Forgot your password?
typodupeerror
Security

Can You Trust Microsoft On Security? 189

Posted by timothy
from the trust-to-do-what dept.
simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)
This discussion has been archived. No new comments can be posted.

Can You Trust Microsoft On Security?

Comments Filter:
  • Apr, 1st (Score:5, Funny)

    by ceeam (39911) on Tuesday April 01, 2003 @07:58AM (#5637196)
    I liked the "whitespace" joke better.
  • Umm... (Score:5, Insightful)

    by evil_one (142582) on Tuesday April 01, 2003 @08:00AM (#5637203) Homepage
    I don't think that the Yahoo! story is a Joke... it was posted 03/31 not 04/01... If it is, please correct me. I'd like to be wrong here.
    • Re:Umm... (Score:5, Funny)

      by Pharmboy (216950) on Tuesday April 01, 2003 @08:04AM (#5637222) Journal
      I don't think that the Yahoo! story is a Joke... it was posted 03/31 not 04/01... If it is, please correct me. I'd like to be wrong here.

      Hey, april fools or not, trusting Microsoft with your security IS A JOKE ;-)

      (and no, for once, I didn't bother reading the article. whats the use of having excellent Karma if you can't burn some every now and then?)
      • by SgtChaireBourne (457691) on Tuesday April 01, 2003 @08:12AM (#5637242) Homepage
        No worries. The next upgrade will fix it.

        Microsoft Corp. has announced that later this month Bill Gates will give a world-wide video conference to finally explain dot-Net. "It's time to ascend to the next level", Gates said, "we've cut elsewhere drastically in order to augment our sales staff in time for the event". Business leaders should expect calls, visits, and treats during the next month from Microsoft sales staff to ensure that all end users have installed the license for the current Windows Media Player and the licenses for the latest service packs. Calls will be followed by onsite visits. Microsoft sales staff, all licensed notary publics, and Business Software Alliance inspection teams to ensure that each and every the click-through agreement is followed up with a notarized contract.

        As part of the treat, each site will receive packets of flavored drink mix for a special toast at the end of the teleconference. MSCEs will give instructions on the preparation of the mix and will assist the sales staff in dispensing to executive staff.

      • perhaps a decade or more before systems are trusted the way we envision," a Microsoft spokesman said [emphasis mine].

        How many generations is that in Net years? And what's "the way we envision"? It sounds like they're working toward the day when they'll have the power to compel people to "tell everyone about your MS-patriotism or we'll send you to a reeducation camp." What's good for MS is good for North Kore^H^H^H^H^H^H^H^H ... oh, to hell with it.

        Koetzle also said that IT professionals should work more

      • You know, it IS TRUE. all you have to do is flame Microsoft and you get modded up.....from people using windows no less.

        I mean I wrote the damn post, and I don't even think its that funny.

        Ok, so mod the parent DOWN as overrated, and mod this one UP as "insightful"

        Thank you for your cooperation. ;-)

        ps: i actually like windows.
    • No, the Yahoo! story isn't, but the distrowatch story is (obviously).

      Quite hilarious, too...Particularly this screenshot [serve-you.net] of the Windows XP desktop. :)

  • Are we surprised? (Score:5, Insightful)

    by rf0 (159958) <rghf@fsck.me.uk> on Tuesday April 01, 2003 @08:01AM (#5637208) Homepage
    With the recent spate of MS problem such as the slammer worm, IIS vunrabilities etc their public image is tarnished at best. However I think what people realise is that most programs have potential security holes. What people want is a quick response to the problem.

    Take the two recent sendmail issues. Two big holes were found but fixes were available straight away. What about MS? Well I believe the record is 6 months after an exploit is in the public domain. Now thats why I have trouble trusting MS

    Rus
    • 6 months? (Score:3, Interesting)

      by SHEENmaster (581283)
      They are ignoring an NT error that appeared before NT 4's EOL. IMHO, the clock started ticking then and won't stop until the bug is fixed.

      There has to be an example more than 6 months!
      There just has to be!

      Proof that winshit isn't crap.
      1. Take a pile of crap.
      2. Put it on your desk.
      3. See if it's exploited.
      4. Realize that crap is the superior system.
      • Is it really that hard to write Windows and Microsoft. Writing stuff like Winblows, Winshit and Micro$oft just make you seem immature.
    • Re:Are we surprised? (Score:4, Interesting)

      by Anonymous Coward on Tuesday April 01, 2003 @08:16AM (#5637253)
      What people want is a quick response to the problem.

      As MS are always saying - and the article admits it's true - they are actually pretty good at releasing patches for most (not all) vulnerabilities quickly.

      The security problem is that admins don't apply these patches, because they too often break something that was working before. This is a result of either shoddy testing on MS's part, or unclear specifications and documentation encouraging third-party programmers to make use of facilities they're not supposed to know about.

      Microsoft is suffering raging split personality. Part of it wants programmers to use every last nook and hook of the code to squeeze the best possible performance out of it; another part of it wants to control (limit) the features available to third-party programmers, so that it retains the freedom to change inner workings without breaking their code.

      This is a major QA problem for MS, and I think - from the tone of their talk on "Trustworthy" computing - that at least some of them are aware of it.
    • Re:Are we surprised? (Score:4, Informative)

      by lseltzer (311306) on Tuesday April 01, 2003 @08:51AM (#5637350)
      How can you raise the slammer worm and then say that Microsoft doesn't respond quickly? The article makes clear that attacks on Microsoft products were an average of 305 days after Microsoft patched them, and this was famously the case with respect to slammer. People aren't applying the patches in spite of clear warnings.
      • Slammer (Score:5, Insightful)

        by SgtChaireBourne (457691) on Tuesday April 01, 2003 @09:32AM (#5637559) Homepage
        Security is the last nail in the coffin.
        People aren't applying the patches in spite of clear warnings.
        Even Microsoft's own servers got hit by Slammer. It has been quit common for Microsoft's security upgrades to break something else, fail to fix what they claim to fix, and/or introduce additional holes. The Slammer worm showed that even Microsoft knows that it's patches can be unhealthy for production systems. Other companies and software projects just don't have this kind of quality problem.

        Even if the patches worked, and even if it had been an old-style, slow worm, you can't patch fast enough [gartner.com]. But it wasn't. Slammer reached saturation in 8.5 minutes [berkeley.edu]. Most likely this story was a tidbit to draw fire away from the quarterly financial statement or from the DRM/Palladium stealth payload in Windows Server 2003 + Office 2003.

        Sure folks may wish to run Microsoft products for ideological reasons, but there aren't any technical ones and now the market is changing [zdnet.co.uk]. C*Os have figured out the OS X, RedHat, Mandrake, Debian, OpenBSD, etc. are much easier install and maintain than Windows Xp and far more flexible and secure -- both on the workstation and the server. Novell Netware should also be mentioned as excellent. C'mon when was the last time you heard of MS machine reaching an uptime of more than 200 days? That would be embarassingly short for QNX and Novell.

        Microsoft has been to computing what Big Tobacco was to sports.


        • Windows XP Service Pack 1 causes memory management problems that my experience shows are far, far worse than Microsoft says. The new 815411 patch [microsoft.com] seems to fix the problems on the one system on which I have tested it. The title is "Programs Run Slower After You Install Windows XP SP-1", but that doesn't make sense. Why do they run slower? Because the operating system is trying to recover from memory management errors?

          To see the problem, start 20 instances of Mozilla, each with 10 tabs. As you are doing this, you will find that the responsiveness of the Windows XP system becomes much slower. Then, when the limit of installed memory is reached, and the system begins using virtual memory, all instances of Mozilla will crash. After the crashes, the Windows XP system remains unstable. The instability can only be fixed by re-booting.

          See the Slashdot article: XP Service Pack Slows Programs [slashdot.org]

          The Slashdot article referenced this article: Service Pack glitch causes system slowdowns [vnunet.com] (Notice the nonsense subtitle in this article: "Windows XP SP1 update flaw affects memory-allocating programs".)

          Microsoft is apparently afraid that the patch causes more problems, so the patch has limited availability. Also, by making people who want the patch call Microsoft, the company may be collecting information about the problems people are having. It seems from the way the notice of the patch is worded that if you call Microsoft, you may have to pay.

          I downloaded the patch from other sources, and found that they all were the same, so that relieved worries of a bad patch.

          Sources:

          Neowin [neowin.net]

          Q815411_WXP_SP2_x86_ENU.exe [ntlworld.com]

          Q815411_WXP_SP2_x86_ENU.exe [rene-hennig.de]

          Q815411_WXP_SP2_x86_ENU.exe [t-online.de]

          http://www.paricom.com/matt/xphotfix/ [paricom.com]

          • One system I patched still has major problems, but seems faster and more reliable. (Intel 815EEA2 motherboard, 866 MHz P3 processor, WinXP SP1, with Q815411 patch.)

            I'm now running a test with a Gigabyte 81EXP motherboard, Intel chipset, 2.53 MHz P4 processor. No results yet.
        • Yes, the servers got bit by Slammer. But what do you think their support centers run to support customers? How are they supposed to do regression testing? With only the latest version of everything with all the latest patches? Obviously not. And yes, those machines were isolated. But it only takes one machine to saturate a hub, and that hub going down affects nearby architecture, etc. etc.

          Not to mention 3rd party apps that used MSDE that were not patched. That opened up a whole new can of worms.

          Not to
      • How can you raise the slammer worm and then say that Microsoft doesn't respond quickly? . . . People aren't applying the patches in spite of clear warnings.

        Yeah, right. And the patches [computerworld.com] work so well, too.

      • "How can you raise the slammer worm and then say that Microsoft doesn't respond quickly? The article makes clear that attacks on Microsoft products were an average of 305 days after Microsoft patched them, and this was famously the case with respect to slammer. People aren't applying the patches in spite of clear warnings."

        Exactly how are system administrators supposed to keep up with the rate at which MS patches come out? It can take 6 to 8 months for very large organizations to properly test patches to
      • ... and dangerous on their own right.

  • Trust... security?? (Score:4, Interesting)

    by fruey (563914) on Tuesday April 01, 2003 @08:01AM (#5637210) Homepage Journal
    You cannot trust anyone on security

    Beware of the man behind the curtain

    However, even the non paranoid don't trust Microsoft. The problem is evidently that the suits are going for Microsoft while the techies (the real ones, who didn't get the job by the list of MCSEs in their CVs) just get beaten into submission.

    • Why don't Microsoft stick to what they Excel® at?

      Anti-trust!

    • by Anonymous Coward
      1. I agree that nobody should be trusted on Security. We all need to be educated on Security, and be able and willing to act on it. Even the most secure products can be defeated by ignorance.

      2. As a Developer who has programmed with MS Access since 1.0 and VB since 3, I disagree with your notion that Techies do not like Microsoft. You might want to check out sites like "AngryCoder" ( http://www.angrycoder.com [angrycoder.com]) run by people who are definitely pro-Microsoft, but also willing to criticize Microsoft where th
    • Anyone who just looks at the SW to be secure and doesn't put up firewalls and IDS all throughout their enterprise is going to get screwed. Likewise, if all you do is put up firewalls and IDS and don't bother to keep your servers (Windows or otherwise) patched and monitored, you're still going to lose your data.

      Purchase your components based on need. (duh!) If you need to run a certain app, then you may be left with Windows. It is then up to you to secure it with your own effort.

      All these articles about ho

  • No, I'll never trust Slashdot on anything today.
    I mean, NEVER
  • Is this rhetorical?
  • by Anonymous Coward on Tuesday April 01, 2003 @08:02AM (#5637215)
    Because if you can't trust the NSA, who can you trust?
  • Again ? (Score:3, Insightful)

    by Thanatiel (445743) on Tuesday April 01, 2003 @08:05AM (#5637224)
    This one is not even funny ...
    That's why I don't like 1st april : You can't really trust what you read on the news for a whole day. I mean you can trust the news even less than usual.

    • Pentagon: Inside sources confirmed saddam has been killed by a lucky bullet.

      CNN: 'Allied' troops greeted with flowers.

      Al Jazeera: Showing earlier pictures of soldiers handing flowers to civilians.

      Bush: On to the next lot!

      Pentagon: April fools!
  • by Pilferer (311795) on Tuesday April 01, 2003 @08:05AM (#5637225)
    The review is also available on mirror1, mirror2, mirror3, mirror4

    Yay! Slashdot is finally going to mirror content!

    Oh wait, what day is it?
  • No.

    Argumentation: WinNuke, the exploits in WinXX discovered on monthly basis, Microsoft's soddy handling of personal information, their suspected cooperation in handling email addresses to spammers, the suspicion of backdoors in Windows. etc.
  • by eclectro (227083) on Tuesday April 01, 2003 @08:07AM (#5637231)

    It's time to turn off the computer for a day. Go outside. Walk around a little bit. Look up to the sky and feel the wind and sun against your face. Try to become friends with a girl.

  • obvoiusly not. (Score:4, Insightful)

    by ethelred (587527) on Tuesday April 01, 2003 @08:08AM (#5637233)
    Trust is earned. You don't becone trustworthy, just by marketing. Ask yourself "Has Microsoft earned my trust?"
    • Re:obvoiusly not. (Score:4, Insightful)

      by TopShelf (92521) on Tuesday April 01, 2003 @09:21AM (#5637504) Homepage Journal
      Trust is truly the operative word here. As the article points out, patches were available for Slammer and other attacks, but admins didn't feel confident that installing these patches wouldn't cause further problems. The patch is worthless if people won't install it...
      • So? Was this an "everything and the kitchen sink" sort of Microsoft patch or was it a patch that only addressed the particular issue? Microsoft also has a reputation for Trojan Horse style patches.
  • seriously... (Score:4, Interesting)

    by newsdee (629448) on Tuesday April 01, 2003 @08:10AM (#5637237) Homepage Journal
    I sometimes wonder if the trust on MS is not on security but in responsibility.

    In other words, companies would prefer to use MS products because they can lay the blame on it if something goes wrong, and shift responsibility for a solution to them.

    OOS is either very distributed or you have to work it yourself, which presents an additional risk for your person. I have no doubt that many are willing to take the blame as trade-off for ditching MS, though.

    Maybe if an insurance company were to offer "computer bug funds", things would change. :-) But they would be quickly overrun with requests...

    • Which company has ever sued Microsoft for things that went wrong ?

      If no one ever sued Microsoft for this reason, does that mean that their products are good ?

      'Why are you spraying this powder all around ? Cough, cough...'

      'It's against pink elephants.'

      'I do not see any pink elephants here !?'

      'Good powder, ain't it ?'

  • by mAineAc (580334)
    was found here [com.com] yesterday. I don't think it is a joke.
  • by Compact Dick (518888) on Tuesday April 01, 2003 @08:14AM (#5637246) Homepage
    in the review is a BSOD [distrowatch.com].

    What's more, a fatal exception has occured at F0AD:42494C4C.
    • by Anonymous Coward
      What's more, a fatal exception has occured at F0AD:42494C4C.

      Also, check the bytes:
      0x42 = 'B'
      0x49 = 'I'
      0x4C = 'L'
      0x4C = 'L'


      • The two consecutive 4Cs should've given it away.
  • by peterdaly (123554) <petedaly@ix.n e t c o m . c om> on Tuesday April 01, 2003 @08:14AM (#5637247)
    Koetzle noted that while Microsoft's patches for the last nine high-profile Windows security holes predated such attacks by an average of 305 days, too few customers applied the fixes because "administrators lacked both the confidence that a patch won't bring down a production system and the tools and time to validate Microsoft's avalanche of patches."

    I know I have totally screwed at least one "critical" production server by installing a service pack. Granted, that was NT4, which on the whole is just an impossible architecture to patch...or so they say.

    Lack of security from the ground up in their design is what I believe the problem really is. The lack of a simple "bring this server up to date" scheduler doesn't help either. Even if they had that, people wouldn't use it due to patches toasting systems in the past.

    -Pete
  • by Anonymous Coward
    I would avode using M$ software for this very reason and because Windows Server(s) get more unstable the longer they are running. With a Linux or BSD system you can have it running and very secure right out the box. I know that Linux has had a few security run-ins but at least when you apply a Linux patch it does bring down the entire system -

    1999 - Applied cumalative security fix to IIS and ended-up having to completely re-install the entire server after it became unstable. The two things might not be lin
  • So it is an article that for the most part says nothing

    For the /. laziody, the synopsys is as follows:

    Microsoft, while maybe not the most secure operating system in the world, is

    1. trying, vis-a-vis the whole "trusted computer" thing
    2. not really to blame for many of the egregious stuff as of late, as they have issued many security patches that would take care of problems. They are blaming lazy sysadmins for not updating machines.

    But the real story is... what is with that picture? It consists of two gu

  • by abulafia (7826) on Tuesday April 01, 2003 @08:22AM (#5637271)
    From the article:
    While 77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows, 89 percent still use the software for sensitive applications[...]

    So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications". Of course, they probably have very little choice in the matter, and hopefully they take my tack of firewalling it off from everything when forced to use it.

    I was just getting at the obvious false statement in the teaser - the respondents *are* trusting Win, they just aren't *happy* about having to.

    • by Pharmboy (216950) on Tuesday April 01, 2003 @08:42AM (#5637324) Journal
      So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications".

      Actually, its doesn't prove that at all. Its partially a matter of who makes the decisions about applications (often clueless managers) and some may only run on windows. The other part is left over infrastructure from years past, like our office, where we still have programs we use left over from windows 3.0 days. yea, i know...
      • If we rephrase the statement to

        77% of people asked say getting their money back from Benny "The Cheat" Malone is a top concern, however 89% continue to loan him money.

        Would you say they are trusting Benny?

        Actually, its doesn't prove that at all. Its partially a matter of who makes the decisions about applications (often clueless managers) and some may only run on windows[...]

        To address your exact words, are you trying to disagree with me? I originally said "Of course, they probably have very littl

    • Trust Windows for sensitive application.

      I know that men think about sex all the time, but come one, this IS funny :)

      Prolly because of all the coffee I drank today... and as another post above mine said, what't the point of having excellent karma if not to get rid of some every now and then :)
    • I trust my windows machines with sensitive applications. I switch between windows and linux when i'm doing development at work (most time in Linux) and I use windows at home. I never had a problem with hackers getting into my computer or anything along those lines.

      Maybe it's because I have a Linux firewall protecting both networks? :)
  • by Lolaine (262966) on Tuesday April 01, 2003 @08:25AM (#5637278)
    I cant trust a company that says they cannot patch their own enterprise-level Operating System (only to force customers to buy a new one, because, IMHO "technical" excuses like that are ridiculous).

    If Microsoft says they cant patch, then open the source for us to patch it for free :)
  • The easiest thing to do, is to do what everybody else does and hope you're not a victim:

    "I hope the hackers pick on some other company."
    "I hope they lay off someone else in the next reorganization."
    "I hope the terrorsts blow up the Holland Tunnel when I'm not in it."

  • Please... (Score:2, Insightful)

    by Tsunamio (465339)
    Either post real news or post funny fakes, but don't combine the two, it just confuses people-which are real, which aren't? And that ruins the whole 'news for nerds' part. If you're bound and determined to do multiple April Fools stories, just give up April 1st for real news, it can wait a day.

    And if this is just not funny, work on that too.
  • My Opinion (Score:3, Funny)

    by nicotinix (648645) on Tuesday April 01, 2003 @08:33AM (#5637295) Journal

    Microsoft is as secure as a Ford Pinto is safe.
  • In reality (Score:3, Insightful)

    by KoolDude (614134) on Tuesday April 01, 2003 @08:35AM (#5637305)

    Three-fourths of computer software security experts at major companies surveyed by Forrester Research Inc. do not think Microsoft Corp.'s products are secure


    The other one-fourth use *nix and were unable to comment... ;)
    • The funny thing about that quote (to me anyhow) is that the relevant stock prices were listed as well.

      Forrester is down. MS is up.

      I hope that's the April Fools bit, but I doubt it.

  • by secondsun (195377) <secondsun@gmail.com> on Tuesday April 01, 2003 @08:36AM (#5637308) Journal
    I only trust an operating system as far as I can throw it. After comprehensive tests windows XP CD's fly 300 feet when launched from my skeet shooter and are still bootable. But most of my Linux CD's never survive the launch process so I there fore I can not trust Linux since I can't throw it.
    • Re:Trusting OS's (Score:3, Interesting)

      by Catiline (186878)
      I trust an operating system based on how many different processor architectures it has been ported to. Since Windows runs only on x86 I vest very little trust in it. Mac X provides an interesting contrast: I trust the BSD core a little (as it runs on several architectures) but the Darwin interface is, like Windows, single architecture and hence effectively untrusted. Linux, of course, is generally as trusted as BSD with a few notable exceptions (Gentoo-- runs on any architecture with a C compiler...)
  • by Snaller (147050)
    From the article:

    I would stay up all night consuming massive amounts of coffee, cola, and pizza. I lost weight, my skin became pale, I allowed my hair to grow long, gave up shaving, and never took a bath.

    How can he eat massive amounts of pizza and loose weight?!
    • How can he eat massive amounts of pizza and loose weight?!

      He probably forgot to mention that along with the message from monique@bigboobies.com, there was one from super_diet_pills@getyourmedsnow.com, offering revolutionary new pills (developed by doctors, no less, and reported in the New England Journal of Medicine) that would indeed allow him to eat pizza and lose weight.

      I've often wondered if you have to eat pizza while you're taking these pills, and if so, what happens if you don't...

  • About wether or not this story is true; follow your geek instict: Can You Trust Microsoft On Security?
  • Newsflash: Due to date errors, April Fools Day (The first of April) was confused with Captain Obvious Day (The fourth of January). Slashdot has risen to the challenge, howeever and you can expect to see posts about the sky being blue, the grass being green and admin not trusting Microsoft.
  • will be distributed without binaries, which will improve security significantly and will remove the need for copy protection, service packs, and employees.

    The EULA for this release is reported to read simply: "FSF Lawyers are weenies".

  • by Ececheira (86172) on Tuesday April 01, 2003 @08:52AM (#5637354)
    Granted, it's from an April Fools story, but couldn't they even try to get the BSOD screen shot right?

    That BSOD version is from Win9x versions... the NT-based BSOD has the text at the upper left of the screen, and no CTRL-ALT-DEL message either.
    • The point being: so few people have seen a Windows XP BSOD that it was necessary to bring in one from the much, much less stable NT 4.0. And since the whole skit is playing to a Linux zealot audience, they wouldn't know as the last time they ran a Microsoft OS was when NT 4.0 was current.
    • I dunno, I read that and my inner-reading-voice intoned as Comic Store Guy from Simpsons. :)
  • by DrTentacle (469268) on Tuesday April 01, 2003 @08:54AM (#5637361)
    Given that the Windows codebase has evolved over so many versions, it's hardly surprising that there are plenty of security holes. If the foundation is shakey, don't expect the building to stay up. Especially in a closed-source environment where the number of people scrutinising the code is minimal.

    It seems to me that one potential benefit for MS from it's .Net products is the opportunity for them to start over with their security. The models in place for .Net apps are superior to what was previously on offer for Windows development. They even throw in stuff like run-time buffer overflow detection...if you turn it on.

    Given that the number of .Net security problems so far appears to be minimal, MS could improve their image as being poor in security, provided they get sufficient take up...and don't screw it up this time around...
  • Bork Bork Bork (Score:2, Informative)

    by Mintee (465975)
    "Since "product activation" is necessary to get the system working, XP proceeded to dial my modem and register my personal data with Microsoft Passport, while at the same time signing me up for MSN and billing my credit card without asking. How convenient can you get?"

    So So Terrible, Yet So So True!
    All Hail APRFLS God. Mr. Gates!
    And wasn't M$ founded on April 1st.
  • by m00nun1t (588082) on Tuesday April 01, 2003 @09:09AM (#5637437) Homepage
    It's all very easy to sit around and put each other on the back and say "yes, well, we've known this for years". We know that Bill made his big trustworthy computing announcement, and he said it was a forward looking initiative - they were going to focus on getting new products right rather than going back and re-architecting old products (a decision I agree with).

    So, Windows Server 2003 was RTMed last week - the first OS released post-trustworthy computing. Let's wait and see the fruits of Bills initiative, rather than keep flogging that same dead horse. If windows 2003 has good security, well, maybe they have a chance. If it doesn't, forget it, game over.
    • Here we will be, complaining about the same things when the next version of Windows is probed and tested, and then you will raise your karmaless self to say "let wait for the next version, if that suck then yeah, they will never learn".

      The time is here and now, and the company has probed beyond doubt how they regard security in a networked world.
  • These experts seem to be commenting on implimentations, but they never have rolled it out. Unfortunately, most NT roll outs start with Bob in accounting in charge of the thing. By the time the NT network becomes important, it is fubared. Instead of blaming Bob's lack of IT skill, or questioning why they didn't hire an NT subject matter expert, they blame the product. Cleaned up after this mess many times. People are generally amazed at what happens when it is setup properly.
    • A few points:

      1. You can't blame Bob for MS patches that break things. That is a problem at MS's end.
      2. You can't blame Bob for MS's security bugs. That is also a problem at MS's end.
      3. You can't blame Bob for being leery of installing patches after he's figured out point 1.
      4. You can't blame Bob for NT having a fragile Registry prone to corruption.
      • Counter points:
        1. I will blame Bob for not RTFMing before applying something and not installing in a TEST environment first.
        2. I will blame Bob for not setting up any security to begin with. Installing just with the defaults is a big no-no, and Bob isn't learning this lesson, is he?
        3. Bob wouldn't be leery if he TESTS before he applies. Bob is expected to adapt and improvise after a bad experience, not hide under a rock.
        4. No, but I'll keep my rock solid registry that doesn't corrupt anywhere near as much as you t
  • Koetzle also said that IT professionals should work more closely with Microsoft and companies that write software for Windows to make sure computer systems are more secure, instead of blaming Microsoft for security breaches.

    The funny thing is that when I offered cooperation, in particular in the resolution process of a new vulnerability (which requires a certain amount of information sharing and therefore trust, admittedly), Microsoft engineers were just too eager to point out that this kind of cooperatio
  • by Flamesplash (469287) on Tuesday April 01, 2003 @10:20AM (#5637778) Homepage Journal
    The survey polled 35 software security experts at $1 billion companies.

    35 people speaking for how many actual software users/developers?

    Isn't this the same as saying that if the president agrees with something then all americans do to?
  • "Always trust content from Microsoft Corporation?"

    There's a "Yes" button and a "No" button... but where the hell is the "HELL F*CKING NO" button?
  • It would be funnier if they actually got a real Windows XP stop error and displayed it.
  • This may not be popular on /., but Microsoft aren't the only people who have bugs in their code (Oracle's openhack entry was XSS'd but not M$'s). Admittedly the seem to have more than their fair share. I belive this will change in the future. Microsoft seem legitimately concerned about security and the reputation their products have. I've read the second version of "writing secure code" from MS press, and it is an excellent book for windows developers, but reading some of it it sounded more like an _interna

In 1869 the waffle iron was invented for people who had wrinkled waffles.

Working...