Forgot your password?
typodupeerror
Microsoft Security IT

Microsoft a Weak Link In Possible Cyber War 371

Posted by CmdrTaco
from the almost-as-bad-as-hfcs dept.
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
This discussion has been archived. No new comments can be posted.

Microsoft a Weak Link In Possible Cyber War

Comments Filter:
  • He said what? (Score:4, Insightful)

    by siloko (1133863) on Thursday June 10, 2010 @10:50AM (#32523546)

    Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods.

    If he really said that I bet Microsoft execs are spewing their cornflakes as we speak!

    • by decipher_saint (72686) on Thursday June 10, 2010 @10:51AM (#32523580) Homepage

      *in deep trailer-guy voice*

      "In 2010; Chairs WILL be Thrown"

    • Re:He said what? (Score:5, Insightful)

      by StuartHankins (1020819) on Thursday June 10, 2010 @11:05AM (#32523750)
      If Microsoft execs aren't already aware of that, they should be fired. Part of managing a company is knowing your weaknesses.
      • Re:He said what? (Score:5, Insightful)

        by siloko (1133863) on Thursday June 10, 2010 @11:06AM (#32523770)

        Part of managing a company is knowing your weaknesses.

        Knowing your weaknesses is not the same as having them advertised to the world by a White House advisor!

        • Re:He said what? (Score:4, Informative)

          by StuartHankins (1020819) on Thursday June 10, 2010 @11:16AM (#32523878)
          It's not as if people didn't already know about Microsoft's abysmal security record. Just a simple query such as http://www.google.com/search?hl=en&safe=off&client=firefox-a&hs=kKP&rls=org.mozilla%3Aen-US%3Aofficial&q=site%3A*.gov+microsoft+advisory&aq=f&aqi=&aql=&oq=&gs_rfai= [google.com] shows tens of thousands of hits. Maybe Microsoft will be shamed enough to take action and improve their products.

          I guess the point of it is "Is Microsoft the weak link when it comes to security?" to which the only answer can be "Yes." Kudos to the White House team for telling it like it is!
          • Re:He said what? (Score:5, Informative)

            by M. Baranczak (726671) on Thursday June 10, 2010 @11:25AM (#32523970)

            Clarke is not on the "White House team". He retired a few years ago. Come on, people, would it hurt you to at least read the summary?

            • The difference is academic in this case. You have someone who held a public position and is now making a bold statement. If this were some unknown person with shaky credentials it would not have been a story.
              • No, there's a big difference. If he was a current government official, then the statement would represent a government policy.

                • Re:He said what? (Score:5, Insightful)

                  by causality (777677) on Thursday June 10, 2010 @12:02PM (#32524372)

                  No, there's a big difference. If he was a current government official, then the statement would represent a government policy.

                  "This company dominated the market with low-quality products" is not a policy. It is an observation. It's true or it's false no matter who says it or how "official" they are. Try thinking for yourself and being less impressed with authority.

                • That is patently not true. A person who is part of an organization is always able to have personal opinions, unless of course, the person holds some sort of sole discretion in setting that particular policy, in which case one could safely presume that his opinion then is the policy.
                  Admittedly: If the opinion directly touches on something he does at the organization, he may need to put a massive disclaimer on his statement (that these are his own opinions) or in extreme cases even abstain from comment altog
            • Re:He said what? (Score:5, Insightful)

              by erroneus (253617) on Thursday June 10, 2010 @01:00PM (#32525088) Homepage

              Could it be that someone "out of office" is the only one with the freedom to say such things in public? Anyone in office would fear for his job. It would be my guess that this statement was desired and even requested by people in office. Who better than someone who once held the seat (read: an expert on the topic) and someone who has nothing to lose (read: already out of office).

        • What is being advertised? It's not a big secret or anything. Who in the IT world doesn't know that Windows is a weak link? The vast numbers of hackers in other countries writing malware already know this. Any IT security personnel worth their salt should already know this.
        • Re: (Score:3, Insightful)

          by Foofoobar (318279)
          Oh give me a break! If the entire tech community doesn't realize that Microsoft's security is a wet paper sack and a sign that says 'do not lean against' then they've been in a coma since before Robin Williams was funny.
        • Re: (Score:3, Funny)

          by ackthpt (218170)

          Part of managing a company is knowing your weaknesses.

          Knowing your weaknesses is not the same as having them advertised to the world by a White House advisor!

          There was something in Hamlet about a ghost not needing to appear to tell us this.

      • Re: (Score:3, Insightful)

        by gstoddart (321705)

        If Microsoft execs aren't already aware of that, they should be fired. Part of managing a company is knowing your weaknesses.

        I think by the time you get to the C-level execs, it's more about leveraging your synergies and maximizing your returns.

        They don't likely know much about the technology, and believing in the company and drinking the Kool-Aid is mandatory.

        In their mind, they produce high quality goods. The best there is.

    • by ackthpt (218170)

      Spew Cornflakes, sure.

      Actually do anything about it? Dream on.

  • Film at 11.

    I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      False.

      It may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.

      • [Windows] may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.

        Compared to home desktop PCs, servers are more likely to be administered by someone with a clue about locking down and updating the system. Small mobile devices have only a sporadic connection to the Internet, much like home PCs in the dial-up era, and many use an executable whitelist managed by the device maker. So barring a security hole in something like a home router appliance, desktop PCs running Windows are likely the juiciest targets for establishing a botnet.

        • by causality (777677) on Thursday June 10, 2010 @12:12PM (#32524486)

          Compared to home desktop PCs, servers are more likely to be administered by someone with a clue about locking down and updating the system.

          Most of whom choose a non-Windows OS. When people with a clue avoid something and people who don't know better flock to something, it says a lot about that something.

          To put it another way, I have never met a person who was highly competent with using Windows and also highly competent with using a Unix-like OS (Linux, *BSD, etc) who still preferred Windows. I'm sure someone will pipe up now that I've posted this but the point remains, such people are quite rare. Your preference for one thing is meaningless if you are not at least as familiar with an alternative.

          So barring a security hole in something like a home router appliance, desktop PCs running Windows are likely the juiciest targets for establishing a botnet.

          Actually a beefy *nix server with extremely high bandwidth, multiple CPUs, and multiple gigs of ram is the juiciest target to be a member of a botnet. It's also a lot more difficult to compromise. Windows PCs are not the juiciest targets. They are the low-hanging fruit that can be harvested in large numbers with automated tools, making it not worthwhile for the botnet owners to spend too much effort taking over any one target no matter how tempting it is.

          • by Amouth (879122) on Thursday June 10, 2010 @12:27PM (#32524700)

            Actually a beefy *nix server with extremely high bandwidth, multiple CPUs, and multiple gigs of ram is the juiciest target to be a member of a botnet. It's also a lot more difficult to compromise. Windows PCs are not the juiciest targets. They are the low-hanging fruit that can be harvested in large numbers with automated tools, making it not worthwhile for the botnet owners to spend too much effort taking over any one target no matter how tempting it is.

            I'd tend to disagree with that comment - look what bot nets are used for?? very rarely are they used for mass processing power or for anything more than a spamming and dos'ing..

            - A personal computer on a basic always on connection which tend to keep a dynamic ip for several days then move (some providers it is longer) VS a server that doesn't..

            - a Home computer with a user none the wiser that doesn't even bother to see what is running VS a server that would have an Admin responsible for it and regulatory checking up on thing

            - a home computer on a dynamic ip block owned by a large telcom who doesn't give a shit about crap on that part of the network that won't cut it off or relay infection details or won't respond to your calls VS a server on a company owned block that will checkup on reports and will respond.

            In my experience when we are getting spam or bot attacks - if the source is coming from a private company's network or anyones owned IP block (not blocks for residential service) they always respond to inquiry and normally say thank you. I've NEVER had one blow me off - Now when it's coming from some dynamic block I've been blown off so many times that i don't even bother calling them.

            Take it how you will but i think you are confusing what you personally would want to have with what is sufficient and functional for bot nets.

            • Re: (Score:3, Interesting)

              by causality (777677)

              I'd tend to disagree with that comment - look what bot nets are used for?? very rarely are they used for mass processing power or for anything more than a spamming and dos'ing..

              Things that require little processing power but do require lots of (aggregated) bandwidth. This is where it's easier for botnet owners to compromise a thousand Windows PCs connected via cable modems than one or two high-end multi-homed Unix servers that could handle the same load.

              Botnet owners also have a disadvantage: they don'

          • by eth1 (94901) on Thursday June 10, 2010 @02:27PM (#32526046)

            To put it another way, I have never met a person who was highly competent with using Windows and also highly competent with using a Unix-like OS (Linux, *BSD, etc) who still preferred Windows. I'm sure someone will pipe up now that I've posted this but the point remains, such people are quite rare. Your preference for one thing is meaningless if you are not at least as familiar with an alternative.

            OK, I'll bite :)

            Most people that are competent couldn't answer the question "Do you prefer Linux (etc.) or Windows?" (unless the answer is "both"). It begs the question, prefer it for *what* exactly? At work, I have both Windows 7 and Ubuntu systems at my desk running Synergy. I use whichever one happens to be best suited for my current task. Same at home, except that the Linux box has been decapitated and shoved in a closet. I prefer windows (7) on the computer I sit at at home, because in my experience, I spend far less time screwing with it trying to get stuff to work (Mac might be an option, if it wasn't for games).

    • Re: (Score:2, Insightful)

      by UnknowingFool (672806)
      And Apache is the most widely used Web Server but its security record is far better than IIS. So what does that say. Also Unix/Linux far outnumber Windows Server in terms of presence on the Internet; however, they are more on the yet their track record is far better than Windows server.
    • by 1s44c (552956) on Thursday June 10, 2010 @12:10PM (#32524456)

      Film at 11.

      I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.

      That's a flawed argument. It isn't bad because lots of people use it, it's bad because it's bad.

  • by HeX314 (570571) on Thursday June 10, 2010 @10:51AM (#32523568) Homepage

    One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.

    On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."

    • Re: (Score:3, Insightful)

      One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.

      What a stupid statement that is complete tautology. The entire point of starting a business is to make money. Otherwise the business *ahem* goes out of business.

      • by Em Emalb (452530) <ememalb@NospaM.gmail.com> on Thursday June 10, 2010 @10:56AM (#32523642) Homepage Journal

        The entire point of starting a business is to make money.

        This is false. While a company needs to make money to be successful, this is not the only reason for a company to exist. And I thought I was jaded.

        • by Lunix Nutcase (1092239) on Thursday June 10, 2010 @11:06AM (#32523764)

          The entire point of a business is to provide goods and services for money. Otherwise you're running an NPO.

          • by Captain Splendid (673276) <capsplendid@@@gmail...com> on Thursday June 10, 2010 @11:39AM (#32524124) Homepage Journal
            The entire point of a business is to provide goods and services for money. Otherwise you're running an NPO.

            No, the real world's not binary like that. Plenty of people running businesses not just (or not at all) for the money. Yes, the balance sheet at the end of every month needs to be right, but there's a huge difference between lots of profit, and enough to get by.
          • The entire point of a business is to provide goods and services for money. Otherwise you're running an NPO.

            Logically defending Microsoft's profit motive!? You're not being a very good Linux Nutcase right now. Here, let me help you with that:

            We agree the entire point of a business is to make money. Since that's the entire point then there is no fraction of a point for them to even make or support an operating system. Therefore Microsoft, being a business, has no point in making an operating system because all of its energies are concentrated on this nebulous "profit" or "prophet" if we're talking about Apple. Therefore Windows does not and cannot exist. It was just a bad nightmare that everyone had now let's all collectively wake up.

            *picks up glass of cyanide flavored koolaid*

            Who's ready to 'wake up' with me?

            I think that demonstrates my qualifications. Please e-mail me the credentials to that account and I'll take good care of her.

          • Re: (Score:2, Interesting)

            by skids (119237)

            No, that is a broken philosophy. In two ways:

            1) In the modern trading environment, making short-term quarterly goals is overemphasized to the point of sacrificing long term prosperity. There's something to be said for demanding returns within a certain timeframe, but 4 months is too short.

            2) It can be trivially shown that mankind could drive itself into distinction, all the while with a majority of investors "making money." The lack of a moral imperative to not only be personally profitable, but also be

        • by Narpak (961733) on Thursday June 10, 2010 @11:34AM (#32524072)

          This is false. While a company needs to make money to be successful, this is not the only reason for a company to exist.

          Agreed. Though a more important question, as far as I am concerned, is whether or not something as important, and voluntarily, as computer/network/internet infrastructure should be run for profit (specifically government/utility system software/hardware). One could argue that there is a financial incentive for companies to make a good product, but time and time again it seems that companies are happy sacrificing the long term for short term profit. Even when that means taking short cuts that risk creating significant problems down the road. Thankfully my country, Norway, has decided to start shifting all software used by the state over to Open Standard alternatives.

          • Re: (Score:3, Insightful)

            by Bert64 (520050)

            There is only financial incentive to make a good product if you are in a highly competitive market and your product needs to be better than the competitors...
            Otherwise, the financial incentive is to actually make a poor product so that you can sell upgrades more easily.

            In the case of MS, lock-in ensures that competition is kept at bay enabling them to produce extremely poor quality products. Keeping customers locked in is also far more profitable for them than offering an open product and then having to fac

      • by 1s44c (552956)

        What a stupid statement that is complete tautology. The entire point of starting a business is to make money. Otherwise the business *ahem* goes out of business.

        Making money isn't always the sole aim.

        Good companies try to make a good product or provide a good service and the money just happens. Bad companies try to make money and nothing else.

    • On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."

      Not necessarily. It would just mean that they would have to work harder to design and develop new features that continue to improve functionality & ease of use while maintaining those high quality standards.

    • by jonbryce (703250)

      Every business is in business to make money. Some businesses make money by selling a premium product at a premium price. Others, like Microsoft, make money by selling a good enough product at a competitive price.

      • by Bert64 (520050)

        They make money by selling an overpriced product into a market that is locked in to their products and thus has to buy them regardless of quality or price. MS are really selling a second rate product at a premium price because they can get away with it.

    • Re: (Score:2, Insightful)

      by snowraver1 (1052510)

      One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
      On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."

      That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware. OSX doesn't have enterprise level support/management, and it's arguable that the only reason that OSX is more "secure" is simply because they are less of a target.

      Linux may have some technical merit, but is a mess where people without advanced compute

      • You praise Microsoft for "running on any hardware" while that is the vendors' drivers responsibility (and open standards such as SATA, PCI, USB). At least Apple owns the driver quality themselves ensuring OSX does not have problems like those seen when Vista was young.

        While you sit and wait for OSX to work on "more than a handful of hardware configurations" to "take it seriously", Microsoft themselves have identified Apple as a clear and present danger for several years now and are scrambling to catch up
        • AFAIK, Apple is not in a position, nor has the desire to enter the enterprise market where MS makes a large portion of their money. MS is not going anywhere in the forseeable future. The Zune was unquestionably a flop. Apple has a great foothold in the consumer market, but in the business world they are barely even a player.
        • by tepples (727027) <.moc.liamg. .ta. .selppet.> on Thursday June 10, 2010 @11:55AM (#32524282) Homepage Journal

          You praise Microsoft for "running on any hardware" while that is the vendors' drivers responsibility (and open standards such as SATA, PCI, USB).

          The praise directed at Microsoft is for managing to convince hardware vendors to put a Windows driver on the included CD and not include a Linux driver.

      • Re: (Score:2, Insightful)

        by lymond01 (314120)

        This is all true. Microsoft is learning, painfully slowly, how to construct a better network operating system. I think Windows 7 (or maybe Vista...sort of skipped that one) is their first OS that requires an initial password to proceed with installation. Something as basic as requiring a password for your administrator account...and it was left out for over a decade, despite security issues in the news again and again.

        With the latest Windows 7, Microsoft may finally be getting security right, at least fr

      • by Black Parrot (19622) on Thursday June 10, 2010 @11:35AM (#32524074)

        Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.

        The same can be said of Windows. People ask me for help with their Windows computers all the time, but I can rarely help because I don't often use anything besides Linux, and contrary to what you'd like to believe, there's nothing inherently intuitive about the way Windows works.

      • by TheRaven64 (641858) on Thursday June 10, 2010 @11:35AM (#32524084) Journal

        The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware

        Yup, OS X only runs on three hardware platforms; ARM, PowerPC, and x86. Five if you count the 64-bit variants of PPC and x86 as different. Windows runs on x86, x86-64, and PowerPC (XBox). It used to run on MIPS and Alpha as well, but hasn't since NT 4.

        Or are you talking about device drivers? Because I hope that you realise that most of these are provided by the hardware manufacturers, rather than by Microsoft. So, your argument for Windows' superiority is that more third parties support it? That's certainly a valid reason for using it, but not really an indication of its intrinsic quality.

      • Try to install Windows on a powerpc. Thank you, thanks for playing. Retard. Since when is x86 all there is?

      • Re: (Score:3, Interesting)

        by DrgnDancer (137700)

        A great deal of what you say is true, but is true mainly for circtuitous reasons. Some of it is false. The level of complexity between OSX and Windows is perfectly compareable. One of the reasons that OSX has had such a relatively good reputation for stabiltiy is the fact that they limit configurations and (here's the key) write or modify the drivers that they use for those configurations. If Apple were willing to allow OSX to be put on non-Apple hardware, it would simply be a matter of producing driver

      • Apologist much? (Score:4, Insightful)

        by HiggsBison (678319) on Thursday June 10, 2010 @12:12PM (#32524484)

        That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. ... while windows will run on pretty much any hardware.

        Set the koolade down and step back. Microsoft Windows works on a much wider range of hardware than OSX, but it's still quite limited. I will concede that only Microsoft Windows excels at making use of a proprietary piece of crap like a Win-modem or a Win-printer.

        Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.

        My experience is that the average XP user is more baffled by Windows 7 than by Ubuntu. And don't even think of suggesting that Ubuntu can't be set up by someone knowledgeable.

        Sure windows had bugs, but many of those aren't MS's fault, but rather vendors that write crap drivers.

        Microsoft provides an ever-changing foundation of thick muck. And like you, they are quick to blame others for any problems.

      • by ArcherB (796902) on Thursday June 10, 2010 @12:23PM (#32524646) Journal

        That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware.

        Uh, no. Windows runs on one, and only one platform, the x86 (x86-64 is still x86). OSX used to only run on RISC (PowerPC) but recently made the switch to x86 as well. It should be noted that Apple did a pretty good job making the old stuff written for RISC run on x86 for a time in order to complete the transition. The core of OSX also runs on a few different mobile platforms as well for i-phone/pod/pad devices.

        Linux will run on just about anything. Sure, you can't download the latest Ubuntu and install it on an Alpha based machine, but you can find Linux distro's designed for just about any platform.

        Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.

        Linux is easier to set up or operate than either Windows or OSX. The problem is that 99% of all computers sold come with either Windows or MacOS installed, so it's what people learn. Once you learn a system, it is easy to you, even if it's some antiquated, console driven, remote accessible Unix app.

        MS is having problems selling upgrades. Why do you think ~90% of businesses are still on XP? Because it was/is a useable, relatively stable OS that did what people wanted.

        People are not upgrading because XP is good enough and it's cheaper to keep running XP than it is to upgrade. Even if the OS itself was free, you still have to pay your IT guys to create an image for every machine config in the office, install it, train your employees to use it, and pay for the downtime they experience backing up their old stuff and learning the new OS.

        You can say what you want about MS, but the fact is, they are the best OS for Businesses, and most consumers

        No. MS produces the OS used by most businesses and consumers, therefor, it is what most businesses and consumers choose when they upgrade. It's easier to make the upgrade from XP to 7 than it is to upgrade form XP to Ubuntu 10.4, just as it's easier to make the move from Ubuntu 9.10 to 10.04. When you upgrade to a newer version of your current OS, odds are that you lose nothing. If you switch OS's entirely, you have find replacements for every application you currently depend on and still convert all your files to the new format.

        When Linux is usable by joe user, I'll take it seriously.

        My three year old daughter runs Linux and she can't even read yet. Hopefully Joe User is more savvy than an illiterate three-year-old.

    • One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.

      More specifically, a stock pyramid, though that model has faltered in recent years.

    • by burnin1965 (535071) on Thursday June 10, 2010 @12:38PM (#32524856) Homepage

      Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money

      I see you are getting hammered with comments that I believe misunderstand your professor's statement. Of course businesses are in business to make money, what people don't seem to get is that Microsoft's core competency, main objective, mission statement, sole purpose, etc. is to make money.

      I could be wrong but I don't believe that Microsoft developers intentionally make bad products with the intention of getting customers hooked and then forced to upgrade. I believe this is just the end result of a business strategy that permeates virtually all of business management in the United States today. I would describe the U.S. business models as, greed is good slash and burn, hookers and extortion profit margin goals, end times are near hoarding and investment(or lack there of), and disaster focused management.

      Greed is good slash and burn: There is an entire generation, perhaps more, of MBAs who watched Wallstreet [wikipedia.org] and fell for Gekko's speech about greed [wikipedia.org] as a driving factor for all human pursuits but either failed to watch the entire movie or did not make the connection to the plot where greed did not result excellence in business pursuits but instead led to cheating, destruction of other people's livelihoods to transfer wealth from a group of people to an individual, and out right criminal activity. And we don't need a movie to tell us that greed is not good, we have real life events that occur over and over and over that show us how greed left unchecked simply leads to crime not excellence.

      Hookers and extortion profit margin goals: Profit margins are important for the viability of a business and its ability to expand and invest into future business opportunities, however, the greed mentality has created a deranged market concept that becomes detached from the real market and real viability of a product. I have seen this mentality at work at a hardware manufacturer during management and engineering meetings where Part B had a lower profit margin than Part A and it was repeatedly suggested that Part B should no longer be manufactured and Part A should be ramped up using the manufacturing capacity of Part B. Unfortunately the MBAs and engineers refused to listen to sanity, the bulk of the market wanted to buy Part B not Part A and the final products that used Part A also required Part B. Without the low margin Part B there was no market for Part A! Once logic failed I gave in to the greedy profit margin goal and suggested we replace all the engineers and manufacturing employees with hookers and thugs as the profit margin in the Hookers and Extortion business was probably better than making parts. As an engineer I would not be needed so I left.

      End times are near hoarding and investment(or lack there of): Again driven by greed, rather than having long term multiple year future plans many U.S. corporations are more concerned with 3 month business plans as if there will be no future for the planet or business beyond the next 3 months. If your engineering project does not have an acceptable ROI within 3 months then it stays on the back burner. Even after presenting the same 3 year plan after 3 years on an annual basis and explaining that 3 years ago if it had been implemented the benefits would have been rolling in the project is perpetually placed on the back burner while the funds that could have financed the project are hoarded until upper management bonus time rolls around.

      Disaster focused management: And as a result of the previous management techniques the focus of U.S. business management becomes continually locked in disaster recovery mode. With everything focused on greed the little things like safety, sustainability, future capability, etc. are all left to the way side until they becom

  • by filesiteguy (695431) <kai@perfectreign.com> on Thursday June 10, 2010 @10:53AM (#32523598) Homepage
    If you look at any ecosystem, you'll find that there are pests trying to gain a foothold into that system by exploiting a weakness. If there is only one type of organism, the pests will adapt and exploit the weakness of that organism. This is why you need ever more powerful pesticides when cultivatign monoculture crops such as corn, wheat or even soybeans.

    Same goes for ecosystems of comptuers. Given 90% are running Wintendo, you find that the pests (virus and other exploit authors) take adavantage of that monoculture. The weaknesses are then exploited and have to be "patched" in order to ensure survival of data and/or systems.

    Given an ecosystem with multiple operating systems - Windows, Linux, Unix/OSX, zOS - you'll find a greater ability to defend against continual threats.
    • by betterunixthanunix (980855) on Thursday June 10, 2010 @11:09AM (#32523806)
      There is more to it than that. A very carefully managed Windows system can certainly withstand a number of attacks, just like a carefully managed *nix system. The problem is that most Windows systems are not carefully managed, and a carelessly managed Windows system is much more vulnerable than a carelessly managed *nix system. Windows started out as a single user OS, and even though the NT kernel has everything necessary to support multiuser setups, it is very difficult for Microsoft to push better security as the default in Windows -- there are just too many people who have a habit of doing everything as "Administrator," and too much software the relies on that sort of behavior. Things have started to change, but Windows XP is still widely deployed.

      Really, if Microsoft wanted to, they could start marketing an OS designed for security sensitive environments (perhaps with a compatibility mode that allows Windows software to run in some kind of VM), and leave Windows as a "home PC" operating system. The fact that they are not doing anything like that, despite the fact that MSR developed such an OS, speaks volumes about Microsoft's priorities.
      • Re: (Score:3, Interesting)

        by vcgodinich (1172985)
        The fact that at the recent history of security conferences, widows did just as well out of the box as *nix did, and OSX was breached with ease speaks volumes as well.

        No matter WHAT MS does, it isn't going to be able to secure home PCs against "cyber warfare" from China. end of story. MS's security isn't bad at all, in fact it's years ahead of it's nearest competitor (OSX).

      • Don't get me wrong. I'm not suggesting any given Windows system cannot be hardened against attack. In fact, I put in many of the MS-Suggested safeguards when designing major systems back in 2000. They included never running as local admin, not allowing programs write access to any system or program files directories, using strong passwords, and using a firewall.

        What I was suggesting is that the single-use of any OS - whether Windows, Linux, Unix or AmigaOS - would make an ecosystem far more vulnerable and e
      • by TheCarp (96830) <sjc@@@carpanet...net> on Thursday June 10, 2010 @11:34AM (#32524058) Homepage

        I would submit that most non-windows systems are also poorly managed.

        The difference is monoculture vs diversity. Look at windows users, and you will find lots of people using the same tools. Outlook, as soon as a company installs exchange you can be sure that the vast majority will be using outlook to connect to it. You find a vulnerability in outlook, or word, or a system service, and you can suddenly hit huge swaths of machines.

        Now, Unix? You have multiple hardware architectures, distributions of even similar systems like Redhat and Debian Linux have made different choices for default daemons for various services. A hole in pine or mutt may not effect evolution users, or thunderbird users.

        So in addition to a smaller audience, you get a smaller percentage of that audience.

        to put it in business terms, the ROI of windows vulnerability exploits is just higher. That is, unless you are targeting a specific system, in which case, well, I know that where I work, many more windows servers exist than the entire unix environment, but, the Unix environment has a higher percentage of the mission critical (or more to the point, patient care critical) servers.

        So thats not to say there isn't definite ROI on such attacks, it can even be higher. However, I don't think that such attacks realy factor into this discussion since specific attacks on specific machines for their content is the exception rather than the rule for most systems/users.

        -Steve

  • by ATestR (1060586) on Thursday June 10, 2010 @10:58AM (#32523668) Homepage

    For once, I RTFA. The summary seemed interesting. However, the FA was even more interesting, although it had little to do with all the money that Microsoft had in its back pocket, and how it's market dominance was based on low cost products.

    The main thrust of the FA, for those of you who don't want to click the link, is that because the Windows OS is so prevalent in civilian and corporate usage, a Cyberattack could devastate the economy (and western civilization).

    • Re: (Score:2, Insightful)

      by vcgodinich (1172985)
      Implying the Microsoft products are prevalent because they are "low cost" is absurd.

      Granted, OSX in use is a bit pricier, but not -that- much, and Unix/Linux is as close to free as you can get.

      Microsoft isn't low cost at all, if anything, it is high cost in a great many areas.

      • by ATestR (1060586)
        Agreed. I don't consider MS products particularly low cost, but it was the hope that I could rag on this observation (of the original summary) that led me to RTFA.
      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Cost is not just the cost of the box.
        Let us say, as a business, I want to run some servers.
        A quick look over at a job site: Windows Admins - £25-30k, Unix - £30-45k.

      • If you think of cost in terms of both $$$ and time, then I think probably Windows is the least cost solution. I think the majority if home computer owners get turned off by the higher price tag of OSX machines, and are pushed toward the Windows and Linux price points. Then they consider that they don't know anything about Linux works, but do know that since most of their past computing experiences have been on previous versions of Windows they can probably figure out the new version pretty quickly.

        I think

      • by Bert64 (520050) <bert@slash d o t . f i renzee.com> on Thursday June 10, 2010 @12:43PM (#32524910) Homepage

        While true, by the time MS became an expensive option it no longer mattered - millions of people were already locked in.

        Back in the days, MS (and the cheap hardware they ran on) were a cheap option compared to Novell, Sun, DEC, SGI, IBM, Apple and all the other highend vendors... MS and x86 were massively inferior to everything else on the market, but with such a huge price differential they were able to make it up on volume...

        Ford cars are clearly inferior to Rolls Royce or Ferrari, however you see a lot more Fords on the roads for the same reason. However, cars are standardised enough that its impossible to lock someone in, thus ensuring there is a healthy level of competition in the industry.

    • So he's saying that a monoculture is less secure than a heterogeneous environment? Wow, it's almost as if he's listened to what security experts have been saying for the last few decades...
    • by pmontra (738736)

      That applies to any monoculture, from corn to poultry. Consider this example [canadianpoultrymag.com].

      Lack of genetic variation, simply put, equals greater risk. Members of a population that shares the same set of genes can all be overcome by a disease, but if a population’s members contain different gene sets, there is a chance some will survive.

      Unfortunately monocultures are convenient, even in IT.

  • I disagree (Score:5, Insightful)

    by 2names (531755) on Thursday June 10, 2010 @10:59AM (#32523680)
    I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.
    • Re: (Score:2, Interesting)

      by axl917 (1542205)

      I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.

      Well, that gets to the issue of who bears the responsibility; that which sells a poor but patchable/fixable product, or the buyer who is ignorant of the necessary fixes?

      Is this more like owning a house, where the owner is responsible for regularly checking the foundations for cracks, the locks for security, etc... Or more like owning a car, where the owner is still responsible, but the manufacturer builds in many, many indicators and warnings when things need attention?

    • Re: (Score:3, Interesting)

      by mlts (1038732) *

      This is why I think and greatly fear that closed systems may end up in our future on mainstream computing just due to the dancing bunny problem.

      Device operating systems are moving that way where if one wants to run stuff on a smartphone, it must pass a gatekeeper, either always like in the case of Windows Phone 7 or iOS, or a reactive system with an after the fact kill switch like Android has.

      Because Joe Sixpack doesn't care about security, it really doesn't matter what OS he uses. He will su to root, log

  • Clark is all right (Score:5, Informative)

    by Rogerborg (306625) on Thursday June 10, 2010 @11:09AM (#32523802) Homepage
    Remember, he was the guy who warned Rice and President Cheney about an imminent Al Qaeda attack [wikipedia.org]. Or depending how you view it, failed to convince them of it. Still, as ass covering goes, his was iron clad.
  • by bugs2squash (1132591) on Thursday June 10, 2010 @11:17AM (#32523894)
    But then, to a large extent they helped popularize the PC which became ubiquitous and hence became worthy of attack. The PC also became a reasonably standard platform upon which Linux etc. could be developed and cheap enough that we can all afford to own one and join in the fun. It is by no means certain that this would have happened otherwise because I don't believe security is the enemy of profit, in fact I think we'll see a future where security tightens to the point where hardware will be locked to only run a certain OS - where will Linux be then ?
  • Interesting (Score:5, Insightful)

    by DaMattster (977781) on Thursday June 10, 2010 @11:17AM (#32523896)
    All of the money spent on lobbying the government against using Linux would have been much better spent on developing a reliable, secure operating system. The shortsightedness of large corporation never ceases to amaze me. Since they spent all of this money on lobbying, which ultimately was unsuccessful, they had to spend money on securing Windows anyway. So, Microsoft spent a large sum of money in total, when they could have just made a better product to being with.
  • Weak links (Score:3, Insightful)

    by DaMattster (977781) on Thursday June 10, 2010 @11:21AM (#32523944)
    I might argue that many operating systems would be wink links in the cyber warfare scheme. The most noteable exception would be OpenBSD. If I were in a decision-making capacity, I would reach out to Theo de Raadt, apologize for the way we previously treated him, and get him started immediately in developing a secure network. He and his team seem to have the understanding of security from the lowest level possible. The current en-vogue trend, end-point security, is useless if your web application leaks memory. Ostensibly, you would need a hole in the end-point to reach the application and that gets exploited opening the network wide open.
  • by Toreo asesino (951231) on Thursday June 10, 2010 @11:37AM (#32524100) Journal

    There's nothing wrong with the newer rounds of MS software; the problem is the older stuff, which as time goes further back, tends to get less & less secure (all the way to Win98/95 which actually had no security at all).

    Even now I occasionally run into boxen running thoroughly rooted Windows.....98. That's your problem.

    • by petes_PoV (912422) on Thursday June 10, 2010 @12:20PM (#32524604)
      The other weak link is new software that is rushed to market without being tested properly <cough> Adobe <cough> Since the market pressures require as short a development time (and preferably no testing - since yo might find bugs that have to be fixed: more delays) in order to keep the cash-flow flowing.

      Only government agencies can afford to spend a year designing a bullet-proof system, then another year writing the software and a year or two more making sure that no-one can ever break in to it. Are yo prepared to slow down software development by a factor of 8, from 6-monthly release cycles to a new version every 4 years? It would be commercial suicide and far too expensive.

  • As such you would expect them to excel at security nowadays since it seems a very big concern amongst most users. Still their security efforts are pretty laid back and half assed. Microsoft dont take security seriously, its a pr problem for them at the most.

    As a market leader one would expect Windows spanking Linux, BSD and Apples behinds but in reality Windows security sucks. Not because its more prevalent but because its a sitting duck. At Microsoft, features and ease of development has always stood higher than security on the priority lists. The only thing that can change that is monetary pressure like demand for accountability of their products. Until then, Microsoft security is a game of statistics, lies and damn statistics.

  • http://en.wikipedia.org/wiki/Warhol_worm [wikipedia.org]

    one of these days, some genius asshole is going to, just for the lulz, shut down the whole goddamn internet in 15 minutes. he or she is going to it with a worm that, of course, will be based on something in the microsoft constellation of oses/ products/ third party software. perhaps from our other security averse friend, adobe

    i thought it was going to be code red or sql slammer, but no, these infections were content to zombify, not zombify and enslave the nonzombies (

  • by petes_PoV (912422) on Thursday June 10, 2010 @11:55AM (#32524294)
    For software to be used by "everyone" it must put as few complications as possible between its users and their objectives. Since most people's objectives are focussed on results, not security, if you try to make an operating system or application suite secure, people will find a simpler, more direct way of achieving their goals. One where their perceived balance of speediness and security (i.e. as fast as possible and damn the consequences) is met.

    Once you get away from using popular applications and O/S's, the price rises incredibly quickly. Instead of spreading (say) a billion dollar development costs across 100 million product sales, you have maybe 10,000 customers who can be persuaded to pay for a product. This immediately means no-one will buy it unless forced to by law, or unless they can in turn, pass on the costs to their customers. The smaller market also means there will be fewer suppliers - probably just one. Which in turn will drive up costs due to lack of competition and decrease any incentives to fix problems or develop new wares in a timely fashion.

    We know what a secure operating system for the year 2010 will look like. It will look like VMS from 1995, for all the reasons discussed above. Now, which are we prepared to pay for: Microsoft products on every store shelf, running the country or critical systems with the security, features, lack of connectivity from the mid-90s?

If money can't buy happiness, I guess you'll just have to rent it.

Working...