Re: Article: Gates memo calls for security focus
From: Wolfgang Schelongowski (spamtrap@xivic.prima.de)Date: 01/22/02
- Next message: Wolfgang Schelongowski: "Re: what if the message-ID generator generates a dirty word?"
- Previous message: Alun Jones: "Re: Hey, everyone, look at my message-id! (Re: what if the message-ID generator generates a dirty word?)"
- In reply to: Alun Jones: "Re: Article: Gates memo calls for security focus"
- Next in thread: Walter Dnes: "Re: Article: Gates memo calls for security focus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: spamtrap@xivic.prima.de (Wolfgang Schelongowski) Date: 22 Jan 2002 19:42:00 +0100
In <vmG28.4153$Hq5.1452606656@newssvr11.news.prodigy.com>
alun@texis.com (Alun Jones) writes:
>In article <a2cdbo$v6q$1@xivic.prima.de>, nospam+2588@xivic.prima.de (Wolfgang
>Schelongowski) wrote:
>>Two problems:
>>1) Security is not an add-on like Internet. They'll have to junk
>> Win95/98/... and completely rewrite the WinNT/... . The same goes
>> for most utilities running with privileges.
>In what way do you believe that Windows NT is in need of being "completely
>rewritten"?
Bill Unruh has answered that.
> What assumption(s) at the core of the NT design are fundamentally
>incompatible with system security?
One I know of is that the GUI is an integral part of the OS and
*always* runs during normal operation.
>>2) What Gates said implies a U-turn in the _roots_ of the company's
>> philosophy.
>>Cf. http://news.com.com/2010-1078-818611.html
>The article you quote doesn't seem to support your theories. First, as I
>noted earlier, Microsoft _has_ previously done a U-turn in the roots of the
>company's philosophy. It's shown surprising maneuverability when the top-man
>gets his knickers in a twist over something. Suddenly, he's decided that
>security is "job 1" at Microsoft - are you truly of the opinion that he's
>going to allow some flunky or other to continue producing crappy code that
>embarrasses him by contradicting his newly stated credo?
In a situation like this it's not a question of allowing. We're
talking about Microsoft, not a shop with ten or hundred people.
Thousands of people working there have been instructed for years
that features and getting it out fast are what matter, and to neglect
other goals. That has become a part of their mindset and The Way
Things Are Done Here. Even if Bill had unlimited powers of The Most
Evil Overlord Of Mankind he wouldn't be able to change that fast -
it'll take years to achieve such a turnaround.
>Second, you seem to be confusing marketing messages with the company's
>philosophy. Microsoft's philosophy is to occupy "top notch" in the market,
>being the biggest single provider of whatever-it-is that they set their sights
>on.
I think their philosophy is to make money fast by whatever means
except those that are grossly illegal or will severely damage their
reputation. Building secure software takes time and has therefore
been thought of as "the less the better" if it wouldn't be too
obvious to the public.
>They have a lot of work ahead of them, but go back and take a look at the
>naysayers that, at the time, believed Microsoft didn't have what it takes to
>get busy in the Internet world...
Internet was just another case of "well, it seems we can't impose our
standards here, so we'll have to work according to those that are
generally accepted."
-- "Some people are heroes. And some people jot down notes." -- Terry Pratchett, The Truth
- Next message: Wolfgang Schelongowski: "Re: what if the message-ID generator generates a dirty word?"
- Previous message: Alun Jones: "Re: Hey, everyone, look at my message-id! (Re: what if the message-ID generator generates a dirty word?)"
- In reply to: Alun Jones: "Re: Article: Gates memo calls for security focus"
- Next in thread: Walter Dnes: "Re: Article: Gates memo calls for security focus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
