1446445
story
Rantastic writes
"In a recent interview with Wired Magazine, Microsoft Security Program Manager Stephen Toulouse, when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline." He also reveals that he runs Firefox."
Download.Ject (Score:3, Informative)
WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?
In case anyone is wondering about Download.Ject, check this link [www.mikx.de] out. It's only a matter of time until a high-volume site gets compromised with this exploit. Scary stuff.
Sadly, Firefox isn't affected.
Re:Download.Ject -- CORRECTION (Score:5, Informative)
Download.Ject information is actually here [microsoft.com]. The exploit referred to above is actually the "what a drag" exploit. Still pretty scary if you ask me.
Anyway, the editor (me) regrets this error. =)
Re:Download.Ject -- CORRECTION (Score:4, Informative)
I couldn't open the sample exploit listed in the parent, but I could open he one in the link I provided. The proof is safe and scary.
If they are not going to fix these errors, Microsoft should at least give us a naming system! It's hard to discuss the exploits when we don't know how to name them correctly.
Should we call this one "how to skin a windows box" [tech-recipes.com]?
Re:Download.Ject -- CORRECTION (Score:4, Interesting)
Hee hee hee... I find the following bit from Microsoft's instructions on how to clean the trojans funny:
Basically, they're saying that you don't have IE in pants-down mode, so their ActiveX scripty-do can't run. Is that ironic, or just amusing?
Re:Download.Ject (Score:5, Funny)
When will Open Source advocates realize that it's just this sort of behind-the-times technological gaffe that will keep Linux in single-digit marketshare forever?
Doubledge sword (Score:5, Insightful)
MS will always be 1 step ahead in features.
Guess what, features sell. Maybe in the year 3000 things might be different.
Re:Doubledge sword (Score:4, Insightful)
MS is one step ahead in having off the shelf applications written for it. That's the reason why most people stick with it. The applications that they already have, and the applications that they forsee themselves wanting to run run on Windows. It's not because of features.
Re:Doubledge sword (Score:4, Interesting)
They aren't.
The only thing I can think of that you might be referring to is Avalon. And that is considerably more advanced than Quartz Extreme. Quartz Extreme is like the current Windows rendering engine on steroids - it does more in hardware, it does more fancy stuff, but at heart it's still 2D bitmap-based software rendering with some fancy anti-aliasing, alpha compositing, and Expose bolted on top. Avalon is fully vector-based and done entirely in hardware. You simply can't compare the two directly.
Re:Doubledge sword (Score:4, Insightful)
Us OS/2 guys always said the same thing about Windows - why wait for Windows95 when OS/2 had all its features, and stability as well? Obviously MS doesn't even need features to continue selling.
Re:Doubledge sword (Score:5, Insightful)
Linux has more functionality than Windows. No question about it.
Answer these:
how many ports (cpu architectures) does windows run on?
is windows tcpip more featureful and flexible than windows?
which version of windows has more GUI features than the latest KDE or GNOME?
does windows or dos support more different hardware than linux? (I have one pentium3 sitting right here that crashes on the HLT instruction. I can only run Linux on it, and quite well.)
how many different ways can you install windows?
is windows' threads implementation the best in the market?
is windows memory management the best in the market?
show me the most secure windows, I'll show you 10 more oses more secure than that.
by a WIDE margin.
are apples the same as oranges? (Score:5, Insightful)
can your car go as fast as my bicycle?
can my sister pee farther than my uncle?
how many different programs can you burn dvd's with in linux?
how many linux computers can play doom 3?
I'm not playing favorites, just objecting to your biased list.
Re:Doubledge sword (Score:5, Interesting)
-To Read Email
-To Use Office (or other word processing/spreadsheet/presentation application)
-To Surf the internet.
That's all. My grandmother doesn't care if KDE provides quick access to the console terminal, nice configuration of profiles or quick ways to make system level modifications. And she definitetly wouldn't care about ports or tcp-ip (even if she had a vague idea of what they were). In short, she would have no intention of touching these features in the first place even if they were present in Windows.
Your case of installation is another excellent example. Windows install methods are kept basic for the simple reason that even your most average user has to be able to perform it (and Microsoft knows it). Having a variety of installation methods and added complexity tends to scare people away from any product in general. Whether it's simply choosing 1 application from hundreds that you want to install or telling someone to setup partitions and swap space, they'll be terrified if you put too much in thier face.
Linux Distribution companies realize this, and are working hard to simplyfy thier installation methods. Based on what i've seen when I picked up SuSE 9.0 a while back, this is certainly true.
In time, people will come to become more computer literate, and perhaps these features will have some meaning. Till then though, it's not going to be all the fancy under-the-hood features that sell a product. It's going to be simplicty.
Re:Doubledge sword (Score:5, Insightful)
how many ports (cpu architectures) does windows run on?
One, the system I own. I don't care about the others. I have no need to, this is not a hobby, this is my computer.
is windows tcpip more featureful and flexible than windows?
It works with everything I have.
which version of windows has more GUI features than the latest KDE or GNOME?
Without editing files and getting complicated? 95/98/Me/2000/XP/NT 4
does windows or dos support more different hardware than linux? (I have one pentium3 sitting right here that crashes on the HLT instruction. I can only run Linux on it, and quite well.)
Your hardware is broken, you should fix it.
how many different ways can you install windows?
One, the way it installs on my system.
is windows' threads implementation the best in the market?
As far as I'm concerned it is.
is windows memory management the best in the market?
As far as I'm concerned it is.
show me the most secure windows, I'll show you 10 more oses more secure than that.
Strange, they all have BSD in their name.
Re:It's a JOKE (Score:5, Funny)
We need this feature fixed now if not sooner, otherwise we're all going to be stuck using this insecure MS offering!
When will there ever be a feature complete open source internet explorer??
Re:Download.Ject (Score:5, Informative)
Re:Download.Ject (Score:5, Insightful)
Regardless of what Microsoft and their fans may think, the browser wars are all started up again. Anyone who designs their site to be IE-only nowadays is just asking for trouble. Unfortunately, it's not exactly uncommon.
Re:Download.Ject (Score:4, Insightful)
As for you statement about the browser wars, hopefully your right. Ideally all browsers will approach the standards correctly and then end users will be able to choose the browser they like without worrying that some web pages will not display correctly.
Taht's not a FIX... That's a FUX (Score:5, Funny)
Seriously though, they can't fix it without removing IE from the system. You can easily get around their FUX by using a shell call... which makes this bug even scarier.
Re:Download.Ject (Score:5, Informative)
The handful of sites that don't work well with Firefox/Moz is really a small price to pay for the added security especially in regards to drive-by spyware installs.
Re:Download.Ject (Score:5, Informative)
Also admitted (Score:5, Funny)
No Time Toulouse (Score:5, Funny)
Re:Also admitted (Score:4, Funny)
Missing: Interview (Score:5, Insightful)
WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?
In other words: So, when will you stop beating your wife?
Meanwhile, Firefox and Opera look awfully appealing.
Ok, the guy really stepped in it here when he plugged Firefox (though I'm an Opera fan [opera.com], myself).
What about removing capabilities from IE to beef up security?
You think you'll get him to promise to cut off "capability"-dependent programs (and their programmers) at the knees?
Seems like you're fighting a losing battle.
Objection: counsel is badgering the witness. The only appropriate answer would probably be, "Yes, we are, f*** you very much."
Re:Missing: Interview (Score:3, Funny)
Mu
Re:Missing: Interview (Score:5, Insightful)
Except that to make the analogy complete, you should add that in this case the question is put to somebody who is actually busy beating his wife...
Objection: counsel is badgering the witness
Overruled, Wired reporters are not counsel but more like prosecution, and this guy is not a witness but a suspect.
Re:Missing: Interview (Score:3, Informative)
Re:Missing: Interview (Score:4, Informative)
But he didn't even do that! All he said was that he needed to upgrade Firefox to fix a security problem. Not that he used it as his main browser, and certainly not that he didn't use IE every day like all good Microsoft employees. Merely that he had it installed on his machine, and patched it as appropriate. In his job, I'd expect him to have a copy of alternative browsers on his system. I'd be surprised if he doesn't have Opera installed, too.
Re:Missing: Interview (Score:5, Insightful)
In other words: So, when will you stop beating your wife?
Not really, no. The question was about a specific hole who's existance is not in dispute. It makes no unwarranted assumptions and doesn't ask him to make any new admissions in answering. Unless you mean to imply that the question might cause him to accidentally admit to doing his job?
You think you'll get him to promise to cut off "capability"-dependent programs (and their programmers) at the knees?
Perhaps not, but it's a fair question. Many people are of the opinion that the feature shouldn't have been there in the first place (for security reasons). It wouldn't be the first time MS has given customers a choice between break feature X or be insecure.
Objection: counsel is badgering the witness. The only appropriate answer would probably be, "Yes, we are, f*** you very much."
Perhaps, but since MS has a history of being less than forthcoming on the witness stand (literally as well as fuguratively), additional lattitude in questioning may be given.
Palladium? (Score:5, Interesting)
another admission? (Score:4, Funny)
I thought that M$ was allready [slashdot.org] working with BIOS makers [slashdot.org] on this [linuxdevices.com] and that it was already here. This could be an admission that trusted computing is not secure computing.
Actually, you're wrong. (Score:5, Informative)
Your comment was:
"He doesn't "reveal" that he uses Firefox either. Nowhere in the article does it state such."
To quote TFA:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
Please RTFA before posting corrections to the comments of others. Thank you.
He runs Firefox, duh!? (Score:5, Insightful)
If you were working in the X divison of a company wouldn't YOU be using a competitors program so that you could know what they were doing to make their side better? I know I would.
In fact, I would be completely disappointed if he DIDN'T run Firefox.
Among other browsers, I'm sure! (Score:5, Insightful)
Indeed, parent post is correct. Besides, the article doesn't say that he uses FireFox exclusively by any means. In fact he only mentions FireFox to prove that all browsers are susceptible to attacks.. Here's hoping he also uses NS, Opera, Safari, and whatever browser he can to do testing and research.
Yet more spin by
Reading between the lines (Score:5, Funny)
I dont know if he really *uses* firefox... (Score:5, Interesting)
Re:I dont know if he really *uses* firefox... (Score:5, Insightful)
Four Questions (Score:3, Insightful)
7 Years To Go? (Score:3, Funny)
... So please refrain from computing for the next 7 years. Just go about your lives. Pay no attention to the penguin and cute little red daemon over there. Hey look! Over here! Have this complimentary Plush Clippy!
Service Pack 2 (Score:4, Funny)
Oh, wait, actually service pack 2 renders some computer unbootable, so that must be the real trick!
Fat lot of good it will do... (Score:5, Funny)
Re:Fat lot of good it will do... (Score:5, Funny)
"According to the Mayan Calendar We'll only get a year to enjoy it!"
We won't even get there. I hesitate to instigate a panic, but... MY calendar runs out on Dec 31 of THIS YEAR! AAAIEEEEEE!
Move the timeline out indefinately... (Score:4, Funny)
If everyone had AIDS, you wouldn't have to be all that concerned about STDs now, would you?
New Apple add:
iMac, its like a computer with a condom!
Linux add.... (Score:5, Funny)
iMac, its like a computer with a condom!
New add for Linux:
Linux: you can't get infected unless you get laid.
Security Update (Score:5, Insightful)
But that's just it, at least he had an update to install, MS doesn't release security updates as quickly as it needs too, as the first question mentioned.
Re:Security Update (Score:5, Informative)
Buy a car from my company now! (Score:3, Interesting)
Of course we won't perfect the brakes or the air bags for another 10 years or so, but hey the seat belts work most of the time. So buy my car version "XP" now so you can get a taste of what a safe car of the future will be like
Story comes with ad for Microsoft "security" (Score:4, Funny)
Comment removed (Score:5, Interesting)
What?? 100% known secure isn't possible. (Score:5, Insightful)
The 100% secure line is an asymptote. You can get fractionally closer to it, but never ever actually achieve it.
Re:What?? 100% known secure isn't possible. (Score:3, Insightful)
To be fair... (Score:5, Insightful)
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
Re:To be fair... (Score:3)
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
What made this quote so striking isn't that he uses a competitor's product (he *should* be using their product). The point is that he *must* use a competing product because IE isn't secure in this case. To underline the matter bot
In case you're wondering... why? (Score:5, Insightful)
Second, the idea that an MS head is using firefox is hardly surprising, it's much more at issue that he's willing to admit it to Wired, and doesn't even seem to mind that open source is a better alternative.
Microsoft has had a history of using open source projects, most famously with qmail+unix on their hotmail, but even branching to the MSN gaming zone, etc. It's really not too surprising, considering a lot of the unix foundation implemented in their NT-XP series.
Re:In case you're wondering... why? (Score:4, Interesting)
the idea that an MS head is using firefox
and that he projects such a long time for security to happen gives him greater credibility among IT people that have a clue.
MS has lost so much credibility in so many ways in the past that they have nowhere to go but up. Why pretend anymore?
Re:In case you're wondering... why? (Score:4, Informative)
That was from the original creators of hotmail. MS bought out hotmail... It took several years, but Hotmail was finally moved over to an NT base, which it now runs on.
Sad (Score:5, Insightful)
Having someone say "it's more of a 10-year timeline" does not equate to "MS not expected secure until 2011"...much less "MS says" 2011. The phrase "more of a..." connotes a generality. The headline is pure, conjured specificity.
Crap like this makes me become seriously disenchanted with Slashdot.
Re:Sad (Score:5, Funny)
Really?
It keeps me coming back for more...
just like Big Macs and nicotine.
Re:Sad (Score:3, Informative)
But this quote does NOT read "it's a 10 year plan". Read into it what you will; embrace self-delusion.
Even XP SP2 is easy to tamper with (Score:5, Informative)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
Also, here's a Python script [vt.edu] that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.
This is just two example of what MS does to "secure" their systems. God help us all.
Meaningless (Score:3, Insightful)
2011, huh? (Score:4, Funny)
What the...? (Score:5, Insightful)
It's something you always need to keep an eye open for, and combat exploits whenever necessary. How can Microsoft say "it's more of a 10-year timeline". That statement alone makes me wonder how sane Microsoft's security program manager is. So Microsoft are going to dismantle their security team in 2011?
What would the Linux community think if Linus went out claiming that "we expect the Linux kernel to be secure in version 3.0"??
Anyone who takes software security seriously should understand that you can never expect a product to be secure after some period of time.
"Secure" is also relative and not at all an absolute term.
BWAHAHAHAHAHA!!! (Score:4, Funny)
Microsoft will take TEN YEARS to get secure?
After pissing away thirty billion in R&D money for a one-time stock prop scheme?
And their head of security uses Firefox?
This is like discovering Bush prays to Allah!
BWAHAHAHAHAHA!!!
Hey, how about this theory?! Gates is secretly a hacker like the guy in the Sandra Bullock movie and really wants everybody to be insecure so he can take over the world!
BWAHAHAHAHAHAHA!!!
Mod this troll, mod this flamebait! Is that all you got, huh? Are you nuts? Come at me!
Re:BWAHAHAHAHAHA!!! (Score:4, Informative)
He does.
The Jews, Christians, and Muslims are pray to the same God, the God of Abraham.
The Jews come from the line of Issac(Abram's son with Sarah) the Muslims from Ishmael(Abram's son with Hagar).
The Jews are still waiting for the Messiah, while the Christians believe the Messiah has come(Jesus Christ).
respun (Score:3, Insightful)
Poor guy is really having to struggle... (Score:5, Informative)
On the other hand, he didn't say "Windows not secure until 2011", and I think his "10 year plan" is more of an acknowledgement of the magnitude of the problem than a hint as to Microsoft's timeline.
I wonder if he's even got the authority to deal with the real problems buried deep in the design of IE. If not, they can take 10 years or 100 years and still not get rid of "cross zone" attacks. I suspect only hope is that other browser developers will suddenly agree with microsoft that security zones based on the current location of a file is a much better idea than limiting the potential targets for an attack to just the application that's responsible for downloading and displaying an untrusted document. If that happens, then they'll REALLY be able to argue "everyone else has the same problem" and mean it.
IE share down 2% according to WSJ (Score:3, Interesting)
I also have to commend the graphic that accompanies the WSJ article. The article says that for the first time ever IE share dropped, presumably because of the virus threat. Also a few words about the Mozilla developers.
er... (Score:5, Funny)
I didn't read the article. This was Bush talking about Iraq, right?
Misleading statement. (Score:5, Informative)
From the article:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
I presume that Toulouse was referring to the update that fixed the "shell:" exploit.... this was only a problem with Firefox on Windows machines, because the flaw is inherit in the OS, not in the Firefox browser.
True, security is an issue about which everyone in the industry should be concerned. Call a spade a spade, though... Microsoft is well behind the curve.
Totally (Score:3, Insightful)
Yeah, who wants to bet that Stephen Toulouse gets a pink slip? It wasn't long after Salon suggested people switch to Firefox or Mozilla until IE was patched, before we learned that MS was selling the magazine.
Re:Totally (Score:3, Funny)
I once spent fifteen minutes arguing that Elvis Costello was in Styx.
Re:Firing offense? (Score:4, Informative)
Re:Firing offense? (Score:5, Informative)
He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.
And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.
So, please mod the parent down -1, Needs a Clue.
Re:Firing offense? (Score:3, Informative)
Somebody didn't read the article...
Re:Firing offense? (Score:3, Insightful)
Somebody didn't read the article...
No, somebody did read the article, but filtered out anything remotely resembing (a) a slight against OSS and (b) any vindication, however slight, of Microsoft and their products. Typical Slashdot behavior. Everything bad about Microsoft must be emphasized, and anything good must be squelched. At the same
Re:Firing offense? (Score:5, Insightful)
All I found in the article was:
"Meanwhile, Firefox and Opera look awfully appealing.
Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
That sounds more to me like he's trying to point out that other browsers can have vulnerabilities as well. He doesn't say anything about exclusively using Firefox. Maybe he just installed Firefox just to see what the competition is like.
Re:Honesy (Score:5, Insightful)
It's not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline.
What me meant is that Microsoft is completely reworking the way their browser operates -- not just toughening a few system calls here and there. A total reconsideration of how a browser should be designed.
The Slashdot editors took that and spit out "AHAHA M$IE INSEKURE UNTIL 2011! LOL@GATES"
Hardly seems fair.
What is unfair here? (Score:5, Informative)
A) A Microsoft representative said that it will take an estimated 11 years to fully secure Windows
B) Slashdot reports this
What spinning or unfair editing took place here? Your pullquote doesn't seem to show anything unfair. Yes, they are reworking key system components. But that still doesn't change the fact that Windows is so insecure that it will, by their own admission, take over 10 years to fix it. That's pretty important.
Comment removed (Score:5, Insightful)
Re:Just another example... (Score:4, Funny)
And of course we'll hear all about the Bowolf cluster in Soviet Russia that set us up and bomb and all your hot grits are belong to Natalie Portman. which will result in a four page flamewar over the correct spelling of Beowulf.
Re:Honesy (Score:5, Insightful)
It is likely that this is spin. When someone has a job that depends on the future security of a product that is likely next to impossible to make secure without a complete rewrite, what can he do? He has limited budjet, and unrealistic goals. So he makes a 10 year plan, saying that they will be secure in 10 years. He shows progress to his boss, and his boss is happy. He gets to keep his job.
Then, 2 years down the line, he revises his 10 year plan to expire in another 10 years - as long as the deadline is far enough away, he keeps his job, he puts food on the table, and the PR bunnies have something to hop about. This happens all the time in business, particularly publicly held companies. I would be very sceptical about any future Microsoft promises about security.
Re:Bash away... (Score:5, Insightful)
Linux is already one of the biggest players in the server department, and that's where a majority of viruses and exploits are aimed at... I still don't see announcements for all these business running Linux servers being compromised.... The fact is, Linux is theoretically and in actual practice more stable and secure. Windows isn't.. A virus won't JUST affect your user account files in Windows... I think they're mostly to blame...
" No... so, maybe we should just START to take a little blame for windows security problems. Stop running that cute screensaver your Aunt Matilda sent you. Don't go to webpages that advertise 'warez' and 'free 3leet mp3z!'"
People aren't that smart.
Re:Bash away... (Score:3, Insightful)
I hear about Linux exploits just as often as Windows exploits. There's kernel exploits that can get a remote user root. But it always gets brushed off as not a big deal, because hey, there's gonna be a patch out in a few days, right?
Sure, but the serious Windows exploits usually have a patch out in a few days too. It's just a matter of the responsible persons getting it installed.
Linux or Window
Re:Bash away... (Score:5, Insightful)
But what excuse does the biggest software company in the world have to not fix the gaping security holes in their two most used and probably most sensitive applications, explorer and outlook?
We are watching this weekly windows exploit drama not for months but for years now. It's getting really old and its not funny at all anymore.
The worms we have seen were pretty harmless in my book, I'm still waiting for the one that carries some more serious payload. Like wiping out all accessible drives (network volumes), saturating all network cards with malicious packets, stuff like that. MS probably needs that kind of wake up call but are they really that bone-headed to not see it coming?
Re:Bash away... (Score:3, Interesting)
And how many of them actually succeeded in infecting millions of machines?
Compare Microsoft to automobile makers. When they started, they were unsafe. So they added a 'fix' like seatbelts. Then they added crumple zones, an enhancement to make them safe. Airbags, side impact curtains, rear-sensors for backing up, and so on, and so on.
That analogy is useless. In computing, the OS can have near infinit
Re:Bash away... (Score:3, Interesting)
Re:Bash away... (Score:3, Funny)
A more appropriate analogy would be if a car manufacturer made a car with a big, shiny hood ornament, but when anybo
It's the fundamental APIs (Score:5, Interesting)
The heavy use of anonymous pointers, multi-function entry points, and DLL initialization/release interactions create an absolute nightmare to maintain.
Even for a relatively small project, you have to spend a fair amount of time just getting code separated into mainline and DLL. Then you get the joy of dealing with the weirdities of the Windows variation on process interaction with DLLs.
I can't imagine any way of securing that spaghetti except to scrap the Win32 API and make the .Net framework the Windows programming layer. Then you can get rid of those holdover APIs from DOS-thunker days and replace the kernel with one that was designed for multi-user security.
You can be grateful Microsoft is finally taking security seriously if you like. I look back on 10-15 years of pager calls, system recoveries, and late projects because of bugs, many of which have never been fixed. My patience with their problems and excuses ended a long, long time ago.
Don't forget Microsoft has been around almost exactly as long as GNU.org. Linux is a pup compared to Windows, yet look how much faster that team addresses problems than the much larger team at Microsoft.
If Microsoft's market share begins hurting because of their security issues, they've no one else to blame but themselves. If the industry demands POSIX server APIs and Windows can't deliver, Microsoft has no one to blame but themselves -- the Cygwin team seems to have managed the task.
Microsoft and a lot of other companies need to get back to re-verifying their core business and refocus on producing marketable products and services. Times change, and last decade's sure winner is last year's end-of-life product. A little less focus on the stock market, and a little more on realistic business models and long-term viability.
Matter of proportion (Score:5, Insightful)
The objection is not that Microsoft's software is insecure, but rather that their closest competition has at least two orders of magnitude fewer exploits and viruses than they.
If hundreds of exploits per month were discovered for Macs or Linux, your point would be valid. Problem is, the number of exploits available for all computers systems since the 50's is easily less than the number discovered in Windows in one year.
To make matters worse the rate at which exploits are being discovered is increasing, not decreasing, or even remaining stable. And this from a company making three billion dollars a month. How is it then, that a bunch of ragtag volunteers put together a more secure OS than a company which can spend a billion dollars a month on development?
Microsoft Windows, and the attendant problems it has experienced has brought shame on the entire profession. It isn't a matter of a few human errors here and there - Microsoft releases code with wanton disregard for the effects it will have on the user. You would expect more from a such a successful company, but apparently, Microsoft believes the professional standards followed by the rest of the industry simply do not apply to them.
And that, is why they get bashed. They dismiss the wisdom gained by years of computer science, and when their systems run rampant with bugs and security holes, they claim that such lofty goals as security and reliability are unattainable - in spite of the fact that their peers who did heed the lessons of computers science have managed to build such systems.
Re:I security really that important? (Score:5, Insightful)
Non-security is a thing we don't like, so of course we want to get rid of it.
-----
yeah, my englisk sucks
Re:I security really that important? (Score:5, Insightful)
By that logic, we should view terrorism as good for the economy since it creates jobs for the folks employed at the office of Homeland Security.
Think, real hard. What other effects came from from security flaws (in either case)? Anything bad? Anything at all?
Perhaps this is just crazy talk, but I submit that there are better ways to stimulate the economy.
-kev
Re:I security really that important? (Score:5, Insightful)
Comment removed (Score:4, Funny)
Re:I security really that important? (Score:5, Interesting)
Re:Longhorn (Score:4, Funny)
"What if God smoked Cannibis?"
Dude, come on. The platypus [pbs.org] is a dead giveaway.
Re:Longhorn (Score:3, Insightful)
Unlike most MSFT software, MySQL installs just fine without root privileges.
Re:Longhorn (Score:4, Insightful)
Simple to me means 'double click the installer, then type your password when it asks for it'.
"Secure" is an end user decision - a balance (Score:4, Interesting)
I've switched people (end users, not techies) to both Mac and Linux, and in both cases there was a general relief of not having to patch so much (I let them try for a month first). "So much" is the defining factor here - it's way, waaay too much for a common end user (and now well beyond the capability of an average modem to cope with, see SecurityFocus.com). To stay with car analogies, the Windows end users now run cars that need a brake fluid change every half mile. And when they ask the dealer they are told that the next car they buy will be better - out in the next couple of years or so.
Ask yourself: would you really, really like to buy another car of that make when there is a growing mountain of evidence that it can be different? Those I switched over didn't want to go back once they passed that first "It's new and scary" hump. That tells me more than marketing campaigns or "facts" give me.
Enough is enough - they had their chance. Anyone responsible for running a business should start to look at the risks they run - and insurances should start to have a good look at how much risk they insure if the business runs Windows.
Re:Correction: (Score:5, Insightful)
I find this hard to believe. Are you saying that you write software that is as complex as the usual MS app, and that it contains no errors whatsoever and has never had to be debugged? It seems like everyone from Knuth on down has written bugs in software when working on an application of non-trivial complexity, so I'm a little skeptical if that's your claim.
And the amount of data that an app processes is not the only measure of a program's complexity: does your program interoperate with a dozen others in a standard cut-and-paste manner; does it hide the complexity of operation from the end user so he or she can point and click and get things done; does it use an API so that software writers outside of your company can can write apps that interact with it; does your software run on multiple different hardware platforms; do you add new features to it when marketing surveys show people want it?
I'm not saying that all of those criteria are necessarily the best or most desirable (e.g., sometimes you want software that's only usable by industry professionals), but those are the constraints that Microsoft operates within, and they all increase the complexity of even the simplest-seeming of applications.