Re: Microsoft finally acknowledges the security drumbeats

From: Alun Jones (alun@texis.com)
Date: 01/31/02 

From: alun@texis.com (Alun Jones)
Date: Thu, 31 Jan 2002 14:33:02 GMT

In article <MPG.16c2a741420b5f8298a841@corp.supernews.com>, Philip J. Koenig
<See_email_@ddress_below.This_one_is.invalid> wrote:
>Agreed, but he did have a valid point: Microsoft's management
>has a certain point-of-view about how they develop things,
>what their priorities are, etc., and to some extent that
>corporate viewpoint will be applied to any of their product
>and/or development groups.

While that is definitely true, and I have my own experience to show me that
the personality of a company is often indicative of that of "the guy in
charge", it's also worth noting that when the NT architecture was designed and
developed, it was not solely a Microsoft project, and it was not developed by
old Microsoft hands. New blood was brought in - IIRC, the head of the project
was formerly in charge of design for VMS (a quite securely designed OS, I
think we can agree), and the project was twinned with that of IBM's OS/2
development. Indeed OS/2 and NT split when Microsoft and IBM split on that
project. The core architecture design is likely to be the same between the
two systems.

>In the case of security, I think I will not get a lot of
>disagreement that Microsoft has not made it a high priority
>up until recently - and that seems to apply pretty much across
>their product range.

However, it's also worth noting that the NT architecture was designed at a
different time, with different people in charge, and with different partners,
than the slew of unsecure apps since then. If you were to make the same
statements about Win3.x, Win9x and Windows ME, then I'd agree. Unsecure to
the core.

>While it may just be I'm not enough of an automobile aficionado
>to understand the market and its major players well enough, I'm
>not sure the same type of across-the-board philosophy can be as
>easily attributed to, say, GM as compared to Ford, or Toyota as
>compared to Nissan.

Sure it can, in many respects - if Ford management says "use Firestone tires",
to pick a random example, then all Ford vehicles use Firestone tires, even to
the point of using a tire that is not designed to work with their vehicles.
This still doesn't mean that the vehicles are unsafe in and of themselves,
especially if you change out the tires that are inappropriate for the vehicle.
 They're unsafe "out of the box", but a slight change to manufacturing (using
a tire designed for the vehicle) and the safety is brought back to a more
acceptable level. Even Ford doesn't give you a whole new car when they issue
a recall :-)

[The analogy is included, and extended, in my post purely for whimsy - it's
not meant to suggest that I know anything about car design or safety, or
Ford's internal process, or that the analogy maps acceptably onto computer
security. If you have a problem with the analogy, then ignore the analogy -
if you have a problem with the OS argument, then argue it about the OS, not
the car analogy. Analogies are like vacuum cleaners - they suck. Actually,
they're more like air pumps - they blow. Now I come to think of it, they're
more like a chocolate fireguard - nice to look at, but not to be used
seriously.]

Alun.
~~~~

[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

Relevant Pages

  • Re: Microsoft finally acknowledges the security drumbeats
    ... was formerly in charge of design for VMS (a quite securely designed OS, ... Sure it can, in many respects - if Ford management says "use Firestone tires", ... the point of using a tire that is not designed to work with their vehicles. ... or that the analogy maps acceptably onto computer ...
    (comp.security.unix)
  • Re: Tire Woes
    ... rather than the people who design and build vehicles, ... Tires do not need to be rotated but they need to rotate ...
    (rec.outdoors.rv-travel)
  • Re: Radial tires
    ... especially if a tire of different tread depth or design, ... few different vehicles. ... The only negative thing that's ever happened is a slight pull to one side or the other, because of a difference in rolling resistance between the two front tires. ...
    (rec.autos.tech)
  • Re: Tire Woes
    ... Lon VanOstran wrote: ... rather than the people who design and build vehicles, and those who design and build tires. ...
    (rec.outdoors.rv-travel)
  • How the Big 3 can help bailout the Bailout
    ... utilize their resources, capabilities, and potential to design, ... vehicles, Electric Vehicles, and Mass Transit systems? ... not just build cars and trucks. ... Chrysler, Ford, and General Motors have the experience, capabilities, ...
    (alt.politics)