Richard Clarke on Microsoft security 491
hizzo writes "Richard Clarke, former White House cybersecurity and counterterrorism adviser, harshly critized Microsoft's security track record. 'Given their record in the security area, I don't know why anybody would buy from them.' He also called for some regulation of security for ISPs in addition to better industry self-regulation, such as disclosing QA practices and becoming more accountable for secure code. I wonder if anyone will finally start listening to him?"
not likely (Score:4, Funny)
Re:not likely (Score:5, Interesting)
Microsoft's bribes had nothing to do with that. He was competent, professional and honest. He didn't realize the crap Wolfowitz was pushing into the president's head until it was too late. Sadly, Rice sat there and lied to the Senate and still has been confirmed as the SoS.
As for Microsoft's bribing, they had a commendable record of trying to stay the heck out of politics for years, until it became evident that without greasing certain palms that Washington DC would turn on them. Now they make sure enough lucre is spread around Washington and they have many wagging tongues at their disposal and many ears to listen.
Re:not likely (Score:3, Interesting)
No, it's not. Microsoft, like every other business in America, lobbies the government. Just like I lobby the government every time I write my Congressman a letter. It's called "representative democracy."
Lobbying the government is, unfortunately, a very inefficient process. There are lots of middle-men whose job it is to collect public opinion and communicate it to the representatives in Washington. These middle-men eat up a lot of money along t
Re:not likely (Score:4, Insightful)
It's our jobs as citizens to question our leaders. That's just about the only thing you and I are expected to do, in a representative democracy.
I think she was lying when she said that the contents of "the memo" didn't say that Bin Laden was determined to attack America, because I know for sure that that was the name of the freaking memo.
Or is this some wacky truth test that I'm a moron to use?
Microsoft, like every other business in America, lobbies the government. Just like I lobby the government.
Secretary: "Senator, Microsoft is on line one, and some internet guy who calls himself 'Leo McGarry' is on line two."
Funny. You most assuredly do not lobby the government "just like" Microsoft does.
They throw around more money than any other corporation, you spent less than a buck on a postcard. Sorry for burtsting your bubble, but in this representative democracy, Microsoft's voice carries more weight than yours.
There are lots of middle-men whose job it is to collect public opinion and communicate it to the representatives in Washington.
Again, "ha." These guys find someone who says that a survey says what they want it to, and feed that to representatives. It's not scientific at all. And if Microsoft, oh, I don't know, pays for those surveys, are you seriously so naive as to be surprised if the outcome of the surveys they tell people about say something that's always in favor of Microsoft? (Feel free to replace "Microsoft" with any corporation's name here, by the way.)
They're dishonest. Duh. Put on your ridicule-retardant pants, because you're in for a beating.
Re:not likely (Score:5, Insightful)
RICE: I believe the title was, "Bin Laden Determined to Attack Inside the United States."
Now, the...
BEN-VENISTE: Thank you.
RICE: No, Mr. Ben-Veniste...
BEN-VENISTE: I will get into the...
RICE: I would like to finish my point here.
BEN-VENISTE: I didn't know there was a point.
RICE: Given that -- you asked me whether or not it warned of attacks.
BEN-VENISTE: I asked you what the title was.
RICE: You said, did it not warn of attacks. It did not warn of attacks inside the United States. It was historical information based on old reporting. There was no new threat information. And it did not, in fact, warn of any coming attacks inside the United States.
Where is the word "airplane" or "weapon" anywhere in that conversation? You're so full of bullshit, and you have no desire to find out if you're wrong.
It also did not point to "possible hijackings." According to Dr. Rice, it was entirely historical. Unfortunately for her, the word "determined" means "on an unwavering course of action". That means, "will continue to be." That means, "in the future," or "not just historical." That means, she was wrong or lying.
Who's the moron now, you moron?
They represent a hell of a lot more jobs than I do.
No - the people who work there represent a lot more jobs. Microsoft doesn't represent anything except shareholders.
It's not supposed to be. You're not one of those people who mistakenly thinks everything is about the scientific method, are you?
Facts are clean, and politicians are greasy. The scientific method is the best way I know to determine facts (even facts about opinions). Tell me a better way, and I'll use it.
Until then, Microsoft greases palms, and you're an idiot for thinking they're just exercising their first amendment rights - it's a corporation, not a person. And they're buying votes. The votes that belong only and precisely to you, as a citizen of the democracy that they were elected to represent. If you don't care that you're being screwed, it's because you have no idea what being a citizen means.
When the army that's supposed to defend you starts torturing people, will you sit idly by?
Oh wait, that already happened - and yes, you are sitting idly by.
Does "America" mean anything to you, other than corporate profit and protection from terrorists?
Re:not likely (Score:5, Insightful)
When you lobby Congress, it's a representative democracy.
When a business, which is not a human being or citizen but a legal construct, lobbies Congress, it is something altogether different.
Re:not likely (Score:5, Informative)
Yea but chances are your letter is read by a coop and filed in obscurity unless you are the Congressman's campaign contribution list or he otherwise knows who you are.
Large corporations, or their K street lobbyist, on the other will routinely meet your congressmen face to face, offer campaign contributions to the full extent of the law, and other assorted favors to insure their clients get what they want from legislation and contracts.
You should have watched the House and Senate during the Medicare "Reform" Act. The lobby of the Capitol building was swarming with lobbyists for the drug, insurance and healthcare corporations, all circling like the sharks they are, smelling blood(money) in the water. The bill was such a horrible piece of legislation it couldn't pass on its own so House and Senate leadership had to arm twist all night to get the votes they needed and they held the vote open for hours which is against the rules until they got just enough votes to pass it.
During this same time the lobbyists were also hard at work outright buying votes because they desperately wanted that bill to pass. Its a bonanza for the drug and healthcare corporations, and in fact does frighteningly little for seniors for the price tag.
As I recall one congressman was retiring from politics and dead set against it. The lobbyists couldn't buy him because he was fed up and quitting, so they tried buying his vote by promising to get his son elected. As I recall it was in fact probably illegal vote buying though not sure what came of it.
Another example of how corporations lobby and you don't is Billy Tauzin. He is the relatively corrupt politician who lead the charge to ram the Medicare reform bill through Congress. He did this at a time when he had a million dollar plus job offer waiting for him from an industry group representing, you guessed it the drug companies. The unspoken deal, pass Medicare "reform" and we make you rich when you retire.
Another fascinating aspect of the the Medicare Reform, it really is a case study in how deeply corrupted our government has become, is that the Medicare administrator, Thomas Scully, was also job shopping with corporations he dealt with during the run up to passing the "reform bill". It was a blatant conflict of interest but the White House approved his job shopping anyway. This same administrator intentionally and blatantly suppressed the true cost estimates for the bill. If the true cost had come out before the vote it never would have passed. Scully needed the estimate to be not over $400 billion over ten years to get is passed so, he lied and told everyone thats what it was. He was no doubt assured a high paying job in in the private sector in return for being corrupt. One of the people who worked for him had some ethics and started demanding the true numbers, which were $551 billion, be released and Scully threatened him with ruination. The true figure was suppressed until the bill passed and then about a month later the Bush administration admited it was really at least $551 billion which would have never passed. A few weeks ago new estimates came out and its ballooned to $700 billion dollars and it really hasn't even started yet.
One key reason the cost is ballooning is the drug industry lobbyists managed to add a clause in the legislation that forbids Medicare from negotiating the prices for the drugs its buying for seniors. The drug companies can charge as much as they feel like and raise the prices at their whim. They invested a few million on lobbyists and they will reap hundreds of billions of dollars in profits at the expense of tax payers. The only cap on how much this bill will cost taxpayers is how blatant the drug companies want to be in jacking up the prices of the drugs they sell to Medicare.
You really have no clue if you think your silly little letter is even remotely the
Re:not likely (Score:3, Informative)
In particular, there isn't anything really illegal about taking lucrative payoffs to politcians after they retire from government service which is the payoff of choice at the moment, its called the revolving door from government to the private sector and in some cases like Dick Cheney back in to government and then in 2008 back to the private sector.
I vaguely recall in the late 80's, it might have been
Re:not likely (Score:3, Insightful)
Ah, so MS gets to vote now, eh? Sorry, but a representative democracy is one where the officials serve the interests of those that elect them. MS or any other company isn't part of that equation.
Lobbying is a means to influence the perception of representation. Don't listen to the voters, listen to me - I employ the voters, I service the voters, etc. and can serve as a proxy for them. It's the suggestion that representatives should act in MSs interests because MSs i
Re:not likely (Score:5, Insightful)
As for "shouldn't business be given the opportunity to express itself", I say no. A corporation (despite that abomination of a court ruling) is not a person. It's interests are often in conflict with those that are supposedly being represented by the congressperson. Yet its voice is magnified by the millions of dollars of influence it wields. It is a legal form of bribery.
Re:not likely (Score:5, Insightful)
COPRPORATIONS SHOULD NOT HAVE MORE RIGHT THAN A HUMAN BEING.
Re:not likely (Score:4, Insightful)
I think you'll find Microsoft "threw in big" with pretty much everyone, as a direct result of the antitrust suit.
Hmm... (Score:4, Funny)
Re:Hmm... (Score:2)
Well it wouldn't surprise me if he did, Clarke is supposed to be quite pally with Clinton remember.
Re:Hmm... (Score:5, Funny)
</sarcasm>
Re:Hmm... (Score:3, Insightful)
Lumpenproletariat? That would centainly disqualify him as a communist. Marx introduced the concept 'lumpenproletariat' to refer to people of low class outside the productive wage-labor system. These people were considered a force hostile to the revolution of the proletariat. I don't think Marx considered these people 'noble'.
Re:Hmm... (Score:4, Insightful)
Re:Hmm... (Score:5, Insightful)
Re:Hmm... (Score:5, Interesting)
It's comments like this that remind us non-Americans just how far politics in the US is skewed to the right...
I'm shocked (Score:5, Funny)
It's amazing what will be said when people aren't afraid of being black-balled in the IT industry.
Re: not a politician (Score:5, Informative)
Re: not a politician (Score:5, Informative)
My knowledge of Clarke isn't very good, did he politicise himself or was he politicised by the Bush administration ?
Clarke was a civil servant/bureacrat during his time working in the US government. He never ran for office and his service was never a sinecure in exchange for political contributions. He served in various capacities under three Presidents (Bush the Elder, Clinton and Bush the Younger). It wasn't until he had spent time working for Bush the Younger that he began publicly criticizing anybody in the US government. He did so after resigning from government service.
Bush the Younger's entourage began to politicize Clarke and his work in an attempt to discredit him. It didn't work particularly well, although for some reason, US voters chose not to punish their President for his lousy track record on terror.
Anybody who has read Clarke's book can see for themselves that he is not some raving madman. He's a professional who has made a career out of imagining the worst, figuring out who's likely to do bad things, and then trying to get others to do what's necessary to prevent the bad things or capture/arrest/kill the bad people. His failure, if you can call it that, is that he was unable to get the current US President to take al Qaeda and the threat of International Terror seriously until after 9/11, and even then, the President was more worried about Saddam Hussein and Iraq than he was about Mullah Omar and Osama bin Laden.
Re: not a politician (Score:5, Informative)
Guess what kind of laptop Clarke uses (Score:3, Informative)
Reading Clarke (Score:5, Informative)
The U.S. needs more people like Clarke in public service. Not because he spins a good yarn, but because he has consistently offered lucid and nonpartisan analysis of the terrorist threat throughout his career. It is shameful that rather than responding to his arguments the Bush Administration went into attack mode, and even more shameful that the Democrats were unwilling to make Bush's failure in the war on terrorism a bigger campaign issue.
Re: not a politician (Score:4, Insightful)
It's a testament to the character of that man in that he was the first person to come forward and publicly apologize for 9/11.
I've read the book he wrote about the events before and after (as he saw them) and have followed articles about him. I get the distinct impression that he is the type of person who has 'what if i had have done X' thoughts tormenting him quite often.
Re: not a politician (Score:4, Informative)
http://www.americanpresident.org/action/orgchart/
Re: not a politician (Score:5, Interesting)
Re: not a politician (Score:5, Interesting)
I didn't even mention anything that has to be "believed" about "Bush". You are an obvious, and sickly typical, Bush worshipper, who is so partisan that you come up with an attempt at an insult by calling me "progressive".
"No specific threats"... "terrorism sponsors like Iraq"... "disgruntled former employee"... NO ONE BELIEVES THAT BULLSHIT. Even Rice looks guiltier than Kissinger when she squeezes that crap out. Don't waste our time here with the talking points that lead to nowhere.
Re: not a politician (Score:3, Insightful)
Re: not a politician (Score:4, Informative)
Why? (Score:3, Insightful)
Disclosing QA practices - (Score:5, Funny)
"none"
Re:Disclosing QA practices - (Score:3, Funny)
I think QA is on the same door that bears the sign:
Re:Disclosing QA practices - (Score:3, Funny)
You know you've reached Microsoft QA when the person on the phone says "Hello, Thanks for calling Micrisoft Technical Support, what would you like to report today?"
Why buy from MS... (Score:3, Insightful)
Maybe because people aren't aware of the alternatives that are out there (Mac and Linux) or simply resist change.
Re:Why buy from MS... (Score:3, Insightful)
Re:Why buy from MS... (Score:3, Informative)
It was Redhat vs. Windows, as a web server, default installation. It was considered more secure because it took longer for redhat to issue specific patches than microsoft. If they would have simply compiled apache from source, like most competent administrators do, the patch would have been available in hours/days instead of weeks.
Please troll elsewhere.
Seriously (Score:2, Insightful)
Just because a person is an expert in one area doesn't mean he knows jack about other areas.
Look at most nerds here. They're pretty smart about computers, but idiots about politics.
Re:Seriously (Score:3, Insightful)
I think he knows what he's talking about.
-dameron
Re:Seriously (Score:5, Insightful)
Well, he handled CIP during his time with NSC, and was cybersecurity czar after being shoved out of his counterterror role. 'Czars' of various sorts are, given their lack of power, perhaps the most ironically-named figures in Washington, but Clarke was certainly the best-informed computer security layman in the nation. So, yes, when the former Cybersecurity Czar specifically singles out Microsoft as a source of major vulnerabilities, I think he's qualified to pass judgment.
Re:Seriously (Score:5, Informative)
So, I'd say that he's pretty well credentialed to comment on threats to US cybersecurity. Perhaps not from the perspective as a bits-and-bytes technologist, but certainly as someone who has expertise in assessing systemic strengths/weaknesses from the perspective of counter-terrorism.
Humph (Score:4, Insightful)
Fact: any box is as secure at the admin makes it.
Move along.
Re:Humph (Score:4, Insightful)
Fact: any box starts out as secure as the developer/packager makes it.
For example, having a vulnerable IIS turned on by default on a plain jane workstation.
An incompetent admin can make a secure system insecure.
A competent admin can, with work, might be able to make an insecure system secure.
(Depending upon the nature of the required fixes.)
But a box can start out relatively more or less secure, and that is an important point worth comparing. How secure is a given system out of the box, before an admin gets hold of it?
Re:Humph (Score:3)
You know, I think that, if I tried hard enough, I could build an OS that no admin could secure.
Moving on from deliberate incompetence, we come to Microsoft. They didn't deliberately try to make an impossible-to-secure OS, they merely made so many bad architectural choices, and added so many features that are inherently insecure, that the effect was close to the same.
Now, in fairness, they are getting better. Windows doesn't fight the admin who tries to secure
Re:Humph (Score:3, Insightful)
For example: Shipping major software packages that required significant administrative skill to run as an unprivileged user on NT-series OS's (MS Office).
For example: Shipping as their major OS product for years an OS that didn't even have the concept of an unprivileged user (Windows-over-DOS).
They are getting better, but so is everyone else, and they have a lot of catching up to do.
Re:Humph (Score:4, Insightful)
I can't believe this got modded insightful. The vast majority of computer users aren't admins, and don't have an admin coming round to their house to 'secure' their system, or stand over their shoulder to tell them they shouldn't open that email attachment.
The 'admins' need to be built into the software you tard.
Re:Humph (Score:3, Insightful)
That is what is slowely happening. Microsoft now offers a firewall, a spyware cleaner, and an update system for XP. The major thing it lacks is antivirus (probably because if Microsoft added that it would be seen as monopolistic).
All of these tools are easy to use as well. I don't care because I don't use Windows, but I do appreciate the fact that MS is trying to simplify the administration of its desktop. Its easier to tell my non-nerd aunt how to d
but but but (Score:5, Funny)
Windows is more secure than Linux! Right? No?!? It was all a sham? Oh, I see.
Re:but but but (Score:4, Insightful)
Posted by timothy on Thursday February 17, @05:00PM
...
Science: Scientists Discover That Water Isn't WetPosted by timothy on Thursday February 17, @03:00PM
Listening? (Score:5, Funny)
I believe after his book that many people in Washington stopped listening to him.
"the war is really hard, uh, you see and we, uh, we're trying to make them all free and ... Karl, what's the buzzing noise?"
"Ignore it Mr. President, that's just a reporter refering to something Richard Clarke said."
"Who?"
Re:Listening? (Score:3, Informative)
Will they listen? No. (Score:5, Interesting)
No. With all the spyware and worms and virii out there, people just won't switch. I just don't get it. I suppose they are just stuck in their ways, and don't want to learn anything else. I suppose for most people, it was enough of a trial to "learn" how to use Windows, so they would rather put up with the crashes, spyware, and everything Microsoft, and just call it the norm.
It's a shame. But people really are stupid and/or lazy. That's why they won't start listening to anyone about this stuff. If I were a customer of Microsoft, I'd be organizing class-action suits, writing letters, storming Redmond with torches in hand.... Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
Just something off the top of my head. Agree? Disagree? Discuss.
Re:Will they listen? No. (Score:2, Informative)
My excuse for running Windows?
Half Life 2
Re:Will they listen? No. (Score:2, Insightful)
I admit being lazy. Linux needs to earn my respect by catering to my laziness.
It's odd, some people just don't want to learn (Score:4, Interesting)
I guess some people are too set in their ways. She couldn't name anything she liked about IE, just that she did, in fact, like it.
That's my experience trying to spread Firefox to some people who might be in your categories 1 or 2. The other people I've introduced to Firefox have all loved it.
*shrugs* She found someone else to fix it without the condition that she try to use Firefox. I guess it would be interesting to find out if she gets reinfected.
The real reason people don't switch (Score:5, Insightful)
She found someone else to fix it
You've just hit on the real reason people don't switch ... it's because they always find some geek they can sucker into cleaning up the mess each time, for free! Most people don't even have to lift a finger to keep their systems free of malware - there are geeks running around everywhere literally doing free maintenance - it doesn't even so much as inconvenience them, why would they change?
Why exactly are we all running around spending hours of our own weekends/evenings etc. cleaning up the mess Microsoft made for them for free? Is your time and expertise worth nothing? You feel "expected" to do it because it's a family member? Or some hot chick sweet-talked you into doing it by flirting a little? (We all know we've done that before). Utter nonsense ... start charging for it!
People will start considering alternatives when they realise it's going to cost them a tidy little packet every time their systems get jammed up with the latest MS malware.
I simply told my folks last time they bought a computer, if they buy Windows, I'm not supporting it for them, if they buy a Mac I'll support it for them. Don't expect me to spend my Saturday doing free support work for Microsoft.
Re:The real reason people don't switch (Score:3, Insightful)
Doing good works is part of living a good life, you capitalist asshole. Not everything must be driven by the dollar.
People will either listen to reason, or they won't, but that's no excuse for me not to help them. (btw, This is coming from a geek who has pretty much run out of food and possibly money atm.)
Re:Will they listen? No. (Score:4, Informative)
I work hard, and I'm not (very) stupid. The disruption in daily operations for me to cut 40 live web and db servers, along with all of the code, over to Linux from Win2003/SQL/IIS/ASP/VB would be: total budget killer.
Just changing my group's desktops (including the dev tools, custom apps, storage, file structures, user environments, etc) and ignoring the desktops: total budget killer.
Much better off to talk about the suitability of the Linux stack for new business units, operations, or totally-clean-slate start-up companies. Of course, many new business units are spun off by too-busy growing companies, using people that are already hip-deep in their existing IT framework. This is NOT like deciding that, at home, this weekend, maybe it's time to switch. Any real change would occupy a typical department's people for man-months at least. Very few operations of any kind have that kind of slop in their budgets, as we're coming out of a recession and an only just now loosening IT cost clamp down.
I'd be organizing class-action suits, writing letters, storming Redmond with torches in hand
Maybe I would, but... I've had a busy day doing things for which I collect money, and which help my customers to make money. And I spent that whole day using MS products, none of which crashed, none of which picked up any worms, and none of which required a busy team of people to totally grok a new operating system or try to guess where they'd ever come up with time to do that.
Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
Don't work in a very competitive, time-stressed, low-margin business environment, do you? Or are you 1) too ignorant or 2) too intellectually lazy to imagine that there might be actual, practical barriers to the quick adoption of something that's completely different and which would require hiring, consultants, and substantial risks? It's called inertia, and in tight economic circumstances, bosses and investors don't like to hear: "It's OK, it's completely different, and no one that works here has ever needed to compile code in order to patch something, but we'll figure it out before anything bad happens! Plus, it's free, other than the huge disruption, support costs, and unknown impact on all of our software! Relax, boss - don't be ignorant and lazy. Certain people on Slashdot have a magic Linux wand that they can wave to make this totally painless, instant, and more or less free."
Silly admin... You don't do it that way ;-) (Score:3, Informative)
Ok, lesson in best practices:
1) Migrate gradually and without downtime. Start by migrating the applications to PHP or Perl with a database abstraction layer. This may be slow. Then you can switch out the OS for Linux with no downtime if you already have load balancing (and very little d
Re:Will they listen? No. (Score:3, Interesting)
Much easier to suggest pe
Re:Will they listen? No. (Score:5, Informative)
No, just some OSs. Never had a Linux virus.
Spyware is a serious problem for all computers.
Same thing here. What is this Spyware you talk about? Never seen it on Linux.
Crashing is a serious problem for all computers.
Okay, yes, my computers crash too. Sometimes more than once a year.
Constant headaches with system failures, bit rot, and software/hardware installation is a serious problem for all computers.
Bits can rot? System failures? Is that like crashes? Software/hardware installation is not a problem for my Linux systems. I once replaced a motherboard with a whole different motherboard in my RAID server and the system automaticly detected and configured my software RAID when I put the drives on different controllers and in a different order without me needing to edit a single file. It simply works. I plug in a new firewire card or whatever, chances are I have drivers for it already. Except those open source DRI drivers for some video equipment. But 2D always seems to work , sometimes with minor tweaks.
Macs are too expensive. - cf.) "I need a fast CPU"
Macs are too expensive. I need a fast CPU, too. I need a dual-core 3+ Ghz CPU today for under $200. *sigh*
But I think it all boils down to laziness for most people. I mean, who really wants to learn how these things work, besides me? But at least I offer my services for free to early Linux adopters.
another interview (Score:5, Informative)
Apologia (Score:5, Insightful)
Re:Point of View (Score:3, Interesting)
Ummm, he was Counterterrorism Czar. In other words, he was in a position to represent the executive branch, and the executive branch had failed the public in the months leading up to 9/11. That's why he felt the obligation to apologize.
Richard Clarke is a smart guy... (Score:3, Informative)
funny guy (Score:5, Interesting)
Re:funny guy (Score:4, Interesting)
Someone mentioned that such reactors aren't used much. That means nobody would be likely to notice if it got switched on. Or notice if the coolant was leaking. Or noticed if someone had bashed the safeties so that the graphite rods couldn't drop...
So, yes, he was certainly on the right track, but his imagination wasn't nearly up to scratch.
Shooting yourself in the foot. (Score:5, Funny)
Yeah...buying an OS vulnerable to viruses and spyware and then buying anti-virus and anti-spyware programs is like shooting yourself in the foot and then running (limping) to the hospital for help.
And what's more...the hospital profits from lending you a gun and encouraging to shoot yourself in the foot.
I listen to him... (Score:5, Funny)
I watch his "Rockin' New Years Eve" program every year, and I expect lots of other people do too. I had no idea he was into computer security as well, though.
Given the government's record on security... (Score:3, Interesting)
And this is from the same guy... (Score:3, Interesting)
http://www.msnbc.msn.com/id/6981279/ [msn.com]
Oh wait, that didn't happen!
Whether he didn't have the power to make the necessary changes or he's incompetent the government obviously needs to take some serious steps to increase cyber security soon!
Advising != Implementing (Score:5, Interesting)
The framework established for the Cold War is not suited to the current realities. But knowint that is different than moving the huge icebergs that government agencies become as they expand and atrophy.
more sources (Score:5, Informative)
From July 2003 [onlinesecurity.com]
From Feb 2001 [thiemeworks.com]
This is a trap (Score:5, Insightful)
This has happened in every industry it's been attempted in. Plumbing, electricity, telephones, auto-repair. Hell, you can't even sell a hot-dog without going thru 10-20 thousand dollars worth of regulation for it to be legal. Yeah, I know, don't say it. There is always a good sounding reason for these
Re:This is a trap (Score:3, Insightful)
All the heavily regulated industries are that way after lots of property damage and loss of life. Just like a fire inspector might say "all these codes are written in blood." The computer industry is definitely large enough, now, where huge damage is likely.
For example, what was the value in proprietary information lost due to those worms that e-mail random documents off of PCs? Analogously, who would install a filing cabinet that has a door to the outside for the postman to pick up the files and put th
It's all about your investments (Score:2)
Because people have already laid down monetary investments in buying MS operating systems and the PCs that go along with them. Most people have a hard time going "well, let's just get rid of all this PC hardware and all the MS-related software we bought for it and switch to something better". It's sad but true. There are better options out there, but once you lay down the money (and time), people don't want to throw
some serious evasion (Score:5, Insightful)
Just what the hell is that supposed to mean?
The Real Culprit Is Software Reliability (Score:4, Interesting)
Software is bad, period. And, contrary to what Frederick Brooks and others continue to claim, unreliability is not an essential property of complex software systems. Unreliability stems from a custom that is as old as the computer: the practice of using the algorithm as the basis of software construction. Switch to a synchronous, signal-based approach and the problem will disappear. For an alternative approach to software construction, see link below.
Its about COMPATIBILITY, nobody will switch (Score:5, Funny)
Al Quaeda (Score:3, Funny)
atlantic monthly article (Score:3, Interesting)
one of the interesting parts was that, "looking back", much of the world had switched to open source software because it was more secure.
Insecurity System (Score:5, Informative)
Markezich had detailed how his IT department did more than just support 90K desktops worldwide. The were the first consumers of MS software - MS "eats its own dogfood", as Markezich said, and nothing gets released without Markezich's department signing off, after supporting it for months, if not years. A question from the audience asked "I've been using Internet Explorer for 4 or 5 years. It has so many issues, new ones all the time. So much so that when something like Firefox comes along, it knocks IE out of the leadership. What good is all your testing, if it can produce something as bad as IE"? While there are few good answers to that question, Markezich offered probably the worst possible: "I don't know, it works for me". He said he doesn't have IE problems, that they were surprised that it had all the problems in the field, that he doesn't have to install all the patches MS releases, because he doesn't have the problems they address. Astonishing. Remember, this is the CIO of Microsoft, responsible for all their IT globally, including release of their software "when it's ready".
Another question described, anecdotally, getting a black desktop and mysterious prompt warning that the computer had a security compromise, and the user should click to install important MS security updates. But the user wasn't sure the prompt was from Microsoft, though it claimed to be, and the next click could completely trash a compromised computer. Their question was "how can I tell that a warning and recommendation is from Microsoft, and trust it", considering scams like trojan horses and phishing messages. But Markezich laughed it off, treating it like a weird request for personal tech support - saying "call MS for tech support". I'd have thought that his IT department would be familiar with the scenario, and the issue, and that the question would easily trigger whatever was Markezich's stock response, like "Longhorn will make sure that if a window says "Microsoft" in the title bar, that it's a message only from MS software, or some other lie he made up on the spot. Instead, it's obvious that that kind of social engineering security hole is news to him, though it's been addressed in, say, Java, since day 1.
There is no Microsoft security. There is only spin control. The marketers, and their lawyer "quality control" agents, control the whole company. Even their CIO just takes their marching orders. Without their monopoly, they'd be a joke, game over. As it is, such performances as we got in midtown yesterday have the smell of a dying beast [slashdot.org].
Fascinating. (Score:3, Insightful)
If
His OTHER comments on ISP security. Be very afraid (Score:5, Informative)
He gave a speech at a Global Tech Summit back when he was the President's Cyber Security Advisor. Here's a link to it. [bsa.org]
And let me give you a few select comments from that speech:
I think we need to decide that from now on IT security functionality will be built in to what we do, to the products that we bring to market.
TCPA, the Trusted Computing Platform Alliance, is an example of bringing hardware and software manufacturers together. But TCPA is not enough.
It is not beyond the wit of this industry to figure out a way of forcing down patches
ISPs and carriers can insist that when cable modems and DSL hookups are made, firewalls are installed. It is not enough for an ISP or carrier to say, oh, and by the way, you might want to think about a firewall.
A law to require ISP's to impose security on their customers. The security he means is TCPA, also known as Trusted Computing, TCG, Palladium, NEXUS, Longhorn and about 42 other names. And using this system they can "force down" operating system patches, whether you want them or not. Of course you can't get onling in the first place without an approved operating system (Trusted Linux is in the works, but you'd be screwed trying to use it). It can also scan what software you are running, in order to insist that you are running an approved firewall and/or virus scanner. And any other software they feel like making mandatory.
Of course it will be a few years before ISP's could do this, almost no one has a Trusted Computer yet. But as Clarke said, the system is to be built into all the products brought to market. Samsung announced a few months ago that they are now manufacturing nothing but Trusted systems. IBM, Dell, and pretty much any PC maker is already selling Trusted system and that will only increase. Microsoft has announced that only Trusted hardware will be properly compatible with the next Windows release, Longhorn. If Longhorn runs on non-Trusted hardware at all, it will only run in a crippled reduced graphics mode. So once Longhorn comes you you can be sure all new PCs will be sold Trusted compliant only. Give it a couple of years after than for the normal PC replacement cycle and *poof*, the majority of PC's out there will be Trusted compliant. And at that point ISPs could very well impose such a security system. And anyone with a non-Trusted computer would be unable to get on the internet. Anyone who did have a Trusted computer but who wanted to control his own computer and software would also be unable to get on an internet.
Clarke is no longer the President's Cyber Security Advisor, but there are still draft poposals in the government for forcing this through. There's really not much point in them doing anything publicly until more Trusted PCs ship. They'll probably wait for Longhorn to come out and start getting established.
-
The Pirate Internet (Score:3, Interesting)
From a geeks perspective I'd look upon this as a challenge. In particular would it be possible to create a Pirate Internet, along the lines of Pirate Radio. Use unregulated wireless and create a mesh network that covers the U.S., and links to the rest of the Internet through Canada and Mexico, or maybe shortwave. Would it be possible to create a alternate network for everyone that opts out of trusted computing and co
In a recent issue of The Atlantic (Score:5, Interesting)
I wonder if some of the viruses that cause so much trouble are in fact backed by scumbags like bin Laden -- there have been a lot more dangerous Windows viruses since roundabouts 9/11, it seems to me, so I wonder if that's a function of an increase in terrorism, or just the suckage of Windows XP, which came out October 25, 2001. If 19-year-old Russians, the usual suspects, can do so much damage, imagine what people who will not hesitate at suicide can do -- it is frightening at best.
Re:In a recent issue of The Atlantic (Score:3, Interesting)
If Bin Laden wanted to kill as many Americans as possible, there'd be people getting shot at malls and suicide bombs in America EVERY DAY. Trust me, there's a LOT of available suicide manpower here in the U.S., they just aren't tapped beause the goal of terror is to make a point and get your needs
Re:Why listen to this weasel now? (Score:5, Insightful)
Lets take a wide gander here. You've never read his book. You didn't listen to his testimony - only selective excerpts and clips. Your knowlege of his history comes from one or two right-wing articles, without ever reading any counters.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
Re:Why listen to this weasel now? (Score:2)
At the end of the day what other kind of debate is there ?
Re:Why listen to this weasel now? (Score:4, Interesting)
Before resorting to foolish hopes I usually consider Fisher's Deduction:
"The more issues a person tries to artificially shoehorn down into a Liberal/Conservative dichotomy, the more certain you can be that the person is an American."
Then consider what percentage of Slashdot posters are from the US. Odds are if an article has any political aspects there will be a number of posters who feel the need to cast it into a false dichotomy. It's exactly this sort of situation that memes like Fisher's deduction were created to help alleviate. Do your part and spread the meme.
Jedidiah.
Re:When will people listen? (Score:2)
Why?, because he criticised Bush ?.
Re:When will people listen? (Score:5, Informative)
Blanket statements like that don't help your credibility either. I've read his book, and he's a darling of the left wing media because he has by far heaped the most criticism on the Bush II administration. However, his praise and criticism of others did come off as fair and even-handed, and he names names everywhere. For example, praise for George HW Bush for the delicate diplomatic balancing act of holding together a coalition (a real one) containing many Arab countries in Gulf War I, and jeers to former FBI director Louis Freeh for incompetent micromanagement particularly in the '96 Atlanta Olympics bombing investigation. No way you'd ever see any right wing pundit criticize one of their own. Never.
This guy is a career Fed (I mean it in a positive way) who started in the State Dept. He's no liberal hippie. Given his background, some of his ideas on security may seem too authoritarian to many Slashdotters, but at least he's able to make reasonable arguments for their necessity. From his writing style he sounds like a reasonable, no-nonsense kind of guy who values competence over loyalty. These kinds of people tend to piss off other people who have the opposite priorities (loyalty over competence).
Re:Richard Clark is a liar (Score:3, Informative)
Richard Clark is a registered republician.
Re:Richard Clark is a liar (Score:3, Insightful)
Apart from that, you call him a liar and yet provide no evidence. How exactly has he lied? He may have made mistakes with the benefit of hindsight, but then he's also apologised (has anyone else?) One of your damning pieces of evidence is that he "sounds like a guy who is BSing"
Personally I thought he was extremely eloquent and surprisingly honest w
Re:Richard Clark is a liar (Score:5, Informative)
Clarke's memo to Condoleezza Rice dated January 25, 2001 shows quite plainly that Clarke was urgently asking the White House to start moving on al Qaeda eight months before 9/11. Now that it has been declassified, you can see the actual memo here. [gwu.edu] [PDF link]
That doesn't look like "BS" to me. In fact, it suggests that "his record" shows a true concern in getting the Bush administration up to speed on what he felt was a huge threat. In the memo, he says "We urgently need such a Principals level review..." Rice finally held his requested meeting on September 4, 2001.
So what's the "only thing" he ever did, again?
Re:Unfortunitly (Score:3, Interesting)
Yeah, it couldn't possibly be the fault of the Clinton and Bush administrations.
Good call.
Oh, wait - no - bad call.
I'm not saying he was an angel, I'm just saying that you've leapt to the conclusion that he was to blame, and two politicians who were absolutely detested by opposing sides of the country (Republicans hated Clinton, Democrats hate Bush) were blameless.
It's too bad really. Imagine all of the things that Clarke could have stopped if other people realized that they actually had to work wi
Re:MS Integration (Score:3, Insightful)
The reason a hole in one brings the system down isn't because they are integrated, it's because most users run as admin. Firefox holes with the user as an admin will have the same result.
The problem is that you can't rip one out and replace it with something less buggier. Don't like Firefox? Replace it with Opera. Don't like IE? Tough luck.
Re:MS Integration (Score:3, Interesting)
Re:Listening to Richard Clarke (Score:3, Interesting)
Oh...you mean like the reasons the Bush administration gave as to why we're fighting a war in Iraq! I get it!
1. WMDs!
-then-
2. Fighting the terrorists!
-then-
3. Bringing democracy to the poor Iraqi people!
I'll be most careful to beware of both Mr. Clarke (a registered Republican) and Mr. Bush (also a registered Republican) in the future.
Thanks for helping me out. I've been h