Microsoft on Security: We'll Break Your Apps 609
jointm1k writes "Wired.com is running a story about how Microsoft is trying to act responsible and all by fixing (or trying to fix?) many (if not all) security holes in Windows. Not only new versions of Windows will be patched or improved, but as I understood they also plan to force security updates for older versions of Windows down peoples throats. Even if that means that some applications will mallfunction.
Nice to see Microsoft taking reponsibility for their mistakes, but they really should have done so when they designed Windows."
What Mundie said, online (Score:5, Informative)
First of all, one of the big selling points of Wintel is that you have a wide choice of software. In the future, however, Mundie says that you can expect your old apps to be broken.
"We have decided that we will begrudgingly forsake certain app compatibility things when, in fact, they don't allow us to have a default configuration that opts for more security. In the past, the biggest thing that happened to us was IT managers would come to the company and say, hey, all those new features, they're great, all that new security stuff, that's great, but whatever you do don't break my app. So just turn it all off and trust me, we'll fix the apps and then we'll turn it all on. And the reality is that never happened.
And so we're going to tell people that even if it means we're going to break some of your apps we're going to make these things more secure and you're just going to have to go back and pay the price."
Notice that they're breaking your old apps not so they can sell you new ones, but purely in the interest of your security, and furthermore it's your fault they have to do this.
The other point Mundie makes is that, even after they sell you the new OS and the new apps, any security needed will be your responsibility, at your expense.
"And the other thing is that the customers, whether they're individuals or corporations, are going to have to make a decision about when and how much they spend to get these machines to be more secure. And to some extent you can do it by insulating them, to some extent you can do it by putting things around them or in front of them that protect them, you know, firewalls in some sense. And then in some cases, you can just replace them when you get new machines or new software or both that have intrinsically better capabilities."
Thanks, Microsoft, I'm glad you're looking out for my interests.
Re:Microsoft and Linus (Score:5, Informative)
In fact, you can still run your old a.out apps from 5 years ago provided you have the right libraries installed.
It's the Applications,NOT the OS,that needs fixing (Score:5, Informative)
As of 1 November there are currently 31 unpatched vulnerabilities [pivx.com] in Microsoft's Internet Explorer, known and exploitable for MONTHS. Changing to XP, or in some cases even to MacOSX, will not provide the Users documents and data any more protection from exploitation of the above vulnerabilities.
Anything the user has read or write access to, the attacking script also has access..
Re:Microsoft and Linus (Score:5, Informative)
Actually I HAVE read Linus's post on LKML and that is far from true. In most cases he is willing to break the internals of the kernel but he loaths to break something in userland (but will do it if there is a really really good reason). That is why most programs written for 2.0 still work for 2.4.
Re:Life of Brian jumps to mind... (Score:5, Informative)
Re:Life of Brian jumps to mind... (Score:2, Informative)
smb is an IBM protocol. It existed long before microsoft started mangling it.
Re:Life of Brian jumps to mind... (Score:1, Informative)
It's amusing how the *NIX world likes to put the cart before the Ox in saying that Microsoft must keep SMB a certain way. It would do the Samba people right for Microsoft to change it in some small manner, just enough to cause minor headaches with the developers of Samba and to show the UNIX world that their "castle" is not as big as they thought it was.
Let them whine!
ScottKin
Re:Life of Brian jumps to mind... (Score:2, Informative)
I don't run windows on any of my boxes here but they all use samba for sharing files, partitions and printers.
If microsoft wants to show me that my castle is not so big, I welcome them to make any change they want to their implementation of the protocol, while I'll just watch from my castle
Security Policy (Score:2, Informative)
Any changes which stop an interference are acceptable because it's a basic part of the system design. Apps have to work within the system's design. Usually there is only one app affected because well-behaved programs avoid banging against all the walls of their cage. (Indeed, Unix changes which will affect several apps...or even only a few specialized users of unusual device drivers... get much discussion and adjustment so as to break as little as possible while not leaving any weaknesses)