Microsoft Says "War on Terror" is Overblown 666
SlinkySausage writes "The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley. He made the comments in a talk at day one of Tech.Ed Australia about software security. Riley also fessed up that Microsoft cocked up XP from a security perspective. "We let you down with XP," he said.
Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised."
Karma gets even with MS! (Score:5, Funny)
From TFA:
Re:Karma gets even with MS! (Score:5, Insightful)
"It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem , bizarre as it may sound, it might not actually be worth it."
Hmmmm.... Maybe Microsoft really does understand why I refuse to intsall Vista on my network.
Re:Karma gets even with MS! (Score:4, Insightful)
Moreover, if one machine goes down due to security vulnerabilities, and it has my social security number on it...
SoftGrid? Wha? (Score:5, Insightful)
So next they will want to save RAM and speed things up with pass-thru hooks like what is already done with the virtual network interfaces but taken to the next level... It seems like a bad progression towards an actually working OS... How about we get the OS to WORK with the memory protection and better manage abstracted hardware??
Am I the only one who sees virtual machines as a solution to problems that mostly shouldn't exist or at least not to the severity that one would seriously consider that a solution?
Security or Convenience (Score:3, Insightful)
I love that false choice. If you have to chose between the two, you don't have either.
Who has to do the work and where it shows up. (Score:3, Insightful)
Now security and functionality can be achieved but make no mistake, security is not convenient, always has, and always will take a lot of work to maintain both in the physical world and in the electronic one. [several false analogies follow]
Like liberty, security is always easier than the alternative. A free and secure system works for me rather than the other way around.
With software, however, it's the programmer that has to put forth the effort, not the user and these don't have to turn up in the int
Re:Security or Convenience (Score:4, Informative)
Not so fast. When was the last time you locked the bathroom door?
The terrorists have already won ... (Score:5, Funny)
Re:Karma gets even with MS! (Score:4, Insightful)
Oh, wait.
It's Microsoft.
Question answered.
Re:Karma gets even with MS! (Score:5, Insightful)
Ever since scientific thinking birthed our enlightenment.
Re:Karma gets even with MS! (Score:5, Insightful)
As Microsoft always does, now that the NEW version is out, they have suddenly become aware and willing to talk openly about how miserable a failure the OLD version was.
Microsoft continues to go to the bank on the basis of "You CAN fool MOST of the people ALL of the time."
How much longer will this formula work for them?
Re: (Score:3, Insightful)
3027 A.D.
Re:Karma gets even with MS! (Score:5, Insightful)
Re: (Score:3, Insightful)
They did the same when Windows XP was launched by running a set of ads showing the Windows 9X BSOD, and a statement about them being things of the past. Irrespective of whether Slashdotters like it or not, the fact of the matter is that during the last decade, Microsoft's effective monopoly in the desktop OS and office automation markets has result
Re:Karma gets even with MS! (Score:4, Insightful)
Whenever the management makes one big push, as was done with Vista, things get screwed up horribly. You'd better believe that Microsoft has some very smart people working for them that know a thing or two about security.
The underpinnings of Windows that kept it compatible with old software have made it inherently insecure, and every tiny bug can result in a system-wide breach thanks to the fact that until recently, it was the standard procedure to run every process with unlimited credentials (and most software was written with this assumption in mind)
On my Linux box, Apache runs under its own account that has the permission to serve web pages in
The decision to maintain backward compatibility was most definitely made by upper-management, and the security repercussions were almost definitely brought to their attention at some point. It's not at all surprising that there are factions in Microsoft that disagree with this decision
Re: (Score:3, Informative)
The absolute worst you can do is to trash your user account. It's not pleasant, but it's a hell of a lot better than infecting your entire system.
This functionality is hypothetically avail
Re:Karma gets even with MS! (Score:4, Insightful)
It's becoming very clear the current US administration is unlikely to win the next election.
Microsoft needs the US government to protect it from standards, open document formats, antitrust prosecutions and any other similar inconveniences.
Expect Microsoft to continue distancing itself from the Bush administration. They need plausible deniability so they can cosy back up with Bush's successors.
Re: (Score:3, Insightful)
Actually, I read this as CYA for Microsoft in government. With computers being as important as they are for the financial health and other aspects of our country, the Dept. of Homeland Security is making cyber-
Re: (Score:3, Funny)
Re:Karma gets even with MS! (Score:5, Insightful)
Fuck Vista.
Re: (Score:3, Insightful)
I always assumed that they were talking about 'financial security'... their own.
Re: (Score:3, Insightful)
Riley is smart, and VERY entertaining. (Score:4, Interesting)
Oh, and a pity he makes the fron page at Slashdot for stating the obvious!
What's smart about a false choice? (Score:3, Informative)
He's giving a lecture called [slashdot.org]:
Making the Tradeoff: Be Secure or Get Work Done.
With reasonable design choices, I get both. With sftp and konqueror, I can transfer files without worry. With real user and process separation, I can do a lot of other things without fear. If he's forced to chose between security and convenience, his system offers neither.
Re:What's smart about a false choice? (Score:5, Interesting)
Maybe things have improved in Vista, but the user separation on Windows XP seems to be designed to drive you insane.
No, OP is correct (Score:4, Insightful)
But why should I require admin access to change file associations? Or to install a print driver?
"Run As" is just a crutch around poor design.
Re:No, OP is correct (Score:4, Interesting)
First, print drivers have no reason to be kernel-mode. None whatsoever. Printers are either connected through ethernet (the proper way), or USB (the cheap way). Either way, there's no reason for kernel-mode drivers; user-mode drivers can do all the work of formatting the data to be sent to the device. Notice that in Linux, all printer drivers are user-mode, and are usually actually called "filters", since they're just changing the data, not directly interacting with low-level hardware. Usually, all that needs to be done is convert the file to Postscript or PCL or some other printer control language.
However, the norm on Linux systems is that root sets up printers and printer drivers, because it's easier that way and makes more sense: the printer is a system-connected device, not one which each user should have to set up himself. So root sets up the printer with CUPS, and then users just have to select it and print to it.
As for file associations, there's no reason for this to be inaccessible by users. If I want to open
Yep, it's not easy to be secure on XP. (Score:3, Informative)
So, you log out, and then login as an administrator, make the change to the power settings, log off and then log back in as your unprivileged user only to find out that the changes that you just made as an administ
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
With sftp
Available on Windows.
and konqueror
Or Internet Explorer 7.
So I can fire up IE7 (or Windows Explorer) and point it at "sftp://my.example.com/" and start up a SFTP session, handling SSH keys, etc. and transfer my files through a secure SFTP session? I was poking around looking for a reference to this and I'm not finding it anywhere. The closest I've gotten is a hint of IE7 supporting FTP over SSL (which would be FTPS).
Virtualizing Applications (Score:3, Informative)
Re:Virtualizing Applications (Score:5, Insightful)
Or think 'operating system.' That's what an operating system does. It virtualises the computer's resources and multiplexes them for applications. It multiplexes memory and gives each process its own address space. It multiplexes disk and gives each process its own virtual disks (files). It (or a userspace delegate) multiplexes video and gives each process its own virtual screen (a window or virtual terminal). It multiplexes the speakers and gives each application its own sound device (a virtual channel). It multiplexes input devices and switches them between apps.
Everything old is new again.
Re: (Score:2, Informative)
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:3, Insightful)
Uhh, I thought we were already virtualizing applications with "http://www.winehq.org/"
Our way of life is not under threat! (Score:5, Insightful)
In the United Kingdom we lost fifty or so people in the carnage of bombings last-year, in the United States you lost four or so thousand.
I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective. In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed in gun accidents per year than 9/11.
Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true. This stuff is right in the noise level of the threats we encounter each day. It's dramatic when we see some idiots attempt to blow a car up at Glasgow airport but in terms of actual risk, these people are up there with being struck by lightning or having a bad reaction to asprin.
So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.
It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield in the face our adversity. We held our resolve!
And we should hold our resolve now. In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously. We should not give a shred of our liberty to these people - they are pathetic and worthless; you only need to look at the Glasgow "terrorist" attack to see this for yourselves.
Simon
Choose "cry". (Score:5, Insightful)
Consider what we COULD be doing with the money spent on this.
The Cold War ended. The world was as close to Peace as it has ever been. We could have been investing in so many things to help the human race as a whole.
Instead we're spending trillions of dollars "fighting" a few thousand nutcases who can't do any more damage to the world than we do to ourselves, every year, in traffic accidents.
Re:Choose "cry". (Score:5, Insightful)
And this is the problem with militarily-funded businesses. They have incentive to not have peace.
Re:Choose "cry". (Score:5, Insightful)
The West now only concerns itself because suddenly we're the direct targets of their actions. Those actions are wildly successful because they're so visible. The fact that automobile accidents are far more deadly, or that more people die due to choking than the terrorists could ever hope to kill is besides the point. Those aren't sexy, top-of-the-hour, bonechilling, fingernail-biting, paranoia-inducing stories.
I have pointed out to people who think that Jihadists are getting ready to blow up their supermarket that the people of Leningrad and London put up with attacks of such intensity, such lethal effectiveness and such destruction that it makes a hole in the Pentagon and two downed office towers look like a joke.
Re: (Score:3, Interesting)
Make that "the USA" rather than "the west" - other western countries have had serious terrorism problems for years. In the UK there was the IRA and the "troubles" in Northern Ireland, and in Spain there was/is ETA, to name but two.
Interestingly, look at this [ireland.com] story [bbc.co.uk] today - 400lb of explosives found, with a strong suspicion of links to real-live republican terrorists. Notice how little reporting there has been of th
Re: (Score:3, Insightful)
They don't seem to be suicide bombing anyone, taking hostages, or any type of violence nor have had a history of doing so. You can be eccentric with your religion, but I don't think you cross over into the "nutcase" category until you start actually committing violence in the name of your religion.
In fact Tibetan independence has nothing to with religion ev
Re: (Score:3, Insightful)
Please ban the sale and manufacture of foods larger than 1 centimeter in size. We could die!
Thanks,
The United Sheep of America
P.S.: This is urgent!! People are dying as we discuss this!
Re: (Score:3, Interesting)
"In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the militaryindustrial complex. The potential for the disastrous rise of misplaced power exists and will persist."
Heed was not taken and arose it did..
Re:Choose "cry". (Score:4, Interesting)
Re:Choose "cry". (Score:5, Insightful)
But the world was doing pretty well -- sure, the Middle East was trying to kill itself, but it's *always* doing that. The people with the *serious* militaries, however, were at peace. We had a golden opportunity to *not* spend our national wealth on the military; for the first time there were really no serious military threats to Western democracy. We could have done something useful...
Re:Choose "cry". (Score:5, Insightful)
But the intervention across the globe by Western governments since the end of WWII is that disruption of peace which makes enemies of those we and our governments have screwed over.
Re:Choose "cry". (Score:4, Insightful)
Many political entities throughout the Middle East and Africa are making war to consolidate power in their own country and use the West as a convenient scapegoat. This isn't much different from what the neo-cons, to use a contemporary example, have done in reverse in the West. Invent some boogeyman, convince your people you can protect them from him, and they will support you.
On a conceptual level Sayeed Kotb's ideas aren't all that different from Leo Strauss'.
Sure many Western governments have encouraged conflicts. Directed them to their benefit. Provided the raw materials. But the total absence of all Western influence wouldn't bring peace, a great many people can still be killed with machetes.
Re: (Score:2)
Re: (Score:2)
You mean, killed by guns, not killed in gun accidents. Few people are killed in gun accidents in the US an
Re: (Score:2, Insightful)
Re:It's not terrorism that threatens it (Score:4, Interesting)
Re: (Score:3, Insightful)
Re:It's not terrorism that threatens it (Score:5, Insightful)
It used to be this way with immigrants from Europe, etc. However, it is not this way with Islamic immigrants.
A recent poll in Britain found that most second-generation immigrants want Sharia Law to be instituted there. This isn't the first-generation immigrants from Pakistan and elsewhere; this is their kids, who grew up in Britain. The first-generation immigrants don't seem to be causing any problems; they just want a decent life and job. Their kids are embracing the ways of radical Islam. The same thing is happening in France.
There was a movie about this a while ago, called "My Son the Fanatic". Check it out.
Re: (Score:3, Insightful)
Except, the immigrants of old, did not come to your country, and want to out and out destroy it and replace it with a theocracy. They also weren't so willing to do this, that they employed suicide bombers from within their numbers.
They also pretty much immigrated legally...not just sneaking i
Re: (Score:3, Insightful)
> accidents in a couple of weeks than were in the July 7th bombings.
Yes, but, at the risk of stating the obvious, there's a big difference between dying in an car accident and being killed by someone who blows up a train. You may as well console someone who gets mugged by saying "well, you know, people accidentally lose money every day." It's not relevant to the incident.
Re: (Score:3, Insightful)
Some guys with box cutters hijack some planes and smash them into buildings, killing thousands. Terrible tragedy, I agree, very much unlike random highway accidents. But that doesn't mean that the proper reaction to this is a direct attack on what's left of the values that made this a great culture instead of, say, securing the cockpit with a sturdy, lockable door.
From that perspective it makes sense to compare it to accide
Re: (Score:3, Insightful)
But the usual response to such a crime (afraid to go out, jumping at every noise in a shadow) is just the same as our current national fear-fest, and just as self-destructive. The appropriate internal response to being mugged is to be a little upset with yourself for being in a situation where you could be mugged and learning how to avoid that situation in
Re: (Score:3, Insightful)
Really? What is it? Both are preventable. We should be putting our resources towards preventing as many preventable deaths as possible. Whether or not it's intentional is entirely irrelevant.
Re:Our way of life is not under threat! (Score:5, Informative)
I would suggest using automobile accidents in the US as well, since it only takes about three-four weeks of US automobile fatalities (~45,000/year) to equal one 9/11. Hear! Hear!
Regards,
Ross
Re:Our way of life is not under threat! (Score:5, Insightful)
I agree it's not under threat by terrorism. But, there are several issues that should be of concern which have far greater support among muslims, including but not limited to:
* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings
I know some of these are not tied directly to islam, but they occur mainly in islamic communities and islamic leaders are not doing enough to stop, or are even encouraging these practises. In general, I have the impression that many muslims are far more intolerant towards our way of life and hold values which I quite frankly find unacceptable. I'm not pretending Europe has had too many of these notions too long, 100 years ago women couldn't vote, 50 years ago people were being put on trial for erotic novels and 35 years ago being gay was a crime here in Norway. But in my opinion we have made great strides in recent years ensuring equality for all and that everyone is free to pursue their own happiness. The muslims are on the whole a very reactionary group that in my opinion is threatening to undo much of the progress we have made. What bugs me the most is the complete lack of symmetry - if we go to Saudi Arabia, they want us to respect their culture (or face Sharia). If they come here, respect for our culuture is slim to none.
Re: (Score:3, Interesting)
* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings
Sounds to me like they're doing pretty well, if they support Freedom of Speech and Women's Rights they're off to a good start. Those other things on the list we(here in the US of A) are not much better off at. We're CERTAINLY not in a position to dictate these things to anyone else.
H
Re: (Score:3, Insightful)
* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings
To be fair, that sounds like Western Christianity up until the 1700's when nationalism finally replaced religion as the reason for violent deaths and the renaissance actually was accepted in Norther Europe. Of course Islam is a bit different as its rules as interpretation, but as Turkey shows you can be Muslim without being like Saudi Arabia.
Re: (Score:3, Insightful)
If anything the lack of symmetry is the other way around.
As far as I know the Saudis have not managed to impose Sharia law in Britain.
On the other hand many British people have got off more lightly on breaking Saudi laws than a Saudi would have done because of diplomatic pressure (of course if you are from a less powerful country like the Sri Lankan teenager the
Re: (Score:3, Informative)
Iraq had thirty million people. One tenth the US population. So to keep the perspective correct here, it would be as though Iraq had invaded the US and killed a million people. A. Million. People.
We've no moral cover. No place of dignity. We committed an act of terrorism that killed over a hundred thousand
Re: (Score:2)
Spies and saboteurs aren't covered by Geneva. It's perfectly legal to punish them (up to death) if caught on your country's territory.
-b.
Re: (Score:3, Insightful)
If someone comes into a country with the intent of murdering large numbers of its citizens, they should really expect to be well treated. Yeah.
Re: (Score:3, Insightful)
Re:Our way of life is not under threat! (Score:4, Informative)
http://stpeteforpeace.org/real.threat.html [stpeteforpeace.org]
I just wish people would listen to reason when it comes to all of this.
XP isn't that bad ... (Score:4, Informative)
-b.
Virtualization of an application? (Score:3, Insightful)
Here's a little concept I've been working on. Why don't we use a real OS?
WINE, Anyone? (Score:4, Interesting)
Re: (Score:2)
Re:WINE, Anyone? (Score:4, Informative)
First, ignore all the comments pointing out that WINE stands for WINE Is Not an Emulator. You're using "emulate" in a different sense than the WINE acronym is. By "WINE Is Not an Emulator" it means exactly your point: WINE does not emulate a physical machine - or, in other words, virtualize the process. WINE implements a compatible version of the Windows API, but it does not create a virtual machine. It's best called a compatibility layer or something like that.
Cygwin does something similar under Windows for UNIX. It emulates a UNIX environment under Windows, mapping standard UNIX calls to Windows equivalents. WINE does the same in reverse - it maps standard Windows calls to UNIX equivalents. (Pedantic note: I know I'm misusing the term UNIX. Someone else can come up with better terms.)
In any case, WINE is not a virtualization approach. A Windows program run through WINE is executed directly by the hardware the OS is running on. WINE simply provides a loader that can load and execute EXE and DLL programs, along with compatible implementations of Windows API.
Short answer: you're right. WINE is not virtualization.
Should fix the article headline (Score:4, Informative)
Let you down with XP (Score:5, Insightful)
Re:Let you down with XP (Score:4, Funny)
Not a lot of work involved there.
Ironic (Score:4, Funny)
Re:Ironic (Score:4, Funny)
SoftGrid isn't new (Score:4, Informative)
Re: (Score:2)
Security advise from Microsoft? (Score:2)
I guess we can only hope to be a safe from attack as Windows is.
When there is only one OS (Windows).... (Score:2)
overblown and intrusive, like Vista? (Score:3, Insightful)
Softgrid (ie. Softricity) (Score:3, Interesting)
We actually use softgrid for citrix(softgrid steams to citrix, citrix streams to remote user). We've had some issues with it but very few compared to our regular problems across our citrix environment.
Now the interesting part of softgrid is it's ability to sequence and stream a small set of the app. For instance after evaluating visio, we discovered most of the users only used 20% of the app, so softgrid only deployed that small footprint. Neat technology, and we will be using it next year when we move to XP for my environment of 7000+ desktops. (We're slow moving to new OS's
What's the big security problem with XP? (Score:5, Interesting)
What's the big security problem with XP? It installed by default with a firewall that denied inbound connections. It allowed people to easily give the kids and the wife non-admin access to a shared system. It automatically tells me when new security patches are available from Microsoft, and it always installs them without incident. It even complains (through a tray icon) when my virus-checker's images were getting out of date. I've been running the same XP system on my laptop now for about three years; I haven't had any spyware, viruses or worms yet, and the system still boots as fast as the day I got it. So...what's the beef with security?
Re:What's the big security problem with XP? (Score:5, Insightful)
Vista is not selling [slashdot.org], so XP must be killed. They do this with every OS, so you might as well imagine that it's 2011 and Win9 is out and they let you down with Vista.
Re: (Score:3, Informative)
So I guess the point is that Windows XP failed at security, and Service Pack 2 was Microsoft repairing some of the problems with the stock OS.
"We let you down with XP" (Score:5, Insightful)
Chris Mattern
Virtualised applications = sandboxing (Score:3, Informative)
Application Virtualization "softgrid" (Score:3, Interesting)
It's a kernel level partitioning of resources, to create virtualized hosts with low overhead. They all use the same kernel (so you couldn't have Linux/Windows/Mac virtual machines), but each system/app is unaware of the others.
That way, you can have two virtual instances, each running Apache, but with different/conflicting middleware below it -- and no worries about them crapping on one another.
The example they give in the article is being able to run Office 2003 and Office 2007 on the same machine. The concept behind it is cool. But, doesn't that example illustrate a lot of what is wrong with Windows -- they need an all new virtualization technology just to install two versions of Office on your PC?!?
Just perfect (Score:5, Funny)
The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley.
I agree with Microsoft on something. Great, just perfect. Now I have to get ready for the 4 horsemen, a rain of fire and the end of time.
On the plus side that means I won't have to mow this week.
We let you down with XP (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Interesting)
Re:I'm still curious... (Score:5, Interesting)
Sir, I suspect that one of the reasons why you don't hear an answer is that some of your interlocutors are frozen in disbelief.
Although the USA may try valiantly, not everyone who displeases the government can be incarcerated. People think Guantanamo is bad; the US prison system is a systemic Guantanamo fit to burst with the highest percentage of incarceration in the world.
Do all the people who are not incarcerated have any reason to be concerned? If the government is above the law and there is no law to protect them, the only protection they have is their sleepy ignorance of their vulnerability.
You would call their sleepy ignorance proof that they have no cause for worry. Coincidentally, there's a group of men in the White House who agree with you.
Re: (Score:3, Insightful)
They have affected the ratio between the tax I pay and the government service I get in return.
I am paying extra taxes for things which benefit nobody.
That TSA screener may not be inconveniencing me that much, but the pothole he's not fixing because he wasn't hired as a construction worker instead may be.
Tiny Sliver of Hope (Score:5, Insightful)
That old argument again... (Score:3, Insightful)
How about you just assume that your run-of-the-mill Abdullah is outraged and shocked by anything that shocks your run-of-the-mill john doe?
I don't feel guilty anytime a white person kills children and I feel no need to write letters to the editor condemning their actions or going out in the streets chanting "STOP KILLING THE CHILDREN!".
You have to stop thinking of muslims as some sort of borg collective that has decided to remain quiet a
Re: (Score:3, Insightful)
No, there isn't going to be a Muslim army that lands on the beaches and "takes over" the USA. That is silly.
However, we are seeing court decisions implementing Sharia law in Germany for Muslims. What do you think it would take for this to happen in the USA? How far away are we actually from allowing Muslim men to beat their wives with impunity? Would you not call "taking over" our laws?
How about the idea of people having Driver's License pictures taken