Microsoft message to security world: Trust Us
In a keynote at the RSA conference last year, Microsoft Chairman Bill Gates and Craig Mundie, chief research and strategy officer, said the company had more to do to improve security.
Microsoft's Craig Mundie on stage at RSA 2008.
(Credit: Corinne Schulz/CNET News.com)A year later, not much has changed.
Mundie and Chris Leach, chief information security officer at Affiliated Computer Services, followed talking points about Microsoft's latest vision for End to End Trust, describing it as an industry call to action.
"The foundation has been laid for good security practices," Mundie said. "The challenge now is related to management practices."
It's all about establishing that you are who you say you are.
"We need new forms of credential," Mundie said. "You should be able to present a cert (certificate) that says, 'Hey, I'm over the age of 18'...and allow a Web site to know that you are an adult."
Mundie was laying out the parameters for Microsoft's vision for security so that the interested parties would build around the company's framework.
As if on cue, he said: "The overall management systems today are not integrated enough, they're too complicated. That has been a major focus for Microsoft." And he mentioned some Microsoft products that solve those problems.
I showed Bruce Schneier, chief security technology officer for BT, the End to End Trust documents and he said "it feels general and like marketing hype." The notion that the world needs centralized authentication "is just silly," he added.
Basically, Microsoft has used its trusted computing efforts, such as inserting identity rights management into Office 2003, to lock people into using its products, Schneier said.
"Microsoft has used this as an anti-competitive tool," he said.
In a briefing on Monday, George Stathakopoulos, general manager of Microsoft's Trustworthy Computing group, was mentally prepared for the criticism.
"With everything we do, there is always skepticism and conspiracy theories," he said. "The answer is no; this is for real."
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Bruce Schneier has forgotten more about security than you or I will ever know.
Bruce Schneier has forgotten more about security than you or I will ever know.
It is good for tracking people though. Which is the real motivations for these types of proposals.
MS has never and will never care about security. They ignored security for so long and the only thing they have to to try and address it is poorly thought out edge solutions and using minor roadblocks.
MS software is the most exploited because it is the easiest to do. Nothing will change until the build an OS from scratch with security as its center of attention.
Microsoft only provides the *second* easiest software to crack - namely, the swiss cheese that has so many holes you can poke it with a stick a couple of times and find one.
Don't get me wrong - I'm not saying that Microsoft's product isn't ridiculously shoddy, and nowhere near ready for prime time. However, before setting fire to the neighbor's house, it's best to cover your own in asbestos. Open source has the potential to be more secure, but it also has the potential to be less secure. You need to do your research and understand what you're doing. A well-secured Linux box could go years before it really needs a security patch, simply because the holes are mitigated by design before they're found. (Note: one always needs to check to make sure. This isn't a "Forget the Linux box, it's good." This is instead an opportunity to see how good you are.)
And, yes, centralized authentication is horrible for security. There's a reason why virtually every site that supports Open ID has its own authentication as well (at least, I hope this is the reason...): server authentication is vital for server administration. If centralized authentication is ever trusted for server administration, you've just handed your server over to the centralized authentication store.
Just to make my position clear: Microsoft is the most exploited for a combination of three reasons:
1. Very easy to crack.
2. Most common installed software.
3. Microsoft the corporation behaves in a manner which infuriates the sort of coder that goes into cracking.
When Microsoft is no longer the dominant software company, they will still be the most exploited for several years, due to the other two reasons, and due to inertia. However, even if Microsoft doesn't improve their security (I don't think they can, really - it seems antithetical to their culture), they still won't be the most cracked forever.
That is the reason why no cracker worth his salt is going to worry about Mac's or Linux boxes: too little of an installed base to worry about or code for.
You also have to realize that Microsoft has to strike a balance between security and ease of use.... otherwise, you get something like Linux, which is hellishly hard to use for the average person, and I know, because I tried Ubuntu not too long ago and gave up in frustration because everything was command-line only.
It is good for tracking people though. Which is the real motivations for these types of proposals.
MS has never and will never care about security. They ignored security for so long and the only thing they have to to try and address it is poorly thought out edge solutions and using minor roadblocks.
MS software is the most exploited because it is the easiest to do. Nothing will change until the build an OS from scratch with security as its center of attention.
Microsoft only provides the *second* easiest software to crack - namely, the swiss cheese that has so many holes you can poke it with a stick a couple of times and find one.
Don't get me wrong - I'm not saying that Microsoft's product isn't ridiculously shoddy, and nowhere near ready for prime time. However, before setting fire to the neighbor's house, it's best to cover your own in asbestos. Open source has the potential to be more secure, but it also has the potential to be less secure. You need to do your research and understand what you're doing. A well-secured Linux box could go years before it really needs a security patch, simply because the holes are mitigated by design before they're found. (Note: one always needs to check to make sure. This isn't a "Forget the Linux box, it's good." This is instead an opportunity to see how good you are.)
And, yes, centralized authentication is horrible for security. There's a reason why virtually every site that supports Open ID has its own authentication as well (at least, I hope this is the reason...): server authentication is vital for server administration. If centralized authentication is ever trusted for server administration, you've just handed your server over to the centralized authentication store.
Just to make my position clear: Microsoft is the most exploited for a combination of three reasons:
1. Very easy to crack.
2. Most common installed software.
3. Microsoft the corporation behaves in a manner which infuriates the sort of coder that goes into cracking.
When Microsoft is no longer the dominant software company, they will still be the most exploited for several years, due to the other two reasons, and due to inertia. However, even if Microsoft doesn't improve their security (I don't think they can, really - it seems antithetical to their culture), they still won't be the most cracked forever.
That is the reason why no cracker worth his salt is going to worry about Mac's or Linux boxes: too little of an installed base to worry about or code for.
You also have to realize that Microsoft has to strike a balance between security and ease of use.... otherwise, you get something like Linux, which is hellishly hard to use for the average person, and I know, because I tried Ubuntu not too long ago and gave up in frustration because everything was command-line only.
have your best interests in mind."
Can anyone think of a funnier joke than that? I can't.
have your best interests in mind."
Can anyone think of a funnier joke than that? I can't.
Dear Craig - remember (oops, perhaps not) your own XENIX and its Trusted XENIX version (Yes - Microsoft sold a version of UNIX for many years and still apparently owns the XENIX trademark); the Palladium/NGSCB project and the "Ring -0" Intel Pentium; the Windows'NT hardening exercise in the mid-1990s (a B1/B2 version for government), and on and on.
No application, no middleware, no comms/authentication stack and so on can be more secure than the hardware and OS on which it all runs. Intel knew that with the 286 to Pentium chip design (IBM PC/AT onwards) with its 4 rings of protection (ignored by Microsoft Windows'NT/2000/XP/VISTA and, unfortunately, also by UNIX/LINUX but NOT, in part, by Microsoft-IBM's OS/2), memory segmentation to prevent overflow etc (ignored again), memory typing - separating code, data and stack (ignored) and on and on. Intel designed the 286 to Pentium CPUs around the principles of security of the MULTICS system of 40 years ago - and we have not got any further except for the excellent efforts of the NSA with its SELinux offering.
Craig - get over it - what we need is a secure operating system with a modernised and rethought version of "Mandatory Access Control (MAC)" which enables us to categorise and protect the base components of the system as it connects to the untrusted and dangerous global Internet. We have one possible base now - and have had it for almost 10 years!!! It is SELinux ....
What we need is for Microsoft to understand what has been done and look at how the work of SELinux and allied activity can be incorporated into modern operating systems structures - the base for security and information assurance.
For example, fancy allowing untrusted device drivers from unknown sources into the same kernel area as the trust platform/reference monitor of the OS - Microsoft did with Windows NT 4 onwards!
(Remember Ring 1 - oops - Alzheimer's again.)
Forget patching and other software quality problems - that are related to but not real security architecture schemes - the base design of the OS has to be secure and developed today around new concepts of mandatory access control
( and Government has to take the lead by insisting such in procurement ).
Palladium was a start at Microsoft - Craig - what happened to that!!! Remember "Nexus", remember trusted drivers, remember ..... oh well ... perhaps not. Microsoft Alzheimer's again!
Trust technology is too powerful for a business to deliver to consumer at large, because the businesses cannot be themselves trusted not to abuse it; the thoughts of hardware-enforced encryption and collusion with Big Media--among many other nightmare scenarios---I cannot remove from my mind anytime soon, regardless of what possible benefits such technology may have.
Besides, all list-based access control schemes, whether discretionary or mandatory, are subject to the confused deputy problem, so I do not see them as a long-term solution. Instead, I have, from time to time, been following capability-based solutions.
Also, SELinux is notorious in its difficulty to configure correctly---true security is difficult---but more simple configuration mechanisms have been developed to help in this (one such scheme, SMACK, is scheduled for inclusion in the 2.6.25 kernel).
Dear Craig - remember (oops, perhaps not) your own XENIX and its Trusted XENIX version (Yes - Microsoft sold a version of UNIX for many years and still apparently owns the XENIX trademark); the Palladium/NGSCB project and the "Ring -0" Intel Pentium; the Windows'NT hardening exercise in the mid-1990s (a B1/B2 version for government), and on and on.
No application, no middleware, no comms/authentication stack and so on can be more secure than the hardware and OS on which it all runs. Intel knew that with the 286 to Pentium chip design (IBM PC/AT onwards) with its 4 rings of protection (ignored by Microsoft Windows'NT/2000/XP/VISTA and, unfortunately, also by UNIX/LINUX but NOT, in part, by Microsoft-IBM's OS/2), memory segmentation to prevent overflow etc (ignored again), memory typing - separating code, data and stack (ignored) and on and on. Intel designed the 286 to Pentium CPUs around the principles of security of the MULTICS system of 40 years ago - and we have not got any further except for the excellent efforts of the NSA with its SELinux offering.
Craig - get over it - what we need is a secure operating system with a modernised and rethought version of "Mandatory Access Control (MAC)" which enables us to categorise and protect the base components of the system as it connects to the untrusted and dangerous global Internet. We have one possible base now - and have had it for almost 10 years!!! It is SELinux ....
What we need is for Microsoft to understand what has been done and look at how the work of SELinux and allied activity can be incorporated into modern operating systems structures - the base for security and information assurance.
For example, fancy allowing untrusted device drivers from unknown sources into the same kernel area as the trust platform/reference monitor of the OS - Microsoft did with Windows NT 4 onwards!
(Remember Ring 1 - oops - Alzheimer's again.)
Forget patching and other software quality problems - that are related to but not real security architecture schemes - the base design of the OS has to be secure and developed today around new concepts of mandatory access control
( and Government has to take the lead by insisting such in procurement ).
Palladium was a start at Microsoft - Craig - what happened to that!!! Remember "Nexus", remember trusted drivers, remember ..... oh well ... perhaps not. Microsoft Alzheimer's again!
Trust technology is too powerful for a business to deliver to consumer at large, because the businesses cannot be themselves trusted not to abuse it; the thoughts of hardware-enforced encryption and collusion with Big Media--among many other nightmare scenarios---I cannot remove from my mind anytime soon, regardless of what possible benefits such technology may have.
Besides, all list-based access control schemes, whether discretionary or mandatory, are subject to the confused deputy problem, so I do not see them as a long-term solution. Instead, I have, from time to time, been following capability-based solutions.
Also, SELinux is notorious in its difficulty to configure correctly---true security is difficult---but more simple configuration mechanisms have been developed to help in this (one such scheme, SMACK, is scheduled for inclusion in the 2.6.25 kernel).
What good is perfect identification if you can't secure the user, the operating system, the applications, the channel to the server, the server's operating system OR the server's backup tapes? All you're doing with perfect identification there is perfectly identifying who's getting their identity stolen. You're not making it harder to do the stealing.
"Trust us?" Yougottabekidding.
What good is perfect identification if you can't secure the user, the operating system, the applications, the channel to the server, the server's operating system OR the server's backup tapes? All you're doing with perfect identification there is perfectly identifying who's getting their identity stolen. You're not making it harder to do the stealing.
"Trust us?" Yougottabekidding.
(especially since the "track record" of Microsoft doesn't strike one as being especially security minded)
(especially since the "track record" of Microsoft doesn't strike one as being especially security minded)
Yes, they have a track record. That's probably better than most. It's funny to read comments from *individuals* who actually have no idea of the scale of the ecosystem that Microsoft covers. Or worse, maybe do, and simply responds with "religion" - quite a common affliction I might say.
Yup, close a system, until you're sued to open them up. Haven't we been here before? Striking this balance is something only a Microsoft truly has an idea about - the scale and complexity of this is mind boggling.
And that's just it. MS isn't just Microsoft. It's actually an ecosystem, that powers 90%++ of the worlds desktops - you know, that ecosystem that actually allows all these new great ideas and services and technologies to have an industry to build on in the first place. Say what you will, but that ecosystem is what makes a Google, a Yahoo, a MySpace, an Amazon, iTunes, flash drives, solid state drives, Web 2.0, 3.0 100.0, etc., a viable business model.
Ergo, ideas from MS, such as that presented above, may sound ridiculous to some. But do take a moment to pause. It takes experience, and scale to have a valid view of the "landscape", the ecosystem, and comment about it - lest you make yourself truly the ridiculous one, and not even know it.
That said, unless there's somebody here who can claim to have the scale and experience, of a MS, allowing him/her quite a view indeed of the landscape he/she is commenting about, I'll take MS's word over yours any day.
- Better Them Than Commenters
- by EdSF April 9, 2008 7:43 AM PDT
- As expected, a lot of flack is thrown at MS when security is the topic of discussion. Yes, their track record isn't great. And yes, they continue to have problems to solve.
- Reply to this comment
-
-
- Thanks for your input, Mr. Gates
- by rcrusoe April 9, 2008 7:56 AM PDT
- NT
-
-
(36 Comments)Yes, they have a track record. That's probably better than most. It's funny to read comments from *individuals* who actually have no idea of the scale of the ecosystem that Microsoft covers. Or worse, maybe do, and simply responds with "religion" - quite a common affliction I might say.
Yup, close a system, until you're sued to open them up. Haven't we been here before? Striking this balance is something only a Microsoft truly has an idea about - the scale and complexity of this is mind boggling.
And that's just it. MS isn't just Microsoft. It's actually an ecosystem, that powers 90%++ of the worlds desktops - you know, that ecosystem that actually allows all these new great ideas and services and technologies to have an industry to build on in the first place. Say what you will, but that ecosystem is what makes a Google, a Yahoo, a MySpace, an Amazon, iTunes, flash drives, solid state drives, Web 2.0, 3.0 100.0, etc., a viable business model.
Ergo, ideas from MS, such as that presented above, may sound ridiculous to some. But do take a moment to pause. It takes experience, and scale to have a valid view of the "landscape", the ecosystem, and comment about it - lest you make yourself truly the ridiculous one, and not even know it.
That said, unless there's somebody here who can claim to have the scale and experience, of a MS, allowing him/her quite a view indeed of the landscape he/she is commenting about, I'll take MS's word over yours any day.