Comments on: Microsoft: Still more to do on security

Company has made headway on protecting PCs, but more Net use means more challenges, Gates and Mundie tell RSA crowd.
Photos: Bill Gates at RSA

[ejevo]

Still more to do on security?

"Still more to do on security" - Ain't that the understatement of the century. Geezus H!

"5 years of Trustworthy Computing doesn't mean Microsoft products are watertight" - yeah, I think the MS Office Parade of Zero Day exploits that's been ongoing for weeks and unpatched to date gave us a hint of that.

"But we're not really there yet in building a model of seamless, easy access across many devices. We're on the path to this future world." - How many injections of hard drugs does it take Mundie to spew this crap with a straight face?

"BitLocker", "rights management systems", "CardSpace" - aye carumba. Gates and Mundie just keep taking drags on that crack pipe without let up.

Too much BS to swallow, this article is choking me before this Microsoft user can get to the end.

[frankwick]

There will ALWAYS be work to do on security

Bill's statement is an understatement. Anyone who understands the basics concepts of network computing understands that security is a leapfrog game. Yes, security is getting better, but now attacks will become more sophisticated.

I'm waiting on the typical "my os is secure" comment to be applied here. No, your os is NOT secure. Brand A may not have the same exploits as Brand B, but the converse is true. As long as there is a determined 'hacker' out there, there will be exploits.

[Penguinisto]

...so why does MSFT make it so hard on themselves?

Yup - no OS is secure, that much is true.

OTOH, if you had a choice between hitting a set of wild rapids in
a canoe with a couple of (literal) microscopic leaks, vs. riding in
one that had numerous fist-sized holes all over it?

Seriously - the number of Linux, Solaris, *BSD, and OSX exploits
COMBINED is less than 0.0001% (rough est). of the number that
Windows has to contend with. There's something seriously
wrong with this, and platitude-laden relativism ("...oh well, no
OS is secure...") isn't going to cut it as an excuse.

Yup - eventually any "determined hacker" will find a way in to
any type of machine. But, there is a difference between any old
fool busting into a Windows box in less than a few minutes vs.
the days/weeks/months on end that a "determined hacker"
would have to spend towards getting into an OSX or other *nix-
based machine.

Security may be a "leapfrog game", but it takes much, much
bigger frogs to leap ahead of the *nixes.

Open thine eyes, friend.

/P

[jelloburn]

BitLocker and Card Space

This is a question which I hope can be answered civily and un-
fanboy-ishly.

BitLocker sounds a lot like Mac OS X's FileVault. What are the
differences?

Same with Card Space. This sounds an awful lot like a Mac OS X
Keychain. Are there differences?

[Ian Joyner]

Even "Trustworth Computing Initiative" is a rip-off

Bill Gates got the term from an address by Bertrand Meyer who
spoke of his "Trusted Components Initiative"

http://www.trusted-components.org/

Meyer has also been influential in .net:

http://www.amazon.com/Bertrand-Meyers-NET-Training-Course/
dp/0130331155