Can You Trust Microsoft On Security? - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Can You Trust Microsoft On Security? 189

Posted by timothy on Tuesday April 01, 2003 @07:57AM from the trust-to-do-what dept.

simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)

This discussion has been archived. No new comments can be posted.

Can You Trust Microsoft On Security?

Search 189 Comments Log In/Create an Account

Comments Filter:

Trust... security?? (Score:4, Interesting)

by fruey ( 563914 ) writes: on Tuesday April 01, 2003 @08:01AM (#5637210) Homepage Journal

You cannot trust anyone on security
Beware of the man behind the curtain
However, even the non paranoid don't trust Microsoft. The problem is evidently that the suits are going for Microsoft while the techies (the real ones, who didn't get the job by the list of MCSEs in their CVs) just get beaten into submission.

Share
twitter facebook
6 months? (Score:3, Interesting)

by SHEENmaster ( 581283 ) writes: <travis @ u t k .edu> on Tuesday April 01, 2003 @08:09AM (#5637235) Homepage Journal

They are ignoring an NT error that appeared before NT 4's EOL. IMHO, the clock started ticking then and won't stop until the bug is fixed.

There has to be an example more than 6 months!
There just has to be!

Proof that winshit isn't crap.
1. Take a pile of crap.
2. Put it on your desk.
3. See if it's exploited.
4. Realize that crap is the superior system.

Parent Share
twitter facebook
seriously... (Score:4, Interesting)

by newsdee ( 629448 ) writes: on Tuesday April 01, 2003 @08:10AM (#5637237) Homepage Journal

I sometimes wonder if the trust on MS is not on security but in responsibility.

In other words, companies would prefer to use MS products because they can lay the blame on it if something goes wrong, and shift responsibility for a solution to them.

OOS is either very distributed or you have to work it yourself, which presents an additional risk for your person. I have no doubt that many are willing to take the blame as trade-off for ditching MS, though.

Maybe if an insurance company were to offer "computer bug funds", things would change. :-) But they would be quickly overrun with requests...

Share
twitter facebook
Re:Are we surprised? (Score:4, Interesting)

by Anonymous Coward writes: on Tuesday April 01, 2003 @08:16AM (#5637253)

What people want is a quick response to the problem.

As MS are always saying - and the article admits it's true - they are actually pretty good at releasing patches for most (not all) vulnerabilities quickly.

The security problem is that admins don't apply these patches, because they too often break something that was working before. This is a result of either shoddy testing on MS's part, or unclear specifications and documentation encouraging third-party programmers to make use of facilities they're not supposed to know about.

Microsoft is suffering raging split personality. Part of it wants programmers to use every last nook and hook of the code to squeeze the best possible performance out of it; another part of it wants to control (limit) the features available to third-party programmers, so that it retains the freedom to change inner workings without breaking their code.

This is a major QA problem for MS, and I think - from the tone of their talk on "Trustworthy" computing - that at least some of them are aware of it.

Parent Share
twitter facebook
Definitions of "trust" (Score:5, Interesting)

by abulafia ( 7826 ) writes: on Tuesday April 01, 2003 @08:22AM (#5637271)

From the article:
While 77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows, 89 percent still use the software for sensitive applications[...]
So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications". Of course, they probably have very little choice in the matter, and hopefully they take my tack of firewalling it off from everything when forced to use it.
I was just getting at the obvious false statement in the teaser - the respondents *are* trusting Win, they just aren't *happy* about having to.

Share
twitter facebook
.NET a way out for MS? (Score:4, Interesting)

by DrTentacle ( 469268 ) writes: on Tuesday April 01, 2003 @08:54AM (#5637361)

Given that the Windows codebase has evolved over so many versions, it's hardly surprising that there are plenty of security holes. If the foundation is shakey, don't expect the building to stay up. Especially in a closed-source environment where the number of people scrutinising the code is minimal.

It seems to me that one potential benefit for MS from it's .Net products is the opportunity for them to start over with their security. The models in place for .Net apps are superior to what was previously on offer for Windows development. They even throw in stuff like run-time buffer overflow detection...if you turn it on.

Given that the number of .Net security problems so far appears to be minimal, MS could improve their image as being poor in security, provided they get sufficient take up...and don't screw it up this time around...

Share
twitter facebook
Re:Trusting OS's (Score:3, Interesting)

by Catiline ( 186878 ) writes: <akrumbach@gmail.com> on Tuesday April 01, 2003 @11:20AM (#5638028) Homepage Journal

I trust an operating system based on how many different processor architectures it has been ported to. Since Windows runs only on x86 I vest very little trust in it. Mac X provides an interesting contrast: I trust the BSD core a little (as it runs on several architectures) but the Darwin interface is, like Windows, single architecture and hence effectively untrusted. Linux, of course, is generally as trusted as BSD with a few notable exceptions (Gentoo-- runs on any architecture with a C compiler...)

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Mystics always hope that science will some day overtake them. -- Booth Tarkington