Microsoft's Gates assures Japanese officials Windows operating system is secure

TOKYO - Microsoft Corp. Chairman Bill Gates (news - web sites), in Tokyo to court top government officials as Japan ponders switching to rival software, assured his hosts that the company's Windows operating system is secure, officials said Wednesday.

While Japanese government computers still mostly run on Windows, concerns about costs and security from over reliance on the system have prompted politicians to urge the government to consider alternatives.

Last month, Gates pledged to continue improvements to security in Microsoft's products as part of a campaign to convince large customers that Windows software is safe even for sensitive businesses.

But soon after, Microsoft Corp. itself was exposed to the virus-like attack in January that temporarily crippled global Internet activity because the company failed to fix software on many of its computer servers.

In a meeting Tuesday, Gates assured Trade Minister Takeo Hiranuma that Windows could be relied upon, said Takashi Kume, an official at the Ministry of Economy, Trade and Industry.

Gates, the co-founder of the world's largest software company, also met with Public Management Minister Toranosuke Katayama and ruling party lawmakers during his two-day stay, which included a visit to a Japanese school.

Japan is betting that the next-generation of high-tech products and computer networks will rely on open-source software, in which the underlying code is public and open for modification, unlike Microsoft's proprietary software.

Japan already lags behind other nations, including Germany, the United States, China, that are looking into or using open-source software such as Linux (news - web sites), which can be used and modified for free.

Starting April 1, Tokyo will begin doling out about 1 billion yen (US$8.5 million) to fund Asian software developers working on the open-source Linux operation system for consumer electronics goods.

Gates was set to leave for China Wednesday evening to pitch his software with officials there.

I have a friend who knows next to nothing about computers.

She's a single mom, and her kids spend a lot of time on the net playing games.

She uses it mainly for email and such.

Networking on her system is horribly messed up and barely works at all. The computer is slow as molasses.

Because I don't use Windows myself, I don't know how to fix her problems. But it's pretty obvious that the system is infested with conflicting pop-up software and other absurdities.

It's clear to me, then, that in the present environment, Windows is not safe to use. I have a Macintosh and I use it all day to open emails, visit web sites and so on. I've never had a problem, because all the virus-ridden emails I receive can't run in my environment.

I don't know if there's a good way to secure Windows, but I do know how to solve the problem: Don't use it. And I'd advise anyone else to follow my lead.

D

Because I don't use Windows myself, I don't know how to fix her problems. But it's pretty obvious that the system is infested with conflicting pop-up software and other absurdities.

Ridiculous. A computer is a sophisticated piece of equipment. Users can shoot themselves in the foot quite easily. For example: Opening unsafe executable email attachments. Downloading and installing third party software over the Web. Spyware. Viruses. Trojan horses. Hackware. It's possible to achieve the same result regardless of which operating system you use -- and that includes your precious Macintosh, as well. Blaming ignorant user actions on the operating system is yet another form of ignorance.

I have a Macintosh and I use it all day to open emails, visit web sites and so on. I've never had a problem, because all the virus-ridden emails I receive can't run in my environment.

Uhhhhh, yes, it most certainly can and does happen -- otherwise, Symantec, McAfee, and these other companies wouldn't have any reason to sell Mac Antivirus software (http://www.amazon.com/exec/obidos/tg/browse/-/289995/ref=br_bx_c_2_1/103-5030653-2618243).

MicroSoft Windows has its plusses, and it certainly makes my little firm money, but "security" it does not have at any level.

MS Windows, whether dealing with Windows 3.1, 95, 98, 2000, ME, XP, or NT, is completely vulnerable.

For instance, port scanning by hackers will completely expose virgin installations of every version of Windows. If you are running any version of Windows while on-line, and if you have not installed a 3rd party firewall, then your machine is being probed and *will* be hacked given enough time.

Surfing the web presents yet another problem for Windows. Viruses/Viri that exist in stored web pages *will* infect every version of Windows that surfs the infected web page, unless you are running a 3rd party anti-virus program such as McAfee while on-line.

On the physical side, booting up any Windows system (that uses NTFS) with the right Linux CD will allow the hacker full and total access to said Windows PC, even if the PC is not on-line.

That being said, Windows is also protectable, and firms such as my own make good money doing that very thing.

But anyone who thinks that their Windows PC is safe "right out of the box" is misguided at best.

Sitting idly on-line, surfing, or sitting idly in your office, your Windows PC is hackable by the youngest of attackers with the most mundane of tools, even if you never recieve an infected email.

Virus Profile

Virus Information

Name:		JS/Fortnight.b@M

Risk Assessment

- Home Users:		Low

- Corporate Users:		Low

Date Discovered:		2/3/2003

Date Added:		2/4/2003

Origin:		Unknown

Length:		N/A

Type:		Virus

SubType:		Internet Worm

DAT Required:		4247

Virus Characteristics

This threat is detected as JS/Fortnight.b@M in the 4247 DATs. This script virus resides on a website. When [MS Windows] users visit this page, a link to this webpage is appended to their email signature file for Outlook Express 5.0. When an infected user manually sends out an email message, a link will appear at the bottom pointing to a web page on this site. The link to the infected webpage is included in an IFrame, so if the receiving e-mail client supported HTML, the page would open automatically and be displayed inside the e-mail message.

The virus will create the file s.htm in the WINDOWS directory which contains the IFrame link to the infected website address.

If you are running any version of Windows while on-line, and if you have not installed a 3rd party firewall, then your machine is being probed and *will* be hacked given enough time.

Well, duh. If you're going to set up a honeypot without a firewall, you might as well pump a few rounds into your own head...

Surfing the web presents yet another problem for Windows. Viruses/Viri that exist in stored web pages *will* infect every version of Windows that surfs the infected web page, unless you are running a 3rd party anti-virus program such as McAfee while on-line.

This is an overexaggeration. If you apply the latest patches, your odds of encountering such a situation are infinitesimially small.

On the physical side, booting up any Windows system (that uses NTFS) with the right Linux CD will allow the hacker full and total access to said Windows PC, even if the PC is not on-line.

Non-starter argument there. Granting someone physical access to your PC is like handing a joyrider your keys. But that aside, you're not going to be able to snoop my data with NTFS Encryption turned on. Give it a try.

But anyone who thinks that their Windows PC is safe "right out of the box" is misguided at best.

You're erecting a strawman. Nobody ever made such an "right out of the box" assertion. What was said is that Windows is fundamentally secure. You haven't disproven that.

Sitting idly on-line, surfing, or sitting idly in your office, your Windows PC is hackable by the youngest of attackers with the most mundane of tools, even if you never recieve an infected email.

Look, pal, you can try to hack my Windows boxes for years, and you're not going to break in.

As long as computers are marketed as simple appliances that anyone can use and maintain, the people marketing them should be held to more rigourous standards.

It matters not at all that people should not open executable attachments if they do. It matters not that the vendors of spyware are able to think up ways to trick people into downloading their stuff. In the end, if you are advertising a product as being bulletproof for the average user, that's exactly what it has to be.

I would propose a simple test. Give my friends their PC for six months, and then give them a Macintosh for six months. Have them do the exact same things on both computers - play games, surf the net, read email, etc.

Because the Mac CAN'T execute attachments, because there are virtually no viruses written for it, and because spyware isn't written for it, it is by far the safest choice.

You could respond quite reasonably by saying that this is not fair to the platform that has an overwhelming market share. From my viewpoint, that is exactly the point; it is why someone off the street should /not use/ the platform with an overwhelming market share, because life is a lot safer and a lot less complicated.

As a curious soul, I know I would have gotten the Sircam virus a time or two in the days when literally hundreds of strangers invaded my email, asking for my advice. But I didn't, and the reason I didn't was that I read my email on a Mac.

It's not the fault of Microsoft developers that they won more market share than anyone else. But it is their fault that they developed an email client that allowed the running of scripts within email, a highly dangerous capacity with very little in the way of practical use.

Apple's Mail client doesn't run scripts in email. Simple, no? Foolproof, even for the most curious of fools.

D

In the end, if you are advertising a product as being bulletproof for the average user, that's exactly what it has to be.

Please show me any reference to advertising that claims that a PC is "bulletproof"... BWAHAHAHAHAHAHAHAHAHA!

I would propose a simple test. Give my friends their PC for six months, and then give them a Macintosh for six months. Have them do the exact same things on both computers - play games, surf the net, read email, etc.

Fine, as long as I get to set up the PC.

Because the Mac CAN'T execute attachments, because there are virtually no viruses written for it, and because spyware isn't written for it, it is by far the safest choice.

I can't execute attachments using recent versions of Outlook, either, because it simply won't allow you to do so. Can I blame MS because users haven't applied patches for Outlook? Try again.

From my viewpoint, that is exactly the point; it is why someone off the street should /not use/ the platform with an overwhelming market share, because life is a lot safer and a lot less complicated.

Like anything else, all that someone "off the street" needs is a few hours of computer instruction in the basics: Don't run executables obtained over the Internet or email. Use a firewall. Etc. Compared to the dearth of sofware and hardware for the Mac compared to the PC, a few hours of common sense is worth it.

But it is their fault that they developed an email client that allowed the running of scripts within email, a highly dangerous capacity with very little in the way of practical use.

Old news. Like anything else, run the patched software, you don't have this issue.

The test you propose isn't fair, since we're talking about the average person here, with no access to technical expertise such as your own. I have no doubt you could take a Windows PC and make it secure, but my point is that you shouldn't have to.

The correct test is to take a Gateway PC, advertised as having benefits for the home user who doesn't know beans about computers, and put it in the hands of an average family. Then see how badly the system is hosed in three months.

Then put a Mac in the hands of the same family. Or do it in the reverse order; I don't care.

I suppose you're right that security is not an explicit point in the advertising. But you can't say that the advertising implies that you need anyone else to set up and secure your system, either. Very few families can afford such a luxury. I suppose your position, then, is that very few families could afford a PC, even though people buy them every day.

You don't understand that most people don't know what a patch is, and don't care. They just want their systems to work. If you need people to apply patches and fix their systems, you've already lost the battle, which is to make the computer more of an appliance that you can use when you want to use it, and forget about it when you want to forget.

I'm not saying any computing platform is perfect, but the Mac is a lot closer to this than the PC.

If you are running any version of Windows while on-line, and if you have not installed a 3rd party firewall, then your machine is being probed and *will* be hacked given enough time. - Southack

"Well, duh. If you're going to set up a honeypot without a firewall, you might as well pump a few rounds into your own head..." - Bush2000

If by that you mean that Windows, any version, regardless of patches, is an insecure OS on its own, then you are correct.

To secure the Windows OS, one must use 3rd Party security tools.

The OS itself can be hacked by a child in mere moments (at least, it can if you don't know what 3rd party software to purchase and install and always have running).

"This is an overexaggeration. If you apply the latest patches, your odds of encountering such a situation are infinitesimially small."

Nonsense. Please review post #7. The public anti-hacker community only discovered *this month* what hackers have known for years, that you can embed a script virus in a web page and infect every Windows user who surfs that page with her browser.

On the physical side, booting up any Windows system (that uses NTFS) with the right Linux CD will allow the hacker full and total access to said Windows PC, even if the PC is not on-line. - Southack

"Non-starter argument there. Granting someone physical access to your PC is like handing a joyrider your keys. But that aside, you're not going to be able to snoop my data with NTFS Encryption turned on. Give it a try."

Wow, you just flunked your security test.

Even with NTFS encryption turned ON, the core Windows OS and boot sector is stored unencrypted on your hard drive.

To compromise your system, I first boot up with a special Linux CD that reads and writes to NTFS. Then I modify your OS to transmit your files to a dead drop the next time that you log on.

Thus, physical access to your Windows PC means that I own you.

But the funny part about that fact is that MicroSoft knows it. To try to stop hackers from gaining physical access, MicroSoft wants users to hit CTRL-ALT-Delete, enter a user ID, and enter a password prior to using the OS.

That would be great, too, if it only did anything effective.

It doesn't. Your Windows log on is dead easy to bypass, and once I'm in, I can write whatever code I want into your OS because it isn't stored fully encrypted on your hard drive.

In other words, having to hit CTRL-ALT-Delete serves no functional security purpose, but it's included in Windows anyway.

But hey, if it makes you feel any better, Linux, Unix, and Mac's OS are just as vulnerable, and perhaps even more so.

But don't kid yourself for a moment that your Windows system is secure, unless you *really* know what you are doing and *truly* run the right 3rd party tools 24/7 on your box.

To compromise your system, I first boot up with a special Linux CD that reads and writes to NTFS.

Oh, the hell you will. Linux reads NTFS just fine, but doesn't write NTFS worth a damn yet. Period. Any Linux NTFS driver you try to use to write to an NTFS volume stands a major chance of just corrupting the filesystem. And even if you could write to an NTFS volume, and transfer his files, they're encrypted. What are you planning on doing with a load of encrypted files you can't read?

"And even if you could write to an NTFS volume, and transfer his files, they're encrypted. What are you planning on doing with a load of encrypted files you can't read?"

The encryption is automatically decrypted for the approved user.

After writing a small change to his OS, all that I have to do is wait until the user logs on. Once he logs in to Windows, then my spy in his OS can gain access to his files.

And if he doesn't encrypt his NTFS volume, then I don't even have to wait for him to log on. As soon as I boot his PC with my special Linux CD, I've got instant access to everything on his machine.

If he encrypts, then I have to wait for him to log back on.

The encryption is automatically decrypted for the approved user.

What approved user? Unless you have the login and the password, you ain't decrypting anything. And even if you have it, you can only do it on the local machine, not on yours after transferring the files.

After writing a small change to his OS...

....you'll do nothing, because even if you magically have a working NTFS driver, you can't fake the signature hashes that the OS puts on the system files. And your intrusion will be obvious and fruitless.

"....you'll do nothing, because even if you magically have a working NTFS driver, you can't fake the signature hashes that the OS puts on the system files. And your intrusion will be obvious and fruitless."

And what would the signature hashes look like for the boot sector 0?

Hint: It isn't encrypted, so there aren't any encryption signatures there.

Controlling the boot sector means that you can control *everything*, if nothing else by rerouting the boot process to your own special OS that you stored on the mark's hard drive (an OS that will look precisely like the OS the mark uses, will record the user id and password of the mark, and pass control over to the real OS after that information has been gleaned, in addition to running a spy in the background for after the mark logs on - when the encryption is automatically decrypted on the mark's PC for your spy).

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.