Posted on 09/06/2002 10:36:06 AM PDT by toupsie
Friday 6 September 2002
Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server .net developer conference in Seattle, USA.
"I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.
In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a flaw in its digital certificate technology that could allow attackers to steal a user's credit card details.
Microsoft's regular stream of security bulletins has continued despite Bill Gates company-wide Trustworthy Computing Initiative, announced earlier this year.
The Initiative was launched with a memo from Bill Gates, Microsoft's chairman and chief software architect, and saw the company halt production on new code in all of its products while employees scanned every line of existing code in search of vulnerabilities.
"We realised that we couldn't continue with the way we were building software and expect to deliver secure products," Valentine said.
But the company is dealing with a problem that is not easily resolved. Valentine told developers at the conference that as the company works to shore up its products the security dilemma will evolve as hackers become more sophisticated.
"It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."
Microsoft has also been employing new tools developed by Microsoft Research that are designed to detect errors in code during the development process, Valentine said.
According to Chandra Mugunda, a software consultant with Dell who attended Valentine's presentation, buggy software is "an industry-wide problem, not just a Microsoft problem. But they're the leaders, and they should take the lead to solve them," he said.
That's because the official title of a "linux distribution" is a GNU/Linux distribution. Oh yeah, that would mean Linux is the kernel because there is another platform called GNU/HURD. You obviously aren't intelligent enough to see that the products you're talking about are made by separate teams for multiple kernels, linux being only one of them. In no way is XFree86 dependent on Linux such that it won't run equally well if not better on another UNIX kernel. Same for KDE, GNOME, Apache, etc.
How ironic. In class I once made the following comment about capitalism: "Capitalism is the way, the truth and the light, human civilization shall know no salvation but by its principles." And the funny thing Bushbot2000 is that I was being serious. Of course you actively support a socialist President so does indeed say quite a lot about you.
Apple has far, far fewer resources than Microsoft, yet OS X is a completely brand new, build-from-the-ground-up operating system, and they're doing just fine financially (or, at least, about as well as they always have). The only things that could possibly be stopping MS from doing a ground-up rebuild of WIndows are either greed or complacency. No, they couldn't do it in a couple of weeks. And yes, it would be harder for them since they have to deal with every wacked-out pieced-together PC and component out there. But they could do it.
I think that's the wrong choice of words. Windows was RETROFITTED to be used on the Internet. Big diff.
According to your previous post, you seem to think adding an option in a System Prefences window is a bug. I guess by your definition, Mac OS X is a buggy POS because there are tons of options available to the user. My favorite "bug" is the "Text to Speech" option built into Mac OS X. When I highlight your text and hit a keystroke, a hysterical voice reads out your replies over my Sound Sticks.
Sure, try 'sycophantic', 'closed-minded', 'ego-challenged', 'deluded', and '', for starters
This is fun. Even Microsoft is saying Windows isn't built with security in mind (both past and present tense) and you won't believe them! And you call me a zealot. Too Rich! I seem to have no problem using other OS's for my needs, I just prefer Mac OS X as my desktop. Closed minded? Sounds like you are stuck on one company not me. UNIX means portability. If GNU/Linux (Unix-like) starts to kick Apple's butt on the desktop, all the software I write and files will work on x86, DEC Alpha, PPC or Power4 distros. Just like all the software I use on GNU/Linux, xBSD and Tru64 will compile on my Mac OS X boxes. C is a wonderful thing.
Whooo, boy. How many vulnerabilities does a hacker need to root your box and/or steal your data?
Can you give me an example of a rooted Mac OS X box? I bet you can find an example of a rooted Windows box. No one in this forum has said that Mac OS X was perfect, just incredibly less prone to the security problems of the Windows operating system. Microsoft has come out and said its not market share that is their problem, its their OS design--what I have and others have said time and time again in the past. So the tired old market share argument is out the window from Valentine's comments.
Oh, but wait! Apple's only got a page of 'em... Like distinctions of those kind make any difference when critical flaws exist.
One page? That's it? And you saying they are all fixed automatically when the user logged on to the internet? They were listed for public review without legal action? Damn! Apple sure does sound like they are crumbling under the weight of their insecurity.
Good point. All those software applications will run on my Mac OS X and DEC Alpha Tru64 systems. Neither bare close kinship with the Linux kernel, yet, outside of speed, the performance and stability is identical. UNIX means portability...real standards.
I owned several, they worked well enough, but were beige boxes like
the rest, nothing appealing about the design. CD Drivers were a
problem on all systems after 7.6
I'm not an ABMer so stop addressing me as one.
The hypocrisy is pathetic -- and you know that it exists
It isn't hypocrisy because there is no formal operating system called Linux. Linux is the name for kernel which can be used as the foundation for one. Everything else that is bundled in a Linux distribution comes from different projects, most of which are platform agnostic. The GNU tools work just as well for me in MacOS X as they do for my friends running Linux. That is why it's called GNU/Linux. Of course as previously stated, you're either too stupid to understand that Linux is just a kernel or you're making yourself look like an idiot for our amusement. RedHat's GNU/Linux distribution could I suppose be considered a full OS. However to blame "Linux," which means you are blaming the kernel, for a problem found in anything beyond Linux such as a GNU tool, BIND, Apache, XFree86, etc shows how lacking your intelligence is.
That would also be an appropriate description for your relationship with Bill Gates.
Well for some reason you cannot seem to grasp the concept of Linux being just a kernel so yes, it does depnd on what "Linux is" because to you, somehow a kernel is a whole OS. Kernel.org which is the official repository does not distribute an OS, it distributes a kernel. Get it right. What Microsoft puts on the shelf is a full featured OS including a kernel, windowing system, desktop, "standardized" APIs and the other typical trappings of an OS.
Yes, all software has bugs. While you prefer to end your analysis there, some of us also look at the quantity, severity, and speed of response to those bugs. Microsoft loses on all counts.
I'm reminded of discussions I've had with defenders of the Chinese government. When asked to account for their brutal record of violations of human rights, they invariably respond that the US government has also done bad things, so we have no right to criticize them. No government is perfect, like no software is perfect. That doesn't mean no relative judgments can be made.
Of course it's irrelevent to you that most of those teams are developing cross-platform, not linux, software. If a hole is in Apache, it's in Apache. If a hole is in BASH, it's in BASH. Same with GCC, KDE, GNOME, etc. If a hole exists in Explorer then it's a Windows issue because Microsoft's Windows Development group is one big team in the scheme of things because it works together to make a single large product.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.