Gates Says Windows Reliability Is Greater 568
mogrinz writes "According to an interview with the New York Times, Bill Gates is proud of the achievements Microsoft has made in increasing the security of Windows. As for the effects on people being attacked by SoBig.F, etc? Gates says this is "something we feel very bad about". Gates summarizes the Microsoft position very succinctly: "We're doing our very best, and that's all we can do"."
Dear Bill ... (Score:5, Interesting)
Far and away your #1 bug is the infamous "buffer overrun" flaw. These usually mostly manifest themselves in string libraries. I know that you have at least 3 library solutions in-house (Safestr for C, CString in MFC, and basic_string in STL) but your developers don't use them otherwise these problems wouldn't happen.
I'd like to point you out to another alternative:
http://bstring.sf.net/
Which your developers may prefer. But whatever you do, why don't you simply make it a requirement that <string.h> simply be outlawed (you could easily write a tool to enforce that couldn't you?), or take some other drastic action?
Buffer overruns are certainly the most common kind of bug that isn't caught by QA (the right answer is not to try to train QA to find them -- they would require the skill of a hacker.) If you concentrate on this one bug alone, you will probably easily remove 80% of these attacks.
Re:A SoBig Achievement (Score:0, Interesting)
Well, remember Bill Gates himself is a college dropout [zpub.com]. Dis might explain dat
Works for me but I'm an expert user (Score:5, Interesting)
4 Open Ports (Score:3, Interesting)
Windows is not secure. Instead of fixing little problems like this that are incredibly simple, they decide to invest billions of dollars into programs like Palladium which will, among other less desirable things, make the platform "more secure" both from the outside world and from yourself. Figure your shit out Redmond, please (by Redmond I mean Microsoft, not Nintendo America).
Re:I say Debian Gnu/Linux reliabity sucks. (Score:2, Interesting)
Linux Consultant's Dream (Score:5, Interesting)
Concerned about the impact of viruses like Blaster and SoBig on your business? Look, here's what Bill Gates has to say on the issue. Even he's saying it's not going to get any better, so you can expect these kinds of incidents to keep recurring.
Now, let's talk about how to fix this...
Comment removed (Score:4, Interesting)
Re:A SoBig Achievement (Score:4, Interesting)
Double-speak blame shifting (Score:5, Interesting)
This is double-speak. He is trying to imply that people's failure to auto-update is somehow related to Windows' risk of virus/worm attack. But they are in no way related.
System architecture that fails to maintain security is a design flaw, not a maintenance problem. Gates and Microsoft are attempting to blame shift their responsibilities to their product's users. Pretty much anyone would recognize this in a tort law suit, although I expect very few to make this claim in court simply because of Microsoft's size and reputation.
Re:4 Open Ports (Score:3, Interesting)
My mothers WinXP (IIRC: Home, Dell installed) computer was also using uPnP to open a ~65000 port wide hole in my router firewall by default. Fortunately uPnP wasn't really necessary and could be disabled.
Re:No? (Score:5, Interesting)
Again, what is needed is more education of computer users in general - Windows Update really needs paper literature devoted to it in the box as it really is that important - from the perspective that the end results can affect others. It's the same issues with anti-virus software updates - a lot of people think installing from the box is all that's necessary.
What amazes me is that some large companies have a 'no executables' download policy on their networks. This umbrella policy also stops Windows Update working correctly, leaving a lot of exposed machines. Microsoft has supplied a way for larger companies to have their own internal Windows Update server running that will get around this problem and allow updates, but in some cases, company policy seems to be more important that IT common-sense.
Patches are important, they're just as important as those product recalls for exploding monitors/laptops and monetarily can probably cause more damaged if not applied.
Re:If people would JATDP (Score:3, Interesting)
But yours is only one system. Hardly what one would base statistics on.
OTOH, one of the websites I visited daily was down last week for 5 days. Finally it was only through *expensive* paid help calls to Microsoft that got it fixed. And it was the application of this last round of patches that killed it.
My own experience as a sysadmin and company PC guru is similar. Patches don't cause a problem *most* of the time. But now and then they kill a machine or render it damaged in some way and flaky. I've even had the latest IE update (IE 5.5 at the time) kill the machine so it wouldn't boot anymore. (my own machine)
Yet I have a RH 6.2 Linux machine that I set up for a business and update rarely, and has never been hacked. I update it with ssh from 100 miles away on dialup (it is on DSL). It has been rebooted *only* to move it physically. It just works.
Here is the latest uptime:
3:46am up 376 days, 22:42, 2 users
Re:A SoBig Achievement (Score:5, Interesting)
They'd figure out some way to make it possible to run your Windows XP Pro system with a Limited (i.e. non-root) account without rendering it totally useless.
The few programs I've actually managed to get running on a Limited account still don't seem to have the access they need to SAVE THEIR SETTINGS... So they need to be reconfigured every time they load up.
And the only way I've figured out for dealing with that is to temporarily add the Limited Account to the administrators group, pull the network cable, log in with it like that, make the changes, log back out, remove it from the administrators group, reconnect network cable and run Ad-Aware and pray nothing went horribly wrong.
Which is a bit of a hassle.
Re:Bill Gates has bugs in his brains OS. (Score:3, Interesting)
How's that for perspective.
"The Best We can do"? Not even approching it. (Score:2, Interesting)
Being fair even in the light of that day and even more so years later I can see why Microsoft Dos was made the way it was made.
(a CP/M like operating sysem for a new generation of computers not actually by Micorsoft dring a day and age when security was maintained through ignorence.)
After the movie "War Games" security became an important topic. Microsoft published the book "Outside the inner circle" this book would forever destory the notion of security by obscurity. Amoung the topics "The Cracker" points out that many operating systems didn't take security sereously when they were designed offering features that made hacking in increadably easy.
It also pointed out that "Security by obscurity" is stupid.
Many good consepts were printed in that book and I suspect that had Bill Gates not had a "Microsoft press" to publish it himself it probably would have never been published.
On the other hand talk is cheap.
When it came time for Microsoft to make it's revised Dos (called Windows) they did not take any of the critisums into account. Microsoft didn't lift a finger with reguards to security.
There are a few small issues I can think of with reguards to how Microsoft could improve the over all process in keeping Windows secure.
In saying "Windows is insecure by design" is not being critial of Microsofts efforst TODAY to repair Windows.
It's critical of Microsofts efforts over 10 years ago when Microsoft designed Windows.
And much later when Microsoft designed NT.
And again for Win 2k, Win XP and Win '03.
(I omitted Win ME and 9x as they were not resigned so much as improved on preveous version.
The over all os structures didn't change so redesignning the security was not possable)
Fundamentally Microsoft needs to make changes in Windows to work securely.
Realisticly it won't happen.
What they are doing is using the brute force method of securing Windows. Sending teams to fix bugs as they become known.
But brute force won't fix a flawed design process, Badly designed patches or an os that isn't designed to be secure to start with.
Re:Just Great (Score:1, Interesting)
Windows has gotten much better in reliability, but it's still far from acceptable. I use XP Home every day (I'd like to use GNU/Linux or *BSD, but one of my hardware devices is not supported) and either the differences between Home and Professional are very, very dramatic or XP is way overrated.
XP doesn't crash much, that's true (then again, neither did 98 for me). Yet it still has various problems when you leave it on awhile, that are only solved by a reboot. For example, if XP decides I've run one too many Windows 3.x programs today, it will tell me upon trying to load one that the Win16 subsystem is out of resources. Closing every single open program does not make that message go away; only a reboot does.
Another example: Certain USB devices, when plugged in, make the CPU usage instantly shoot up to 100% and cause everything to move sluggishly. Even after the device is removed, the "System" uses 10% CPU or so constantly until I reboot. Furthermore, the USB hub driver from Microsoft often causes blue-screen "stop" messages and forces rebooting.
Those are just two examples of many that I constantly experience. You call that succeeding in stability? Hardly. Use FreeBSD if you want stability.
Re:No? (Score:5, Interesting)
However, this is where M$ has to step up. They have to realize as the biggest makers of software in the world, their software has to be MORE secure than everyone else's. They have to take bigger, more progressive steps to ensure security and reliability. I think the issue w/ AutoUpdate is a good one. However, what about other new features they have put into Windows? The built in messenger service that allows people top drop spam on your desktop? Universal Plug and Play? The security holes that allowed worms like Blaster etc to propogate? This is where M$ is striking out. These are pretty easy to see as problems or better yet, security issues. Why not leave THIS stuff disabled by default and then allow users to turn it on when they a)need it and b)know what the hell they are doing!
That all being said, M$ is getting better, but they still have a ways to go. What I wish is that Bill Gates would step up and have accountability on these issues and more importantly give better answers. Sure these are ok answers that he gave, but they are really nothing more than company line. When asked:
That isn't the answer I am looking for. I am looking for something more along the lines of: "We understand that as the largest maker of software we are going to be an obvious target for hackers. As such we have to do better in the future to secure our software from such breaches." True Gates did say some of this, but I think he is foolish to say that there is not an actual effort to undermind his company. Slashdot alone is full of people who don't use M$ products out of shear distain for Gates and the flaws of Windows etc.
Still, as I said a few times already, M$ is getting better. But they still have a lot of work to do before the stigma of poor software writing is off them (his claim that "Microsoft's reputation for doing great software research is very strong" was extremely funny and again is that company line that I am not looking for).
It's just like Mom and Dad (Score:5, Interesting)
Remember when you wanted to go out somewhere with some friends of yours and your folks didn't? They did that for your own security and wellbeing. In some cases, you probably had a parent that was easier on you. For example, my dad was the "soft" parent for me. If I asked him something, he'd cautiously say that I could do X as long as I was home beore my mom found out. If I asked my Mom, the answer was most positively one of the following:
1. No!
2. Only if you've done everything else you need to do to get some free time.
3. Why would you want to do that? Go do something useful.
So you can guess which parent I asked more often. I asked the parent that gave me what I WANTED, not what I NEEDED.
Microsoft is the "soft" parent. They give the average user what they want without thinking too much about what the implications are. Or they assume that the user will "do the right thing". *NIX/Linux distros are the "hard" parent since they don't (by default) allow the user to do anything they shouldn't be doing. It's a pain in the ass to have to switch over to "root" to take care of some administrative tasks in Linux. Newer distros make it a little easier, but they still throw up the password protection which would annoy an average Windows user to no end. Think of how many times a Windows user complains when they have to remember a password and they can't or they have to write it down somewhere. Windows doesn't do this kind of thing. Instead they thwart security by being the "nice guy" on the surface. I have plenty of friends who got pissed off having to deal with passwords on their boxes and logging out to become administrator. They eventually all asked me to reconfigure them so that they log in as admin by default automatically with no password. I told them what the implications were and they still wanted this. The real problem still comes down to lazy and uneducated users. The PC industry is giving them the keys to Ferarris and nukes even though they aren't qualified to handle them.
I think that eventually it will become necessary to give people what they need with no respect given to what they want. However, it doesn't have to be impossible to deal with from the end user's perspective. I think RedHat's root dialog box when trying to run an administrative command from the GUI is a perect example of how it can be made slightly easier, but still secure.
Until the average user understands why they SHOULDN'T run as root or Administrator, we are giving them loaded weapons pointed at their heads without telling them how to use them.
Re:Just Great (Score:3, Interesting)
Nobody seems to be patching their Outlook Expresses.
Re:A SoBig Achievement (Score:3, Interesting)
Holy jesus you just described an administrative nightmare. Do you really think this is the solution? Here, let me offer you an alternate scenario which would address the problem much more nicely.
The registry sucks, so people don't use it, except for things where it really offers a great deal of value, or where they are forced to. If the registry didn't suck, and more to the point it didn't have to go down with the ship (yes I know you can back it up but a user's registry settings should be stored with their profile, let's be logical) then more people would use it, and we wouldn't have INI files, except in the case of legacy applications which never thought about being multiuser.
You can always give users the right to install their own applications in their own homedir; If they don't have permissions to fuck up other parts of the system, then it doesn't much matter what they do unless they find a hole in the system, which of course means you must keep up with your updates. Big deal, that's always been true.
Finally, there is a really great way you could handle all of these problems. Emulate a union mount, and allow users to make filesystem changes, all of which will be made to their own overlay over the system. Don't let them change system files even in their own copy, of course, some things must be inviolate. This would let each user have their own ini file. This is similar to what you were saying, but less confusing because you can easily recreate the user's environment by union mounting their homedir. Unfortunately this functionality does not today exist on Windows, but you can play with it in most Unices. There is a neat linux loadable module called translucency [sourceforge.net] which does precisely what I just described. Hell, Windows just got mount points in NT5 (there were various hacks around it in DOS, actually, but all drives had a letter, period, and that is no longer true) so I expect we have a while to wait.
Good Idea to make MS fix it. (Score:3, Interesting)
Re:A SoBig Achievement (Score:2, Interesting)
1) First of all, if you'll read my original post a bit more carefully, my suggestion did include the provision that the extra code would only run when the application executing it is running on a Limited account. (i.e. that it would include a check for this condition.) So administrator accounts would be completely unaffected.
2) As for any app that stores their configuration files in filenames not ending in .INI... They wouldn't be any more broken than they were without my suggestion... And there's no reason why those extensions shouldn't be covered by my suggestion as well.
3) I was actually thinking that the new filename should be derived by just taking the actual filename being requested (i.e. everything after the last '\' in the string) and sticking it right in C:\Documents and Settings\myUserName\Local Settings\... Maybe actually look at the name of the calling executable (Windows still have argv[0]?) and put it in a subfolder with that same name. So that any path passed in would be completely ignored.
But alternatively... We could only apply this fix for file opens that do not SUPPLY a path. (i.e. filename ends with .INI and does not include any '\'s) fairly easily...
Or we could run our security check function after we've determined if we've done any rewriting.
4) Microsoft's already introduced at least one extremely similar cheap hack. About a month ago I stuck a Hauppage WinTV card into my Windows 2000 Server machine. The machine auto-detected the card and asked me to insert the driver disc. I inserted the driver disc. The machine ran the installation program and asked me to reboot. I told it go ahead. It rebooted, detected the new card and asked me to insert a driver disc... I inserted the driver disc. The machine ran the driver install program and asked me to reboot...
I did this 5 or 6 times before I thought I'd check what was going on. It turned out essential portions of the driver were being installed under C:\Documents and Settings instead of under C:\WinNT, and because of this the driver wasn't loading properly and Windows was asking me to install it again and again and again.
The solution for this was to hit "No, I'll install drivers later" when Windows asked for the driver disk, then go into the Add Programs function in the control panel and install from THERE... But it took a few reboots before I paid enough attention to realize this was necessary, and that the prompts on the screen were tricking me.
And despite this... I have a real hard time thinking about a similar situation caused by code that will cause applications... Only when running on a Limited account... To save their INI's to the user's Documents and Settings folder, and to look for them there first, before falling back to look for a system default in the program's requested path.
In fact, if I think about it... Since this code will only activate in Limited User mode... Even if the path rewriting code were to have a buffer overflow mode in it, it shouldn't be able to damage any programs or files outside the user's personal Documents and Settings folder. And it shouldn't be able to install any new programs, including viruses or trojans of any sort. So really you're introducing next to no additional security risks, but adding a lot of new functionality.
Actually, I agree with you, Microsoft shouldn't have to create cheap hacks in order to deal with poorly written applications. They should, however, have to introduce some sort of hack to deal with poorly written operating systems. *NIX operating systems existed long before Windows came about. The value of user/root separation was well known when the code for Windows was being written. Microsoft chose to ignore this in their design, thinking that their system will only ever be used by home users, that Windows computers will never connect to any sort of large
Re:A SoBig Achievement (Score:2, Interesting)
One of the basic rules of security (remember, we are talking about security here) is "don't put all your eggs in one basket." Don't put your DNS servers on the same uplink as your web servers. If possible, put all your DNS servers and all your web servers in completely different places, actually... Same goes for system settings. Don't put em' all in one big file.
2) But one of the big points of Limited/Administrator (user/root) separation is that you don't want user accounts installing new applications. If my user can install applications, regardless of where they end up going... Then that user's web browsing sessions and Outlook sessions are running with sufficient privileges for viruses and trojans to install themselves. So the suggestion you're making would negate the whole point of having a limited account.
3) Now that's an administrative nightmare. User X calls up the help desk to complain about a misconfigured setting in his favorite application... And instead of just bringing up the .INI file from his user folder in Notepad and fixing it, I have to go through this entire union mount thing?
What if there's some essential change that I want to make to all users' .INI files? With my suggestion, I could write a quick script to make the modification to all of them in no time at all. Yours sounds a lot more complicated.
And what if I mess up and forget which user's union mount I currently have active?
Seriously... It's called the Documents and Settings folder... I don't see why we shouldn't have the operating system force limited accounts to store all their settings there!
Except for the fact that it'd need additional code built into the API's implementation... It's pretty much the way it's done on every OS except Windows, and it's been known to work for years now.