Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Executive Tapped For Top DHS Cyber Post

samzenpus posted more than 5 years ago | from the reboot-to-be-safe dept.

United States 138

krebsatwpost writes "The Department of Homeland Security has named Microsoft's 'chief trustworthy infrastructure strategist' Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"

cancel ×

138 comments

Sorry! There are no comments related to the filter you selected.

There May Be An Upside (0)

Velska1 (1435341) | more than 5 years ago | (#27163299)

This guy probably knows the devious plans Steve Ballmer has...

Anyhow, with DoD and DoJ experience in those capacities, it seems likely he knows a lot about privacy issues.

OTOH, Microsoft using phrases like "trustworthy infrastructure" and "trustful computing" in chilling. Just whom am I supposed to trust? M$?

Don't get me wrong. I use XP Pro on some stuff that's just easier to do with it (I know, laziness on my part, maybe) and it's doing it's thing. And after all, it's quite often cheaper to buy a desktop with Win than without (and I'm poor). But as an antimonopolist, I avoid it on principle.

Re:There May Be An Upside (2, Insightful)

maxume (22995) | more than 5 years ago | (#27165201)

Things that you occasionally compromise are generally called preferences.

Microsoft and Security in the same sentence? (1, Funny)

BadAnalogyGuy (945258) | more than 5 years ago | (#27163307)

Boy oh boy. Obama seems to be turning into a big disappointment with some of these appointments.

What'll he do next? Appoint Mike Tyson as head of Department of Heath and Human Services?

Re:Microsoft and Security in the same sentence? (4, Funny)

Praedon (707326) | more than 5 years ago | (#27163347)

Nope. New department, which is Department for Cannibal Relations.

Re:Microsoft and Security in the same sentence? (1)

Ihmhi (1206036) | more than 5 years ago | (#27165105)

The rest of us refer to that as the Internal Revenue Service.

Re:Microsoft and Security in the same sentence? (1, Flamebait)

timmarhy (659436) | more than 5 years ago | (#27163359)

what do you expect, you people carried on like it was the second comming when you elected him. no one can live up to that kind of hype.

Re:Microsoft and Security in the same sentence? (1, Insightful)

BadAnalogyGuy (945258) | more than 5 years ago | (#27163367)

What do you mean, "you people"?

Re:Microsoft and Security in the same sentence? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27163793)

NIGGERS!

Re:Microsoft and Security in the same sentence? (1)

El Torico (732160) | more than 5 years ago | (#27166077)

People who can use punctuation, capitalization, and spell properly. Actually, I think he was referring to those who voted the President into office.

Try not to be too delusional. (0)

Anonymous Coward | more than 5 years ago | (#27163397)

Maybe this guy was a bad pick, maybe he wasn't. I'm not sure which it is, but just because he worked for Microsoft does not imply that he knows nothing about security.

Microsoft might not be great at security overall, but that doesn't mean they don't have any security experts working for them.

Re:Try not to be too delusional. (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27163515)

MS is loaded with Security "experts". That fact alone should disqualify him. Picking this guy, would be like picking a general from Sadaam's Iraqi Army to run our nation's Military. Would you do it? Nope.

Re:Try not to be too delusional. (0)

Anonymous Coward | more than 5 years ago | (#27163743)

I wouldn't pick a General from the Iraqi army to run another nation's military for reasons other than whether they have the necessary skills.

Just because they were part of the Iraqi military doesn't mean they are unskilled. Similarly, just because this guy worked for Microsoft doesn't mean he lacks intelligence.

Re:Try not to be too delusional. (3, Interesting)

daemonburrito (1026186) | more than 5 years ago | (#27163789)

[...] just because this guy worked for Microsoft doesn't mean he lacks intelligence.

No, but it does mean that he was part of the team fighting US-CERT for months over autorun, at least. He likely helped resist an effort by a division of the department he is to head to fix a security problem that was so bad, they felt it endangered national security.

Re:Try not to be too delusional. (2, Interesting)

jaredmauch (633928) | more than 5 years ago | (#27164273)

A sad note on the autorun activity. The challenges US-CERT has are complex as they have little ability to enforce sane standards and are just as the name says a response team. Once you formulate a response, someone has to execute it, and the federal government is one of the largest enterprises out there, certainly if you include all the contractors as well. It will be interesting to see if there is a shift away from bah to career feds.

At the same time, everyone makes mistakes and Phil has always shown himself to be a person who generally "gets it" compared to others I've bumped into at GLB. The same is true for any org, fed or not.

Re:Try not to be too delusional. (4, Interesting)

daemonburrito (1026186) | more than 5 years ago | (#27164439)

I don't know. Even if he just did nothing to stop Microsoft's resistance it would be bad.

If guys from CERT called me and said, "Hey, could you make The Autorun and NoDriveTypeAutorun registry values actually do something? We worried about this 10 million strong botnet," I'd probably comply. The reality was even worse; Microsoft wrote instructions for users to mitigate the problem which they knew were not effective.

The last thing I would do would be to start a PR war, which they did only to save face about something that has been criticized for over a decade. It's amazing... some slight marketing concern overrode what they were told was a matter of national security.

Funny... the wikipedia page on autorun was just stealth edited to remove all mention of the problem. [wikipedia.org]

Re:Microsoft and Security in the same sentence? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27164559)

Maybe they should appoint some Linux retards who don't know how to do anything but bitch. Waaaa waaaa Microsoft is so evil.

Re:Microsoft and Security in the same sentence? (4, Insightful)

Lumpy (12016) | more than 5 years ago | (#27164767)

Why do you people think that the next new guy will be any different than the last one? I don't care WHO is elected. If they are Democrat or Republican, they will cater to their interests first and do the right thing last.

MSFT funded a lot of his campaign. This is paying them back by appointing one of their executives, or they use their buddies.
This happens every change of power.

I just get a royal kick out of all the "WOO CHANGE!" people all sitting in their chairs sober now with their mouth open at the TV sets staring in disbelief.

The only advantage is that this time our president is actually educated and articulate.

Re:Microsoft and Security in the same sentence? (-1, Offtopic)

Sj0 (472011) | more than 5 years ago | (#27165039)

Also, Democrats have spent significantly less and created significantly less debt than Republicans.

For all this talk of how evil the Democrats are for spending, the #1 and #2 increases in both the federal debt and federal budget, adjusted for inflation, are Bush and Reagan.

So for real Republicans, rather than socialists who hate minorities, the best president is a Democrat. They'll keep the government smaller.

Re:Microsoft and Security in the same sentence? (4, Insightful)

Anonymous Coward | more than 5 years ago | (#27165075)

The only advantage is that this time our president gives great speeches from a teleprompter [politico.com] .

There... fixed that for you.

... trustworthy computing? (4, Funny)

Anonymous Coward | more than 5 years ago | (#27163329)

Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft

Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?

Re:... trustworthy computing? (1)

erroneus (253617) | more than 5 years ago | (#27163785)

To be fair, "trustworthy computing" was just a buzzword that meant "DOS with no network card on the PC." It was still a work in progress and clearly has not been released yet.

Alas no (3, Insightful)

Mateo_LeFou (859634) | more than 5 years ago | (#27166161)

The term might not be used as often, but the concept is alive and well

"the new chips will 'block unauthorized access to the frame buffer.' ...

There is a short list of parties who will be unauthorized to access your frame buffer: You. There is a long list of parties who are authorized to access your frame buffer, and that list includes Microsoft, Apple, AMD, Intel, ATI, NVidia, Sony Pictures, Paramount, HBO, CBS, Macrovision, and all other content owners and enablers that want your machine to themselves whenever youâ(TM)re watching, listening to, reading, or shooting monsters with their products. "

http://www.infoworld.com/article/07/03/28/14OPcurve_1.html [infoworld.com]

Re:... trustworthy computing? (2, Interesting)

gadget junkie (618542) | more than 5 years ago | (#27164075)

Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?

I do not think it's forbidden, but it comes very close to the definition of Oxymoron, [wikipedia.org] i.e. mutually contradictory terms.

Re:... trustworthy computing? (1)

jaredmauch (633928) | more than 5 years ago | (#27164233)

If there was a law, it would be the justice department that prosecuted it.

Microsoft and Security in a same sentence? (4, Funny)

Anonymous Coward | more than 5 years ago | (#27163339)

I foresee a lot of Microsoft Security jokes in the following threads.

Here is one

Do you allow Phil Reitinger to be the top cyber security official?

Allow | Deny

Re:Microsoft and Security in a same sentence? (4, Funny)

Narnie (1349029) | more than 5 years ago | (#27163371)

Do you allow Phil Reitinger to be the top cyber security official?

(Okay)

Fixed that for you.

Re:Microsoft and Security in a same sentence? (0)

Anonymous Coward | more than 5 years ago | (#27163803)

Microsoft has many security problems.

Its ok to have Microsoft and security in the same sentence.

Re:Microsoft and Security in a same sentence? (1)

lxs (131946) | more than 5 years ago | (#27164447)

More like:

Retry, Abort, Fail.

]pop[ Clippy: (0)

Anonymous Coward | more than 5 years ago | (#27164759)

I see you're trying to become a cyber security official.

Would you like me to help you with the kickbacks?

Yes | No

99/100 CIS Tool (multiplatform test of security) (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27165097)

"I foresee a lot of Microsoft Security jokes in the following threads." - by Anonymous Coward on Thursday March 12, @03:48AM (#27163339)

I don't, because Windows can be as secure as any OS out there per this guide's steps ->

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=9237bccd0bf4b73b2fc429d84ccf01d2&showtopic=2662 [tcmagazine.com]

----

There, you see results from tests which utilize a multiplatform gauge of security based on industry best practices for this called

CIS Tool

(To make securing a Windows NT-based OS of modern varieties such as Windows 2000/XP/Server 2003 in order to do so, and it is like running a PC performance benchmark almost and it is fun to do if you like benchmarking of any kind).

There in the url above you also can see how Windows 2000, XP, &/or Server 2003 do on said test (and the guide goes far beyond CIS Tool guidance only), and for a hour or so's worth of work on the testers' part and they can have a system that scores 99/100 potentially on said test as well as years to decades of secure uptime after using its points.

Word of Mouth results gained by a user who shows NO virus/spyware/trojan/rootkit/malware in general infestations on his own machine &/or those of his paying clients also after using this test & the points in the guide above:

----

http://www.xtremepccentral.com/forums/showthread.php?s=b956ddd43cfcfc73f0f3378405860794&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

THRONKA @ www.xtremepccentral.com

----

(The entire "Linux is so secure" mantra you see online and rampantly here, in the past @ least but not so much anymore imo, is also upset by what is shown in the very 1st post in that guide because Linux itself can be more secure than it is out of the box oem stock as well, with data from a slashdot poster there in Bert64's 90/100 score using SuSe Linux as an example thereof - that said & aside, you Linux/BSD/Solaris fans here may wish to take a peek @ the CIS Tool as well for the purposes of making sure you "lock down" your *NIX machines also (this tool is extremely helpful on all of these platforms for these purposes)).

APK

P.S.=> Personally, I don't see as many "Pro-*NIX" people here stating that "Windows is insecure" as much as they used to, to be blunt about it upon my observation while stopping by here since 2004 to present day, because the jokes & jibes directed Microsoft's way seemed to have died down quite a bit, @ least in terms of security-oriented ones (oh, they're still around & about, just not nearly as much or as bad)... apk

Ah dammit... (4, Funny)

Narnie (1349029) | more than 5 years ago | (#27163343)

There goes any chance of the DHS switching over to an linux/unix environment in the next decade.

que 500 stupid M$ sux0rs posts (5, Insightful)

timmarhy (659436) | more than 5 years ago | (#27163377)

this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

Re:que 500 stupid M$ sux0rs posts (0, Flamebait)

BadAnalogyGuy (945258) | more than 5 years ago | (#27163393)

eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

Inter-agency communication.

The lack of it, coupled with an administration that was ignoring the messages from all sides led directly to 9/11. Since we can't always trust that our President will be aware of all the right information, we can at least implement the bureaucracy in such a way that as long as someone is paying attention we can act.

Re:que 500 stupid M$ sux0rs posts (4, Funny)

timmarhy (659436) | more than 5 years ago | (#27163427)

so let me get this right, government departments were shown to be poor are communicating, so your solution is to create yet another goervnment department for them all to mis communicate with?

Re:que 500 stupid M$ sux0rs posts (2, Informative)

BadAnalogyGuy (945258) | more than 5 years ago | (#27163475)

The DHS is the over-arching agency containing the previously separate agencies you listed above.

Prior to the creation of the DHS, communication between agencies like the CIA and FBI was legally difficult because of the lack of transparency. But now that they are under the same umbrella agency, they can share information much more easily.

Re:que 500 stupid M$ sux0rs posts (2, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#27164289)

And you honestly think that is a good thing? How old are you, anyway?

Re:que 500 stupid M$ sux0rs posts (3, Informative)

CaptainJeff (731782) | more than 5 years ago | (#27164671)

Ummm....the CIA and the FBI are not under the same agency now. The FBI is an agency of the Department of Justice and the CIA is an independent agency that quasi-reports to the Director of National Intelligence. The other agencies mentioned, the NSA and the police, are also not part of DHS. NSA is an agency of the Department of Defense and policing is a local function, run by any number of local agencies. But by all means, keep talking about things you obviously don't know anything about and cannot be bothered spending ten seconds on Google to confirm. :)

Re:que 500 stupid M$ sux0rs posts (1)

gtall (79522) | more than 5 years ago | (#27164235)

How about the Department of Miscommunication. The basic problem, it seems to me, is that miscommunication is spread out over the entire government structure. Now if we were to centralize it into a D. of MC., then all the other departments could rely on that sole department to implement their miscommunication and they would be left to do their jobs in peace.

It wouldn't do to have the other departments communicate with the new D. of MC. (the obvious paradox, eh). Instead, there would be D. of MC. staffers in all the departments. Any communication out of the depts. would run through these individuals and be subsequently lost, stolen, misinterpreted, injected with blatant falsehoods, eaten by mutant weasels, etc. There is no need to handle communication into the depts. since no one dept. could effectively communicate it to begin with.

And we could have this Phil Reitinger guy run the whole shebang. He'd feel right at home since when has MS ever effectively communicated with anyone without lying, misquoting, and being generally misleading.

Re:que 500 stupid M$ sux0rs posts (4, Insightful)

Renraku (518261) | more than 5 years ago | (#27163423)

If we could achieve with nuclear fusion what we have achieved with DHS, we'd all be living off of cheap and reliable energy.

Suffice to say, the DHS is rather self-sustaining. If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

Re:que 500 stupid M$ sux0rs posts (2, Funny)

Chas (5144) | more than 5 years ago | (#27163719)

If we could achieve with nuclear fusion what we have achieved with DHS

What? A parasitic reaction that just consumes and consumes and consumes, is more of a hindrance than a help, and wastes tons of money in the process?

Re:que 500 stupid M$ sux0rs posts (1)

Arancaytar (966377) | more than 5 years ago | (#27163741)

If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

So "re-settling to Mars now that we've blown the Earth up with fusion bombs" would be a more appropriate analogy than "living off of cheap and reliable energy". ;)

Served their purpose (0)

Anonymous Coward | more than 5 years ago | (#27165661)

No, I think you mis-understand.

DHS served it's purpose very well: keeping Americans in fear, and providing security theater.

What? you thought they made it to help the American people?

Martyr complex (0)

Anonymous Coward | more than 5 years ago | (#27163603)

Have you ever noticed that your "que [sic] the freetards", "que the ecocommunists", etc. predictions never seem to be accurate?

I've got one that I bet will be accurate, though... "que the freerepublic mod squad modding you up".

Re:que 500 stupid M$ sux0rs posts (2, Informative)

retech (1228598) | more than 5 years ago | (#27163649)

Did you mean: Cue or Queue?

Re:que 500 stupid M$ sux0rs posts (2, Funny)

xouumalperxe (815707) | more than 5 years ago | (#27163921)

It's a portmanteau! He's cuing the "500 stupid M$ sux0rs [posters]" to queue up, since there's so many of 'em!

Re:que 500 stupid M$ sux0rs posts (1)

retech (1228598) | more than 5 years ago | (#27164979)

Perhaps you give more credit than is due.

Re:que 500 stupid M$ sux0rs posts (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#27163837)

if those 4 agencies can't get it done wtf is the DHS going to add?

Another thick layer of bureaucracy.

Re:que 500 stupid M$ sux0rs posts (0)

Anonymous Coward | more than 5 years ago | (#27164463)

Has MS security improved since 2003..?

Re:que 500 stupid M$ sux0rs posts (1)

Narnie (1349029) | more than 5 years ago | (#27164511)

this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

DHS adds funding for the Coast Guard. Before the DHS nonsense, the CG was within the Department of Transportation. Not really enough money in the pot for the CG to keep a modern fleet and perform all of it's various rolls.

Actually, that's about the only good I've seen come out of DHS.

Re:que 500 stupid M$ sux0rs posts (1)

sunwukong (412560) | more than 5 years ago | (#27165171)

Not really enough money in the pot for the CG to keep a modern fleet and perform all of it's various rolls.

If they'd stop scuttling their vessels they wouldn't have to keep replacing them!

Good Grid! (5, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#27163391)

Isn't that like asking the head of AIG to be the officer of "financial responsibility"???

Re:Good Grid! (1)

Vectronic (1221470) | more than 5 years ago | (#27163517)

No.

Re:Good Grid! (2, Funny)

antibryce (124264) | more than 5 years ago | (#27165123)

it'd be like appointing a tax cheat to head the IRS.

Re:Good Grid! (0)

Anonymous Coward | more than 5 years ago | (#27165691)

You laugh, but it's how Joe Kennedy (who was a notorious stock fraud guy, dealing in both insider trading and stock manipulation) got appointed as head of the SEC.

The reasoning? Can't stop a trick if you don't know how it's done. He just shut all the loopholes he himself used. Ended up being pretty good.

US-CERT mentioned in article (5, Informative)

daemonburrito (1026186) | more than 5 years ago | (#27163407)

I wonder if we will be seeing US-CERT standing up to Microsoft the way they did with this [us-cert.gov] (a vector for conficker) with him in charge.

I have a sick feeling about this. This guy was surely part of the Microsoft effort to call this a feature. And what was this "political infighting" that the article alludes to? I hope it wasn't over whether to go after Microsoft for aiding in the creation of the largest botnet to date.

Re:US-CERT mentioned in article (0)

Anonymous Coward | more than 5 years ago | (#27164241)

And what was this "political infighting" that the article alludes to?

I suspect you're serious in asking that question. And if that is indeed the case, I'd suggest you pull your head out of your technological ass bubble and take a moment to look at what else might be happening in the world around you. And in case you truly do need it spelled out for you, the DHS has been a contentious entity ever since it was formed. For starters, there has been political infighting there over what exactly it's role should be in relation to the other intelligence agencies. Sometimes I seriously wonder just how big the blinders that you guys purposefully put on really are.

Re:US-CERT mentioned in article (1)

daemonburrito (1026186) | more than 5 years ago | (#27164291)

RTFA. I'm talking about about CERT and conficker.

FWIW, I don't like the very idea of DHS. Also, fuck you.

In all seriousness (4, Interesting)

Jane Q. Public (1010737) | more than 5 years ago | (#27163463)

While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable, I doubt that anecdotes about how Microsoft executives tried to make their systems secure will be equally valuable. This was a ridiculous choice, and further undermines my initial hope that Obama might indeed turn out to be a good President.

Re:In all seriousness (3, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#27163729)

The choice of an executive officer of a major supplier of operating systems -- Windows of all things -- to this position sends a clear message to those who have been involved in "security" issues for many years. And that message is: "We don't care about 'security' except to the extent that it affects our corporate friends."

I am very saddened by this news.

Re:In all seriousness (-1, Flamebait)

drsmithy (35869) | more than 5 years ago | (#27163875)

While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable [...]

Perhaps you could expand on how Windows is any more or less "inherently insecure" than other platforms.

Re:In all seriousness (2, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#27163887)

Why? If you do not already know, then you aren't qualified to be in this discussion.

Re:In all seriousness (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27163915)

Pardon me, I should qualify that statement. If you are referring to Vista, which arguably has respectable security, my reply is: maybe the security is okay but nobody wants to use it. If, on the other hand, you are referring to Windows 7, then my reply is: we'll believe it when we see it.

Re:In all seriousness (1)

drsmithy (35869) | more than 5 years ago | (#27164025)

Pardon me, I should qualify that statement. If you are referring to Vista, which arguably has respectable security, my reply is: maybe the security is okay but nobody wants to use it. If, on the other hand, you are referring to Windows 7, then my reply is: we'll believe it when we see it.

Since the fundamental design of Windows security hasn't really changed since Windows NT 3.1, I still want to hear about why it's any more or less "inherently insecure" than other platforms.

Re:In all seriousness (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164037)

And I want to repeat: if you really don't know, then you are not qualified for this discussion.

Re:In all seriousness (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164175)

For some reason that escapes me at the moment, I have changed my mind and decided to be charitable, and explain some things that should be obvious to the merest idiot:

If Microsoft's basic security model has really not changed since NT 3.1, then there was really no reason to implement Vista's UAC... other than to unsuccessfully emulate the default security mode in most Linux distros. And, as so many people have reported in painful and repeated detail, the Vista UAC was indeed something that should have been aborted before it was born. Not only was it unsuccessful in emulating Linux default mode, it solved nothing and accomplished little but pissing everybody off.

Linux's basic security model has not NEEDED to change since NT 3.1. But if you really think Microsoft's basic security model has not needed to change, then you have no reason to complain about any virus or IE-exploit malware that you get between now and Windows 7. Or maybe 8.

Have fun with your "state of the art" OS... and don't come complaining to me when it fails to work with what everybody else is doing.

Re:In all seriousness (0)

Anonymous Coward | more than 5 years ago | (#27164281)

He was right to question you then. If you think that implementing UAC changed more than a tiny part of the security model, you're not qualified for this discussion.

To Anonymous Coward: (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164337)

You completely missed the point. If the UAC did not actually change the security model, then there was no real reason for its existence other than theater. You are merely confirming what others already know: it was a joke masquerading as "security". And if the security model did not really change, then the interface for it really did not need to change.

The fact is that some basic security assumptions needed to change but they did not. The UAC has little to do with that directly but it illustrates the extend that Microsoft will go to misdirect its users.

Re:To Anonymous Coward: (0)

Anonymous Coward | more than 5 years ago | (#27164423)

You're dancing around the question, because you can't answer it. Can you actually commit to a response? Stop pussyfooting around, saying Vista may be okay and UAC might be security theatre. So what if UAC is misdirection? So what if it's designed to emulate sudo or whatever it is you're trying to say? The basic security model in Windows hasn't changed, and you haven't actually said anything yet that disproves that.

So - answer the question, admit you're talking bollocks or shut up.

To THE OTHER Anonymous Coward: (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164583)

I haven't danced around anything. I did not say that the UAC "might" be security theater, or any of these things you accuse me of. Here is simple logic, okay? I guess at this level I have to ask: You accept that simple logic is valid? From what you have stated I am not sure.

*IF* the Windows security model hasn't changed, *THEN* the UAC is a joke. Okay? There is no reason for its existence OTHER THAN show.

Get it?

And the presence of such a major "feature" for nothing but show is ... well, "stupid" comes to mind but I am tempted to use another word.

If the basic security model of Windows hasn't changed, then there was no reason for the security interface to change... yet it did. So, which is the truth? Better security, or an illusion? You argue for the illusion. Okay. But if so, let's not pretend it's anything else.

I did not say that the basic security model of windows has changed. Others have. What I am saying is: if the basic security model of windows hasn't changed, then YOU shut up! You have nothing to complain about when you get a common virus via your Exhange server, or a piece of malware because you visited an unfriendly site via Internet Explorer.

I'm not talking bollocks... I'm not talking anything. I'm simply pointing out where YOUR talk is somewhat misplaced.

please explain why "illusion" isn't it (0)

Anonymous Coward | more than 5 years ago | (#27164833)

UAC *is* a joke. Like the uninstaller that says "this DLL doesn't look like it's being used. Do you want it deleted? It may break something ig yo do", it's only there to make the USER responsible for a system problem, even though the user isn't given enough information (nor even the power) to find out what they should do.

Windows security HAS NOT CHANGED.

Re:In all seriousness (0)

Anonymous Coward | more than 5 years ago | (#27164513)

"Have fun with your 'state of the art' OS... and don't come complaining to me when it fails to work with what everybody else is doing."

Careful there.

Re:In all seriousness (1)

drsmithy (35869) | more than 5 years ago | (#27165983)

If Microsoft's basic security model has really not changed since NT 3.1, then there was really no reason to implement Vista's UAC...

Right. Just like if Linux's "security model" hasn't changed since 1991 there wouldn't be any need for those nice graphical sudo prompts and the like that everyone gets now.

UAC is little more than UI gravy. It's mostly about putting a prettier and more automated face onto "Run As", much like the graphical sudo prompts in OS X and recent Linux distros do. The underlying ACL-based multiuser security model that actually make it possible, has not changed since day 1.

But if you really think Microsoft's basic security model has not needed to change, then you have no reason to complain about any virus or IE-exploit malware that you get between now and Windows 7. Or maybe 8.

I've been running NT as a regular user since early 1996. As such, I've been no more worried about IE exploits than I have about any other userspace code exploits (on any of my machines, be they Windows, Linux, FreeBSD, Solaris, OS X, or whatever).

Oh, and I'm still waiting to hear about these "inherent problems", rather than rhetorical, anecdotal, FUD about problems in the UI and userspace programs.

Re:In all seriousness (1)

drsmithy (35869) | more than 5 years ago | (#27165217)

And I want to repeat: if you really don't know, then you are not qualified for this discussion.

I *do* know, which is why I want to hear what bullshit you're going to make up to pretend *you* know.

Enemy combatants. (4, Funny)

Snufu (1049644) | more than 5 years ago | (#27163469)

Anticipate all persons attempting to enter the U.S. to be screened for explosives, hazardous chemical agents, firearms, radioactive materials, and open source software.

I'd like to be objective about this. Let's try. (5, Insightful)

Anonymous Coward | more than 5 years ago | (#27163499)

I like how this guy, whom I don't know much about, is painted a smart pick, coming as he does from the largest single computer security threat on the planet. Anybody recall that up to not very long ago at all security was not on their agenda? Simply because it made them more money not to care.

Oh, and that is remebering their own words and without mentioning the usual, such as that they are convicted monopolists too, their business practices suck, their code sucks, their customer service and sales techniques reminisces that of office depot, and so on and so forth.

The bottom line is that in politics you usually don't let the guy who fucked it up try and fix it. Unless perhaps the guy has friends in high places.

Re:I'd like to be objective about this. Let's try. (2, Funny)

gtall (79522) | more than 5 years ago | (#27164297)

How do you explain the Congress then? They cannot all have friends in high places. Watch CSpan when they broadcast hearings sometime. It's amazing how clueless these morons can be, especially the House members. For some odd reason, Senators have two brain cells to rub together instead of a single loner.

Typical Committee Hearing:

Title: Investigation into Why Tarp Funds are being Misused.

Purpose: Figure out if Tarp Funds are being misused.

Dennis Kucinich: Blah, blah, blah, Ohio, blah, blah, I am NOT an idiot, blah.....

Each Member: Given 5 minutes to whine about how they don't understand anything.

Suspect Witness: Given 10 minutes to state why he isn't lying after being told he is going to lie.

Questioning: Isn't it true you beat your dog this morning after beating your wife and her mother?

Suspect Witness: We didn't use Tarp Funds in beating those individuals.

Dennis: Thank you for appearing here and assuming the position, we welcome you back to beat you up again at our convenience, 'cause, y'know, we have nothing better to do.

Re:I'd like to be objective about this. Let's try. (0)

Anonymous Coward | more than 5 years ago | (#27164325)

Now that you bring that up, can we ditch the whole thing and start over? I'd rather not wait before the rest of the world decides it's not going to happen and Takes Action[tm] themselves. Or in teams, maybe.

Re:I'd like to be objective about this. Let's try. (1)

roguetrick (1147853) | more than 5 years ago | (#27164415)

I swear they do that jerry springer shit just to get people to watch them for once.

Did anyone else misread... (3, Funny)

wayward_bruce (988607) | more than 5 years ago | (#27163533)

Many in the security industry praised him as a smart pick, [...]

Did anyone else misread this as "smart prick"?

Re:Did anyone else misread... (1)

u38cg (607297) | more than 5 years ago | (#27165525)

Several times, yes. I didn't actually question it, then I saw it again, and thought, that's a bit harsh...oh, I see.

Re:Did anyone else misread... (0)

Anonymous Coward | more than 5 years ago | (#27165977)

Yes

MS hate posts? (0)

Anonymous Coward | more than 5 years ago | (#27163547)

I hardly see any on slashdot lately. I mean, there are a few but they don't usually seem to get voted highly. If anything I see more of "omg MS just made me cum" kind of posts and people posting about how there are going to be so many anti-ms posts. Oh, and the occasional chair comment of course.

Just scrolling the comments now and there seems to already be quite a few people who are almost in hysterics because they are expecting a million anti-ms posts.

Seriously wtf is going on?

Its kind of like slashdot has become infested with emo-ms fans who get emotional and have a hissy fit any time someone says something negative about ms.

Re:MS hate posts? (1)

retech (1228598) | more than 5 years ago | (#27163661)

Phil Reitinger is a supermod on /. and hand filters each one of thos posts in the firehose section.

Its perfect .... for the NSA and CIA (0, Offtopic)

AHuxley (892839) | more than 5 years ago | (#27163757)

The world sees the US security establishment using and trusting MS products.
MS must be good right?
Export orders and interoperability requests roll in from friends, allies, neutrals and some of the dumber freedom fighters.
MS profits, the US gov can share with its rendition partners in real time.
Think Condortel (1970's US/Latin American encrypted military network) with clippy.
http://www.crimesofwar.org/special/condor.html [crimesofwar.org]

Police, federal agencies and utilities around the world rush to upgrade.
The CIA and NSA have just software "back doored" the world- again.
Using MS for security is like handing out free Enigma units after WW2 or Iran using CryptoAG or the Soviets buying computer parts from the west.
The difference is MS software and stays in your country for generations (over decades of hardware and software upgrades).
But then does the US security establishment really eat its own dog food? ;)

Expect many new ISO standards .. (3, Insightful)

Anonymous Coward | more than 5 years ago | (#27163763)

I think choosing someone from a company that is STILL under DoJ supervision for questionable behaviour has a couple of unwanted implications, especially since this guy was at board level.

It's only good news for foreign industrial espionage and botnet herders..

In other news (1)

Chas (5144) | more than 5 years ago | (#27163771)

The president's DHS pick has brought on board a liason from Symantec. Now everything will STILL be insecure, but run twice as slow, cost even MORE "way too much", and bitch, moan and cry about being renewed every year.

If Obama were serious about his duty (4, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#27163947)

then he would be hiring Bruce Schneier for this job. I know he is disliked by a lot of industry but he is the man with the facts and the plan.

Re:If Obama were serious about his duty (1)

drinkypoo (153816) | more than 5 years ago | (#27164267)

If Obama were serious about duty, he would never have become president of the USA. Presidents who want to make a difference are not permitted to do so. A bit more cynically, I would say that presidential candidates who want to make a difference are demonized, like when they said Nader was responsible for the loss of Gore. Did anyone else catch that whole kerfluffle with the ballots in that election? You can't blame the stopping of a completely legal and by-the-book recount on the guy, can you?

Re:If Obama were serious about his duty (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164359)

Even that was not as blatant as the simple and direct refusal of the media to allow Ron Paul to participate in the more major debates this last election.

Re:If Obama were serious about his duty (1)

drinkypoo (153816) | more than 5 years ago | (#27164605)

Even that was not as blatant as the simple and direct refusal of the media to allow Ron Paul to participate in the more major debates this last election.

People could reasonably (incorrectly, but whatever) interpret that as media bias. Wielding the new and improved Supreme Court to stop a completely legal ballot recount which almost certainly would have reversed the election, on the other hand, could not be construed by an intelligent individual as anything other than direct manipulation of the election system for the purpose of altering the result. When the well-substantiated reports of ballot fraud started coming in and they universally targeted primarily-democratic demographics, the point was really hammered home.

Re:If Obama were serious about his duty (1)

Jane Q. Public (1010737) | more than 5 years ago | (#27164625)

But there was already precedent for that, from the previous election. I was referring to something pretty new.

Bruce is smarter than that (0)

Anonymous Coward | more than 5 years ago | (#27164469)

Bruce is smarter than that. He's never accept that no-win position.

I've seen really smart people get crushed by political garbage. I'd **never** accept a job like that. That level of scrutiny and public life is simply too much to put my family through.

Re:If Obama were serious about his duty (0)

Anonymous Coward | more than 5 years ago | (#27164477)

Obama had nothing to do with this guys hiring. It's not a cabinet level position.

He could assist in international relations (1)

Centurix (249778) | more than 5 years ago | (#27164045)

You know, with countries like Iceland. They sure need an insight from a Microsoft exec right now...

'smart pick' has one letter missing. (1, Funny)

Anonymous Coward | more than 5 years ago | (#27164101)

...already said it.

Fan the flames... (1)

bob5972 (693297) | more than 5 years ago | (#27164347)

Isn't sending Microsoft to fight insecurity like fighting fire with fire?

Re:Fan the flames... (1)

Muad'Dave (255648) | more than 5 years ago | (#27164991)

No, it's more like fighting fire with gasoline.

Experience (0)

Anonymous Coward | more than 5 years ago | (#27164411)

Reitinger comes to the position with cyber experience in both the public and private sectors.

Cyber experience. Experience in... cybering.

Linux As Virus? (0)

Anonymous Coward | more than 5 years ago | (#27164475)

Oh man this can spell disaster for Linux
Can you imagine the head of security writes a report titled

"Finnish Security Threat"

Let the jokes begin (1)

Master of Transhuman (597628) | more than 5 years ago | (#27164895)

DHS calls on Microsoft for computer security.

BWAHAHAHAHAHAHAHAHAHAHAHAH!!!!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>