email junkies who need a strong does of reality. SOAP over FTP makes no sense because FTP is a fundamentaly bodged protocol, it is less efficient that HTTP in every circumstance, it is also designed as a human/machine interface and is actually fairly brittle when used as a machine/machine interface due to different incompatible implementations and interaction between the ftp daemon and the file system semantics. The number of special case code paths for FTP in the libwww code is quite large. Some folk are trying to combine FTP and SSL which is not a good plan because FTP is actually built on Telnet and there are good reasons not to use SSL with Telnet which is why SSH is no longer based on SSL.
Henryk certainly knows about designing new protocols as well, he was one of the principal architects on HTTP-NG which people refused to use because HTTP was good enough for them.
SOAP actually layers over several transport protocols but the only one most people have any interest in is HTTP. There is a small interest in BEEP, but BEEP is a fairly new protocol that is probably only simple because nobody has used it yet and so we don't know what it lacks.
I don't have much sympathy for folk complaining about the use of the 'firewall bypass protocol'. Firewalls are like chastity belts, they are mainly bought by people who intend others to wear them and suffer their inconveniences. They are also like chastity belts in that they tend to be less effective than the purchaser imagines.
SOAP traffic is actually quite easy to detect in HTTP, just examine the Content-Type field. It is strange that Bruce should get so excited about this and say nothing about Java that deliberately disguises itself as application/binary to prevent firewall filtering (and yes I did suggest Gosling chage this before they release Java, they refused).
I wonder though... (Score:3, Insightful)
Sure the security gaps, shoddy Q/A (i.e. let the customer do this) and worms have made interesting press (including Gartner Groups suggestion business dump IIS, you may disagree with Gartner, but PHB's everywhere listen to them, not you) and is probably costing them a few bucks, but there's still an army of people out there who still buy M$ only, because "nobody ever got fired for choosing Microsoft."
I'm too jaded to accept this as a genuine effort by Microsoft, which has left the security worry squarely on the shoulders of the client, to clean up their own mess and stop making them. I think there's an ulterior motive which we'll see later, like waiting for the other shoe to drop.
Re:Windows needs a clean break (Score:4, Insightful)
Three words: Removable drive racks.
As long as IDE exists (which should be good for another 2-3 years), if you must use Windows, keep an old '98, W2K, or Linux/FreeBSD install on separate a hard drive with your data and applications, and install Windows RG on another drive.
Wanna work? Use the main drive. Wanna play the l33t new game? Yank it out and boot RG. No Gatesian DRM tech or spyware will ever be capable of corrupting or leaking data stored on an unpowered hard drive that's been physically disconnected from your machine.
Propaganda (Score:2, Insightful)
The question is, how badly do they want security? Their new focus on security may require them to make their new software and OS less backwards-compatible, or not quite as user-friendly. Microsoft may have trouble seeing their products' ease of use drop in the short run--they've put a lot of work into making Windows easy to use. So basically it comes down to this: are they willing to sacrifice some ease of use (and beef up their technical support) in order to produce more secure products? If so, great. If not, then it's all just propaganda.
Re:Schneier & Shostack are right (Score:1, Insightful)
We're all gonna DIE!!!! (Score:3, Insightful)
Let's smoke and drink and eat nothing but onion blossoms and have unprotected sex with gutter-crawlers. We're all gonna die anyway!
And we can't forget about Joe - ate well, exercised, etc., and he still got cancer and died at 24. Why bother?....
What will it take to kill this damn "all software has bugs" crap? Of course it's possible to write bug-free software - look up "formal methods" or "correctness proofs" on goggle. It's just very expensive and isn't used unless a bug will result in death.
But more practically, I've been at few shops (maybe one in almost 20 years) that couldn't eliminate the vast majority of their bugs with some simple changes. Things like TURNING ON COMPILER WARNINGS - you would be shocked how many times I've come into a site (as a troubleshooting consultant) with a flaky code base, turned on compiler warnings (which are inevitably disabled), made sure every variable was initialized and functions were called with the right types of arguments and the code was immediately described as "more reliable," "less fragile," etc. Yet this rarely takes more than a week to complete.
If I were security czar at Microsoft (and pigs could fly....) my first order would be that every developer drop everything else to turn on compiler warnings and eliminate these warnings. (Some warnings are acceptable, but not uninitialized variables, wrong number of arguments or wrong types of arguments.) Shouldn't take more than a week, even if function prototypes have to be defined from scratch, and the code will be a lot more solid.
Then there's the buffer overflow issue - "grep" is wonderful at locating sprintf(), strcpy(), strcat(), scanf(), and other problematic code. It's normally easy to convert them to the safer functions. "grep" can also find snprintf(), strncpy(), memcmp(), strncmp() etc with hardcoded array sizes - too easy for the size of a buffer and the function calls to get out of sync if you don't use a manifest constant or sizeof().
Overall, there's about a dozen simple steps you can do that will eliminate essentially all of your serious bugs. Some of these steps can be done quickly, others can be painful if a shop has been sloppy (e.g., 'programming by contract' and adding assertion checking to existing libraries.)
To be sure a nontrivial application will still have bugs, but they're much less likely to be ones that an attacker can exploit and there's no justification for a site not following these practices. Yet we keep hearing the fatalistic "all code has bugs, we're all gonna die anyway!" chants and nobody takes the simple first steps to fix bugs or eliminate the worst of their personal habits.
Re:Windows needs a clean break (Score:3, Insightful)
Legacy is Windows most important feature. All other considerations are secondary. If you don't have a legacy, you have no reason to use Windows.
If they made a clean break, then they would be on a level playing field with competitors. Is improving their product, which people are buying anyway regardless of its flaws, worth losing customers?
Re:If it affects the share price, MS will move fas (Score:3, Insightful)
An acquisistion can't fix their problems. It's not like they can buy some 3rd party program, and then Word and Excel macros suddenly won't work any more. Buying a product won't fix Outlook's "click here to execute virus" user interface. The only way an acquisition could fix their problems is if they use acquired products to replace existing products. (e.g. buy a new word processor and sell it instead of Word.)
Re:It seems to me (Score:5, Insightful)
That is, to put it politely, complete bunk.
Microsoft's biggest problem is not buffer overflows. You don't need to sneak a virus through the basement window when you can drive it in through the front door, waving merrily as you go. Many of Microsoft's biggest security problems have been with viruses that simply take advantage of what they're explicitly allowed to do. Most Outlook viruses don't exploit low-level coding errors, they exploit the high-level error of allowing arbitrary foreign executables free access to the system. Ditto with Office macro viruses. I wouldn't call that solid coding. Solid coding means preparing for the eventuality that your users are naive and making it as hard as possible for them to shoot themselves (or their neighbours, in the case of Melissa, et. al.) in the foot.
I'm not saying that Sun or IBM are any better, but saying that Microsoft writes solid code is absolutely ludicrous.
Re:Windows needs a clean break (Score:2, Insightful)
The model is still the same, this is true. A lot of shell scripts and code will still work on a new Linux system. If you must ask why, because it was pretty good to begin with. Can anyone think of a good reason to get rid of the BSD sockets API?
On the other hand everything under the hood has been changed and is decidedly not backwards compatible. The jump from Linux 1.0 to 2.0, the jump from libc5 to GLIBC 2.x, these are all breaking points. All new driver architectures, APIs, even executable formats. I don't think Linux is being held back. Having old API compatibility is not a bad thing, but even then, they often must say: This is it, this old stuff is deprecated, we're not supporting it anymore. For example, the RAID system is neither forwards nor backwards compatible in any way between 2.2 and 2.4. Stuff like that.
Plus, there's a difference between designing an OS to have legacy support and actually emulating the legacy system. Forcing someone to recompile or edit the aging code slightly can give someone freedom to implement the compatibility layer any way they see fit, instead of having to keep it "in place" and organize new features "around it".
Re:We're all gonna DIE!!!! (Score:3, Insightful)
By the way, correctness proofs only demonstrate that the code correctly implements the algorithm specified and still doesn't handle the problem of selecting or designing the correct algorithm. They therefore attack only one point in the development process where bugs can enter. (You already know this; just letting the others in on the fact that there's no silver bullet.) Full compiler warnings are a good thing; another thing I would insist upon is that a programmer use a debugger to step through every line of code affected by a change, and make sure that the program execution flow is what they had intended. It's amazing how many bugs I've caught this way.
Chris Beckenbach
Gullibility (Score:5, Insightful)
The problem is that an alarmingly large number of people cannot distinguish between the following:
What has happened to the software industry in general is exactly what has happened to the American political process. If you make promises and then cash the check, it doesn't really matter if you deliver. The reason is that people are gullible.
So you think, "gosh, wouldn't it be great if they've finally decided to do it right." But they haven't done it; they've just said that they are going to do it. Any support for mere words on the hope that it might come to pass will remove any incentive for actually doing it.
Most people get off so much on the hope and the promises that they don't realize how they're encouraging integrity-challenged behavior with their actions. It takes a real cynical bastard not to get caught up in this, and then we get told, "Oh, you Microsoft Bad Religious Types."
knowingly entrust their lives... (Score:5, Insightful)
"Many people today are still reluctant to trust computers with their personal information, such as financial and medical records, and few people would knowingly entrust their lives to them"
Every time you fly on a plane your life is in the 'hands' of computers. Every time someone gets an x-ray or a CT scan or any one of many now normal medical procedures you are entrusting your life and health to computers. Most (if not all) medical and financial records are entrusted to computers.
We do it everyday and the reason we do it is because these devices are designed and built by companies that have earned our trust by building quality products to very strict specifications for safety. These companies have good track records of safety and if they have problems then they are reported.
What Mr. Mundie should have said is:
"Many people today are still reluctant to trust Microsoft with their personal information, such as financial and medical records, and few people would knowingly entrust their lives to Microsoft."
--
Re:Craig's article... (Score:3, Insightful)
They do? The corporate admins have been begging for more stability and security for quite some time. I don't recall ANYONE asking for
It may not be perfect, I'll give you that, but neither is your *nix.
It's a damn sight better than Windows, though. No OS is perfect -- very, very, very true. Microsoft, however (or at least various people at M$) have admitted that perfection isn't even a goal. In fact, it's contrary to their number one goal, which is ever-increasing profits.
If you are a Microsoft customer, you have to understand that the goals of M$ are totally contrary to the goals of any of their customers -- the goal of any IT department should be to implement solutions that are stable, secure and cost-effective while solving the problems that they're using computers for and doing so as cheaply as possible without compromising the other goals. Microsoft's goal is to continue to sell more and more and more and more -- which is directly contrary to the goals of IT.
I'd also rather spend money on personnel than software licenses any day. Anyone looking for dumbed-down solutions is either a wanna-be admin who doesn't have the chops to do *nix, or a PHB who wants to hire cheaper help.
And my favorite feature:
The fact that I don't have to compile source code when I download any upgrades/patches/software....
My least favorite feature:
The fact that I can't get source code for Microsoft systems.
Most of the world does, because we want to buy a ready solution, not something we need to put further effort into.
Which is exactly why someone like you should not be in charge of a corporation's computers. Ready-made solutions are great for simple problems, but they also dumb down things to the point where it's nearly impossible to do anything other than what the vendor (in this case, M$) thought you might want to do -- or should do. Very few companies are happy with the constraints that using Windows puts on them, which is why Linux has gone as far as it has.
If you're too stupid or lazy (or both) to compile software, get a job in marketing. I wouldn't let someone with your attitude near my computers.
Enterprise computing shouldn't be dumbed down. I'm not saying it should be needlessly complicated, but with so much riding on corporate computer systems the emphasis should be on being completely secure, stable, and well-documented. While I grant you that no OS is 100% there, no one is farther behind than Microsoft.
Re:Craig's article... (Score:3, Insightful)
That's completely untrue. Only a minority of jobs, and of college programs, require you to buy Microsoft software. The vast majority of the time, you never even have to touch the stuff.
The truth of the matter is that you went to a stupid school (where they require you to use M$ products), entered a degree program (for which the aforementioned stupid school required the use of M$ products), and then took a job (again, one where you have to use M$ products.) Any of these could have been avoided, had you a desire to do so rather than whine about being 'forced' to use software you don't like. Even if you're dead-set on pursuing a CS degree or something where you're going to have to work with Microsoft software to some degree, you can use the school resources available. There's absolutely no excuse for paying good money for something you think is useless, unless you're just a glutton for punishment.
Some history (Score:4, Insightful)
It would be good if the people who spend so much time attacking Microsoft's security issues considered that UNIX generally and Linux in particular are not exactly fault free.
How can anyone who runs sendmail throw stones at Microsoft? sendmail is a textbook case in how to write software that can never be secure. The program breaks every single one of the rules Bruce and Adam set out. There are plenty of better alternatives, yet sendmail remains the default through sheer inertia (you might want to route some bang path UUCP or OSI mail sometime you know).
UNIX only became secure as a result of trial and error. There never was a security architecture worth a damn. For many years the main contribution to the security world from the UNIX security architecture folk was discouraging people from using shaddow password files.
The security model of all modern operating systems is based on the security model of MULTICS and comes from the age of the Multiple Access Computer. The security problem is defined in terms of a single machine that has multiple concurrent users. The addition of the network is an afterthought.
What this means is that very few of the security features in a modern O/S are actually of the slightest relevance to a machine running a Web server. In effect we end up with two parallel permissions structures, the one managed by the O/S and the one managed by the Web server.
Win2K and XP have Kerberos and PKI integrated into their core. The standard condfiguration supports IPSEC, S/MIME, SSL, Kerberos, Smartcard login, Encrypted File system. Measuring security in terms of cryptographic features Microsoft wins hands down (Microsoft are good on features).
Linux on the other hand is not in anywhere near such a good position. Security packages are available but it is left to the end user to integrate them. Linux also lacks anything that resembles the 'Security Administration Guide' mentioned in the rainbow series books.
Security is not a binary condition. The problem I see for Linux is complacency. There are too many weenies out there whose knowledge of security is actually minimal who tell people Linux is secure because that is what they have been told. None of the O/S on the market are particularly secure. Windows has a great security architecture that the crappy applications completely bypass. UNIX has a crappy architecture and some very well tested applications whose security bugs have been largely eliminated by trial and error.
People in the OSS community can go arround telling each other that Linux will always be more secure than Windows if they like, but that won't make it true. Gates has essentially served notice that Microsoft is going to be upping the ante here. That does not mean that they will win, but a lot of work is going to have to be done if Linux is going to keep up. Fotunately it is not necessary to integrate PKIX into Linux as Microsoft did with Windows, the OSS community could skip a PKI generation and move straight to using new technology such as XKMS and SAML.
Re:Security Focus gets it right. I doubt M$ will (Score:3, Insightful)
Realize that it will take them three or four tries to get this Security thing down though. It has with everything else:
- How many incarnations has MSN had?
- Do you even remember Windows 1 or 2 -- or even 3.0? (I'm sure someone will reply in the affirmative, but most of you haven't)
- those stupid e-book tablets (haven't won here yet) or palm computing (same here)
- What was the first version of IE that didn't completely suck? (You want to say that IE is different, but it isn't. They basically play all their games this way.)
And with $20b in the bank, they can afford to have an army of coders comb through existing libraries looking for defects. They can afford to have scores of UI designers and HCI evaluators to see exactly how much security people are willing to deal with. Better yet, they can afford to screw up two, three, maybe even four or five times before they finally get it right. And the world will just have to live with it.
They will screw up someday. It might be Security that does it. It might be something else that brings them down. But don't just dismiss the new Security focus as FUD. Pay attention.
Critique of your apologetic (Score:3, Insightful)
Citations, please? By most accounts, Unix had already penetrated far outside academia by the time the 1990's rolled around.
So what? Does one sin excuse the other? Is there any lack of focus on Unix and Linux security issues? If I run IIS do I give up the right to criticize Apache?
Never is a long time. What box-breaching flaws are in the latest release? Oh, you were referring to those older releases still installed all over the place. Like the old NT 4 boxen, and the unpatched IIS, and Win95's nukable TCP stack, and
My retort is the same as Microsoft's: UPGRADE
The program breaks every single one of the rules Bruce and Adam set out.
Bruce and Adam are not the only ones writing rules. Appealing to authority plays well to the unwashed masses who don't know any better. That's why it's a favorite of Microsoft spin doctors (and government spin doctors, and media spin doctors, and...)
UNIX only became secure as a result of trial and error.
This is partly why it has the level of trust that it does. We have experience with it, and know what to expect.
For many years the main contribution to the security world from the UNIX security architecture folk was discouraging people from using shaddow [sic]password files.
I think you meant "encouraging people to use shadow password files".
Win2K and XP have Kerberos and PKI integrated into their core.
What does that mean?
The standard condfiguration supports IPSEC, S/MIME, SSL, Kerberos, Smartcard login, Encrypted File system. Measuring security in terms of cryptographic features Microsoft wins hands down (Microsoft are good on features).
Microsoft is also good at winning irrelevant feature comparison contests. What is there to assure anyone that these features are any more secure than the other featureful crap that got Microsoft into trouble in the first place? How do we know these services do not harbor even bigger holes than the ones we know about already elsewhere in the OS? At least with IIS, we can have a clue that it ought not be left turned on except where it is required. Who is going to turn off security "features" as a matter of course, even if it's the right thing to do, as it is with IIS features? Today's features are tomorrow's embarrasing exploit. It matters not one bit whether the features are characterized as the "security" type of features. If they are written poorly, they can be exploited. If they are not needed, but are enabled anyway, they pose a needless risk. Needless risk is where Microsoft excels.
The problem I see for Linux is complacency. There are too many weenies out there whose knowledge of security is actually minimal who tell people Linux is secure because that is what they have been told.
That's pretty fucking funny. Complacency on the part of MCSE-types is why Microsoft software is such a problem. Nimda was not propagated by web servers running on Linux. It was propagated by IIS webservers running on Microsoft systems operated by complacent Microsoft admins.
But Linux users and distro preparers are learning. Newer distros come with everything turned off. Even after it was shown that unwitting NT and W2K users' PCs were propagating worms because the users had no idea a web server was even running, much less that it needed patching, XP still comes with everything turned on.
Wake me up when XP2 ships, and let me know if stuff is still on out of the box.
Windows has a great security architecture that the crappy applications completely bypass.
If it was a great architecture, the apps would not be able to bypass it.