Comments on: Ballmer calls security a never-ending battle

"Bad people" in cyberspace are here to stay, but that doesn't mean things aren't getting better, Microsoft's CEO says.

[Seething Ganglia]

Security is a continuous process.

Too bad Microsoft starts at such a bad disadvantage.

Not Solving the Problem

I think most everything Steve is saying about security in this
article doesn't fixing Windows core problems. Instead he seems
to be saying security problems are being solved outside
Windows core with such things as firewalls, virus and worm
detecting and removing, and isolation techniques. In my
opinion, this will eventually be a failure. The black hats will
continue worming their way through these barriers and continue
attacking Widows core defects. It seems to me, Windows
continues its security downward spiral until the core is gutted
and replaced with something built for the realities of a
networked world.

...John

[Tex Murphy PI]

Security and...

Patch management is a real pain. Be it Windows, Linux, Mac or Unix - it's a real pain having to apply patches and praying that they don't take down a production server.

[Dachi]

Security is not diffucult.

You don't achieve it by adding security measures, you do it by removing vulnerabilities. Firewall or not, they need to remove services in listening state and work on ways to reduce the amount of code booted with windows. They are going about it wrong. I won't believe MS is "serious about security" 'till I see them correctly approach the problem.

[landlines]

First you have to have an "Arditectural Design for Security"

Windows' primary weakness is its architecture (or lack thereof).

1. Microsoft apparantly has no concept or understanding of "pure data" in any of its products. In a secure design, only "pure data" may be transmitted over unsecure connections. This, along with simple measures like data validation, keeps applications from being compromised by conditions which they cannot handle (which result in "crashes"). Allowing executable content within data, especially when the data has neither been validated nor source-verified, is a prescription for cascading disasters resulting from a simple failure in any running program. Active X is only one of the many, many flagrant violations of this principle which are built into Windows.

2. Microsoft, by default, assumes that anyone signed onto a machine should be allowed access to everything on that machine. This leads to cascading data-compromising disasters affecting whole networks when a single malicious, stupid, or beserk user gets in. In a secure architecture, access is granted based on the user's identity, organization, and 'clearance' level.

3. Microsoft does not control the configuration of the operating system. This is because it allows users to modify the operating system by replacing dll's and other executables, and by allowing destructive changes in the Registry with no authentication or validation. If there is no configuration control, there can be NO SECURITY.

There are many, many security holes in Windows, and they are extraordinarily easy to discover via the principles outlined above. Closing any one of them or patching to eliminate exploits will never be effective until Windows architecture is completely redesigned for security.

[landlines]

First you have to have an "Architectural Design for Security"

Windows' primary weakness is its architecture (or lack thereof).

1. Microsoft apparantly has no concept or understanding of "pure data" in any of its products. In a secure design, only "pure data" may be transmitted over unsecure connections. This, along with simple measures like data validation, keeps applications from being compromised by conditions which they cannot handle (which result in "crashes"). Allowing executable content within data, especially when the data has neither been validated nor source-verified, is a prescription for cascading disasters resulting from a simple failure in any running program. Active X is only one of the many, many flagrant violations of this principle which are built into Windows.

2. Microsoft, by default, assumes that anyone signed onto a machine should be allowed access to everything on that machine. This leads to cascading data-compromising disasters affecting whole networks when a single malicious, stupid, or beserk user gets in. In a secure architecture, access is granted based on the user's identity, organization, and 'clearance' level.

3. Microsoft does not control the configuration of the operating system. This is because it allows users to modify the operating system by replacing dll's and other executables, and by allowing destructive changes in the Registry with no authentication or validation. If there is no configuration control, there can be NO SECURITY.

There are many, many security holes in Windows, and they are extraordinarily easy to discover via the principles outlined above. Closing any one of them or patching to eliminate exploits will never be effective until Windows architecture is completely redesigned for security.

spin, spin, spin

"In corporates the No. 1 way people get viruses is, in fact, with
machines that are on their networks sometime and off the
network other times."

Sorry, No1, on and sometimes off ?

[David Arbogast]

Where's the OS effort?

Security is an ongoing job, similar to the war on terror, and it must be continued. Microsoft is the only company that has put significant resources into an ongoing security battle to protect software. If Linux ever reaches mass acceptance, it will become obvious that the "react and patch" strategy currently used is not sufficient to keep hackers at bay.

To suggest that Microsoft needs to "gut and replace" their OS is ignorant. Regardless of your code base, security will be an ongoing challenge. There is no simple solution, and there is no totally secure system. At least Microsoft is devoting resources to the effort. How many open-source developers are spending 8 hours a day, 5 days a week devoted to security issues... working for free... ? No... they just post on News.com claiming that Microsoft can never be successful...

[landlines]

Microsoft is STRUCTURALLY INSECURE

While Windows lacks a clear distinction between executables and data, lacks a mechanism for interuser protection, and lacks configuration control, it is clear that the only solution is "gut and replace".

It is amazing how many, lacking knowledge about computing history and other OS alternatives, just follow Microsoft blindly and never challenge it to be better.

Suggested reading: technical literature on the several OS's in the 70's which had the words "Non-Stop" in their name.

Read and understand how (1) an OS CAN BE MADE SECURE....even against power failure and even against most hardware failures! (2) what we have now is a mere "toy" compared to the industrial-quality OS's of pre-Wintel machines.

In our rush to get low cost (to the exclustion of performance, security, reliability, and everything else), we simply ignored the alternatives.

[anthonycea]

See this page for help today!

You can get free downloads and free security data now. See

http://www.searchwars.squarespace.com/free-software-downloads/

Don't wait for M$ to solve your problems.