Microsoft Outlines Security Plan

Washington Post ^ | 10/10/03 | Mike Musgrove

[Salo]

Microsoft chief executive Steven A. Ballmer said yesterday that there is "much, much, much" left to do to protect computer users from viruses, worms and other malicious software.

He outlined new steps the company plans to take to address this problem -- while acknowledging that these changes can't solve it.

"There is no silver bullet," Ballmer said in a speech at the company's Worldwide Partner Conference in New Orleans. "Even if all the vulnerabilities were fixed tomorrow morning in all of the products, there's still 600 million computers . . . that wouldn't have all of these vulnerabilities patched."

[Salo]

Glad to see they mean it this time. Yawn.

[Salo]

Not sure how to handle this: it's Washington Post, but it is c+ped from yahoo.

[Support Free Republic]

---

GOD BLESS OUR MILITARY THANK A VET! MAKE A DONATION TODAY
	Keep Our Republic Free Or mail checks to FreeRepublic , LLC PO BOX 9771 FRESNO, CA 93794 or you can use PayPal at Jimrob@psnw.com
STOP BY AND BUMP THE FUNDRAISER and say THANKS to Jim Robinson! IT'S IN THE BREAKING NEWS SIDEBAR Thanks

[Salo]

Interested parties, take your weapons and commence to fightin'! :-)

[Voltage]

Here is an idea...ship it with display of file extensions turned on. It's the first thing I do with any machine I use. This way you can tell immediately between a file called 'virus.txt' and 'virus.txt.exe'.

Why in the world do they allow multiple extensions in a file is beyond them. Maybe there is a reason..I don't know what it is.

I have been on the internet for 10 years, and using common sense I have never enabled a virus, athough I have received hundreds of them, but I have rescued many friends with infected systems.

It appears few people have the self control to avoid opening attachments..

[irv]

Ken Dunham, director of malicious code at iDefense Inc

I want this guy's title!

[lelio]

"I think people are taking computer security a bit more seriously; some of our clients are still cleaning up from the Blaster virus," said Josh Pennell, chief executive and founder of computer security firm IOActive Inc. "Computer security is almost like car insurance. Nobody wants it until their car gets totaled."

Are there firms out there specializing in computer security insurance? That'll be a growing field.

I think the best way to stop the spread of viruses is to sue those that try and give them to you. So what if you're innocent, you should of patched your machines.

[rdb3]

The Penguin Ping.

Wanna be Penguified? Just holla!

Got root?

[irv]

Are there firms out there specializing in computer security insurance?

Some business insurance companies have special riders for computer damage, hacker damage, things like that. I seem to recall reading a while back that one company was offering reduced rates for customers using Linux instead of Windows.

[Coral Snake]

I already brought up one of my favorite weapons. (Song Parodies-Updates on the "backboards") here:

Coral Snake Tech Song: The Battle Cry of Freedom (The Linux Cry of Freedom)

Some new ones about Bill Gates's source code piracy and Darl McBrides pump 'n' dump may be going up tonight. ;c)
(As you will see in this one there are still a few mistakes despite the fact that "coral snale" thingy is gone this time but I am still somewhat of a rookey at posting here.)

Guns, Linux and Liberty. ;c)

[Coral Snake]

I don't think we'll be seeing too much of Golden Eagle however. I think he feels that Micro$oft betrayed him when they did the same thing that he constantly accused the Linux coders of doing (giving their source codes to Communist China) and no longer feels like continuing to post for them anymore.

[xrp]

How about a MAN's OS instead of a script kiddie's OS:

[rdb3]

How about a MAN's OS instead of a script kiddie's OS

No matter. I run rings around 'em all.

[Nick Danger]

Are there firms out there specializing in computer security insurance? That'll be a growing field.

That's actually a very good idea, because it would narrow and concentrate a financial interest in stopping this stuff. Insurance companies tend to become very smart on loss prevention. Some of the best fire-prevention experts in the world work for insurance companies, and they are out there every day inspecting things and showing their clients how not to have fires.

One of the problems with computer security is that there's never been a constituency for it. It's sort of like backups -- everybody knows they have to do some of it, but it's really one of the last things companies want to spend money on. "Monetizing the risk" via insurance puts a number on the potential loss, and also creates incentives for doing things that lower the rates. It helps the IT manager justify better security if he can say, "If we put this in, the insurance will go down by X and so it will pay for itself in two years." That's more persuasive to a bean-counter than threatening doom if you don't buy it.

[isthisnickcool]

Microsoft security system that works!

[xrp]

;-)

[greasepaint]

In the future, MS will be using the current security problems to draw
attention to their digital-rights-management offerings.
(formerly known a palladium)

[yhwhsman]

Ok, how come that's not a link? :)

[AFreeBird]

Why in the world do they allow multiple extensions in a file is beyond them. Maybe there is a reason..I don't know what it is.

File extensions were a way for early DOS to tell the system what type of file it was particularly exectuables.

DOS was not too sophisticated in that regard, whereas UNIX/Linux have always had the ability to assign/restrict - executable, read & write permissions on any file, for any/all users/groups.

Because of the need for extensions, the (.) was used as a special character and could only be used to seperate the 8 character(max) file name from the 3 character (max) extension.

UNIX/Linux could have longer filenames and the (.) could be used freely. Example: "this.is.my.file" rather than "thisismyfile" or in DOS' case: "thisismy.fil"

DOS, err... Windoze is just catching up with the long filename idea, but still clinging to extensions to identify executable filetypes.

[Voltage]

Example: "this.is.my.file" rather than "thisismyfile" or in DOS' case: "thisismy.fil"

This is easily resolved with the underscore: "this_is_my.exe". There is no need to allow multiple '.'s. Allowing multiple '.'s has only contributed to ambiquity and has been very helpful to the virus creators.