Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Microsoft

Microsoft on Security: We'll Break Your Apps 609

Posted by michael
from the windows-ain't-done-while-competing-apps-still-run dept.
jointm1k writes "Wired.com is running a story about how Microsoft is trying to act responsible and all by fixing (or trying to fix?) many (if not all) security holes in Windows. Not only new versions of Windows will be patched or improved, but as I understood they also plan to force security updates for older versions of Windows down peoples throats. Even if that means that some applications will mallfunction. Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."
This discussion has been archived. No new comments can be posted.

Microsoft on Security: We'll Break Your Apps

Comments Filter:
  • by somethingwicked (260651) on Thursday November 14, 2002 @09:39AM (#4667958)
    .

    Brian-"There's just no pleasing some people"

    Beggar-"That's what Jesus said, sir"

    • by FortKnox (169099) on Thursday November 14, 2002 @09:47AM (#4668035) Homepage Journal
      Amen, brother!

      Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."

      I mean, come on. When they do something right, you just GOTTA change it around to make it a negative. And you wonder why MS is after Linux, right? Who's being childish now?

      I'd really like to know how many lines of code the submitter even wrote if he is naive enough to think that MS architects would design the perfect OS from the start.
      • by pohl (872) on Thursday November 14, 2002 @10:00AM (#4668138) Homepage
        I'm torn on this issue. After years of trade rags ignoring well-designed alternatives in the marketplace and failing to do anything besides sucking Microsoft cock, I still find it refreshing when slashdot, a mere weblog, pulls out a headline with sardonic spin. I also find it amusing that people feel the need to rush to the defense of Microsoft. Seems as silly as protecting god with a sword.
        • by Anonymous Coward
          as silly as protecting god with a sword

          More like protecting a snarling pack of wolves with a duck.

        • by GunFodder (208805) on Thursday November 14, 2002 @02:25PM (#4670820)
          The trade rags may be sycophantic pole-smokers, but I'd like to think the Slashdot population is more fair than that. We have been kicking Microsoft square in the nuts about their lack of security for years now, so does it make sense to flipflop and start kicking them for taking security seriously?

          Now if the article was more like "Microsoft breaks apps to implement security, offers expensive upgrades" then we could continue kicking M$'s family jewels guilt-free.
      • Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."

        I mean, come on. When they do something right, you just GOTTA change it around to make it a negative. And you wonder why MS is after Linux, right? Who's being childish now?
        Yeah, and now Micro$oft can also force those "security" updates onto *nix systems as well, oh oooops our "security" update is incompatible with Samba, you'll just have to upgrade to WindowsXP and deal with product activation and force DRM down your throats. I'm happy with my Win 98 on my P2-450 with IE4. I don't need your IE6 with DRM auto-updates
        • by Mortanius (225192) on Thursday November 14, 2002 @10:40AM (#4668505) Homepage
          I hear this argument time after time, regarding MS and Samba. I'm curious to hear someone say why they feel that Microsoft is obligated to maintain interoperability with Samba. It's an MS-owned technology, the specs to which aren't terribly open in terms of what's coming down the 'pike. While Microsoft is no doubt aware that Samba has become a rather integral part of many computer users' experience, both in Linux and now OS X, it's acting as something of a rope around their neck; if they wish to implement any major changes to their file sharing protocol, samba likely would be unable to operate properly with it, requiring MS to keep a certain level of backwards-compatability in the protocol if they wish to not alienate these platforms (granted, they probably don't care a whole lot about alienating Linux users, but the OS X market may be more lucrative to them.)

          In a perfect world, operating systems would be perfectly interoperable. 100% compatible operating systems don't (given less than a minute of thinking, at least) strike me as a very lucrative market. Why buy a particular OS when you can do the same with the others?

          And, to continue my downward spiral to flamebaitdom, let's address the "...and deal with product activation and force DRM down your throats." What is the big deal about product activation? You fill in the form, which only asks you what country you're from (the rest is purely optional, at least on my install CD's) and hit the submit button. That'st he end of it. I've installed WinXP on two desktops and one laptop with this CD and haven't had the MS storm troopers come knocking on my door yet. As for the DRM technologies, so far I have felt no impact from them. While it does apparently exist in Media Player, there's a simple solution around that, don't use Media Player to rip your CD's. I use this marvelous little program called CDex [n3.net] that does a one-stop rip from CD to MP3, Ogg, or any number of other formats. All DRM-free, plays on any computer with the proper codecs. Windows is not forced DRM-land yet, and personally, I doubt it ever will be. Right now we're hearing scares from the 'for the people' organizations about how horrible the future will be and that all this is being pushed through the system without opposition. Believe me, the instant the average consumer is impacted negatively by this, the backers of whatever measure that struck a nerve will be forced to back off.

          Good day.
          • by cscx (541332) on Thursday November 14, 2002 @10:55AM (#4668617) Homepage
            I think you can turn DRM off in Media player. I also think the whole purpose behind it is so if you wish, you can keep people from stealing your music.
            • if you wish, you can keep people from stealing your music.

              For now, you can turn off DRM. How long will that last?

              As for your theory on keeping others from stealing your music, I doubt that was the intent.

              From what I can tell, it was formualated out of hopes that the media cartel would be able to feel comfortable selling songs online to users.

              Microsoft knows that Windows Media Player fights a battle on many fronts, from Real to QuickTime to free alternatives. Knowing this, they hoped that they could sell the idea of online media protected with DRM to those who stand to gain the most from it.

              In a perfect world, DRM would be a choice, the RIAAs and MPAAs of the world could pawn their crap off to willing cutomers, and nobody would complain about the existance of MP3, OGG, and DivX.

              Unfortunately big Media wants DRM to be obligatory and Microsoft wants to run the digital information arena. They both have something to gain from it, so to hell with the wishes of the users.
      • Okay,let's be serious for a moment, guys. There was this week when you had 10 stories from new planets being discovered that probably would lead everyone to "rethink what they know about the universe". Then you had the week of nonsense "ask slashdot" questions. Now we're getting to a point where Slashdot is ceasing to be "News for nerds" go turn into a MS bashing forum. I mean, from "News for nerds" to Linux advocacy to MS bashing, what is this turning into?

        Can't you guys be scientificaly honest? These are complex subjects and it's not a question of "wanting" to design a good OS, it's a question of complexity in designing a good OS. Or are you guys just trying to look cool to your friends with that 'anty-MS' stance? Take a look ate the usage logs on Slashdot visitors' OSes. Then come back to tell me that the vast majority is at work and is forced to use Windows. I'll just laugh

        I would gladly pay a disuation fee to discuss on slashdot. Wasn't there an ideia like that sometime?


        • by LordSah (185088) on Thursday November 14, 2002 @06:10PM (#4673005)
          When I first started visiting Slashdot, the articles were much more geek-friendly and much less anti-Microsoft. In the 3-4ish years I've been reading Slashdot, it's definitely seemed that it's devolved into a MS bashing forum.

          One or two Microsoft stories are published everyday, no matter how insignificant the news is. Even if the news is a good thing, typically the submitter of the story puts a negative spin on it (like today's submission). Of course everyone jumps in and bashes away, not only at Microsoft, but at anyone who tries to speak positively about Microsoft. It doesn't do well to encourage intelligent discussion--anyone who is happy using Microsoft products and speaks up about it around here quickly becomes bitter and defensive. Or they leave.

          Slashdot nowadays is quite similar to the media in the middle east. My grandfather lived in Dubai for 8 or 9 years, and he was amazed that the newspapers had an article about "The Jews" on the front page, every day. The Dubai media never referred to Israel. "The Jews" were always killing Muslim children, subverting the government, doing-random-very-crappy-thing, etc. The media was breeding hate among the people.

          The big difference between Slashdot and Dubai is that the Dubai government was intentionally making people hate to distract them from shady things it was doing, and Slashdot's de-evolution is (probably) not intended. It definitely seems that the editors have got some bug up their ass about Microsoft, but I think they're just publishing what kicks up the most response rather than trying to fan the flames.

          I think it's because Slashdot has become the epicenter of a pro-linux geek subculture. In this subculture, it's cool to hate Microsoft. Folks want to fit in somewhere, so they come to Slashdot and bash Microsoft.

          Linus said in this interview [bbc.co.uk]:
          "I've tried to stay out of the Microsoft debate. If you start doing things because you hate others and want to screw them over the end result is bad."
          I don't think he hates Microsoft. He likes Linux.
  • by Voytek (15888) on Thursday November 14, 2002 @09:39AM (#4667960) Journal
    Is that the new niche for software designed for teenage girls?
  • by tylerdave (58777) on Thursday November 14, 2002 @09:40AM (#4667969) Homepage
    Assuming Microsoft does actually want to clean up their act, which I'm highly skeptical about, it seems that they'd be criticized for forcing updates just as much as they would for not trying to make adoption of the updates widespread.
    • Why wouldn't they want to clean up their act? I'd imagine that this will lead to their *loyal* customer base always jump for their latest and greatest releases. New Windows, new apps, new everything, all ready for Palladium!
      • This has actually been their tactic all along. They always market the latest release or upgrade as fixing so many of the problems from before. When I used to be a network admin I hated getting the question from management, "Have we looked in to the new release from MS, think it will fix that problem we've been having?" I can only think to my self that no it will not fix the keyboard he dropped coffee cake in to.

    • Assuming Microsoft does actually want to clean up their act, which I'm highly skeptical about, . . .

      Ok, lets be realistic here. When it comes to security, I don't think there's a question of whether or not Microsoft wants windows to be secure. The question is, are they able to make it secure.

      You can argue that MS is evil due to their business practices. You can argue that they are incapable of producing anything other than bug riddled, insecure pieces of bloatware. But lets get real. It's not like they intentionally put the security holes into their products just to hurt their users. All of this makes for extremely bad press and I'm sure MS would like nothing more for it to go away.
      • The only thing MS "wants" is to increase revenue. Secure systems are typically less friendly. Therefore, until now, MS has not wanted thier systems to be secure.

        Now, the flak from Nimda, melissa, et. al. have begun to impact thier market share (or thier internal analysts believe the market will follow that trend), and they have started to give lip-service to security.

        But they still can't alienate that customer base they spent 20 years numbing into ignorance. Will we see real security? Not for long time. Will we see secure "wrappers" around the inherently insecure MS offerings? Yes, but I guarantee there will be ways to disable them immediately if it impacts revenue.

        BTW, there's nothing wrong with a company's management considering market growth and revenue when making decisions. Decent people do, and temper it with service to the greater community, morality, and improving the lives of thier employees and customers. MS operates as though all of those issues are served by the marketing department.
    • A loyal, educated, trusting customer base wouldn't need a shotgun forced to thier heads to make them apply patches.

      People don't apply MS patches because a) They were told the OS was perfect when they bought it, or b) they remember the last patch, the one that made the office unbearable for two weeks, or c) They've been burned by the MS upgrade licensing cycle enough times that they'd rather hope for the best than volunteer for the worst.
  • Whiners (Score:5, Insightful)

    by Profane Motherfucker (564659) on Thursday November 14, 2002 @09:41AM (#4667971) Journal
    Microsoft fixes problems: you bitch because it breaks shitty apps. Microsoft doesn't fix problems: you fucking bitch because it doesn't fix problems.

    Now the submitter claims that "they should have fixed them when they designed Windows." What kind of fucking bullshit logic is this crap? Do we piss and moan that Linus is a stupid mangina because the virtual memory in the early 2.4 kernels was fucking trash?

    Get with the fucking program: MS isn't *all* bad, and they are not 'forcing upgrades down people's throats." It's still your option to have a shitty, fucking security hole laden sloth of an OS.

    • Re:Whiners (Score:2, Insightful)

      by Anonymous Coward
      I couldn't agree more. It's very for the /. crowd to sit back, feel superior, and snipe at Microsoft, when most of the people here aren't even developers. And I'd bet that those who do write serious code (50-lines scripts don't count) have almost no real-world experience with trying to please a mainstream market. Just look at Linux with its 1% desktop market share for proof of how hard it is to address this segment.
    • It reminds me of yesterdays discussion where people flamed a guy for wanting to move away from MS SQL Server, since he was currently using MS products they weren't gonna help him move to OSS. Great use of logic there.

      My point is, zealots spreading FUD and being assholes hinder OSS more than MS ever could hope to achive.

    • Re:Whiners (Score:5, Insightful)

      by photon317 (208409) on Thursday November 14, 2002 @09:58AM (#4668122)

      Oh it's on now :)

      We're bitching because their extremely late fix breaks non-shitty apps that were coded to the best of coders' collective abilities with the docs and design microsoft presented at the time.

      "They should have fixed them when they designed Windows" is no bullshit logic. Many of Microsoft's security problems are not simple bugfixes, they are serious design flaws, which are irrepperable without breaking userland in bad ways. Nobody "moans that Linus is a stupid mangina because the virtual memory in the early 2.4 kernels was trash" because it got fixed without changing the interface to userland, so it didn't break anything to fix it. The overall big picture of linux's VM design from the apps' point of view was correct all along, there were just implementation bugs in early 2.4 that got fixed later.

      Get with the fucking program: MS IS all that bad, and they *are* forcing upgrades down many user's throats because of the way updates, the EULA, and customer legal obligations interact.

      I will agree with you on your last sentence though.
    • Re:Whiners (Score:3, Funny)

      by walt-sjc (145127)
      they are not 'forcing upgrades down people's throats.'

      You must not have read the new EULA's.

      But your right. MS is not all bad. Just mostly. :-)
  • by Anonymous Custard (587661) on Thursday November 14, 2002 @09:41AM (#4667972) Homepage Journal
    It sucks that Microsoft will be forcing patches, but in the end it would be better if the result is fewer DoS attacks, and fewer compromised systems.

    But shouldn't 3rd party application designers be held similarly responsible for relying on these holes in their programs, and release patches of their own to avoid problems, possibly through Microsoft and bundled with the windows patch?
  • Designed (Score:4, Interesting)

    by Anonymous Coward on Thursday November 14, 2002 @09:41AM (#4667977)
    Well, we know a lot of things at that time were not built for security, like our friend the Internet. DOS has no concept of security because such things require a footprint that 80086s simply don't have room for. Windows 9x has no concept of security because such would break all DOS apps, which would have been business suicide back in 1995. Windows NT at least has a pretty solid foundation which extends to Windows 2000. Removing extraneous services would be a good thing. Nice to see IIS not installed by default on Windows .NET Server 2003 (virtually nothing is.) Perhaps they'll fix the "Shatter" attack too by shutting down using Windows Messages as IPC, at least below the WM_USER band, or even perform security checks prior. Oh well, there are a lot of things they can do, and although some legacy apps may break (and most that would already have,) it's ultimately for the best.
    • Re:Designed (Score:3, Interesting)

      by Insightfill (554828)
      Good point. When Win 95 hit the scenes, the goal was primarily backward-compatibility with the existing Windows and DOS apps, and easy networking. Consumer and small business Internet wasn't even a glimmer.

      As they moved forward to later versions of Windows, they were willing to let some, but not all of the backward compatibility slip. However, as the Internet came along, they seemed to have become more concerned with delivering functionality over security - does email really benefit from a scripting language IN the message content?

      The goal for the early Windows designs however, had always been about the "isolated" consumer and small business, while the *NIX implementations were looking at shared user environments and workspaces, and had the horsepower to enforce them. The amazing fact that Linus T. managed to shoehorn a *NIX implementation into a cheap x86 box was also largely a testament to the platform had grown beefy enough to handle it.

      • Re:Designed (Score:4, Insightful)

        by afidel (530433) on Thursday November 14, 2002 @10:26AM (#4668379)
        Not sure how many times I have to post it, but YES Outlook does benifit from scripting. Your company may not use the features but many do, including some of Microsoft's largest customers. Some companies have entire verticle platforms built around the exchange/Outlook combo. For instance one insurance company has a field rep's form that they launch at the scene and fill in details, then when they get to a network connection (home VPN or office) Outlook hooks up and send the email. Then based on rules embedded in the form email it is either routed to the check writing people or sent to adjusters/fraud inspectio/ whatever other department for a further look. And on Linus shoehorning unix onto x86, what are you smoking? Linus made Linux because he could not afford a commercial unix on x86 implementation. Linus was not the first to have a working unix on x86, they have been there since the 286 launched.
      • Re:Designed (Score:3, Interesting)

        by mesocyclone (80188)
        Microsoft finally took the big step towards *kernel* security with XP, where they forced everyone out of the DOS mode. As I understand it, with XP an application there is a kernel between all applications and all hardware (perhaps with the exception of video buffers). This is the *first* thing necessary for security, and was something Microsoft wanted to do earlier but was forced by demands for backwards compatiblity to leave the DOS hooks in to 95 and 98.

        But kernel security is only a small piece of the problem. Most modern virii and trojans operate strictly in the applications domain - they don't need to touch any kernel files or memory in order to do their nasty work.

        Microsoft adopted the COM mentality a long time ago. And it was a very good concept - it introduced componentized software for the first time into a large scale market (see caveat below). But unfortunately it was done without regard for security, with the result that any old script can use COM (or whatever the marketing droids call it this year) to control dangerous software (such as outlook). So on the one hand we have a very nice software concept, implemented by the largest OS supplier; but on the other hand we have a great increase in security holes.

        Microsoft also did not until recently pay enough attention to the security monster they had created. In fact, it is very hard for them to do much at this point without breaking their nice paradigm. They can patch holes in network connected middleware and systems software (for example, exhaustively searching for buffer overflows cuased by careless C/C++ programming). But stopping users from executing viral scripts is much harder.

        A couple of asides...

        I discovered, by accident, that anything that windows considered executable can apparently be binary code! For example, a .pif file, which should be a specific set of instructions to run a program, can apparently itself be executable and Windows will blithely execute it! Same with .bat! This is beyond dumb, and I cannot imagine what they were thinking.

        Regarding COM. COM is a neat idea. Unfortunately Microsoft apparently became so enamoured with it that they just ignored another extremely powerful and much older concept for componentized software: command line execution of everything, with pipes (filtering), and with character (ASCII) formats for almost all files. This is the UNIX model and is a very nice, simple abstraction that beats the pants off of COM for many, many things. As one who uses Windows2000 as a primary desktop, with Cygwin as a primary software development platform, I really appreciate having BOTH models, and really get disgusted with the lack of scriptability for most Windows utility, and the cryptic, bloated binary file formats that most Microsoft software use for configuration and simple data storage.

  • Damage control. (Score:5, Insightful)

    by Martigan80 (305400) on Thursday November 14, 2002 @09:41AM (#4667979) Journal
    That is all this is really. After reviewing their recent papers about how to shift business tactics and the threat of open source; it makes sense they would try this next. Maybe they took a moment, and looked at the tests themselves. Or this is a follow up to the $400M they gave to India?
  • What? (Score:5, Insightful)

    by clinko (232501) on Thursday November 14, 2002 @09:42AM (#4667983) Homepage Journal
    Yeah, your right. Microsoft should have written every line perfectly like every line of code you ever have written.
  • Microsoft Vs. Linux (Score:3, Interesting)

    by coryboehne (244614) on Thursday November 14, 2002 @09:42AM (#4667986)
    Well it looks like they might actually finally have the right idea as to how to compete with Linux,,, although they might have a few details a little skewed from what I would consider ideal, they seem to be heading in the right direction. Good to see that Microsoft might actually be listening to their customers finally.

    Disclamer: Yes, I do love Linux, no I do not hate Microsoft, as a matter of a fact I am a .Net developer so this is of a much greater importance to me than it is to most.
  • Say that again... (Score:3, Insightful)

    by cOdEgUru (181536) <cherian.abrahamNO@SPAMgmail.com> on Thursday November 14, 2002 @09:43AM (#4667990) Homepage Journal
    they really should have done so when they designed Windows

    Bugs (*aheam* features) and Security flaws are not intended to be part of the package. They happen because of bad design and bad coding practices and bad decisions. And no matter how hard you try (and try as you may even in the case of Linux) its impossible to do so during the design or coding time.

    I would applaud this effort to force it down the throats of customers (atleast it would reduce the number of vulnerable servers sitting out in the open), but it goes only as far as any user would want to.
  • Not Correct (Score:5, Interesting)

    by CharlieO (572028) on Thursday November 14, 2002 @09:43AM (#4667992)
    I read the same story at The Register [theregister.co.uk]

    The editiorial is innacurate and opinionated.

    They are actually giving up on trying to secure older products.

    And they are stating that for new security fixes on current products they are now putting security as a higher priority than not breaking the apps.

    So rather than provide the security turned off, in the hope that some MCSE will turn it one once the app has been patched, the security is on even if the app breaks.

    Now, regardless of the anti M$ feelings, this has got to be a good approach.

    Yes you can read it as "Hear comes DRM, suck it down" or you can read it as "Secure by default really does matter, becasue we know 95% of users never change from the default settings" - the latter approach is taken by Suse in 8.1 and I don't see /. attacking them
    • And you are surprised? The Register is notorious for being inaccurate and opinionated. They write stories that are 1/3 each facts, opinion, and rumor. Its like reading The NYT, slashdot and fuckedcompany all in one!

      siri

  • by totallygeek (263191) <sellis@totallygeek.com> on Thursday November 14, 2002 @09:43AM (#4667994) Homepage
    Not that I am siding with Microsoft, but to play the devil's advocate, other companies are guilty of the same disregard for what third-party software will break due to OS patches. To date, I have not installed a Novell Netware service pack without jacking-up some other software (ADS, Arcserve, NAV, etc).

    There is a bigger problem out there -- laziness. Microsoft and others have made security patches available that admins simply do not install. If they did, the world would be a better place. I mean, I still get tons of Code Red hits on my web server. Patches have been available for that for....how long?!?!?!

  • Silly aside (Score:4, Insightful)

    by aborchers (471342) on Thursday November 14, 2002 @09:44AM (#4668000) Homepage Journal
    Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows
    This is a really silly aside. If we waited for software to be perfect before designing/releasing it, we would never have any software. Design flaws are part of the process. How they are fixed with minimal technical and insult to the users is what is important. IMO, the real reason to slag MS is for changing the license terms in exchange for a security patch!
  • for christsake (Score:4, Insightful)

    by avandesande (143899) on Thursday November 14, 2002 @09:44AM (#4668006) Journal
    but they really should have done so when they designed Windows

    What os didn't need security fixes after it was released?
    • That's not the issue---it's just fine that they're releasing security fixes. The issue is that the OS is so borken that security fixes can't be made without breaking applications.
  • by muffen (321442) on Thursday November 14, 2002 @09:45AM (#4668009)
    but they really should have done so when they designed Windows.

    I think you have to remember that Microsoft used to put functionality before security. There is a tradeoff between functionality and security. For example, do you allow mailing functionality within the VBS language and the macro language? There is a reason why there are over 20 worms that can spread using MSN messenger, and none that can spread using Yahoo messenger.

    However, times change, and people change. Now people put security before functionality. Microsoft is just going with the times...
  • by gaff1 (67478) on Thursday November 14, 2002 @09:45AM (#4668020)
    I think it's a noble effort on Microsoft's part, but if you've ever developed large applications you know that security cannot be an after thought. It's been my experience that unless you design security in from the very begining, it's almost impossible to make it truely secure. Security has to be part of the foundation not a layer higher level layer.
  • by Daniel Dvorkin (106857) on Thursday November 14, 2002 @09:45AM (#4668021) Homepage Journal
    Craig Mundie, who oversees the company's Trustworthy Computing initiative, told an audience Wednesday that in response to the threat of terrorist cyberattacks, Microsoft would deploy security fixes to its installed base of hundreds of millions of computers worldwide in the coming year -- even if those fixes break applications in use by customers.
    Funny, I don't see Sun or IBM or Oracle or the Apache people -- who between them are responsible for a hell of a lot more of the nation's critical computer infrastructure than Microsoft -- going all nuts over security since Sept. 11th. Why, those unpatriotic scum! They must be terrorists themselves! Report them to John Ashcroft immediately! And remember to buy only Microsoft(r) products ... or the terrorists will have won(tm).

    Let's roll.(tm)(r)(c)
  • Microsoft: We'll break your apps!

    App developers: And just exactly how is this different from Windows as it stands now?
  • God dammit! (Score:4, Interesting)

    by bmetz (523) on Thursday November 14, 2002 @09:45AM (#4668029) Homepage
    I am so sick of this revisionist, 20/20 hindsight, why-isn't-microsoft-perfect bullshit! Do you know how many applications written by blithering idiots they've had to keep working? I've heard tons of horror stories directly from friends at MS about the hoops they go through to keep COMPETING SOFTWARE from breaking. Yes, MS employees really do sit around figuring out how to keep Wordperfect from crashing.
    • Re:God dammit! (Score:3, Interesting)

      by coryboehne (244614)
      LOL, you really have a fine point there, it's obvious that some software may have a few issues that will cause it to work in unexpected ways/not work at all. This is not something that cannot be fixed by whomever owns/writes said software. If Microsoft is putting forth this kind of effort to ensure security through some other method than obscurity then I say GREAT! And of course Microsoft wants to keep competing software vendors products working, after all, the main reason windows has captured the market share that it has is mainly due to their large base of 3rd party software and business apps (competing or not) If they were to alienate this valueable resource they would be crazy, as it is largely due to this base that they are so successful. And yes, when you're dealing with a product that is millions of lines of code long there are always going to be problems when trying to do anything... My current project that I'm working on is only about 50,000 lines of code (one developer, namely me) and I can tell you that once in a while when I go to change something that seems fairly menial I can cause myself more headaches that you can imagine (although this doesn't happen often, it does happen). So thank Microsoft for at least showing that they DO care, thank you. :)
  • What about their recent anti-piracy efforts?

    Windows XP sp1 locked out WinXP installations using stolen keys from using WindowsUpdate or applying patches.

    Will this new initiative reverse that practice?

    Remember, it won't matter to most people if a Windows installation was pirated or not when it's the one being used as a DDoS zombie, spewing out viruses over SMTP, or something similar ... just that it is Windows.

    (Btw: Plz 2 mod as +1 Insightful)

  • by blackcat++ (168398) on Thursday November 14, 2002 @09:48AM (#4668053)
    There is another side-effect: Just think of an update that does not only fix two recent security flaws, but also implements incompatible changes to the CIFS/SMB protocol. All users of MS Software are forced to upgrade, so there won't be any interoperability issues. But all those Samba File/Print/PDC installations across the world are suddenly broken.

    And Samba is just a randomly picked example.
  • That windows just doesnt seem like it was designed to take on improvements. It seems like every new "security" update only brings more problems. What they should be doing is sending out more release clients to testers before they release the next completed version of software to the public. Before they make their next release they need to DEBUG DEBUG DEBUG and grab a much wider variety of people willing to test their stuff. If their aim is really to "protect" the end user, then this is what they should have been doing all along.
    • [troll]

      windows just doesnt seem like it was designed to take on improvements

      How many software projects as large and mature as the Windows code base can you name that are not terribly brittle? It's hard to create code that is extensible and maintainable.

      When Win2K was being developed, peoples concerns were crashes and reboots, so they focused on that. Now concerns are centered around security. I'm no lover of M$, but it seems to me they are listening to their customers.

      [/troll]

  • by RichMan (8097) on Thursday November 14, 2002 @09:50AM (#4668067)
    One of the main arguments buisnesses have been using against looking for Linux solutions is that legacy applications (of the windowsNT/95 variety) must be runnable. Now with Microsoft saying that they may not support all legacy code this is removing one of the last barriers stopping some companies from looking at Linux.
    If a company is looking at redoing an application for the windows base it may just be easier for them to make it work with WINE than with the new windows code base.
    I am sure Microsoft is aware of this. There must be some really big holes they are going to close with action or they would not consider dropping the support for legacy applications.
  • by Multiple Sanchez (16336) on Thursday November 14, 2002 @09:50AM (#4668074)
    Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows.

    Next you'll be criticizing the quality of the beef at McDonald's.

    Most Americans want to surf the web, download MP3s, and spend $2500 to watch the Matrix DVD on a two hour flight, and they'll pay the same amount for Windows whether Microsoft makes it secure, or not.

    Bill Gates is a smart business man. Microsoft is a successful business. As such, the $ is the bottom line. Analzying their products from any other perspective is a waste of time.

  • Enough! (Score:5, Insightful)

    by Psarchasm (6377) on Thursday November 14, 2002 @09:52AM (#4668084) Homepage Journal
    Microsoft is doing the right thing.

    Every vendor Microsoft, Apple, Sun, Red Hat, Debian can create an incident where a patch breaks a vendors application.

    I've personally seen it happen with 4 out of the 5 vendors already. Deal with it. AFAIK there is still no forced patching. Your OS doesn't just up and DIE if you decide not to patch your OS because you are aware that patching will create problems for you.

    On another note - Certainly Slashdot leans a little left politically and leans a lot toward "open solution" computing but everything about this story just reaks. "windows-ain't-done-while-competing-apps-still-run dept." -- GIVE ME A BREAK. If that were the goal, Microsoft would quickly be driving itself out of business. "... but they really should have done so when they designed Windows" -- again, who are you trying to fool here?? The same argument could be said for every operating system in mass production use today.

    Give it a rest. Your just starting to look foolish now.
  • Pulitzer (Score:5, Funny)

    by timothy_m_smith (222047) on Thursday November 14, 2002 @09:52AM (#4668089)
    I'm wondering if the Pulitzer Prize committee is reading Slashdot because this post should be highly considered. Look at the following quotes:

    ...Microsoft is trying to act responsible and all by fixing...
    ...they also plan to force security updates for older versions of Windows down peoples throats...


    Hopefully we can look forward to more posts containing phrases like "I reckon" and "Y'all" to appear on Slashdot soon. Not to mention that there isn't even anything new in this post at all that has been discussed ad nauseum on Slashdot already.
  • by EnlightenmentFan (617608) on Thursday November 14, 2002 @09:53AM (#4668093) Homepage Journal
    I'm surprised Wired doesn't link to the online MS press release [microsoft.com]. In it, Craig Mundie, Senior Vice President (Advanced Strategies and Policy), flags two planned changes that will affect Microsoft TCO.

    First of all, one of the big selling points of Wintel is that you have a wide choice of software. In the future, however, Mundie says that you can expect your old apps to be broken.

    "We have decided that we will begrudgingly forsake certain app compatibility things when, in fact, they don't allow us to have a default configuration that opts for more security. In the past, the biggest thing that happened to us was IT managers would come to the company and say, hey, all those new features, they're great, all that new security stuff, that's great, but whatever you do don't break my app. So just turn it all off and trust me, we'll fix the apps and then we'll turn it all on. And the reality is that never happened.

    And so we're going to tell people that even if it means we're going to break some of your apps we're going to make these things more secure and you're just going to have to go back and pay the price."

    Notice that they're breaking your old apps not so they can sell you new ones, but purely in the interest of your security, and furthermore it's your fault they have to do this.

    The other point Mundie makes is that, even after they sell you the new OS and the new apps, any security needed will be your responsibility, at your expense.

    "And the other thing is that the customers, whether they're individuals or corporations, are going to have to make a decision about when and how much they spend to get these machines to be more secure. And to some extent you can do it by insulating them, to some extent you can do it by putting things around them or in front of them that protect them, you know, firewalls in some sense. And then in some cases, you can just replace them when you get new machines or new software or both that have intrinsically better capabilities."

    Thanks, Microsoft, I'm glad you're looking out for my interests.

    • What are you, nuts? Referring to actual sources of information in your comments??? :)

      I think his use of begrudgingly is mildly amusing. The word suggests envy or ill-will towards another person, in its common usage.

      By contrast, I was impressed by Apple's maintenance of backwards compatibility for the longest periods. My 15 y.o. dumb little CS apps still run fine without any sense of "emulation" going on, and as they went from 16-bit to 32-bit and other advances,, for the most part the only apps that broke were the ones that flouted the programming rule set out in Apple's detailed manuals re API and such. Now they seem to be honoring this a little less (OS X obviously is a big step), but I thought that was cool. Maybe the little fish just has to be more polite.
  • by epukinsk (120536) on Thursday November 14, 2002 @09:54AM (#4668103) Homepage Journal
    "We didn't just fall off the turnip truck a year ago and realize we needed to do this, We started thinking about this three years ago."

    Microsoft didn't start thinking about security until Windows 2000 was a release candidate?

    Software Engineer: Uh, Craiggers... I just heard some disturbing news.
    Craig Mundie: Don't bother me now, I almost beat Bill's fastest time on Minesweeper.
    SE: Well, it's just that Joe apparently didn't design any security infrastructure into Windows.
    CM: Security what?
    SE: Well, remember when I was telling you about how "hackers" can very easily get information on your computer?
    CM: What, like that Stellman fellow and his hippie freedom shit?
    SE: Not really.
    CM: Well, if you think it's important, I'll have Bill send a memo out about it.

    "Trustworthy Computing, a sweeping overhaul of Microsoft's software, business models and programming practices, was publicized in January [of this year] by a company-wide memo from Microsoft chairman Bill Gates."
  • by nanojath (265940)
    "Microsoft's security honcho has a message for Windows users: Let's roll."


    AAAARRRRRGGGGHHH! You know, people went DOWN in that freaking airplane, went down and smashed into the ground and died and burned up. And I am SICK TO DEATH of now hearing the phrase used to hawk and shuck and promote every kind of consumeristic bullshit and political jingo. Can we pass a consititutional provision to the First Amendment that you aren't allowed to use the phrase "Let's Roll" in public unless you're actually about to confront terrorists on a hijacked plane?

  • by RAMMS+EIN (578166)
    ``Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows.''
    I agree. They really should have designed Windows better. Or maybe they shouldn't have designed it at all, but just followed POSIX. _That_ would have made programming so much easier (especially cross-platform, but also just for Windows - win32 API is cruft)! Plus they would have gotten all the good security they are now still trying to get with Windows NT and XP. And it's not like they don't know that stealing well is better than inventing badly.
  • PPRR (Score:4, Insightful)

    by Docrates (148350) on Thursday November 14, 2002 @10:01AM (#4668140) Homepage
    I hope everyone realizes that they're doing this for PR purposes. Right now there are lots of government that are trying to get away from MS products so that they don't put all their information in the hands of an American Company. Also, this is one of the main selling points of OSS vs. MS. As soon as they feel people aren't paying that much attention to security, they'll back away from "cumbersome nuances" like security

    I'll buy it that they really care about this stuff when they start building software over previous security-related experience, and I'm not talking patches here, I'm talking OS re-writes based on what works and doesn't security wise.
  • ONce Again (Score:4, Insightful)

    by Quill_28 (553921) on Thursday November 14, 2002 @10:01AM (#4668143) Journal
    >but they really should have done so when they designed Windows.

    No they shouldn't have. Can you imagine the problems with Windows 95, if they would have put tight security on it.
    Inexperienced computers users would have throw their hands up in frustration(why can't i install this program!, why won't the printer install! I forgot my password) why do i have to add a new user).
    Most people just want to get e-mail, surf the web, run quicken. As users starting demanding more(functionality, security, stability) they will switch to a different OS, or MS will have to improve. Which it seems they are trying.

    Windows has plenty of room for improvement, but statement seems a bit of a reach.
  • Hey! Look on the bright side, it gives us sys admins/IT/IS/techie guys job security!! :-D

    Boss: I hate to say this to you, but due to the recent economical slump.. I'm gonna have to let you go..

    Worker: Boss! Boss! Something happened to all the computers! The database client isn't opening up!

    Sys Admin being laid off: You were saying.. ;-)
  • by The Evil Couch (621105) on Thursday November 14, 2002 @10:02AM (#4668156) Homepage
    that got slashdotted yesterday [slashdot.org]

    With that new law, companies would have to report hacks of systems. If MS fixes as many holes as they can before this new law can get swung around, the public won't find out how vunerable they are by using their OS.
  • How about 1% ? (Score:3, Interesting)

    by trveler (214816) on Thursday November 14, 2002 @10:03AM (#4668160)
    I thought the most interesting quote from the article was near the end:

    "... slides also showed the surprising results of automated crash reports from Windows users. A mere 1 percent of Windows bugs account for half of the crashes reported from the field."

  • Misleading... (Score:2, Interesting)

    by ifoxtrot (529292)
    There are many problems with this approach to security, as well as a few potential benefits.
    Starting with the benefits:
    1. Patches in their current form do not work very well as sysadmins don't tend to keep up to date as much as they should. (Windows Update is an attempt to address this. Success is arguable...). Forcing people to install patches "Plugging those holes, he said, would require not just rolling out new versions of Windows, but forcing security fixes onto users of older Windows versions, which he claimed was 30 to 40 times larger than the installed base of current versions" would definitely address this.
    2. This would make a lot of currently running, older microsoft machines more secure

    On the bad side now:
    1. You are forcing people to act in a way that might cause financial damage to them (breaking existing applications), and which might be unnecessary. There is no such thing as blanket security, it's all rather individual. (If someone is running an in-house webserver for their private intranet, patching the OS will not stop the people who might want to damage this as the probability is that they're also working for the company.)
    2. This kind of approach is misleading as to the total security of the system. What's the point of patching Win95 when anyone can log in and have adminstrative privileges? Even Microsoft accept that their old OSs (win9X) are not capable of being secure. [theregister.co.uk]
    3. We have yet another misleading claim that microsoft are secure and that security is achieved through Microsoft because they are getting tough!!! They're effectively saying that their products will make you secure... Security is not about products, it's about risk and what you do about it. Mr Schneier says it perfectly "Security is a process"...

  • by NZheretic (23872) on Thursday November 14, 2002 @10:04AM (#4668179) Homepage Journal
    Changing the OS does not provide much more protection if the same applications are used.

    As of 1 November there are currently 31 unpatched vulnerabilities [pivx.com] in Microsoft's Internet Explorer, known and exploitable for MONTHS. Changing to XP, or in some cases even to MacOSX, will not provide the Users documents and data any more protection from exploitation of the above vulnerabilities.

    Anything the user has read or write access to, the attacking script also has access..

  • Wait a minute...? (Score:2, Insightful)

    by n3uxf (232197)
    So what they are saying then is that they know there are problems with our software that need fixed, we are going to fix those problems, but if we FUBAR your system in the process, tough luck... If this was any other company other than MS, they would be crucified for this same mentality. Why is it ok for MS to do this, but other companies would not survive?
  • From the article:
    "We're all going to have to collectively spend more, both in the development and maintenance of these machines, if were going to be more secure."

    This may have some interesting fallout: the phrase "Total Cost of Ownership" has been tossed around with great enthusiasm and increasing frequency in every meeting I've attended in the last year. (Not that anyone necessarily knows how to compute a realistic TCO, but it appears to be important to mention it at least once in any discussion.)

    The cost of maintenance and support is particularly important to companies that don't have a lot of money to throw around, and those companies often use older hardware and software...if a tool still meets their basic needs, they don't upgrade.

    I know it's a lot to read into a one sentence quote, but the implication seems to be that Small Company, Inc., still running NT4 and Win98/2000, must -- for the good of everyone -- start spending more money to maintain their machines. I'm not sure that's going to be an appealing proposition.

    Any thoughts?

  • Two Things (Score:5, Interesting)

    by 4of12 (97621) on Thursday November 14, 2002 @10:09AM (#4668221) Homepage Journal

    I don't fault Microsoft for not keeping up with Windows 95 compatibility and security issues this far down the line. Yes, admittedly it's a self-serving decision to push people into buying new Microsoft products that gain them revenue. But it's also a huge cost to maintain the old creaky code for little or no return.

    I would no more blame MS for dropping support for old software than I would blame the Linux kernel developers for not supporting older kernel interfaces.


    Second, this is a real opportunity for Linux to take up that ball of mud. I know it's ugly, but there's lots of people out there running crusty old Windows 95 compatible applications that would break if they upgraded to Windows XP.

    They might really love that particular application, see no other need to upgrade, and not want to upgrade if they're going to lose the use of their favorite application.

    Let them drink WINE at the Linux table!

  • Wonderful! (Score:5, Interesting)

    by Arjuna01 (85430) <mmcgurty@s p a m c o p . net> on Thursday November 14, 2002 @10:12AM (#4668246) Homepage
    This is the same mentality where I work. We have users still using Lotus 2.4, WordPerfect 5.1, and other crazy applications because the IS people refuse to **MAKE** the users do their own work. The users want the IS departments to migrate and test all the spreadsheets and documents for them because we have Office '97 or Office 2000 installed on the machines. Now 10 years ago when Lotus 2.4 and WordPerfect were introduced we didn't go around making macros and cell calculations for them did we? But we try to introduce new products to keep up with the times and they act stupid on us and say we are killing business because we **WON'T** migrate their stupid macros.

    We can't even get the users to try and open the spreadsheets in Excel or Word. They just refuse to do it. My recommendation in the last meeting was to just turn off Lotus 2.4 and WordPerfect (apps run on server) and tell the user either to use Microsoft Excel and Word or find a new job.

    My point being, Microsoft is doing exactly what should be done. You want everything to be stable and secure, well you better be ready to upgrade or patch whatever doesn't work after we do our fixes.
  • Broken Windows apps? *shock* *horror*

    How is this possibly considered news? ;-)

    -psy
  • by frozencesium (591780) on Thursday November 14, 2002 @10:20AM (#4668325) Journal
    This story is nothing but PR...

    The story never mentions *how* they plan to force users of older systems to patch and upgrade their security. As has been the topic of many a comment, the biggest problem in security is an admin/user who doesn't patch. If they haven't been able to get people to patch in the past, how do they think they can force a win95 user to patch their box now?

    The best they can hope to do as far as *forcing* upgrades is making the automatic "microsoft update" manditory and non-removable. Imagine the uproar...

    Second, a reality check...you will never squash all bugs. Software is a dynamic beast, especially when it comes to operating environments. As the systems grow and functionality increases, so do the chances for bugs. It's a simple fact that the more lines of code you have, the more bugs you have. Microsoft is as able to squash all bugs in all their software as any *nix system is to fix every single bug in theirs. It just isn't going to happen...no system is perfect.

    "Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows"

    I particularly liked that part...as the current incarnation of the internet did NOT exist when the first versions of DOS came out. Heck, most people didn't know what a dialup was when 3.1 came out. Early MS systems were never designed to be multi-tasking, let alone multi user, and therefore never needed security...it simply wasn't thought necisary. If the computer is going to be used by one person and not connected to the net (such was the case in the early 80's), then why include extra usless security code? The same design base was used and simply extended to maintain backward compatability as time progressed. Thus MS saying that their design is fundamentaly insecure...because it didn't HAVE to be secure in the early days. After all, it's easier to expand than re-write...especially if you do want to backward compatability.

    As I see it, the sins of the past are more about business practice (which is abhorent), than it is about software design. After all, they have migrated their new OS's to a fundamentaly NT based system, and have increased security and stability in the process. I'm not saying they don't have a ways to go, I'm just saying that it is better than it was.

    In anycase...I'm happy with debian, so I don't care what they do for my sake. I hope that something good comes of this so that my parents can get a more stable and more secure OS...

    -Frozen

  • by Tsali (594389) on Thursday November 14, 2002 @10:40AM (#4668504)
    Craig: Hi, Homer.

    Homer: Hi. Who are you?

    Craig: I help run a big computer company.

    Homer: Oh. Hi! Do you have donuts?

    Craig: Listen, I know you are a typical user and I want to share with you some very important details about your future personal computing experience.

    Homer: Huh?

    Craig: You have a computer. You bought it from us in 1996.

    Homer: I did?

    Craig: Well, your son did. He didn't buy it either.

    Homer: Oh.

    Craig: Anyhow, we let him keep it. We found out its insecure and in the next day or so, you will need to buy a shiny new one.

    Homer: Why?

    Craig: Because its insecure.

    Homer: Why?

    Craig: Because. So the old stuff won't work anymore.

    (pause)

    Craig: That's bad.

    Homer: Doh!

    Craig: But you have the chance to buy all new stuff. That's good.

    Homer: I'm getting bored. Do you have donuts?

    Craig: No. I'm off now. By the way, can you tell Mr. Burns that the software at his nuclear plant won't work on Monday, provided it isn't hijacked by terrorists after we roll out the new version?

    Homer: Why did I let him in my house? How *did* he get in my house?

  • by gosand (234100) on Thursday November 14, 2002 @10:43AM (#4668532)
    I agree with a lot of the opinion here that the commentary on this article is crap, and is clearly anti-MS in the worst way.

    But this story reminds me of that great Chris Rock routine. (paraphrasing, and substituting the N word)

    People always want credit for something they're supposed to do.
    I ain't never been to jail. What do you want, a cookie?!

    I take care of my kids. You're supposed to you dumb motherfucker!

    So yes, while it is good that MS is doing this, I think that it is no big deal - they should do it. I am not going to praise them for it, this is what they should have done long before now. I am not going to rail on them either, because they are making some kind of effort. Assuming that they actually do what they say they are going to do. Sorry, but they have a bad track record, I am not going to believe it until I see it. Why am I skeptical? Among other things, I have seen the Win2kSP2 EULA. I wonder what the EULA on these new security patches will look like...

  • by Whispers_in_the_dark (560817) <rich@harkins.gmail@com> on Thursday November 14, 2002 @10:48AM (#4668566)
    It is true that hindsight is 20/20 and noone ever codes software such that it works exactly perfectly the first time out. HOWEVER, it can also be said that Microsoft had a habit of pushing whatever out the door, regardless of known bugs, poor security, or otherwise (Windows ME comes to mind). That they are now requiring the customers to pay for upgrades and such should be a message to the customer as to the type of software supplier they're dealing with -- a fly-by-nighter clothed in its own weight and self-importance.

    The good is that Microsoft is finally going to fix their problems. It's about damn time. The bad is that Microsoft is spinning this thing as if they weren't greatly responsible for the mess they are about to inflict. IMHO, and it is only that, if Microsoft spent more time and resources on testing their crap in the first place instead of pushing it out the door then perhaps so MANY holes wouldn't need to be patched now. There will always be bugs and security flaws but Microsoft as made releasing filth and spinning it as if it were a good thing an art form in itself.

    As always, this is just my opinion. Your milage may vary.
  • by Maul (83993) on Thursday November 14, 2002 @11:06AM (#4668730) Journal
    There is a difference between writing a security patch that happens to break an application, and a security patch that is designed to break an application.

    A security patch on any OS could potentially cause problems with software that runs on it. However, it wouldn't put it past me for Microsoft to purposefully make sure that competing products are broken.

    At best case, MS isn't going to purposefully break anything. This is a legitimate attempt to fix security.

    At worst case, this might Microsoft's first step in "testing" the strength of the court to see if they'll notice/tolerate them purposefully breaking applications and then claiming they can't release the fixes to the application maker because it is part of Windows "security."
  • by teqo (602844) on Thursday November 14, 2002 @11:08AM (#4668755) Journal
    I bet this has been said here before, but generally increasing security often includes breaking applications by definition. Like application proxies and firewalls, which purposely break some network funtionality in order to secure the network. And for instance, removing the double-click-and-Word-will-open feature for Microsoft Word documents in Microsoft Outlook, which has caused lots of havoc, will break a major convenient functionality of Outlook, from the view of its users.

    So, <paranoid disclaimer>whatever Microsoft is implying when they say that they will break applications</paraoind disclaimer>, it is always "Give me convenience or give me security" (Kudos to these fine guys [deadkennedys.com]), otherwise we wouldn't use passwords, encrypted authentication and other inconvenient stuff etc. "Why not just skip all these logins? They make my brain hurt from all the stuff I need to remember..."

    So again, either you demand more knowledge, responsibility and work from the user, or you leave all the necessary security decisions to the software... There is a lot of reason for criticizing Microsoft in many ways, but I think its quite unrealistic to ask for ultimately convenient, ultimately secure software simultaneously... Consequently, either bash them for being insecure or for giving up convenience, please don't do both at the same time, because that doesn't seem to make much Sense(TM) to me... .)

  • by DanXP (626059) on Thursday November 14, 2002 @11:19AM (#4668844)
    Granted, I'm not a user of Linux and most of my computing is done on the Windows platforms but I have to ask what of end-user responsibility when it comes to computer security? I realize there are (and will always be) security issues that end users simply aren't aware of until they're exploited but given the software/application development cycle, the overall complexity of our modern-day computing systems, and the propensity of some to do little but find these security holes, I feel that developers do a fairly decent job in addressing them. Of course they *should* never be there in the first place but it's unreasonable and irrational to expect that with millions of lines of code and hundreds of developers (if not more), human error and simple oversight will be a factor in any application. Windows bashing is entertaining and a good way to get a crowd stirred up but in reality, aren't we in some way responsibile here as well? How many uninformed and ill-prepared users are there out there that don't so much as use anti-virus software? or free and easy-to-use firewall protection? or apply the latest service packs, patches, and updates? After all, would we blame Ford or Chrysler if we left the doors to our car unlocked and were robbed? Of course not. Or maybe we would ;>
  • by Rai (524476) on Thursday November 14, 2002 @11:27AM (#4668910) Homepage
    I'm all for security updates as long as they don't force Digital Restrictions Management or their usual abusive EULAs upon those who install the updates. I want my windows box to be secure, but not at the cost of limiting what I can use it for and what control M$ would gain over my system.
  • Insecurity (Score:3, Funny)

    by Anonymous Coward on Thursday November 14, 2002 @01:25PM (#4670116)
    Microsoft: We're releasing this, but you'll probably find bugs.
    Slashdot: Damn them and their bugs!!!
    Microsoft: Okay, we've created the patches, but you may lose a little functionality.
    Slashdot: Damn the patches!!! Admins can fix this themselves!!!

    Anybody see something wrong with this picture?

  • by Animats (122034) on Thursday November 14, 2002 @01:31PM (#4670187) Homepage
    It used to be, in the NT 3.5 era, that many apps supposedly written to the Win32 API didn't run on NT, generally because the apps were broken. NT 4.0 put in more backwards compatibility stuff (mostly by sticking mediocre code from Win95 into the NT kernel, over Dave Cutler's objections), and XP stands on its head to keep some old apps working, with lots of little "hint" files. All of that stuff should go.

    Microsoft may prohibit self-modifying code and code on the stack. You don't get any performance gain with either technique any more, since processors went superscalar.

    And maybe Microsoft will delete the 16-bit compatibilty engine. It's time. In NT 3.5x, the 16-bit engine was optional, the system ran fine without it, and it should have stayed that way.

    Microsoft will probably do something to break Word 97, and blame it on "security". They need the revenue. But there's a problem:

    Plugging those holes, he said, would require not just rolling out new versions of Windows, but forcing security fixes onto users of older Windows versions, which he claimed was 30 to 40 times larger than the installed base of current versions.

    XP sales must be lower than Microsoft admits. Microsoft has to make sure that their pressure forces people to upgrade to XP, rather than locking people into the legacy OS. Expect something on the server side that makes Internet usage difficult for legacy users.

  • by erroneus (253617) on Thursday November 14, 2002 @04:19PM (#4672000) Homepage
    Recall that long ago, Microsoft wanted to move away from 16bit code by going to Windows9X and also with NT, they wanted to grow in the server and professional side. Ultimately, they hoped to merge their products and so far, I don't feel they've been all that successful.

    The biggest problem with NT is that it attempted to maintain compatibility with older stuff. It was important at that time they do it like this. (Personally, I think they should have thrown compatibility to the wind long ago to focus on stability and security... it's a SERVER after all, not a game machine or a workstation... make a separate workstation product with compatibility modules... but that's history now anyway...)

    Now, with intense focus on security, they are proving themselves as serious players in sacrificing "performance and compatibility" by closing serious holes even at the expense of current software compatibility. I say BRAVO Microsoft for making such a bold and courageous move. Only a company with monopoly force can really afford to pull that move off and if you ask me, it's a decision late in coming.

    Many people have me labelled as anti-microsoft [yacg.com] and a Linux pusher but actually I'm not. While I agree with most of the anti-microsoft commentary and just about all of the pro-linux and open source stuff, I'm not religious about it. If I like it or see value in it, I'll use it. It's that simple. I appreciate what I interpret as a mature direction Microsoft is about to undertake.

    I think it's a bit unfair for jointm1k to tack on the bit about "shoulda done it before they designed Windows..." In an industry that changes as often with technology as it does with "fashion" (consider shifts to and from client-server) It's tough for any company to keep up with current times let alone predict the future of computing 10 years down the road... even a company that, at times, sets the standards of industrial computing.

    Microsoft has lost a lot of respect in the industry -- not only in the eyes of IT professionals, but also in the eyes of blue/grey-suited business people. I think it's important for Microsoft's future to do that. I'm also a little afraid of what would happen to computing in general if there were a mass shift away from Microsoft. I wish it were, but I don't think Linux based business solutions are ready for prime-time. (* brace for impact! *)

    Long live Linux and all it stands for. Peace out.

Steve Jobs said two years ago that X is brain-damaged and it will be gone in two years. He was half right. -- Dennis Ritchie

Working...