Microsoft to Clean Up Code 466
the_pooh_experience writes "Microsoft has decided to beef up their security group by adding a code cleaning group according to Infoworld. As the director of MS security engineering says: 'Microsoft is a long way from its ultimate goal where users can take security for granted in its products...the majority of viruses written attack Microsoft products.'" The new group is called Security Engineering Strategy and while it may seem long overdue to many, it's still a step in the right direction for the folks in Redmond.
Fat Chance (Score:5, Interesting)
The OSS model of peer review on a large scale is the sole reason for such reliable security.
Proprietary companies still have an edge. If people programmed according to a planned set of pre/post conditions, and tested their modules with black box testing, then a large portion of the controllable errors can be caught. Whether or not Microsoft does this is questionable since we can't see their code.
Oh, and BOUNDS CHECK EVERYTHING. Buffer overflow errors should have been non-existant for a half a decade by now.
I'm suprised... (Score:5, Interesting)
Oh well. as they said - it's a step in the right direction.
Where have I seen this before... (Score:5, Interesting)
Slashdot's Microsoft Obsession (Score:3, Interesting)
The trolling editors seem desperate to generate pageviews and posting a Microsoft piece almost guarantees to inflame and troll enough users to accomplish this.
Look at this story...what's really that new or interesting here? This looks like just another opportunity for slashbots and "M$" haters to get their kicks.
The more reasonable readers don't get off on that kind of stuff. Please editors, this is getting old and boring.
Re:Port to Java! (Score:3, Interesting)
Methinks you're a disgruntled C programmer feeling the world's leaving you behind.
Get with it - there's tools for every job - pick the one that works best.
My original point was made in humor partly - but the main point was that normal security exploits attacking buffer overflows, for example, are a non-issue in my 'interpereted language'.
Open it up (Score:2, Interesting)
Re:Fat Chance (Score:4, Interesting)
Let's have a debate at Ask Slashdot. Is it EVER possible to make Windows secure? Not maybe in the same league as Linux or Unix, but even marginally better than what entails now?
The challenges:
1. An integrated all-in-one tightly coupled design - anything breaks, everything compromised.
2. Proprietary standards (if that isn't an oxmoron)
3. Newer OS releases atleast once a year, to break competing code.
4. Newer releases to support existing apps (3 and 4 directly contradict)
5. Code size and complexity - I doubt anyone, even at MS has access, let alone modification rights to the variuos code bases.
Put simply, Mission Impossible.
Credit Where Due (Score:5, Interesting)
Re:Port to Java! (Score:2, Interesting)
and everything works perfectly*.
*Perfectly is taken to mean "Works about right as long as that system has the same brand and minor revision of the JRE"
Seriously though, every Java based piece of software we have looked at has been total crap. Many of them require a certain runtime, such as one web service from a major company we looked at, that only works with Apple's runtime. Other's only work with MS Java runtimes. The list goes on.
I'm telling you again - Hire Theo. (Score:5, Interesting)
Pay boffo bucks, send a Gulfstream to get him and give him some Bill face time.
He'll give you a seminar on code cleaning you'll never forget.
Manpower? More MS myth tossing (Score:4, Interesting)
What is Microsoft's full-time worldwide headcount? Current employment headcount as of 6/30/02: Worldwide: 50, 030
GE operates in more than 100 countries and employs 313,000 people worldwide. Now, that's manpower. Anything under 250,000 is just an excuse to have vending machines in the lobby.
Re:more of the same (Score:2, Interesting)
Re:A good thing (Score:1, Interesting)
Even if it was just a flapping of the lips, it's a good thing, especially for all the shops in the IT world who take hints from the large players, which, like it or not, M$ is. I got a copy of "Code Complete" from M$ Press my first day on the job here. People do pay attention.
Re:Fat Chance (Score:5, Interesting)
They already tried that, it's called "NT". Things got better for a while, then the application mafia got their fingers in and it degenerated back to the current mess.
So they could start that process over again, and be finished in 5 years, just in time to see their stock make the final dive into the subbasements. Or they could learn from Apple once again, and switch to BSD, it's free
Re:Credit Where Due (Score:1, Interesting)
The amazing thing about Oracle and MS-ware is that it's closed source and exploits are still popping up all the time.
Re:A good thing (Score:3, Interesting)
Re:A good thing (Score:2, Interesting)
In the OSS community, code (potentially) gets reviewed by people with expertise in a number of fields, something that is not guaranteed in a closed-shop development team. Hence, my observation that this is a watered down version of that process, with it's focus solely on security.
Re:more of the same (Score:4, Interesting)
So, here's a rather obvious 1-2-3-profit list
Re:sceptic (Score:5, Interesting)
1. Stuff works. It's the easiest time I've ever had configuring a server. It's like flipping a switch.
2. Stuff is locked down. Everything out of the box is turned off. When you do turn it on, it's locked down by default. Everything runs with the lowest privelege possible to get the job done.
3. Reliable. Nearly anything can be done without restarting the machine. The only exception I've had so far is making it a domain controller.
Frankly, I'm looking forward to working with it in a production environment.
For the world's sake (Score:3, Interesting)
Pardon my cynicism but ... (Score:2, Interesting)
Will this group have the authority to hold up a release if there are security holes? If not, they are just window dressing.
Is this group REALLY going to be able to get Microsoft to create secure code, or just avoid goofs so large they provoke those embarassing industry articles about lack of security?
Re:Fat Chance (Score:5, Interesting)
Case in point, I was on a team that redesigned an entire large-scale system from scratch. The old system was built in lots of little parts using various languages (shell, perl, java, c++, c, python, lisp), multiple databases from various vendors, had virtually no internal documentation on how anything worked, etc. They system was quite unstable crashing multiple times a day, and very difficult to enhance without breaking shit. Kinda like Windows...
We re-built the entire system in about a year (about 750K lines of code which was about half the size of the original code.) The result was amazing. After the initial deployment period where the bugs were worked out, the system was rock solid being able to stay up for months at a time, was Very easy to enhance, had tones more features and flexability. We had a great team, and a solid commitment from senior management providing the needed resources.
Netscape's biggest problem was not starting over from scratch, but poor project management (not keeping people within original design constraints) and a lack serious commitment from senior managment. Rather than having a very tight set of requirements and design goals, things were very nebulous and got out of control very quickly. No longer were they building a new browser, but a cross-platform framework for any kind of application they could think of. When you look at projects such as Galeon, most of that bloat is ripped out.
Rather than folling a bad example of how to run a re-design project (mozilla) MS could EASILY afford a new team to start Windows from scratch, leaving the existing team in place to continue to enhance / maintain the existing code base. This is the step that Netscape missed. They only used a small fraction of their people to maintain (and NOT enhance) the old code.
Joel is making his claim by using the worst case example. Kinda like if I claimed that you should never put the gas tank in the back of a car pointing to the Pinto as my evidence, ignoring the thousands of other car designs that worked.
Re:more of the same (Score:2, Interesting)
On win2k you can't even remove outlook express (yeah of course you can - but not by simple means).
Click the outlook express by mistake once - it won't even ask you - it will just take over as default mail app.
Re:But it IS important (Score:2, Interesting)
The mucky-mucks at MS, or Apple, or any other software company work long days worrying about and getting all the info they can about other companies.
Since linux is non-corporate it is up to people like us to discuss, argue, trash-talk, and otherwise beat to death information and news about the competition.
To me its just good business.
Re:Credit Where Due (Score:5, Interesting)
You don't "fix" 50 million lines of code overnight, especially not when it has taken 10 years (or more) to write. However, all of the developers really did take a few days to go through a set of classes on how to write secure code, and then spent the next month reviewing their code for security problems. All of the program managers really did go to classes to learn about security vulerabilities and how to find security weaknesses in their designs, and then went back and updated designs where needed. All of the testers really did go to classes to learn how to find security bugs and then created security test plans and spent a month doing nothing but looking for security bugs.
It probably isn't perfect, if Microsoft went for perfect you would be paying ten to twenty times more for the software, but for the first stab at really fixing the server operating system so that it is secure out of the box, I would say that 6 months of effort went into making Windows Server 2003 secure that wasn't in the plan prior to the trustworthy computing initiative.
Re:A good thing (Score:1, Interesting)
Re:A good thing (Score:2, Interesting)
Having some people to actually just fix security issues is good, since then those people can concentrate on security topics.
Even if all their developers where aware of security issues, there actually has to be some group that concentrates on KNOWING about the issues, so that not only is code looked after, but actual developers have someone to ask when they think "there is potential pitfall here" but don't know the exact problem/solution.
I think Open Source security works because there is always someone that can show the actual problem with the code.
There's also the problem of big picture. While you COULD check buffers at every stage of code, you actually only need to check data that is coming INTO your code, as long as you trust your own code. Problem here is that there is often functions that SHOULD get data only after it's validated, but for some reason get it without validation. If there's someone who knows the actual validation process and data flow, and whose job is to check that all is fine, then security can be built as the first layer, not just small checks in 11001 places.
Ofcourse everyone still needs to check return values of functions that can fail (or catch exceptions when programming with a sane language).