| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft vs. Computer Security | |
|
||
| Time: 07:05 EST/12:05 GMT | News Source: *Linked Within Post* | Posted By: John Quigley | ||
|
Four years ago, Bill Gates dispatched a companywide e-mail promising that security and privacy would be Microsoft's top priorities. Gates urged that new design approaches must "dramatically reduce" the number of security-related issues as well as make fixes easier to administer. "Eventually," he added, "our software should be so fundamentally secure that customers never even worry about it." Microsoft customers haven't stopped worrying. A year later, Windows was hit with several nasty worms, including Slammer, Sobig, and Blaster. The viruses caused major traffic bottlenecks throughout the world, which cost tens of billions of dollars to clean up. Vulnerabilities deemed "critical" have forced the company to release an almost unending stream of patches and fixes to the Windows operating system, Microsoft Office, and Internet Explorer. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
2:39:49 PM
ET.
Any comment problems? E-mail us |
| #1 By 15406 (216.191.227.68) at 1/11/2006 8:19:40 AM |
| Good article. |
| #2 By 32132 (64.180.219.241) at 1/11/2006 9:38:08 AM |
| Good article if you are an idiot. You qualify Latch. |
| #3 By 15406 (216.191.227.68) at 1/11/2006 10:00:32 AM |
|
#2: I can't hear you, Parkkker. Your pom-poms are making too much noise.
|
| #4 By 23278 (12.11.161.5) at 1/11/2006 11:50:25 AM |
| I'm with Parker on this one, I thought this article was terrible. I'd expect more from such a nationally renowned investigative reporter. |
| #5 By 7754 (216.160.8.41) at 1/11/2006 1:32:50 PM |
|
It's lousy on many fronts, particularly from a journalistic perspective--no direct response is sought from Microsoft, and the security experts all fall on one side of the debate, which is not representative. I get the impression that very few people are actually watching the development of Vista very closely, because there are several erroneous and misleading statements. I wrote the author to address those.
A couple other points--IIS 6 and Windows Server 2003 have great security records. It's interesting that everyone remembers Gartner's advice that everyone drop IIS, but no one even seems to have heard of their 2004 report "IIS No Longer the Problem in Web Server Security." I also found it interesting regarding the suggestion that Microsoft's "monoculture" of integrated products poses more of a security risk. Isn't that true then of Apple even more so, and if so, aren't their users more at risk? Microsoft has definitely caused a lot of pain for a lot of people because of security problems, but they are not the company they were 5 years ago. I think their current efforts and actions show the vast improvements they've made. You can see the shift of focus towards other vendors, such as Cisco and Oracle. In my opinion, they "get it" right now as well as just about anyone in their position. |
| #6 By 15406 (216.191.227.68) at 1/11/2006 1:51:10 PM |
|
*cough*
http://www.linux-watch.com/news/NS7350372195.html http://it.slashdot.org/article.pl?sid=06/01/11/1539226 |
| #7 By 7754 (216.160.8.41) at 1/11/2006 2:53:19 PM |
|
Rather than simply post links, please state your point. I don't see it.
For example, the Linux-watch article--first of all, the same problem as the article for these comments: no Microsoft response, just quotes from one side of the issue. Cox is right when he says that simply comparing the raw number of vulnerabilities isn't a good measure (although it is somewhat important nonetheless). He cites instead time-to-patch as a better measure, but this also has associated issues, such as full regression testing, localization concerns, etc. I guess I do lean towards getting the patch right away and then worry about testing it myself, but there is also something to be said about more thorough testing on the part of the vendor. Now, the WMF flaw was indeed very serious. I applaud Microsoft for releasing it early and out of the patch cycle, but would have liked it even sooner. The Linux-watch article is misleading, though--it quotes a characterization of WMF as "one of those careless things Microsoft did years ago with little or no consideration for the security consequences." That fits their agenda, but WMF format dates back to 1990, when Microsoft was hardly the only one that was careless about security--it just wasn't that important of an issue at the time (Windows 3.0 didn't even have integrated networking). What was once a necessity is now a "design flaw;" it is hardly something "careless" considering the history, however. And, the "two new ways" to exploit the patched WMF flaw that the article mentions quickly (as to equate the seriousness of the new exploits with the first) do not have the same effect as the original flaw. In fact, they cause the program to crash... wow, serious stuff! I get a malformed WMF file, and it fails to display and crashes the viewer... not a big deal in my book. The WMF flaw is a notable and serious flaw, but singling it out as representative of Microsoft's security record is misleading at best. In reality, this notion that security boils down to patching and technology issues is misguided. The security approach that needed is one of policy and procedures, built around both the people and technology. Threats don't need countermeasures, they need action plans. If that means cutting off web access to untrusted sites during a time of particularly malicious activity, then do it. That is not the mindset people have today, but it is the necessary mindset of the future. |
| #8 By 15406 (216.191.227.68) at 1/11/2006 3:43:48 PM |
| #7: There are good & bad points in both articles. I mainly posted them to get Parkkkker into a frenzy of frothing Gates-love. |
| #9 By 32132 (142.32.208.231) at 1/11/2006 3:55:45 PM |
|
"I mainly posted them to get Parkkkker into a frenzy of frothing Gates-love. "
I thought you posted them to reinforce the valid belief that you are an idiot. |
| #10 By 7754 (216.160.8.41) at 1/11/2006 5:05:38 PM |
| Ah... well, in that case, Parkkkker-froth away.... :) |
| #11 By 15406 (216.191.227.68) at 1/12/2006 8:29:05 AM |
| #9: Parkkker, I've told you a million times. No matter how vigourously you polish Microsoft's ass with your lips, Bill G isn't giving you any of his money. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
2:39:49 PM
ET.
Any comment problems? E-mail us |
