Posted on 09/06/2002 10:36:06 AM PDT by toupsie
Friday 6 September 2002
Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server .net developer conference in Seattle, USA.
"I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.
In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a flaw in its digital certificate technology that could allow attackers to steal a user's credit card details.
Microsoft's regular stream of security bulletins has continued despite Bill Gates company-wide Trustworthy Computing Initiative, announced earlier this year.
The Initiative was launched with a memo from Bill Gates, Microsoft's chairman and chief software architect, and saw the company halt production on new code in all of its products while employees scanned every line of existing code in search of vulnerabilities.
"We realised that we couldn't continue with the way we were building software and expect to deliver secure products," Valentine said.
But the company is dealing with a problem that is not easily resolved. Valentine told developers at the conference that as the company works to shore up its products the security dilemma will evolve as hackers become more sophisticated.
"It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."
Microsoft has also been employing new tools developed by Microsoft Research that are designed to detect errors in code during the development process, Valentine said.
According to Chandra Mugunda, a software consultant with Dell who attended Valentine's presentation, buggy software is "an industry-wide problem, not just a Microsoft problem. But they're the leaders, and they should take the lead to solve them," he said.
Great question. I have been in two small (<30 employees) companies recently that needed an accounting system. I don't know of any PC based system that is both affordable and good. The current company uses an Access based product called "Yes! I Can run My Own Business". It is extremely well designed from a business point of view, but it has all of the flakiness that people accuse Microsoft products of having. It doesn't actually do anything bad with data, but it sometimes has to be kicked around a bit, restarted and such. but you get all the source code, so you can add, modify and delete features, write your own reports, etc. It has modules for order entry, inventory, purchases, payroll, etc.
All the alternatives I know of cost tens of thousands of dollars.
Good luck.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.