Re: Microsoft finally acknowledges the security drumbeats

From: Jesus Manuel NAVARRO LOPEZ (jesus_navarro@promofinarsa.es)
Date: 01/31/02 

From: Jesus Manuel NAVARRO LOPEZ <jesus_navarro@promofinarsa.es>
Date: Thu, 31 Jan 2002 18:30:44 +0100

Hi, Alun:

Alun Jones wrote:

> In article <MPG.16c2a741420b5f8298a841@corp.supernews.com>, Philip J. Koenig
> <See_email_@ddress_below.This_one_is.invalid> wrote:
>
>>Agreed, but he did have a valid point: Microsoft's management
>>has a certain point-of-view about how they develop things,
>>what their priorities are, etc., and to some extent that
>>corporate viewpoint will be applied to any of their product
>>and/or development groups.
>>
>
> While that is definitely true, and I have my own experience to show me that
> the personality of a company is often indicative of that of "the guy in
> charge", it's also worth noting that when the NT architecture was designed and
> developed, it was not solely a Microsoft project, and it was not developed by
> old Microsoft hands. New blood was brought in - IIRC, the head of the project
> was formerly in charge of design for VMS (a quite securely designed OS, I
> think we can agree), and the project was twinned with that of IBM's OS/2
> development. Indeed OS/2 and NT split when Microsoft and IBM split on that
> project. The core architecture design is likely to be the same between the
> two systems.
>

...and, as I have already told, the chief of the devel team ("borrowed"
from VMS) resigned when specifications for NT4 were *against* his
conception, and that was mainly because he was against moving GUI code
into ring0 due to security reasons. The reason for the moving was
speed... again going away from the original conception about building a
microkernel architecture... which is no new news: two of the main
buzzwords in the early days of the NT project were: microkernel for easy
porting (we're talking about the days when NT was
intel/alpha/mips/powerpc) and easy security audit (which is no more: NT
was not a true multiuser system since GUI mem space was shared... and
local security problems arose due to this), and supported UNICODE from
the very beginning so internacionalization was not an issue anymore (I
recall the Admin UID nigthmare, and the fact that hotfixes and SPs delay
longly for non-english versions even today).

>
>>In the case of security, I think I will not get a lot of
>>disagreement that Microsoft has not made it a high priority
>>up until recently - and that seems to apply pretty much across
>>their product range.
>>
>
> However, it's also worth noting that the NT architecture was designed at a
> different time, with different people in charge, and with different partners,
> than the slew of unsecure apps since then. If you were to make the same
> statements about Win3.x, Win9x and Windows ME, then I'd agree. Unsecure to
> the core.
>

Truly enough, but it's true too that since security was not a real
concept on the bosses' minds but a marketing thingie (let's cry all
together Windows NT is C2 compliant!!!) architectural decitions have
been taken against the preliminar design.

>
>>While it may just be I'm not enough of an automobile aficionado
>>to understand the market and its major players well enough, I'm
>>not sure the same type of across-the-board philosophy can be as
>>easily attributed to, say, GM as compared to Ford, or Toyota as
>>compared to Nissan.
>>
>
> Sure it can, in many respects - if Ford management says "use Firestone tires",
> to pick a random example, then all Ford vehicles use Firestone tires, even to
> the point of using a tire that is not designed to work with their vehicles.
> This still doesn't mean that the vehicles are unsafe in and of themselves,
> especially if you change out the tires that are inappropriate for the vehicle.
> They're unsafe "out of the box", but a slight change to manufacturing (using
> a tire designed for the vehicle) and the safety is brought back to a more
> acceptable level. Even Ford doesn't give you a whole new car when they issue
> a recall :-)
>

I think I recall some problem some years ago regarding model of Ford
Scort? where the fuel tank was too exposed thus tending to burn in case
of a crash. Here comes the fact of management taking "technical"
decitions (tribunals accepted that the chief management did know about
that problem but calculated that they would loose less money by taking
the risk of the demands than changing the line). Here comes the fact
you arose too: the "team" for that part of the car was an specific one
so that piece could be changed with minor (well, not so minor) changes
to the rest of the vehicle. But here (I think) we're talking more about
passive security: if the management wouldn't want to expend on airbag,
ABS, crash modules... investigation (and they wouldn't, it is the
pressure of the people which forced them on it) the cars wouldn't have
been designed with security in mind. Adding it after the fact would
imply a heavy (not so heavy in absolute terms: after all cars still have
and engine and four wheels) with a cost of tons of dollars. *that's*
the kind of costs M$ would expect (and the fact is that its market is
not as sensible as the car market by far regarding security, so they're
not expected to do it because of its sensibility).

> [The analogy is included, and extended, in my post purely for whimsy - it's
> not meant to suggest that I know anything about car design or safety, or
> Ford's internal process, or that the analogy maps acceptably onto computer
> security. If you have a problem with the analogy, then ignore the analogy -
> if you have a problem with the OS argument, then argue it about the OS, not
> the car analogy. Analogies are like vacuum cleaners - they suck. Actually,
> they're more like air pumps - they blow. Now I come to think of it, they're
> more like a chocolate fireguard - nice to look at, but not to be used
> seriously.]
>

Fair enough. 

-- 
SALUD,
Jesús
***
jesus_navarro@promofinarsa.es
***

Relevant Pages

  • Re: Microsoft finally acknowledges the security drumbeats
    ... > was formerly in charge of design for VMS (a quite securely designed OS, ... intel/alpha/mips/powerpc) and easy security audit (which is no more: ... Even Ford doesn't give you a whole new car when they issue ... Here comes the fact of management taking "technical" ...
    (comp.security.unix)
  • Re: question about component integration or assembly
    ... File Design and File Indexing ... Microcomputer Applications by Graurer and Sugrue p. 370, ... management system also provides the ability to delete records as well as add ... Programmers and database users also find SQL to be valuable ...
    (comp.object)
  • Re: Security and EOL issues
    ... OS software resources are designed that reserved ram and disk space among other resources, to reflect what current hardware size is available. ... (There was a security patch a few years ago that could not be applied to NT4 as it required more resources then NT4 could provide. ... Installing air bags requires that the automobile manufacturer design, test, ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • And all hes got to do is moderate the usenet.
    ... Internet Project - Web Design Project - Network Project - Security ... 2007 French National Plastic Arts Centre - www.cnap.fr ... management and general content buffer/validation system. ...
    (soc.culture.thai)
  • Re: I need a system the U.S. government cannot hack
    ... By way of a further excuse, using words such as 'hack', 'government' or ... The security requirements are driven in part by the costs associated with ... The bulk of the cost of box and wire systems is in the infrastructure --> ... While I can, and will, and am trying, to move ahead with my own design, ...
    (microsoft.public.security)