Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Microsoft

MS Exec: 'Our products just aren't engineered for security' 740

Posted by michael
from the see-no-evil dept.
Various Microsoft news tidbits contributed by numerous readers: Phoebus0 notes that Microsoft's Vice-President in charge of Windows development states flat out that Microsoft products aren't engineered for security, absolutely guaranteeing he'll have tomorrow's Ditherati quote. Many readers submitted this Knowledge Base article stating that Microsoft is mystified by a wave of successful hacks on assorted versions of Windows (there's also a news report on this). Microsoft has another security bulletin out on the digital certificate spoofing bug that has caused them so many problems recently.
This discussion has been archived. No new comments can be posted.

MS Exec: 'Our products just aren't engineered for security'

Comments Filter:
  • Talk about stating the obvious... Microsoft doesn't engineer for security, stability, or efficiency.

    They engineer for features and for maintaining monopoly control over the OS and word processing market.

    Doug
  • Microsoft products are not engineered period.

    They're thrown together, spend half their time making it look pretty, and the rest of the time (after it's sold) releasing patches that are just as buggy as the original, if not more so...
    • Experience? (Score:2, Insightful)

      by Dirk Pitt (90561)
      Are you really aware of MS's process, or just assuming because of the end-product? Only reason I ask--I don't like M$ products more than any other Slashdot reader, but I can't imagine anything like Word or Access being slapped together ad-hoc. I mean, blame the architects for _poor_ engineering, and the managers for pushing things out the door with poor quality, but I think 'thrown together' is pushing it.

      • If you read about the experiences of the Samba team, you get the impression that Microsoft products are slapped together.

        -asb
        • Re:Experience? (Score:3, Informative)

          by PierceLabs (549351)
          I worked there at one point and can say that this is definitely not the case. Microsoft products are just as well architected as any other product on the market - but for goodness sakes they are bigger than most applications on the market. Hell the Word codebase is larger than some application servers! The larger and more complex an application gets - the more interactions you have - the more bugs you're going to have. Any non-trivial piece of software is going to have bugs.

          That much should be obvious - even to the legendary trolls of slashdot :)
          • Re:Experience? (Score:5, Informative)

            by sphealey (2855) on Friday September 06, 2002 @10:58AM (#4206844)
            Microsoft products are just as well architected as any other product on the market - but for goodness sakes they are bigger than most applications on the market.
            I think part of the problem with Microsoft is that the people who work there have never actually used competing products in the real world (which would be consistent with Bill Gates' statement in 1998 or thereabouts that he only hires people younger than 25).

            Consider the above statement. Then go back to 1994 and set up three corporate LANs: one with Microsoft Lan Manager 2.x, one with Novell 3.11, and one with Vines. Use them intensively in a large, multi-site corporate environment for 6 months. Then tell me again that Microsoft's products are "just as well architected" as others on the market???

            The point being that the LAN problem (to take one example) had already been solved by 199x. Microsoft ignored everything that had already been done and created its own "standard", which was decidedly inferior to the competition.

            sPh

    • Microsoft products are not engineered period.

      Saying they are "not engineered" is a statement of your naivity. Imagine designing and coding a huge prog. such as Windows or MS Office... Do you think they sit a big room and just piece code together like a puzzle? Please don't say that they are not engineered...

      They're thrown together, spend half their time making it look pretty

      Making it look pretty is half the battle, hence half the battle is won. The average MS consumer (the majority of the computer users), doesnt care what the nitty gritty underlying code.. they care about ease of use and a comfortable, easily usable system. You can't tell me that their is any linux distro that can match Windows ease of use. If their is, why arent the masses jumping on that bandwagon???

      • by Kierthos (225954) on Friday September 06, 2002 @10:35AM (#4206666) Homepage
        Saying they are "not engineered" is a statement of your naivity. Imagine designing and coding a huge prog. such as Windows or MS Office... Do you think they sit a big room and just piece code together like a puzzle? Please don't say that they are not engineered...

        Hrm... sit in a big room and just piece together code like a puzzle? Yeah, that's exactly what it feels like, half the time. Counter-intuitive commands, shoddy execution, worse then useless help systems.... yup, yup, yup.

        Now, was it done that way? Obviously not. But they definitely need some improvement between the design phase, the engineering phase, and the implementation phase.

        And quite frankly, I don't want pretty. I want functional. I want an easy to use system, not one that sparkles and gleams. I don't want bells and whistles. I don't want little pop-up paperclip buddies (and how freaking long did it take to add that piece of feces?), and I don't want programs that think they know what I want to do and are wrong half the time.

        I want a system that does what I tell it to, not what it thinks I want. I want something that is coded efficiently, smoothly, and takes up a minimum of space.

        And I want it by Thursday.

        Kierthos
      • by xanadu-xtroot.com (450073) <xanadu@inorb i t .com> on Friday September 06, 2002 @10:40AM (#4206707) Homepage Journal
        You can't tell me that their is any linux distro that can match Windows ease of use. If their is, why arent the masses jumping on that bandwagon???

        NOW who is being naive?

        Have you not read the stories about M$'s strangle hold (or maybe a good Ric Flair style Figure-4?) on the OEM companies? Are you not aware that companines can not install ANY other OS in tandum with Win* on their machines? Remember the story about Dell putting FreeDOS on their machines just so they could beat the M$ policy?

        So why aren't the masses jumping on it (Linux)? Because they are (almost) not allowed to buy a machine that doesn't run Win*.
  • by jeffy124 (453342) on Friday September 06, 2002 @10:15AM (#4206490) Homepage Journal
    ...has finally gotten through to them -- Security is something that starts from the ground up, not when you reach the top and back down.
    • by Anonymous Coward
      Bruce's security company, Counterpane, uses Windows desktops, and handles their email via Exchange.

      Sounds to me like Bill Gates has gotten to Bruce Schneier.
  • excuse (Score:5, Insightful)

    by xirus (584691) on Friday September 06, 2002 @10:15AM (#4206493)
    Another excuse to let people believe that palladium is needed :/
    • Re:excuse (Score:2, Insightful)

      by 1stflight (48795)
      Oh yeah, trust the people who've historically (and currently) had no idea on security to come up with a security standard, and while you're at it why don't you hand you house keys over to that convicted thief for safekeeping.

      All I need are my games and I'm done with M$
  • by oyenstikker (536040) <slashdot@[ ]rne.org ['sby' in gap]> on Friday September 06, 2002 @10:16AM (#4206502) Homepage Journal
    The XFree86 team admits xfree86 is not engineered for speed and RMS admits that GNU is not engineered for user-friendlyness.
    • I don't know about XFree86, it has always been fast enough for me. But I don't play games.

      As for the GNU project. I know you were making a joke. But I think it is engineered for user-friendlyness. I've used SysV versions of some of the GNU tools. Those were unfriendly. Missing some of the options I use daily. I think the GNU tools are engineered to work well with user, with features added that really are needed. But it just depends on the user. They probally aren't even usable to someone who only knows how to click through menus and dialog boxes. But they are very friendly to me.
    • by 0xdeadbeef (28836) on Friday September 06, 2002 @10:40AM (#4206709) Homepage Journal
      User friendliness? I'm sorry, what part of "--help" don't you understand?
  • I just ported a large amount of code to windows, and I was very surprised to notice that snprintf() is _snprintf() on windows. It's like they hid it (or implemented it much later) and it's not part of "their" standard. Without widespread use of this function, god knows how many lines of their code uses regular sprintf() and insecure functions like it. And I doubt they use "%13s" or directives like this in sprintf(), or if their version even supports these constructs.
    • #ifdef WIN32
      #define snprintf _snprintf
      #endif
    • You are completely clueless. Microsoft has lots of things that are completely specific to windows (like _ltot) that have leading underscores. That is how Microsoft (sometimes) tell you things aren't part of ANSI C. You are right, snprintf isn't part of the standard. Blame ANSI, not Microsoft.

      And I doubt they use "%13s" or directives like this in sprintf(), or if their version even supports these constructs.

      That works just fine.
    • int wnsprintf( [microsoft.com]
      LPTSTR lpOut,
      int cchLimitIn,
      LPCTSTR pszFmt,
      ...
      );
      Microsoft wraps all its C runtime functions with macros that switch effectively between wchar and char types seemlessly.
      They also have a little security note at the bottom of the their documentation detailing how null termination is not guaranteed with this function-- along with some alternatives.
      My problem with most of the library documentation they have is that until recently it was rather poor (at least every section I had to use was). Looks like they're taking steps to improve the standard library docs.
      sprintf is evil.
  • Step 1 (Score:3, Funny)

    by j_kenpo (571930) on Friday September 06, 2002 @10:16AM (#4206507)
    The first step is admiting you have a problem.... now that Microsoft has gotten past the denial stage they can now move to stage 2, that is doing something about it....
  • faster link (Score:4, Informative)

    by Anonymous Coward on Friday September 06, 2002 @10:17AM (#4206508)
  • The link to the CW360 page with the quote from the Microsoft VP is "currently unavailable". If anyone can post a mirror to the information, please reply here.
    • Full Text (Score:4, Informative)

      by cloudscout (104011) on Friday September 06, 2002 @10:32AM (#4206637) Homepage
      Microsoft: "Our products aren't engineered for security"

      Friday 6 September 2002
      Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server .net developer conference in Seattle, USA.

      click here
      "I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.

      In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a flaw in its digital certificate technology that could allow attackers to steal a user's credit card details.

      Microsoft's regular stream of security bulletins has continued despite Bill Gates company-wide Trustworthy Computing Initiative, announced earlier this year.

      The Initiative was launched with a memo from Bill Gates, Microsoft's chairman and chief software architect, and saw the company halt production on new code in all of its products while employees scanned every line of existing code in search of vulnerabilities.

      "We realised that we couldn't continue with the way we were building software and expect to deliver secure products," Valentine said.

      But the company is dealing with a problem that is not easily resolved. Valentine told developers at the conference that as the company works to shore up its products the security dilemma will evolve as hackers become more sophisticated.

      "It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."

      Microsoft has also been employing new tools developed by Microsoft Research that are designed to detect errors in code during the development process, Valentine said.

      According to Chandra Mugunda, a software consultant with Dell who attended Valentine's presentation, buggy software is "an industry-wide problem, not just a Microsoft problem. But they're the leaders, and they should take the lead to solve them," he said.
  • by goldspider (445116) <ardrake79 @ g m ail.com> on Friday September 06, 2002 @10:17AM (#4206520) Homepage
    ...the sky is blue, and less fat and more exercise [yahoo.com] is good for you.
  • duh. (Score:5, Insightful)

    by Telastyn (206146) on Friday September 06, 2002 @10:18AM (#4206524)
    This might be a stupid point, but of course microsoft products aren't engineered for security. The common man doesn't buy products for security, and even now the common man largely does not understand that they could even have their functionality in a secure environment (though arguably most salesguys cannot have the functionality they demand in a secure environment, but that's another debate.)
  • by onlyabill (591213) on Friday September 06, 2002 @10:18AM (#4206526) Journal
    Brian Valentine, formally senior vice-president in charge of Microsoft's Windows development, looking for VP/management job with software company.
  • by anthonyclark (17109) on Friday September 06, 2002 @10:19AM (#4206531)



    While working at Sony, Microsoft closed down a UK R&D facility. A whole department of ex-MS software engineers came to work in my department. They were the some of the best engineers I have ever worked with, designing innovative and stable code years ahead of its time.


    Stop picking on MS engineers for poor products, and level the blame at the correct place - marketing and management.

    • by Telastyn (206146) on Friday September 06, 2002 @10:25AM (#4206584)
      Actually, from what I gather MS's R&D engineers are some of the best engineers around. The actual production engineers are good as well, but nowhere near their R&D counterparts.
    • How the hell is marketing responsible for crap code? Because they forced the product out too soon? Even after years of patching products they're still not secure, so it can't be that.
      • MS Marketing seems to be much more deeply involved in the early stages of product development, influencing the basic design of products.

        I'm convinced that if product design was focused on robustness, security and function MS products could be best of breed all the way around. At some point marketing's desire to own markets forces too many directions to be taken at the same time, resulting in a lot of compomises in robustness and security.
    • I agree. I mean listen to what the man said for God's sake:

      "I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.

      Come on. This sounds a whole lot like a guy who was given an albatross (DOS) and was told to build an eagle (something remotely secure) from it. He just hasn't been able to do all the things that would need to be done because there's too much because they're saddled with the fact that they didn't realize when they started how important it would be.

      Jeez. I know this is Slashdot, but give the guy a break!

      Ben
      • As far as it goes, it's probably fair to say that he's NOT blaming the engineers; he's saying the products aren't engineered for security, but it's clear to most observers that this is because the engineers have been told to focus on other aspects and ignore security (in large part) by management. An engineer who doesn't do what management wants doesn't stick around very long, no matter how talented s/he is.
        • I think that's exactly what he's saying is that in retrospect they should have placed more emphasis on security at a management level for a long time. That sentiment is actually a Good Thing (tm) IMHO. Perhaps now they get it.

          Maybe.

          Ben
    • by (H)elix1 (231155) <slashdot.helix@nOSPaM.gmail.com> on Friday September 06, 2002 @10:38AM (#4206693) Homepage Journal
      Stop picking on MS engineers for poor products, and level the blame at the correct place - marketing and management.

      A huge part of the problem comes from never deprecating API's. It is one thing to tell someone to design and build something new - much harder to extend something that was not even close to what it was designed for (and did not have time to abstract things out).

      To this day, I am amazed the windows kernel even compiles, much less runs...
      • Ha, Windows is not so amazing. Windows, when not infected with M$Office, can be made perfectly stable and well-behaved, even if achieving that does sometimes involve a dead chicken.

        But that WORD runs *is* amazing, what with the core bug (writes to a null pointer) that traces back to the DOS4 era and the SHARE fix to prevent DOS4 from leaving files open on disk. Nearly every weird or destructive behaviour in Word or Excel is some manifestation of this bug, from corrupting the document if worked on from a floppy, to refusing to save in native format (insisting your disk is full), to nuking the FAT on that partition. (Yes, the bug *can* do that.) How it manifests is probably dependent on Windows VSHARE, which is borkend to varying degrees in all versions of Windows.

        So akin to what you wrote, I'd say their biggest problem is that they never ever clean up a codebase, but rather pile fix upon kludge forever.


    • Did I understand you? Microsoft fired the good engineers. Maybe that's why the products are so poor. Yup. Poor management.
  • Idiotic replies (Score:3, Insightful)

    by synx (29979) on Friday September 06, 2002 @10:20AM (#4206541)
    So far all the replies to this story have been "we already knew that" and "duh". I find those comments idiotic. In that spirit, when cigarette execs admitted they knew their products were bad for people, there should have been no story.

    This event is significant, because from the mouth of someone significantly important in MSFTs power structure, there is an admission of failing.

    Maybe the exec just wanted to confess his (their) sins?
    • Re:Idiotic replies (Score:3, Insightful)

      by Soko (17987)
      So far all the replies to this story have been "we already knew that" and "duh". I find those comments idiotic. In that spirit, when cigarette execs admitted they knew their products were bad for people, there should have been no story.

      Agreed. Read on, though, Macduff..

      This event is significant, because from the mouth of someone significantly important in MSFTs power structure, there is an admission of failing.


      Hunh?

      Where is the Utopia you live in, bud? I'd like to move there.

      It would be nice to just take Mr. Valentines statement at face value, applaud them for being honest and move on, but this is Microsoft we're talking about. These are smart, ruthless, paranoid people who never do anything without a reason, that reason normally being protecting or extending thier dominance over a market. In that regard, I'll say "Thanks, Brian. First, if you need some help, I'll do what I can. Second - what are you guys really up to here?"

      Maybe the exec just wanted to confess his (their) sins?

      Yeah, to St. IGNUcius [stallman.org] hisself. Right.

      You know, I'd love to hear something like this from Microsoft and not think "There's an alterior motive here...", but I can't help it - they're too smart and too powerful to NOT be very careful around them. Until there's demonstrative proof that Microsoft wants to just make cool tech and not own or control it all, I'll continue to cast a very cautious, critical eye in thier direction.

      Soko
  • The big Question.. (Score:5, Insightful)

    by gerf (532474) <edtgerf@gmail.com> on Friday September 06, 2002 @10:20AM (#4206542) Journal

    Is whether this will make the national news. Trust me, if CNN and MS/NBC and all the rest choose not to cover this, the general public won't know, and won't really make a decision based on this information.

    Of course, this could just be a ploy to get M$'s most vile next O/S out, Palladium, that will let them 0\/\/|\| j00r s0ul (and credit card, and email, and music, and movies, and any personal items that may happen to be sitting on top of your computer...)

    • by GoofyBoy (44399)

      The question is will people actually care, even if they did know about it?

      There are a huge amount of more important things that CNN/ABC/CBS/NBC do report on which the vast majority of people don't do anything about.

    • Lead Windows developer bugged by security [infoworld.com]. Which includes the statements...
      It is not only Microsoft that is to blame for the creation of faulty software, said Chandra Mugunda, a software consultant with Dell Computer in Round Rock, Texas, who attended Valentine's presentation here. "It's an industry-wide problem, it's not just a Microsoft problem," he said. "But they're the leaders, and they should take the lead to solve these problems"

      Valentine, too, took the opportunity to point out the widespread bugs that have been discovered in competing operating products such as Linux and Unix.

      "Every operating system out there is about equal in the number of vulnerabilities reported," he said. "We all suck."


      However, the "Every operating system out there is about equal in the number of vulnerabilities reported" statement of Valentine's fails to take into consideration that in most cases Unix, open source and free licensed software has been designed [eweek.com] from the outset with at least the issue of security in mind. [dwheeler.com]. Whereas, some Microsoft systems such as their embedded scripting systems [pivx.com] have not.

      The result is that is far easier to exploit an easy, scriptable vulnerability in a Microsoft system, that has no patch for months, than to exploit a difficult, binary hole in a LInux/BSD system that has a patch within days.

  • More Duh (Score:3, Insightful)

    by DaytonCIM (100144) on Friday September 06, 2002 @10:20AM (#4206544) Homepage Journal
    It would seem that Microsoft's development process has always been a slave to Bill G's release date party and the sales department.

    Basically, Microsoft R&D comes across as having the mentality of "if it can't be done right by the release date, do it well enough not to crash when Bill demos it on stage."

    If MS was interested in security they would have hired everyone who worked on the Back Orifice project years ago. Had MS made that one investment (and continued to this day hiring like-minded individuals), Windows applications and Operating Systems coming out of Redmond would be a lot more secure.

    Oh well... I guess when people buy your "inferior" product by the truckloads; you don't really have any motivation to improve upon areas you haven't deemed important.

  • by sacremon (244448) on Friday September 06, 2002 @10:22AM (#4206554)
    It seems he tries to say that it is impossible to make it 100% secure, because hackers are becoming more sophisticated in their attacks.

    Sure, you can't make anything 100% secure (short of keeping it turned off), but there is a difference between something that has a few exploitable holes and something that resembles a sieve.
    • by PythonOrRuby (546749) on Friday September 06, 2002 @10:54AM (#4206818)
      Microsoft's approach to operating systems and security has created an arms race between them and hackers(both malicious, and those legitimately testing the software).

      The answer is not to make the OS more complex and create more special cases, but to streamline it, and offer a more consistent model for applications and users to interact with the operating system.

      This is why pretty much everyone else these days uses some variant on Unix. More than anything else, the appeal of Unix is simplicity at a basic level.

      Now, Microsoft doesn't have to ship a Unix-based or compatible OS by any means, but if they want to take security seriously, they need to take what they have now, and what they are planning on for five or ten years down the road, reduce it down to the most basic components that can still address all of those problems, and rethink how Windows is put together.

      Also important is to get over their antipathy towards the open source "movement", and realize that it can be a tool. If they released a simplified, streamlined Windows kernel, they could let the world hack away at it, finding flaws, then take that work and put the components on top of it that would make it Windows. They've "borrowed" ideas from Apple and NeXT in the past, why not look at what OpenStep was, and what Darwin and Mac OS X have become and borrow that idea too?

      In short, it takes more than saying to your developers, "ship bug fixes in a week rather than a month." They'll hae to really examine Windows, and where the flaws come in, and if there's some other way(and there always is) that those things could be done, then the old way has to go.
    • Sure, you can't make anything 100% secure (short of keeping it turned off)

      Sure you can. You start by disabling all contact with the outside world by default. If I'm not listening, they can't tell me what I don't want to hear. You then, slowly and with rigorous testing, implement a small set of interfaces that let you talk where you need to, e.g., by reading and drawing a body of text. Bingo, you just covered most of e-mail, Usenet, web browsing and the rest in one go.

      The problem is MS' approach: every application should do everything. For goodness' sake, Office 2002 apps that I use to write my letters and do my accounts have several dozen hooks that try to access the Internet in them. Why? That's just silly, and it's not surprising that in such an environment, people get careless.

      Writing basic interfaces to support e-mail, ftp, web browsing, Usenet, time sync'ing and such is not hard. Writing them to be secure requires a modest amount more effort. It shouldn't be beyond the average CS grad, though, and it certainly shouldn't be beyond a group with the resources that Microsoft has at its disposal.

      People have been telling me for years that since I program in C++ and don't use a GC, my programs must have memory leaks. I've told them no, because I use good basic practices. They claim I'm wrong. I claim I have rigorous, objective diagnostic tools that back me up on this. That's not hard, either, but most of the programming world would tell me it can't be done. So it is with security.

  • by pubjames (468013) on Friday September 06, 2002 @10:24AM (#4206575)
    I wrote this the other day in an idle moment. It needs a bit more work but I'm thinking of making it into a Flash cartoon or something (if someone wants to steal the idea, feel free):

    Billy Boy and Tux
    One very hot day in summer, Billy Boy is stilling under a huge, impressive sign. It says "Lemonade, $5 a glass".

    Customer: $5 a glass! That's expensive!
    Billy Boy: Well, go buy from someone else.
    Customer: But there's nobody else to buy drinks from here!
    Billy Boy: Aha! I bullied all the other boys and they've gone home!
    Customer: That's not very nice.
    Billy Boy [Chuckling and rocking back and forth]: $5 a glass. Take it or leave it.
    Customer: Damn. You're a nasty little boy, but it's a very hot day and I really need a drink.

    Billy Boy takes the money.

    The afternoon wears on, Billy Boys coffers fill.

    The next day...

    Billy Boy: Lemonade! Lemonade! $5 a glass!

    A fat penguin waddles up and sets up a stall beside Billy Boy.

    He erects a little badly drawn sign "Iced water. Free."

    Billy boy [whispering, chuckling to himself]:Loser. You'll not get any custom with a crappy sign like that.

    Tux ignores him.

    The next customer approaches Billy Boy, but then notices Tux's sign and goes to him.

    Billy Boy[angry]: Hey fatty, get off my patch. I was here first!

    Tux ignores him.

    Billy Boy: Hey stupid. Nobody wants iced water, everyone wants my lemonade, it's the best! I've got 100% of the market in soft drinks in this street.

    Tux ignores him.

    Another customer comes and has a glass of water from Tux.

    Billy Boy: Listen idiot! How do you expect to get rich like me if you don't charge anything! What an idiot you are!

    Tux ignores him.

    More customers go to Tux.

    Billy Boy [shouting at his customers]: Don't drink the penguin's water!! I won't make any profits and, erm, the economy will collapse!

    Customers laugh.

    Billy Boy [really angry]: If you drink the penguin's water, your next glass of lemonade from me will be $10!

    Customers give Billy Boy the finger.

    Billy Boy [insanely angry]: Don't drink the penguin's water! It'll give you cancer!

    Customers shake their heads and move to Tux's queue.

    All customers go to Tux now.

    Billy Boy starts screaming and crying and runs home.

    Tux and his customers ignore him.
    • Despite what the other posters have said, I think this is cute and well done. Not everybody has heard the open source gospel. There is always a need for new ways to educate the masses. I'd be a very neat flash cartoon.
    • by kzinti (9651)
      But not nearly as apt as Neal Stephenson's vehicular analogy. See In the Beginning Was the Command Line. "Stay away from my house you freak!"

      --Jim
    • by atrowe (209484) on Friday September 06, 2002 @10:56AM (#4206826)
      Here's a more accurate analogy:

      Billy Boy has a large lemonade stand which sells lemonade for five dollars a glass. He makes a lot of money and has a lot of customers despite his competition, which includes:

      Steve Jobs: Sells lemonade for fifty cents a glass, but in order to buy his lemonade, you also have to buy a glass and straw from him for nine fifty. The glasses are available in lots of trendy colors, but they're smaller and more inefficient than standard glasses, so Stevey doesn't have very many customers.

      Tux: Doesn't have a stand, but he has a lemon tree, some sugar cane and and old-fashioned pump well. You can make your own lemonade if you'd like, and its free, but it takes a couple of hours to pick and squeeze lemons, pump water and extract sugar from the cane in order to make the lemonade, and you're not always guaranteed of its quality. There are thirty or forty lemon trees, and some taste good, while others do not. A few enthusiasts drink Tux's lemonade and rave about how great it is, but most mainstream customers are willing to just pay the five bucks.
      • Re:Billy Boy and Tux (Score:4, Informative)

        by michael_cain (66650) on Friday September 06, 2002 @02:38PM (#4208641) Journal

        Unfortunately, don't neglect the fact that just up the street are dozens of vendors selling other attractive goodies (let's call them cookies and cake, I guess) that many people depend on, but that don't work unless you have a glass of Bill's lemonade in hand.

        In the antitrust case, this was called the "application barrier to entry" and was one of the main reasons that MS was declared a monopolist.

  • Palladium, of course (Score:4, Interesting)

    by PMuse (320639) on Friday September 06, 2002 @10:25AM (#4206587)
    Step 1: Admit that current MS OS is insecure.

    Step 2: Allege that problem is fundamental due to the nature of the hardware platform. Fear. Uncertainty. Doubt.

    Step 3: But wait! MS has the solution that will solve this crisis -- Palladium.
    • by doodleboy (263186) on Friday September 06, 2002 @12:16PM (#4207411)
      Bingo. As Nathan Myhrvold once said, Microsoft wants to get a vig on every transaction going over the net. Tcp/ip doesn't have a built-in billing model, so they're trying to shoehorn one on top of it. Even though it will be a bloated, insecure mess, the government and the entertainment industry are and will remain enthusiastic supporters of palladium. All that data is an irresistable temptation: so much money to be made, so much monitoring to be done.

      The real war will be between this plutocratic regime and the free software movement. The general public doesn't know it yet, but linux is very close to there on the desktop. This represents a serious threat to the universality of palladium, so Microsoft and its allies will try to have laws passed that criminalize free software use, and/or the use of general purpose (i.e. non-palladium equipped) computers.

      Sound crazy? It's not. And the issue of freedom & privacy vs. big business & government is going to be huge, front page news as it gets closer and the general public gets a whiff of it. But Disney owns the news, so expect it to be more of a grassroots groundswell-type thing.

      Who will win? I don't know. But I see a future that scares the hell out of me, and I really hope we're not too lazy to do something about it.
  • by JoshuaDFranklin (147726) <joshuadfranklin.NOSPAM@nosPAm.yahoo.com> on Friday September 06, 2002 @10:25AM (#4206588) Homepage
    neither was UNIX. UNIX is best in trusted, academic settings where it grew up. But, after some big problems with too much trust people figured out how to make it at least "secure enough."

    MS needs to stop complaining and fix their buffer overflows.
    • by HiThere (15173) <{ten.knilhtrae} {ta} {nsxihselrahc}> on Friday September 06, 2002 @11:36AM (#4207108)
      Isn't that the point though. Unix learned that it needed to be secure. And it changed and adapted to suit itself to the multi-user environment (where a lot of the users were college kids, just exploring what they could do with a computer).

      Linux came along after Unix had learned to be secure, and was designed from the gound up with that model in mind.

      OTOH, DOS was a single user operating system, and didn't need to be secure. When viruses started showing up, they were fixed in DOS not by improving intrinsic security, but by adding on a virus-proofing package. Windows descended from that. (And there doesn't seem to have been a fresh rewrite at any point, MS PR to the contrary.)

      So Linux was designed from the start with security as a consideration. Not always a major consideration, but at leas a present one. It's been through many cycles of change and improvement, and at each step along the way, security has been considered.

      Windows, OTOH, has always addressed security via add-on programs. (Well, NT made some attempt at security, e.g., it created users that it could be difficult to get into. And admin priviledges. I admit I don't know what they were...)

      Still, in Linux security was built in from the beginning, and user interfaces was an add-on. In Windows, user interfaces were built-in from the beginning, and security was an add-on. In both cases the add-ons have gotten a lot better than they were.

      I feel that the Linux windowing environment is now on a par with Windows, or perhaps better, but that it still falls short of the Mac. I feel, based solely on news reports, that the Windows security, while improved, is still lacking.

      And to me, this is largely irrelevant. The MS licenses are so bad, that I wouldn't recommend them even if I thought that they were the best contender in all other aspects. I intend to file for retirement the day my company installs a system with Windows XP, as I don't want to be associated with any company that is either that suicidal or that unethical. (They've got to be either one or the other. Agreeing to a contract without understanding it is suicidal. Agreeing to that contract [I've only seen pieces, but that's enough] is suicidal even if you *do* understand it. The alternative is that they understand it, and intend to ignore it. [I'm not sure this is possible, but they might think that it is.] And that's too unethical for me.)
  • Tell me something that I don't already know. This is like running a story telling the world that the sky is blue, that Linux is good for business, or that linking from slashdot can kill a weak server. File this one under News For Idiots. Stuff Everyone Already Knows.
  • Upgrade Scheme? (Score:2, Insightful)

    by sdjunky (586961)
    "Microsoft has another security bulletin out on the digital certificate spoofing bug that has caused them so many problems recently."


    And in Classic Microsoft style the security bulletin notes that patches are avaible ONLY for Windows XP and NT

    95 isn't supported ( ok, I can understand that )
    98 isn't supported ( getting a little too close for my comfort )
    ME isn't supported ( didn't that just come out 2 years ago? )
    2K isn't supported ( What about people running servers? )

    Just another tactic to force people to upgrade

    With the recent change in Licensing terms and the inability to support products they've made within the past 2 years they have the gall to say that using anything else is insecure on the part of the government?

    • bullshit (Score:4, Informative)

      by tswinzig (210999) on Friday September 06, 2002 @10:52AM (#4206804) Journal
      And in Classic Microsoft style the security bulletin notes that patches are avaible ONLY for Windows XP and NT

      95 isn't supported ( ok, I can understand that )
      98 isn't supported ( getting a little too close for my comfort )
      ME isn't supported ( didn't that just come out 2 years ago? )
      2K isn't supported ( What about people running servers? )

      Just another tactic to force people to upgrade

      As someone who is actually subscribed to receive these bulletins from MSFT, I note that they sent a second revision out today. I quote:

      Reason for Revision:
      ====================
      Normally, Microsoft releases the patches for all affected products
      simultaneously, in order to provide a complete solution. However,
      exploit code for this issue has already been posted, and we are
      therefore releasing the patches as they become available, in order
      to allow customers to begin protecting their systems as quickly as
      possible.

      The bulletin has been updated to include patch availability for
      Windows 98, Windows 98 Second Edition, and Windows Me.

      Patches are now available for:
      - Windows 98
      - Windows 98 Second Edition
      - Windows Me
      - Windows NT 4.0
      - Windows NT 4.0, Terminal Server Edition
      - Windows XP
      - Windows XP 64 bit Edition

      Patches will be available shortly for:
      - Windows 2000
      - Microsoft Office v.X for Mac
      - Microsoft Office 2001 for Mac
      - Microsoft Office 98 for the Macintosh
      - Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x)
      - Microsoft Internet Explorer for Mac (for OS X)
      - Microsoft Outlook Express 5.0.5 for Mac
  • by Lethyos (408045) on Friday September 06, 2002 @10:28AM (#4206611) Journal
    Admitting you have a problem is the first step to recovery. Anybody want some more coffee!? *puffs on a cigarette* I'm gonna get some more coffee... *shakes and walks around of the room*
  • M$ giving up? (Score:2, Insightful)

    by Kakarat (595386)
    "It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."

    I thought it was Microsoft's policy to keep their mouth shut when it comes to lack of security in their OS. It just seems that after spending all sorts of money into advertising and marketing Win2k/XP as very secure platforms, M$ would rather not have a SVP in development blow it all away. I wonder how long he will last talking openly about these problems.

  • by germinatoras (465782) on Friday September 06, 2002 @10:30AM (#4206630) Homepage

    What does 'PSS' stand for in that Microsoft Knowledgebase article? [P]lease [s]top [s]niffing? ([s]poofing? '[s]ploiting?)

  • by codepunk (167897) on Friday September 06, 2002 @10:31AM (#4206631)
    We have one windows web server left that we are now converting to run on linux. Our windows web server has been compromised over 8 times in the last week. We applied every single security patch we could on the machine. We also locked every single port but 80 out at the firewall. We shut down every single service that is not necessary and stripped the site to the bare minimum, but it continues to be compromised. Yes we even reloaded from scratch 3 times still no good. Even our MCSE is now a linux convert and begging me to get it converted quick as possible.
    • by Myco (473173) on Friday September 06, 2002 @10:38AM (#4206692) Homepage
      Try changing the password.
    • Can you run apache on your windows web server? If they keep attacking, it would be interesting to see if they are hitting IIS or something else (assuming they are shitty little script kiddies).

      Another possibility is to set up a Linux box with no open ports on the same ethernet segment and sniff all traffic so that you might be able to tell how they hack you, and where they come from (at least the box they are coming from).

      But - changing to Linux is also a really good alternative. Just keep in mind that Linux itself does not offer you security, only an improved possibility of security. You will need to stay rigorously patched up, with a good firewall and a good intrusion detection system. I used my IDS to tighten my firewall whenever I found monkey business in the network traffic - with good results. The box ran without external protection or upgrades for a long time, and it was port-scanned every day. Of course, they eventually hit jack-pot at first try. Then, an IDS will only alert you that something is wrong..

      Also, whatever application you run on your web server will need to be secure.

      Remember - one vulnerability is usually enough.
  • The MS executive went on to state that, "out studies have shown that the average end buser is intimidated by security. In an attempt to find middle ground between acceptable security and just thowing sensitive information on your front lawn, we have implimented our trademark "random crash functionality" and "resource hog feature suite." Anecdotal evicence suggests that these measures will be sufficient ensure that no self respecting hacker will come near our crummy operating system.

    Furthermore, we volunteer to personally maintain an extensive database of all your valuable data, including credit card numbers, filenames pirated media files, and love letters from your high school sweetheart. Just in case.

    We graciously accept your thanks in advance. You're very welcome."
  • No really, don't laugh. Who cares how it's engineered. It's how it is supported and fixed that's crititcal. Your software forces you to make an assumption about it's reliability. So assume that MS code has low reliability and move from there.

    The real problem is that MS the vendor choses not to deal these problems with any sense of urgency or permanence. I swear it's like being forced to eat green beans and hear about starving children in Asia. Beyond some point it's hard to care or worry about it when you know that your parent doesn't really plan to deal with it.
  • It is not marketing and managment's fault that we don't push for secure code. The real fault lies with...

    Developers! DEvelopers! DEVelopers! DEVElopers! DEVELopers! DEVELOpers! Woo! Developers! Developers! DEVELOPERS! DEVELOPERS! YEAH!

  • Okay, maybe the guy's being straight. Hey, MS is populated by human beings with some sense of ethics for the most part (excluding the legal and marketing departments, of course).

    Or maybe it's FUD to push the necessity of Palladium. This is strongly hinted at by the way he whines "it never ends," as if any efforts to secure their products are pointless because hackers are so dang clever.

    Either way, this shouldn't sway anybody into the Palladium camp. MS is admitting that they have done jack squat for security, in spite of having told many, many lies to the contrary. And now they expect people to buy into their new technology for a "trusted platform?" Trust isn't bought, folks, it's earned.

    Yes, there will always be hackers (crackers, whatever, use context people). But you can't argue a complex situation (computer security) in black and white terms. One security breach a month is better than one a day. Defeatism in the face of adversity isn't exactly the lauded "Microsoft spirit."

    I'm glad to see this news. Ulterior motives or not, the truth is being spoken. But if they think they're gaining anything by scaring people, they're dead wrong. So let's just hope they're simply being honest. Hey, a guy can dream.

  • I think I have to give the guy credit for admitting to the truth. It's a lot less tedious to listen to someone telling the truth than it is someone imputing that your company's virility is related to it's adoption of .NET technology.

    What else is true?

    Unix was not immune to software not designed with security in mind. I used rsh for years. But a transition was made.

    If security is regarded as important, then slowly and inexorably Microsoft will move in that direction. Despite being a monopoly, they will respond in their sluggish way, just as they made Win2K substantially more robust with regards to crashing after everyone laughed at their early versions of NT.

  • This worries me. (Score:2, Interesting)

    by DonkeyJimmy (599788)
    What worries me about this is not that microsoft products are not engineered for security, we've all known that for years. It's that microsoft is admitting to it openly.

    In terms of marketing, Microsoft knows what they are doing, and they must believe that admitting this wont hurt their sales significantly. Has their customer base become so lowtech that the idea of insecure products doesn't bother them? Or are they simply so powerful that we (the rest of the world) can do nothing to stop them. I'm hoping that this is some kind of horrible mistake on their part, but I doubt it.

    I spoke to a microsoft engineer once about .net and he told me that they were working on developing the .net virtual machines for Unix and other non-Windows OSes, but they were specifically planning on not releasing them if .net did well, as that would force developers to use Windows. I suspected as much, but the fact that they would come out and say it worries me.
  • by geoswan (316494) on Friday September 06, 2002 @10:48AM (#4206766) Journal
    I believe that MS took a leaf from the playbook of the Tobacco industry

    There is a guy recognized as a genius in the Tobacco industry. I read that twenty odd years ago he told other Tobacco industry executives that, while they could afford to hire the shrewdest, meanest, most dishonest lawyers on planet Earth, they could only fight a rear-guard action.

    Eventually, he told his colleagues, even the meanest lawyers couldn't hold off lawsuits over the lethal effects of their product. Once suits go to trial, everything will start to unravel. We have no real defense. So, we need to plan ahead.

    His plan? Pretend to fight against mandatory warnings, but actually let them go ahead. Keep stalling on the trials -- so that when the trials happen we have a defense.

    "But, your honour, we have had to have health warnings on our products for fifteen years. The claimant can't say they didn't know our products were dangerous."

    Are Microsoft executives any more ethical than Tobacco executives?

    Nah.

    I believe that MS planned ahead too. I believe that MS has wanted to "own" the desktop, to own our computers, all along.

    Anyone could have foreseen that embedding a macro language in their data files, that was automatically executed when the file was opened, was a sure guarantee of terrible security problems.

    This was not an accident. This was a design decision. They did this on purpose. I don't believe it was a mistake. I believe they knew exactly what they were doing.

    I believed that they looked ahead, and planned to distribute insecure products, so that the could harness the publics anger at vandals, interlopers and spam artists to justify draconian security measures that we never wuold have agreed to otherwise.

    I'd like to see Gates, Ballmer and the whole filthy crew serve serious hard time.

    • Read "ShowStopper!" and then say this again. Its quite a bit more likely that the endless problems with Outlook express were NOT deliberate. The developers just wanted to add some neat features, and made the scripting language as broad and full featured as possible. In THEORY, if the virtual machine that runs the scripts didn't have big holes in it, this would be a perfectly reasonable and secure thing to do.

      Of course, the real problem with these kinds of scripts is not viruses...its behavoir the user doesn't want. Popup adds are a perfect example of that : giving a web page control of your browser merely because you visited the site was NOT a good design decision.
  • by sawilson (317999) on Friday September 06, 2002 @10:50AM (#4206784) Homepage
    This is obviously part of the groundwork to get
    the public behind palladium. Microsoft has
    consistently proven itself to be the masters at
    porting govermental public opinion swaying tactics
    for their needs. It's almost admirable. Following
    tradition, they'll produce stats and figures and
    submit them as "proof", and the majority of
    America will say "wow, we need to do this". Or,
    as demonstrated recently, they'll hint at the
    existence of proof for their "cause" and that
    alone will swing a majority of people to their
    side and give them time to fabricate it, or
    draw attention away from producing it. Microsoft
    will get palladium, and Dubya will get the war
    he wants that nobody a few weeks ago wanted, but
    now seem too want since they keep waving the flag
    hard enough and hinting at "new evidence" that
    probably doesn't exist as of yet.

    Step 1: Convince everyone that your selfish
    agenda is in their best interests in any way
    you can.

    Step 2: Pursue your selfish interests.

    Being manipulated this way is part of being an
    American. Microsoft is the most American company
    I know of.
  • M$ and Mozilla (Score:3, Interesting)

    by GreenKiwi (221281) on Friday September 06, 2002 @11:14AM (#4206951)
    Is it just me, or is their Knowledge Base using some funky shit that doesn't let it display properly in Mozilla.

    M$ Sucks. I wish that they'd use the standards instead of making their own.
    • Re:M$ and Mozilla (Score:5, Insightful)

      by WD (96061) on Friday September 06, 2002 @01:03PM (#4207783)
      The MS Knowledgebase articles do not work well with Mozilla. This is a known problem, but it's not a problem with the browser but rather their HTML code.

      A browser that identifies itself as Mozilla will get served broken HTML. (CSS with negative spacing) If you spoof your browser to identify itself as IE for example, the page comes up fine.

      http://bugzilla.mozilla.org/show_bug.cgi?id=1594 94

      Interesting, huh?
  • by gillbates (106458) on Friday September 06, 2002 @11:26AM (#4207035) Homepage Journal
    "It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."

    No, there is an end to hacker breakins. It's called an IBM mainframe. IBM has been able to sell mainframes for millions of dollars not because they are faster than PC's, or hold more storage, but because anyone who needs enterprise class reliability and security simply can't do without a mainframe. Microsoft operating systems simply are not reliable enough, nor secure enough for this task. If I so much as suggested that we migrate our systems to a PC server running windows, I would get laughed out of the conference room.

    I don't mean to troll, but Microsoft has completely missed the point. Had they set out to create a reliable and secure OS from the ground up, they might have succeeded. But their focus was on usability, not security, and it shows. If they wanted to produce a secure and reliable OS, they will need to abandon all backward compatibility, and redesign their systems from the ground up. Applying patches won't convince corporate america that you know what you're doing.

  • by evocate (209951) on Friday September 06, 2002 @11:37AM (#4207120)
    This is an obvious marketing move to position Palladium as the only way to get a secure PC. Planting the seeds of FUD about their own current line of products in people's minds, the message to consumers is clear. "We aren't going to pay for the failures of our cheap designs - you are! If you want security, you're going to have to throw everything you have away, buy all new Palladium hardware from our OEM partners, and then buy all new Palladium software from us. And no, we aren't sorry for the inconvenience; tricking you into upgrading is how we remain the richest company in America. Actually, we are quite pleased with ourselves for being able to turn an engineering fiasco into an sales offer you can't refuse." I could go on, but you get the idea. If there was ever a good time to pitch Linux as a better way to get a capable and secure PC, it's *right now*.
  • by erroneus (253617) on Friday September 06, 2002 @03:40PM (#4209102) Homepage
    ...I just generated a message to people and potential clients regarding these issues.

    The jist of it is that there are security problems that cannot ever be fixed by Microsoft with their products. If they wish to stay with Microsoft, they have to remain vulnerable until such time they release their new products which address the concern and in most cases, pay a lot of money to get them.

    Meanwhile, free solutions exist to replace the proble products and while they aren't trouble-free themselves, they do tend to get fixed much more quickly and there is no additional cost for those fixes in most cases.

    When addressing securty concerns of today, NOW is the time -- not waiting for the next generation OS and then waiting for it to be stabilized.

    One of my targets for the message was "Resident Data" (http://www.residentdata.com [residentdata.com]) which is a company that functions by serving up the results of background checks to its subscribers. (It shares sensitive and private information about individuals for money to clients.) They are PROUDLY a ",,,Microsoft Only..." shop.

    Frankly, that attitude scares the $#!+ out of me. It's all well and good to favor one product over another due to familiarity and comfort, etc. But it's utterly irresponsible to attempt to call "secure" their data when it's housed in a "...Microsoft Only..." environment.

    If the company I cite as an example is any indication of what is actually going on out there in practice, I'm genuinely frightened at how our public and private records are being managed.

    To me this is a major privacy concern and there should be an initiative that demands that SECURE STORAGE and SECURE METHODS be deployed to secure the information. If there are significant threats discovered, it should be their legal responsibility and requirement to either secure the data properly or shut down the operation until such a time that is can be certified as secure. This is not "Anti-Microsoft" sentiment speaking -- this is Privacy/Security sentiment.

    The problem is much larger than just the products -- it's how and where they are used.
  • by Dirtside (91468) on Friday September 06, 2002 @04:14PM (#4209310) Journal
    So they say, "Our products aren't secure... but our NEW stuff will be! For real! Honest!" And then Palladium comes out. And wonder of wonders, it won't be secure. And they'll say, "Oh, well, yeah, this isn't perfectly secure, but our *NEXT* generation will be! For real! Honest!" And then the next generation will come out, and it will have holes, too.

    I'm fairly well convinced at this point that Microsoft's history of poor security technologies and practices is, if not entirely deliberate, at least unconsciously encouraged. An evolutionary defense, perhaps. If products are touted as secure, but aren't really secure, and if the next generation is claimed to be the fix to all the current problems... then the average person/company will probably eat it up. Why?

    Because eternal vigilance is the price of freedom, and most people don't want to believe that. There is no magic bullet for safety or security. The only way to have anything resembling good security, is to keep working at it. The more you work at it, the better it will be. There's a point of diminishing returns, of course, and if you spend all your time on safety, you'll never get to spend any of your time doing the things that you're protecting... but if you spend no time on security, you have no right to complain when it fails. This goes for computer software, physical security, national security, whatever.

    But a lot of people don't understand that. They hear about "new, *really* secure" things, and they think, "Well, once we have that, then we'll be secure, and won't need to think about security any more!" But it doesn't work that way. It never has, and it seems unlikely that it ever will. People need to be made to understand, whether they like it or not, that the only way you can have security, is if you keep working at it. And a lot of people don't want to have to think about failures of security, and what they have to do to prevent them.

    The worst part is, no matter what you do, there's always ways around it. Before a year ago, how many people would have thought it absurd that terrorists could simultaneously hijack four airplanes and use them to entirely demolish the World Trade Center towers and severely scar the Pentagon? Surely our security was better than that?

    This is not a call to action for our country, or Linux advocacy, or whatever. I'm just trying to analyze why it is that Microsoft can keep getting away with this. I think the main reason is that when Microsoft says things, people believe them, even when what Microsoft says is the same known lies they've been saying for years. Why do they believe? Because human denial is an immensely powerful force. And Microsoft knows it.

"Pascal is Pascal is Pascal is dog meat." -- M. Devine and P. Larson, Computer Science 340

Working...