Vista Security Discussions Get a Rocky Start

narramissic writes "A technical glitch Thursday morning prevented many security vendors from participating in the first online discussion regarding Microsoft's plans for opening up the Vista kernel, ITworld reports. In a blog posting on the subject, Microsoft Senior Product Manager Stephen Toulouse wrote, 'We had a glitch where we sent out a messed up link. ... We're very sorry about that, it certainly was not intentional and we definitely see that was not a good thing for people to experience on such an important topic.'"

What a relief!

[justinbach]

'We had a glitch where we sent out a messed up link. ... We're very sorry about that, it certainly was not intentional and we definitely see that was not a good thing for people to experience on such an important topic.'"

Phew! It was just an accident!

Re:What a relief!

[zoobsolar]

For a bunch of folks that make some of the largest saleries in the entire world's IT industry, they sure do screw up a lot {read very often; too much}. I say the world continues to petition Microsoft. Simply assure Microsoft that we [the public at large] have no plans on buying their new product until they can prove its stability and that it conforms to user demands. This would include the stability and accuracy of information they release regarding said product. Otherwise the public could easily ensure that MS does not continue to "make the big bucks".

Re:

[bberens]

Oh please, get over yourself. Someone made a typo on a firewall rule or an e-mail and you go on some huge rant about how MS sucks and consumers everywhere should stop buying their products. It's not a religion, it's a tool. MS has some of the best tools available on the market for some tasks. Other companies like Apple, IBM, Sun, etc. have better tools for some tasks. When you try to convince people to alter the MS intertia by ranting over this insignificant thing then you give the 'other' camp a bad n

Re:

[zoobsolar]

I hardly think 5 sentences can be considered a huge rant. I am not anti-MS. I never said that MS sucks. I simply refered to their constant "oops" incompetence. Scour your beloved internet for the many hundreds of articles pointing out the simple fact that Microsoft, in short, gets in a hurry and releases software, documentation, links, emails prematurely. The bottom line to MS employees I intended to make is simple: You are paid 'the big bucks', so kindly check your work before you release it. Maybe y

So...

[Anonymous Coward]

Sending out messed up operating systems is also a glitch I take it?

No...

[akincisor]

Thats their business model.

Re:

[DRUNK_BEAR]

and they've patented it.

Re:

[Monsuco]

I think judging by the way MS works, if the OS isn't messed up that is a glitch.

Security experts biggest question...

[__aaclcg7560]

'We had a glitch where we sent out a messed up link. ... We're very sorry about that, it certainly was not intentional and we definitely see that was not a good thing for people to experience on such an important topic.'

Was it a glitch, a bug or a feature? Inquiring minds want to know...

Re:

[littlem]

Well, there'll be a patch out a month on Tuesday...

Re:

[lostboy2]

Was it a glitch, a bug or a feature? Inquiring minds want to know...

It's a WAD [davespicks.com]

Huh...

[tygerstripes]

Yeah, well, it was a link to an IIS server.

Re:

[recordMyRides]

That sound you heard? That was the sound of someone losing their job.

Re:Huh...

[tygerstripes]

What, like... that strange meaty clattering sound as though a ballistic chair were hitting a peon?

Re:Huh...

[Overly Critical Guy]

Microsofties don't lose their jobs; they just get sent to the MSN group.

A Rocky Start For Vista?

[Analein]

You mean like Steve Ballmer jogging along the beach, throwing sparring chairs at punching dolls while some 80s influenced background music accompanies his efforts to fucking kill everybody? Nice, really.

Re:A Rocky Start For Vista?

[Anonymous Coward]

Steve Ballmer doesn't jog along the beach. The beach moves beneath his feet.

Re:

[Analein]

We can argue about that, but the real question is wether Mr. T will defeat Ballmer :/

Re:

[HoboMaster]

With or without a chair as a weapon?

Re:

[qwertyman66]

*Insert obligatory Chuck Norris reference here*

Re:

[jejones]

That's Elizabethan-influenced music; Bill Conti quotes an anonymous Elizabethan fanfare at the beginning of "Gonna Fly Now."

Re:

[Shivetya]

you must be one those "explosives planted by the government brought down the towers" types eh?

on a side note, Apple's excuse for a virus on some video iPods was given a pass....

Re:

[spun]

It's not some randome 1962 operation. Let's look at what was specifically proposed:

• Starting rumors about Cuba by using clandestine radios.
• Staging mock attacks, sabotages and riots at Guantanamo Bay and blaming it on Cuban forces.
• Firebombing and sinking an American ship at the Guantanamo Bay American military base -- reminiscent of the USS Maine incident at Havana in 1898, which started the Spanish-American War -- or destroy American aircraft and blame it on Cuban forces. (The document's first suggestion re

Re:

[Crispin Glover]

I hear FOX TV and Chris Carter [911review.org] had something to do with planning 9/11 too!

Re:

[Overly Critical Guy]

you have to be wearing blinders not to see the similarities between this actual, documented, nearly implemented plan and what the conspiracy theorists allege about 9/11.

On the contrary, I just have to have common sense. I guess Bin Laden, the Taliban, Al Queda, Britain, both sides of Congress, and the entire military are also in on the conspiracy? Is there a martian in your bedroom?

Re:

[spun]

Hey, I don't actually think 9/11 was planned and carried out by Americans. I think I was fairly clear about that in my reply. I was simply responding to your question, "what does some random 1962 operation have to do with kooks claiming 9/11 was staged without any valid scrap of evidence whatsoever?" You asked a question, I answered it. It wasn't a random operation, it was a planned and documented US false flag operation that is exactly what the kooks are claiming happened on 9/11.

If common sense keeps you

Re:

[Eternauta3k]

you must be one those "explosives planted by the government brought down the towers" types eh?

Actually, they planted explosives in all major buildings in the US. They just hoped a terrorist would hit one.

Re:

[Overly Critical Guy]

What excuse? Apple said they regretted missing the virus while wishing that Windows was hardier against them, since it was an infected Windows machine on the assembly line that introduced the virus into their devices.

Extra! Extra!

[Anonymous Coward]

Microsoft employee sends an email with an incorrect URL in it! Collapse of Micrsoft predicted! End of the world is nigh! Extra, Extra, read all about it!

Slashdot has just sunk to a new low of pointlessness in their "articles". Urgh.

Re:Extra! Extra!

[PreacherTom]

Oh, come on. This is the definition of amusing irony.

Re:

[tygerstripes]

Not meant as criticism, but: the word "exemplar" might be more appropriate.

Re:

[zootm]

If there'd been a security problem with the site, I'd agree with you, but this elicited a proper "meh" from me. Slow news day, I suppose (not so weirded out by it appearing on Slashdot, but someone wrote an article about this).

Re:

[tygerstripes]

You must be new here...

Re:Extra! Extra!

[Dunbal]

Slashdot has just sunk to a new low of pointlessness in their "articles". Urgh.

      You think that's bad - wait for the dupe.

Re:

[Skater]

I think you and the AC that posted right above you should get together and hash it out. He's claiming it's a conspiracy.

Re:Extra! Extra!

[Overly Critical Guy]

Slashdot has just sunk to a new low of pointlessness in their "articles". Urgh.

No, they haven't, though it's amusing to see Microsoft employees posting anonymously now to defend the homeland.

It's a big deal that Microsoft apparently doesn't vet its own URLs before sending them out to third-parties, especially for such an important set of interoperability discussions. The guy didn't even check the link before he sent it out? It's a competence thing (lack thereof). These things just seem to happen with Microsoft, don't they?

Symantec was one of the vendors shut out

[morgan_greywolf]

FTFA:

Most of Symantec's team, for example, was unable to attend. "It turned out that everybody on our team was not able to make the first meeting but one guy," said Cris Paden, a Symantec spokesman.

Symantec and Microsoft have a long history of a love/hate relationship and Microsoft has put more and more things into its operating system products that have closed entire markets for Symantec (and it's predecessors).

Re:Symantec was one of the vendors shut out

[Anonymous Coward]

Symantec and Microsoft have a long history of a love/hate relationship and Microsoft has put more and more things into its operating system products that have closed entire markets for Symantec (and it's predecessors).

What's your point? That's the nature of the "work around defects in the operating system" market. Eventually, even Microsoft fixes them, and you don't have a market anymore. I hate Microsoft, and I still can't blame them for this. It's not like they're the first vendor to include, say, a filesystem that doesn't require constant defragmentation, or a stateful firewall.

Re:

[dircha]

What's your point? That's the nature of the "work around defects in the operating system" market. Eventually, even Microsoft fixes them, and you don't have a market anymore. I hate Microsoft, and I still can't blame them for this. It's not like they're the first vendor to include, say, a filesystem that doesn't require constant defragmentation, or a stateful firewall.

And what's your point? Lest you forget, Microsoft is a convicted monopolist. When you break the law, you have to play by a different set of r

God changes human not to be susceptible to disease

[dascandy]

News headline: God has changed the human being structure to not be susceptible to disease anymore. Antibiotic firms complain, consider it unfair competition.

(the point: if you're a parasite company that's living off anothers companies flaws, bugs and holes, don't complain about the cure)

More eyes is a good thing

[BadAnalogyGuy]

While it seems more a move to placate a rabid EU, this move is actually pretty good for all users.

First, not all users will get the APIs. In fact, only a tiny fraction of users, all of whom work at security and anti-virus companies, will get to see these opened APIs. Why then is it good news?

It's good because it brings into the fold those most able to spot security issues. Despite Microsoft's money and the experience of their top engineers, they all have tunnel-vision when it comes to Windows. And it's not hard to see why, after all, it's their baby. So even though they've got top security people working for them looking deeply into these issues, the very nature of those engineers' employment makes it difficult to see some of the problems that an outside observer would be able to spot easily.

By turning the baby over to the wolves, so to speak, Microsoft is getting Vista tested by the best testing teams around. The OSS motto is "more eyes makes all bugs shallow", I look forward to that same principle working well here.

Re:More eyes is a good thing

[arth1]

First, not all users will get the APIs. In fact, only a tiny fraction of users, all of whom work at security and anti-virus companies, will get to see these opened APIs. Why then is it good news?

It's good because it brings into the fold those most able to spot security issues.

Why do you think those who work at security and AV companies are those most able to spot security issues?
I won't mention names, but some fairly well-known "security and AV companies" have made their business on buying up other companies products, redoing the interface every year so they can demand people pay for a new version, and dumbing the app down by removing functionality whenever something breaks, because they don't have people smart enough to fix things. Outsourced $10/hr drag-and-drop "programmers" will only get you so far, and expecting them to possess intuition, assembly language skills, or a love for discovering what a function can be pushed into doing is expecting far too much.

Also remember that security and AV companies don't want security -- if their products actually fixed security holes, they would put themselves out of business. They want their products to temporarily block attempts, nothing more.
Gurus, on the other hand, work to get the problems fixed, permanently, and the people who made the mistakes aware of what they did, and just why it was bad, so they don't repeat it.

Regards,
--
*Art

Re:

[tonyr1988]

The OSS motto is "more eyes makes all bugs shallow", I look forward to that same principle working well here.

Yes, but this isn't what Microsoft is doing. If they're even getting close to that philosophy, they would make it truly open. The Linux equivalent of that would be if Canonical (of Ubuntu) invited Novell to come check out their source code.

Not even in the same realm as OSS.

Move along....nothing to see here.

[N8F8]

To err is human.

Re:

[Anonymous Coward]

To err is human.

To really foul something up, use a computer.

Re:

[hotdiggitydawg]

"To err is human... but it feels divine" - Mae West

Re:

[Overly Critical Guy]

So is to cheat.

Mail template to security vendors

[Znort]

Dear [insert security vendor's contact]

You couldn't attend the meeting ?

That's really too bad because many very very interesting topics were presented for the first and only time. By missing this important event, you were discalified from any further information that might be made availble in the future.

Sorry for the inconvenience
[insert name and title here]

"...we sent out a messed up link..."

[Browzer]

Like it never happened to anybody!

This is beyond bashing, this is being anal.

Re:

[Lxy]

Normally I'd agree, but this is happening a little too frequently with Microsoft.

I'm subscribed to the beta announcements list. I receive a handful of e-mails every week about online sessions to discuss [new feature] of Vista. I would say close to 25% of them have spelling errors (including one that misspelled "Windows") and I recall 3 or 4 times the incorrect link has been sent out. Incorrect links get a followup correction e-mail, the misspellings never get corrected.

Accidents happen, sure, and we get

Re:

[Overly Critical Guy]

Oh, how ridiculous. It's perfectly justified to criticize Microsoft for sending out a broken link. It means nobody even checked it before it went out! My company sends out links everyday, and it would cost us a lot of money to get them wrong. Somehow, we manage to make no mistakes, but checking a hyperlink must be too difficult for the #1 software developer in the world.

Par for the course

[amichalo]

This type of attention to detail is par for the course from MS.

Re:

[ScentCone]

This type of attention to detail is par for the course from MS.

Right, because no one at, say, Apple, would ever miss something like a typo in a URL that has NOTHING to do with the actual performance of their products. No, they just ship out iPods with viruses pre-installed and blame someone else. Are you so pumped up about bashing MS that a bad URL in a conference invitation is really enough to make you rule out similar (and much worse) employee mistakes at every other software publisher in the business?

Re:

[stubear]

Funny you should bring this up. Apple does have a glaring typo in one of their dashboard wigets. The Dictionary/Thesaurus displays "dictionary thesauru" before it expands when you search for a word. The problem is 'thesauru" doesn't display an "s" at the end after expanding. Ummm...it's a dictionary widget, why not look the word up if you're having trouble spelling it?

Re:

[amichalo]

Go Zune yourself. I was making a joke. Take your anti-Apple agenda somewhere else.

Microsoft sucks - the reality was that it wasn't just a typo, it was a system failure that "conveniently" prevented two MS-competitors from participating in the on-line discussion.

Re:

[ScentCone]

Take your anti-Apple agenda somewhere else

What part of "every other publisher in the business" didn't you hear?

There's a hope

[jackharrer]

...they will do it next few times. European Commision is already p*ssed with Microsoft and want to fine them once again for anti-trust practices. And, if you remember, Microsoft few weeks ago said that they want to postpone delivery of Vista to Europe. Because of this.
Good point of that (except no Vista fo Europe) is that it will create market for Open Source Software. Especially that Europe already started their fight with proprietary (actually paid for) software.

Yes, I know it's slightly off-topic...

We're all victims

[Gracenotes]

Yeah, well, it was a link to an IIS server.

Yet another innocent soul taken by the immoral horrors of RAS syndrome [wikipedia.org]. We're drowning in acronoyms! Somebody get some SCUBA apparatus.

Re:

[Gracenotes]

Oh, wait -- nevermind.

The real question is....

[Admin_Jason]

Who thought of this? MS wants to keep kernel secret, then capitulates, and schedules conference with security vendors, then admits it screwed up and schedules another one for people to attend. A net meeting?!?! To discuss security of an OS?!?!?! Does this not set off flags in the minds of the security sector? I am sorry but if I want to discuss such sensitive things as OS kernel and API programming and how to avoid, detect and remove malicious apps from infecting the OS, I do this face-to-face with people that are screened, background checked, and sign NDA's specifying to whom they can talk to and consequences if they reveal anything proprietary to anyone w/out express written consent.

Perhaps I am anal that way, but come on, we're talking about an OS that will likely suceed the millions of Windows 98, 2000 and XP in the vast majority of homes and businesses across the planet!

Re:

[Jtheletter]

we're talking about an OS that will likely suceed the millions of Windows 98, 2000 and XP in the vast majority of homes and businesses

Somehow I doubt the machines still running win98 and 2K are capable of running Vista w/o massive hardware upgrades. Not to mention those users have demonstrated they have little to no interest in upgrading their OS by now anyway if they're still running win98 - and that's speaking as someone who has a box still running win98. Just as a project pc mind you, not on the net, b

Re:

[Admin_Jason]

Fair point about lack of upgradability, but given the assumption of a 5 year life cycle for a computer, these are PC's that are at, near, or beyond their life cycle and will likely be replaced at or around the time Vista is released (eventually, any computer will just die from use or obsolescence). Thus, while the OS may not specifically be upgraded, the odds of these people (mostly non-technical types)jumping to a Mac or Linux are unlikely, so a Vista box will probably be their next PC, which brings us ba

Re:

[drsmithy]

Somehow I doubt the machines still running win98 and 2K are capable of running Vista w/o massive hardware upgrades.

If you have a PC with a >=1Ghz CPU and >=1G RAM, it will run Vista about as well as it runs XP. The only upgrade you might have to splash out on is a US$50 video card to run Aero, if the one you've got won't already do it.

This is a first!

[giafly]

Your search - "totally our fault" site:microsoft.com - did not match any documents.

Suggestions:

• Make sure all words are spelled correctly.
• Try different keywords.
• Try more general keywords.
• Try fewer keywords

Google [google.com]

Re:

[Res3000]

TBH, if you remove teh "totally" you get some results (mostly from there forums, tho)

At least they could...

[shirizaki]

Zune the security companies audio files of what they missed.

Sure

[Dunbal]

'We had a glitch where we sent out a messed up link. ... We're very sorry about that,

      A source has informed up that the "messed up link" was in fact a link to tubgirl. Disciplinary action has been taken against the employee responsible. The project manager for Symantec was quoted as saying the experience was "educational", and he is likely never to click on that link again...

"Accidents" happen... all too frequently

[dpbsmith]

I certainly don't think this is a case of "accidentally-on-purpose." But I do think it is a symptom of a endemic problem in the PC industry, which is lack of attention to usability because computer people are intolerant of human fallibility. Even though they exhibit just as much human fallibility as anyone else, when they encounter a technical glitch they are reluctant to blame the design of the system.

Sure, "everyone has glitches from time to time," but when people at Microsoft can't get an important web meeting to work it suggests that there's something flawed about this "all-net-all-the-time" vision they've been touting for more than five years.

Computer technology reached a peak of usability in the early 1990s, when PC vendors still felt that they had to make things easy to use (and supply real support) in order to secure adoption. Once everyone was locked in--not so much to Microsoft, but to PC technology in general--usability was allowed to deteriorate.

The pretense that unreliable, hard-to-use unfinished technology is ready for release is so imbued into Microsoft's culture that Microsoft managers are evidently willing to use unreliable, hard-to-use, unfinished technology to conduct important Microsoft public business.

Stepto should _not_ blame "us" for the "glitch" and apologize. Instead, they should take a long hard look at what it was about the technology they were using that made it easy to "send out a messed-up link."

Re:

[Jellybob]

The most likely thing to have happened is someone putting a typo in the URL, if they had been running tests on it, then it would probably have been caught, but presumably it was seen as one of those small projects that doesn't really need a proper QA process.

Re:

[dpbsmith]

A participant (or non-participant, as it turned out), Alex Eckelberry, said [blogspot.com] "someone at Microsoft accidently sent out the LiveMeeting presentation invites as "presenter", which if you've ever used LiveMeeting, is an invitation to chaos. Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn't all come together, because the meeting had been originally setup to end at 12:30, so we were promptly all kicked off."

So, the system design makes it easy to make a mistake that is an "i

Re:

[BlueCodeWarrior]

I'd agree, this is a potential huge problem. The reason that I say potential is this: I'm not sure that I'm qualified to judge this. I find the command line to be the most usable, reliable way to do things with my computer. I'm the kinda guy who types 'firefox &' into an xterm, downloads something, then types 'mv ~/Desktop/whatever ~/Documents/whatever'. Yakuake is amazing. But that's the problem. I personally consider Mac OS X to be quite usable. I've been using Macs since the Plus, and I've used a ]

And in other shock news...

[Arimus]

Office worker makes typo and orders 500,000 tongue depressers instead of 50,000

WTF does this have to do with anything, sure someone messed up. The mistake? A typo.

Show me someone who uses a computer day in day out and HAS never once sent an email with a typo, typed a letter containing a typo etc etc etc.

I'm all for a bit of MS bashing where it is due but it is not due here.

Nothing to see here, move along now...

tired of pr & media

[sulfur_lad]

File this under 'off-topic rant'.

you know, I think a lot of companies in the world could do a lot better without their pr arms sometimes, and we'd do a whole lot better without reporters. MS is apologizing for a technical glitch here, but why the need for the public apology? I'm sure PR told them to do it and even wrote it. Whoever wanted to be in the meeting should just get a "uh yeah, sorry about that; we'll reschedule the sucker if we can't figure it out in a few minutes." Guess what, it happens!

World without reporters

[Valacosa]

"...we'd do a whole lot better without reporters."

You're right. I'd be a lot better off if I didn't know anything about the war in Iraq, or about congressman hitting on pages.

Re:

[sulfur_lad]

You're taking me a bit literally and out of context, let me clarify. A world without the 'reporters' that I'm talking about would be good. We definitely need journalists, or people who legitimately report on world affairs in an unbiased neutral "here's what happened" form. We don't need tabloid media. Reading CNN's RSS vs CBC's is incredible (and the CBC is not the least biased medium out there either).

As for the congressman and pages, that thread follows my argument completely: A lot of the 'reports

messed up link ..

[rs232]

Doesn't sound like a messed up link. According to this dozens of users were kicked off the system. How does a messed up link cause them to login as 'presenters'?

Microsoft finally called an online briefing .. Fifteen minutes into the much-anticipated briefing, dozens of the security companies were kicked off [crn.com] line and could not connect again

"There were problems with the audio and video. We could not get back on."

A Microsoft spokesman explained the crash was due to "technical problems" and an extra briefing would be set for Monday

'Alex Eckelberry .. said .. participants signed [theinquirer.net] on as presenters. "Which, if you've ever used Live Meeting, is an invitation to chaos".'

Did the users actually sign on as 'presenters' and how would this crash Live Meeting?

Re:messed up link .. explained

[A_Non_Moose]

"There were problems with the audio and video. We could not get back on."

Non-signed, certified codecs, eh? BAD DEV! No intraweb for YOU!

A Microsoft spokesman explained the crash was due to "technical problems" and an extra briefing would be set for Monday

Vista on an Xbox 360 using Xbox Live for Net Meetings is not recommended, apparently.

'Alex Eckelberry .. said .. participants signed on as presenters. "Which, if you've ever used Live Meeting, is an invitation to chaos".'

Did the users actually sign on

A BSOD?

[rajafarian]

A Microsoft spokesman explained the crash was due to "technical problems"...

LOL

Re:

[Alexeck]

Did the users actually sign on as 'presenters' and how would this crash Live Meeting?

No, it meant that everyone had control of the meeting, so the slides kept flipping back and forth as anyone was able to control the meeting.

Alex Eckelberry

Re:

[rs232]

it meant that everyone had control of the meeting, Alex Eckelberry

"Live Meeting enables multiple presenters to work together in a meeting with one presenter assigned as the Active Presenter [microsoft.com]"

Vista "Security" Already Compromised

[mpapet]

As reported by the researcher on the blog, Microsoft's kernel protection scheme is wide open for some classes of malware.

http://theinvisiblethings.blogspot.com/2006/10/vis ta-rc2-vs-pagefile-attack-and-some.html [blogspot.com]

Re:

[h2g2bob]

Gah, create an account! It's easy:
  1. Click "Create Account"
  2. ...
  3. Profit!