, Newsbytes 2002-01-17
Microsoft chairman Bill Gates tells employees that failing to make products less vulnerable to security breaches will jeopardize the firm's future.
Expand all |
Post comment
Will Microsoft's Trustworthy Computing Sell?
2002-01-18
Coldman (2 replies)
Coldman (2 replies)
1st - fire your marketing department and advertising companies... and instead publish honest technology press releases, using an academic format, that are honestly written by your technology staff.
2nd - as you have a history of writing code yourself, you are aware that the security reality is this: we all have to dance on the same slippery and dangerously insecure floor that we got now, for now.
Why?
Because, ...to this day can you or anyone refute the combined logic found deep within topic details in the two artices mentioned below (and other facts... for example, the fact that Microsoft, and others, have the potential for major security problems because of the use of UTF-8 Unicode and how a software company addresses the economics of how they can afford to develope for the many international language markets that they sell to).
Point 1, Computer Security is Oxymoron.
Sample quote (one of many): "Though programmers are often regarded as akin to sorcerers, they are as bungling as any non-gearhead. There are an average of five to 15 bugs in every thousand lines of code, which means that Windows 98 is riddled with somewhere between 90,000 and 270,000
oopsies".
http://www.salon.com/tech/review/2000/08/31/schneier/index.html
Point 2, Can Viruses Be Detected?
Sample quote (one of many): "Cohen's Theorem proves that we can never truly find out if our system is harbouring a virus"...
http://www.securityfocus.com/infocus/1267
It is interesting when we now combine the logic of 1 and 2 above, and let conclusions flow, we "see" that pure security is a huge technological challenge (and not just a marketing concept)!
Bill, IF we can get arrive at the day when we can fully, widely and honestly accept the facts detailed in these above two points (of "as of yet" unopposed fact) - vs market to the contrary... THEN, we can start to get really creative about throwing out the old way we look at the problems we face and code with an openly accepted and truthfully defined purpose.
...Meaning this - we (all) need to face the facts, publish the current security truth to all openly, AND THEN - we need to build a new set of open standards based on a foundation of "secure" computer Operating Systems (ex: SELinux or an open SEWindows), secure application development languages and tools (as mentioned above and no one mentioned an open sourced CycloneC-like C to replace today's C.... ) , a new secure protocol (think about it, is there a way to produce a SE-TCP/IP...?), an application-security certification method, for both *nix and MS systems, OS's, and apps, with a security rating process that the average computer user in the world can understand, etc... , AND until we make the logic found in the two above articles to be no longer relevent..., THEN - we simply have to dance knowing that, truthfully, nothing can ever be 100% secured.
It will take years to do all that needs to be done to lay the proper digital security foundation that we all can trust EQUALLY (meaning that any future security foundation should involve a partnership between both the *nix and Microsoft development groups to be fully dependable by the world of users at large). FYI - MS needs to release it's source code in order for an honest, not-marketing-dependent, review of it to take place.
There would also be a value to the world if any standards, OS's, app development tools, etc.. that are developed are not copywrited or patented, AND instead are left open for the use of all who will develop products that will compete in this new "secure" environment.
Yep - Till major problems are addressed from the ground up...then, Microsoft marketers (and some *nix marketers) are simply illusionists that are experts at lying for profit.
For today and tomorrow insecurity is a reality that can not be avoided! Can anyone argue against this? The only future we can look forward to is one that history of invention and innovation has taught us... that hopefully hope can exist and that "every day we wake up we will learn new things" and we will see things in new ways... (ex: once upon a time, the world was once flat) !
We can only wish that Microsoft is seeing things in new ways. We can only hope that this newest direction is not just another idea for MS marketing to run away with (and for MS to overcharge for)!
Bill, We all wish you and your company luck...
Please work with the *nix groups on this,
...and please don't let us down again.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/310/9974#9974