Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Craig Mundie Blames Microsoft's Product Delays On Cybercrime

timothy posted about 2 years ago | from the presidential-debate-worthy dept.

Businesses 182

whoever57 writes "In an interview in Der Spiegel, Craig Mundie blames Microsoft's failure in mobile on cyber criminals. Noting that Microsoft had a music player before the iPod and a touch device before the iPad, he claims a failure to execute within Microsoft resulted in Microsoft losing its 'leadership.' The reason for the failure to execute, in his words: 'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering. The criminal activity in cyberspace was growing dramatically ten years ago, and Microsoft was basically the only company that had enough volume for it to be a target. In part because of that, Windows Vista took a long time to be born.'"

Sorry! There are no comments related to the filter you selected.

Cyber criminals (4, Funny)

Anonymous Coward | about 2 years ago | (#41788391)

Yep, cyber criminals armed with chairs...

Re:Cyber criminals (5, Funny)

K. S. Kyosuke (729550) | about 2 years ago | (#41788467)

Hah, wait till Chair Man comes to the rescue! (I know the public identity to his secret one, but I won't tell!)

Re:Cyber criminals (0)

Anonymous Coward | about 2 years ago | (#41790025)

Maybe what MS needed was two Steve Ballmers? I think Uncle Fester could have done at least as well.

http://images5.fanpop.com/image/photos/25600000/Uncle-Fester-the-addams-family-1964-25663503-300-310.jpg [fanpop.com]

MS was quite profitable, had plenty of talent, and could have hired or contracted for more help. It is silly to blame security failure diverted resources for their underachievers. Music players weren't even from the same division.

As for Windows... well... Are future problems rains' fault when people build on a river bottom? Leave it to MS to design a door with screening sized to contain chickens after not seeing anything smaller outside the day they set goals. Their problem was a lack of insight.

- -

Surface runs on batteries or electricity - Steve Ballmer

Were MS Assets Available? (5, Insightful)

BoRegardless (721219) | about 2 years ago | (#41788401)

If MS had wanted to start a new division for mobile devices, it had the cash to do it. Mundie's excuse doesn't cut it.

If what he is saying is that he and Balmer are so much of a micromanagement team that they couldn't handle one more project and still tell everyone what to do, I can buy that as an excuse.

Re:Were MS Assets Available? (4, Insightful)

DarkOx (621550) | about 2 years ago | (#41788441)

That and attempting to duck responsibility for the security situation is a little pathetic too. Yes, the people responsible for crime are the criminals. If someone hacks you trashes you site, steals you trade secrets whatever that cracker is the responsible party. Just like if someone breaks the glass in my window reaches around and opens the lock, they own the breaking and entering. That does not mean however its not a good idea take steps to protect you valuable assets, because we know there are bad actors out there.

The reality is most of us want an operating system where the security controls are effective. Microsoft was forced by the market to 'focus on security' because businesses really were going to start jumping ship for alternatives like Apple desktops and Linux in back office (an in some cases the front office too). If Microsoft had made a correct allocation of resources to security in the first place they would not have to sideline so many other efforts to fill in the deficit later.

Re:Were MS Assets Available? (2)

jhoegl (638955) | about 2 years ago | (#41788457)

I also like the theory that because Windows XP was the only OS for 5 years or so, it made it more porous. So once Vista came out, it somehow caused problems for hackers.
Shill article is terrible.

Re:Were MS Assets Available? (5, Insightful)

MysteriousPreacher (702266) | about 2 years ago | (#41789265)

I feel for Mundie. My construction business went through something similar. After many happy years of designing and building sub-standard residential properties, we were caught off-guard when people began to exploit the tendency of our houses to catch fire, explode, and be easily burgled.

As the largest builder of houses, we were a common target. We lost our lead in commercial buildings because we had to devote a lot of resources to learning how to build houses that lasted more than a few days.

it's easy in hindsight to say that electrical insulation is useful, or that gas pipes should not leak, or that front doors be made of something more sturdy than cardboard. Back then we had no reason to assume that anything of those things were ever going to be important, and I assume everyone built houses that were prone to sudden annihilation.

We're not entirely blameless. This would never have happened if people had kept naked flames at least 30ft away from the houses. The cardboard doors on the houses not at the time exploding and/or burning, was only an issue because criminals were trying to burgle houses.

Re:Were MS Assets Available? (0)

Anonymous Coward | about 2 years ago | (#41789571)

WHERE are my mod points when I really need them. Well done.

nebulo

Re:Were MS Assets Available? (0)

Anonymous Coward | about 2 years ago | (#41789713)

Does this mean you lost your 'lead' in the condo and self-storage market?

Re:Were MS Assets Available? (1)

ClaraBow (212734) | about 2 years ago | (#41789831)

Best extended metaphor I've read on Slashdot -- blows the doors off all those car ones!

Re:Were MS Assets Available? (0)

Anonymous Coward | about 2 years ago | (#41788615)

There was no need for them to start a new devision for mobile.

"And we were leading in the mobile phone space." - Craig Mundie

(cough) bullshit

Re:Were MS Assets Available? (0)

Anonymous Coward | about 2 years ago | (#41789533)

What I got from this article is that MS's problems were caused by it being a Monopoly.... but I guess that may just be me.

ATTN MODS! DO NOT MOD DOWN! +5 INFORMATIVE (-1)

Anonymous Coward | about 2 years ago | (#41788421)

I submit David Hasselhoff is the AntiChrist

And I have the proof

How can one explain the phenomenal global success of one of this country's least talented individuals? There are only three ways.

        * Mr. Hasselhoff actually is talented, but this goes unnoticed in his own country.

        * Mr. Hasselhoff has sold his soul to Satan in return for global success.

        * David Hasselhoff is the AntiChrist.

            I vote for the latter -- and perhaps, after seeing the facts involved, the rest of the world will agree.

The Facts First, the obvious. Add a little beard and a couple of horns -- David Hasselhoff looks like the Devil, doesn't he? And the letters in his name can be rearranged to spell
fad of devil's hash.

What does this mean? Well, Baywatch is David's fad. David is the devil. The Hash is what makes Knight Rider popular in Amsterdam.

(I was actually hoping to make the letters in his name spell out he is of the devil, which would be possible if his middle name was "Ethesis," which it might be. I'm sure his publicist would hide such a middle name if it were true.)

Second -- and most importantly -- David Hasselhoff and his television series were foretold in the Bible. Biblical scholars worldwide may quibble over interpretations, but they all agree on this. For a few telling examples let's skip to the end of the Bible. If any book of the Bible will tell us who the AntiChrist is, it's the Revelation of Saint John, which basically describes the AntiChrist and the Armageddon He causes. I'll just give you the verse, and the current theological interpretation of that verse.

Who is the Beast?

Rev 13:1 And I stood upon the sand of the sea, and saw a beast rise up out of the sea, having seven heads and ten horns The Beast, of course, is David Hasselhoff. The Heads are His separate television incarnations. Young and the Restless, Revenge of the Cheerleaders, Knight Rider, Terror at London Bridge, Ring of the Musketeers, Baywatch and Baywatch Nights.
The ten horns represent His musical releases: Crazy For You, David, David Hasselhoff, Do You Love Me?, Du, Everybody Sunshine, I Believe, Looking For Freedom, Night Lover and Night Rockers.
Not only does Mitch The Lifeguard literally "rise out of the sea" on Baywatch, but David's musical career has mostly occurred in Europe, a metaphoric rise to fame from across the sea.
Rev 13:3 And I saw one of his heads as it were wounded to death; and his deadly wound was healed: and all the world wondered after the beast. Of course, this is a reference to his third head: Knight of the Phoenix, the first episode of Knight Rider. In this episode, "Michael Long, a policeman, is shot and left for dead. The shot is deflected by a plate in his head, but ruins his face. He is saved and his face reconstructed. He is reluctant, but agrees to use K.I.T.T. to help the Foundation for Law and Government fight criminals who are 'beyond the reach of the law'. " Knight Rider has been shown in 82 countries.
Rev 13:5 And there was given unto him a mouth speaking great things and blasphemies; and power was given unto him to continue forty and two months. The following blasphemies are actual quotes from David Hasselhoff -- I read these while he was 42 years old.

"I'm good-looking, and I make a lot of money."

"There are many dying children out there whose last wish is to meet me."

"I'm six foot four, an all-American guy, and handsome and talented as well!"

"Before long, I'll have my own channel -- I'll be like Barney."

"(Baywatch) is responsible for a lot of world peace." which the Hoff said at the Bollywood Oscars. Don't believe me? Read the original article!

And here's a blasphemy that came from David's recent (Feb 2004) visit to the Berlin Wall museum. I couldn't have made something this great up by myself. He was upset that the museum didn't spend more time devoted to his personal role in the fall of Communism. You can read more about it here, if you don't believe me.

The Second Beast: Television

Rev 13:11-13And I beheld another beast coming up out of the earth; and he had two horns like a lamb, and he spake as a dragon.
And he exerciseth all the power of the first beast before him, and causeth the earth and them which dwell therein to worship the first beast, whose deadly wound was healed.
And he doeth great wonders, so that he maketh fire come down from heaven on the earth in the sight of men,

        The Second Beast, with it's dual antennae, is obviously the Television -- merely a pawn in Hasselhoff's underworldly regime. His stereo speaker (the dragon's voice) spews forth the blasphemy of Baywatch until He has caused all people of the earth to worship and watch Baywatch and Baywatch Nights. How well has he done? Baywatch is now seen by about one billion viewers in 140 countries -- the most watched series ever.

You probably never knew this, but the entire historical purpose of television has been to attract a worldwide audience for the eventual syndication of Baywatch. And how does it accomplish this global distribution? Via satellite - from heaven to the Earth.

Rev 13:15 And he had power to give life unto the image of the beast, that the image of the beast should both speak, and cause that as many as would not worship the image of the beast should be killed. How does television work? By giving life unto Hasselhoff's image. I'm pretty sure the second part hasn't happened yet.

Lifeguards: Denizens of the Underworld

These biblical revelations will show that the lifeguards on Baywatch are foretold as servants of the Devil. (Need I say who that is again?)

Rev 20:11And I saw a great white throne, and him that sat on it, from whose face the earth and the heaven fled away; and there was found no place for them

Rev 20:13And the sea gave up the dead which were in it; and death and hell delivered up the dead which were in them...

        Doesn't this sound like an exact description of what the lifeguards on Baywatch do? They sit on their big white wooden throne, and watch out over the sea -- waiting for a dying person to get cast up.
Rev 9:6 And in those days shall men seek to find death, and shall not find it; and shall desire to die, and death shall flee from them.

        One word: CPR

Rev 10:2 And he had in his hand a little book open: and he set his right foot upon the sea, and his left foot on the earth, Sounds like a lifeguard, eh? Standing on the beach reading a paperback?

Rev 17:3-5 ...and I saw a woman sit upon a scarlet coloured beast, full of names of blasphemy, having seven heads and ten horns. And the woman was arrayed in purple and scarlet colour, and decked with gold and precious stones and pearls, having a golden cup in her hand full of abominations and filthiness of her fornication: And upon her forehead was a name written, MYSTERY, BABYLON THE GREAT, THE MOTHER OF HARLOTS AND ABOMINATIONS OF THE EARTH.

    and if that wasn't enough, try
Ezekiel 23:17 And the Babylonians came to her into the bed of love, and they defiled her with their whoredom, and she was polluted with them, and her mind was alienated from them.

        The fabled "Whore of Babylon." Well, people have been calling Hollywood "Babylon" since long before I was making web pages. And of all the women in Hollywood, whose wedding night video is the most popular? Hmmm.... Did someone say "Barb Wire?"

Rev 18:11 And the merchants of the earth shall weep and mourn over her; for no man buyeth their merchandise any more Do you know any merchants who invested heavily in the acting career of this "whore of Babylon?" I've seen that "VIP" show of hers, and I'd be weeping if I had spent money on the merchandising rights.

Rev. 18:21 ... a mighty angel took up a stone like a great millstone, and cast it into the sea,...

        Speaking of lifeguards chucking rocks at innocent people, listen to this excerpt from a recent lawsuit against his Hasselness: "while Plaintiff was in the audience of the Rosie O'Donnell Show, Defendandt DAVID HASSELHOFF came on stage and threw a stack of cards depicting himself into the audience, striking Plaintiff in the eye. . . [he] should have known that throwing cards into an audience could cause injury to the audience."

Rev 18:14 And the fruits that thy soul lusted after are departed from thee, and all things which were dainty and goodly are departed from thee, and thou shalt find them no more at all. He stands to lose money in this lawsuit -- or maybe even all those dainty and goodly things he bought.

The Number of the Beast

The Bible shows us another way to prove a person is the AntiChrist, namely through numerology. Rev 13:18 says: "Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six."

That's a bit cryptic, to be sure. One score is twenty, so threescore is 60, the number of the beast is 666.

Now, the way biblical scholars and numerologists usually convert the names of men into their numbers is through a simple numerical code. Let's assign the 26 letters of the alphabet the numbers 1 through 26. It looks like this:

a 1 i 9 q 17 y 25

b 2 j 10 r 18 z 26

c 3 k 11 s 19

d 4 l 12 t 20

e 5 m 13 u 21

f 6 n 14 v 22

g 7 o 15 w 23

h 8 p 16 x 24

Now, we take the letters from Mr. Hasselhoff's name, assign numbers to them, and calculate his number.

D A V I D H A S S E L H O F F

4 1 22 9 4 8 1 19 19 5 12 8 15 6 6

Now, since thirteen is such a fitting number for evil, let's multiply the first 13 numbers together. The total (65,874,124,800) is approximately 6.6 billion. Tack on the remaining 6's from the end of his name, and you've got yourself the mark of the beast.

Another tactic you could use would be to add the letters in "David" (I think you should get 40) and the letters in Hasselhoff (99) and then multiply them together. 40 x 99 = 3960. Now, 3960 is 660 x 6. And of course, 660 plus 6 is -- again -- the mark of the beast.

Not enough proof for you? Well, let's see what else the winning combination of the Bible and numerology have in store for David.....

As he explains it in his interview, David Hasselhoff first decided to act at the age of 7 when he saw a local production of Rumplestiltskin. His acting debut was in Peter Pan. Knight Rider ended its run in 1986, when Hasselhoff was 32. Baywatch debuted in 1989, when Hasselhoff was 35. His first televised role was as Snapper Foster on the Young and the Restless at the age of 19. If we look at the 37th chapter of the 19th book of the Bible (Psalms) -- at verses 32 and 35, we notice an interesting phenomenon. Take a look:

32. The wicked watcheth the righteous, and seeketh to slay him.

35. I have seen the wicked in great power, and spreading himself like a green bay tree.

Viewers of Baywatch may have thought they were watching the good leader Mitch Buchannon -- whose main job as head lifeguard is to watch over the righteous babes at the beach, and save them. According to the Bible, he is really trying to slay them. But can we be sure that the show in question is actually Baywatch? Well, count the number of letters in Rumplestiltskin and Peter Pan. 15 and 8, right? Now look at those bible verses again. Find the 15th word of verse 35 - and the 8th word from the end of verse 32. Put them together.

35. I have seen the wicked in great power, and spreading himself like a green bay tree.
32. The wicked watcheth the righteous, and seeketh to slay him.

Re:ATTN MODS! DO NOT MOD DOWN! +5 INFORMATIVE (0)

Anonymous Coward | about 2 years ago | (#41788715)

Damn it, 'ma! I told you stay out of my 'puter!

Never designed to be network-aware (5, Informative)

jabberw0k (62554) | about 2 years ago | (#41788433)

Windows (and MS-DOS before it) was not originally designed to be network-aware, much less network-safe. MS-DOS was a thinly disguised clone of Digital Research's CP/M, circa 1974. CP/M, as a personal computer operating system, was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).

It was no surprise to anyone that an operating system that treats all programs and operations as fully privileged, when connected to a global network, treats everyone in the world as a sysadmin. Microsoft's campaign, then, was to somehow graft basic security features into an o/s that never had them, without horribly breaking every existing application.

That they succeeded even a little is a triumph of engineering.

But they would have saved everyone, including themselves, a huge amount of time and money by using something more UNIX-like as the design basis of Windows NT in the early 1990s. Apple learned that lesson with OS/X. Microsoft had Xenix years before, but threw it away. We, and Microsoft, are still suffering the consequences.

As so-called "smart" phonecomputers and tablets further fragment the marketplace, it won't be the PC that "goes away" but, at long, last, Windows and the CP/M heritage. The UNIX way wins at last... Huzzah!

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41788511)

Well OSX is really a descendant of NextStep ;)

Re:Never designed to be network-aware (4, Informative)

Alomex (148003) | about 2 years ago | (#41788579)

was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).

pffffft (spits coffee out) Unix security what?

Unix was designed as an experimental operating system for a lab setting and hence had the weakest security of all OSes at the time. In fact, old timers will remember the common quip from the 80's and early 90's: Unix security is an oxymoron.

Here's a sample quote from 1986:

"UNIX Security" is an oxymoron. It's an easy system to brute-
force hack (most UNIX systems don't hang up after x number of login
tries, and there are a number of default logins, such as root, bin,
sys and uucp). Once you're in the system, you can easily bring
it to its knees (see my previous Phrack article, "UNIX Nasty Tricks")
or, if you know a little 'C', you can make the system work for you
and totally eliminate the security barriers to creating your own
logins, reading anybody's files, etcetera. This file will outline
such ways by presenting 'C' code that you can implement yourself.

For example: 1) the original Unix did not even have disk quotas. 2) as late as the early 1990s any regular user could bring the entire system down with a simple stty command, 3) wall used to be enabled to all users by default which included the ability of writing control characters in someone else's TTY 4) the password file containing the encrypted passwords used to be publicly readable which opens the system to offline attacks 5) to this date, *nix does not support well the concept of application ownership of a file which leads to programs requiring their own user account, which is another kludge.

Unix security today is a hard won battle by many people who patched up the original Unix system. Even so it is still subpar compared to big iron mainframe security.

Re:Never designed to be network-aware (4, Funny)

CajunArson (465943) | about 2 years ago | (#41788601)

Shush you! Your irresponsible knowledge of history and politically-incorrect use of "facts" are getting in the way of us praising the perfect security of anything associated with UNIX!

Now excuse me while I go purge my SSH logs of all those pesky login attempts that I'm sure are all coming from only Windows machines since Microsoft forces everyone to use SSH on Windows. I'll ignore all those nmap reports that indicate the attack machines are actually compromised Linux boxes in Asia since its theoretically possible for someone to lock down a Linux box, therefore ALL Linux boxes are always perfectly admined and cannot be hacked!

Oh Dear. (1)

Anonymous Coward | about 2 years ago | (#41788707)

Disk quotas are not a security measure.
Password file was encrypted.
Application ownership of a file isn't security.

Re:Oh Dear. (0)

Anonymous Coward | about 2 years ago | (#41789417)

Is this a troll? I can never tell nowadays.

Disk quotas are not a security measure.

It's one line of defense against a user crashing a system. The user may be a legitimate user or a compromised account. Back in the day, without a quota, a user could use all available diskspace on an accessible partition.

All quotas in any service is related not just to quality of service for the applicable users, but for all users. And anything that affects how one user can affect other users becomes a question of security.

Password file was encrypted.

The poster said, "the password file containing the encrypted passwords used to be publicly readable which opens the system to offline attacks."

As in, the publicly readable file could be copied by any user, to be attacked offline. The results of this attack could then be used for malicious purposes. Also, the password file was not typically encrypted, only the passwords. Shadow passwords, i.e., encrypted passwords stored in the /etc/shadow file which had more restricted access than /etc/passwd, was intended as a solution/workaround for this very well known security issue.

Deary deary me. (1)

Anonymous Coward | about 2 years ago | (#41789907)

1. NO. Disk Quotas ARE NOT SECURITY. They may halt a DoS if, for example, the partition fills up that holds your data cache, but root keeps a reserve of 5%.

2. Password file was encrypted. That is what security meant. That the brute forcing of encryption dropped from a billion computer years to a few hundred hours AND there were not more than a few hundred computers at the time meant this was ENTIRELY SECURE. As secure as 256-bit AES encryption used to secure high-classification documents stored on media.

And when the situation changed, you got /etc/shadow.

Jeez, you really DO have to hate on, don't you?

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41788757)

You think maybe you could actually quote someone a little more authoritative than someone named "The Matrix" in a fucking Phrack article? Just because a how-to article for script kiddies outlines exploiting a particular vulnerability does not impugn the whole security framework of the OS.

Re:Never designed to be network-aware (1)

doshell (757915) | about 2 years ago | (#41789003)

I actually agree with you in that the first Unix implementations had a number of security holes, and that the so-called iron-clad Unix security only came many years later with the accumulated experience of dealing with those holes. But I take trouble with the following claim:

to this date, *nix does not support well the concept of application ownership of a file which leads to programs requiring their own user account, which is another kludge.

Would you care to explain what is kludgey in using the uid namespace to also provide per-application ownership? Arguably, it is simply a matter of implementation simplicity; you have a single namespace instead of two. That a given uid might not correspond to an actual, physical user seems to be more of a semantic problem than a design one.

Re:Never designed to be network-aware (2, Informative)

Alomex (148003) | about 2 years ago | (#41789193)

Would you care to explain what is kludgey in using the uid namespace to also provide per-application ownership?

Gladly. The main problem is that user space and app space are orthogonal. Good security requires the ability to say "this file shouldn't be touched by anyone other than joe blow using acrobat reader". Each of the two parameters, namely userid and appid are independent and need to be treated differently.

So just because joe blow is a superuser this doesn't mean that all of his programs should run in that mode. In fact this deficiency is what eventually lead to the deprecation of su in favor of the sudo command, itself an 80s addition to Unix and not really popular until the mid-to-late 90s. It is an attempt to try to prevent unwanted inheritance of the su privileges to one and all applications.

This way for example, the java sandbox would be created by the OS rather than by the JVM sandbox kludge. The OS knows that the browser is not allowed to write to disk except to ~/.cache and ~/,downloads and you don't have to worry about what is the payload. You also want to have a per app+directory quota, to avoid denial-of-service attacks via disk/user account overflow.

All of these things were already available in 70s mainframe operating systems and greatly increase security. They were echoed in the Mac design which completely forbade the wrong app from opening a file (itself a bit of an overkill, as it made it impossible, for example, to hand edit a postscript file or to print a manually generated postscript file)

In fact most commercial flavors of unix are aware of this, and hence support an extended form of Access Control Lists (ACLs). However these have never taken on as all implementations feel awkwardly grafted into the file system.

Re:Never designed to be network-aware (4, Informative)

terjeber (856226) | about 2 years ago | (#41788583)

Oh, there are so many mistakes in this drivel that I am at loss as to where to start. Well, let's begin at the beginning.

Windows (and MS-DOS before it) was not originally designed to be network-aware

And how is that relevant? The Windows NT source code is not based on, and contains no, DOS code. DOS, and Win16 software runs in emulation on Windows since Windows NT, that is Win2K, WinXP etc. There is very little difference between the way Linux runs Win16 software (on Winw) and the way WinNT based OSs run Windows software. WinNT was designed from bottom-up to be a network operating system. In many ways, it has far more network awareness and security built in than does, for example, Linux.

The base of the Windows you are running today was designed to be similar to VMS from DEC, an operating system that actually had the "mainframe mentality".

draconian measures taken by "mainframe mentality" operating systems like UNIX

BZZZZ! WRONG! Unix was written as a "personal" operating system that would be a lot simpler than the operating systems under "mainframe mentality" (whatever that was at the time) and would free its users from the rigors of time-share systems etc.

no surprise to anyone that an operating system that treats all programs and operations as fully privileged

Windows hasn't done that since before Win2K. In WinNT (but that was sadly later dropped) a Microkernel mantra was used, where even most drivers ran in user-space rather than in kernel space. Graphics drivers were later (in Win2K as far as I can remember, but don't quote me on that) moved to kernel space.

Microsoft's campaign, then, was to somehow graft basic security features into an o/s that never had them

Oh, so wrong, so wrong. Clueless drivel in fact. Windows NT had far more security features than most desktop Unices at the time, and Windows still has a much more sophisticated security model than, for example Linux. Even the basic file system security of Windows is heads and shoulders above most Linux file systems.

Honestly, if you want to post about the technical underpinnings of something, you really should get a basic clue fist. Repeat after me
There is no DOS code in the Windows operating system.
Windows was built from ground-up based on VMS as a network-aware, multi-user operating system
Windows has better file and run-time security than almost any personal operating system in use today, including OS/X and Linux.

That, you see, is reality. Not the nonsensical drivel you posted.

Re:Never designed to be network-aware (3, Insightful)

terjeber (856226) | about 2 years ago | (#41788611)

For the record, the rubbish Craig Mundie says in the referenced article seems like drug-induced nonsense. Microsoft dropped the ball on security by basically, in Win2K defaulting to run anything under the "root" user, which was a stupid idea, but understandable, most users of Win95/98/ME would have been lost if the security in Windows had actually been used properly.

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41789781)

Security issues started making headlines when e-mail became a huge vector for malware in the 90's under Win95. This was well before NT or 2000 became the standard install. It became an arms race between malware creators and Norton et al 'defenders'. And, despite any underlying security, there were a lot of issues with blue screens of death and other hassles that made the software experience sub-par at best. All these things needed fixing.

Re:Never designed to be network-aware (3, Interesting)

gbjbaanb (229885) | about 2 years ago | (#41788735)

ohhhh shit, the world's just been turned upside down - Unix is for personal, hack-style users and Windows is for mainframe, secure datacentre applications?! :)

Of course you're right - Dave Cutler did a great job with the original WNT, and Linux was a crashy bit of crap for many years, but things change and Linux had a load of good engineering put into it, and WindowsNT had a load of crappy engineering put into it.

So today, the faults with Linux lie in the original design flaws, and the faults with Windows lie in the bodged up crap that was added by other teams in Microsoft. (however, I'd take a slight contention about Windows NT security model - it started life really well, simple to use and understand. Today even running as administrator you don't have administrator privileges, then there's the overly complex way of applying some security aspects, and then there's the different models of security that just don't use the underlying model that worked so well - for example I once attended a course from MS about MTS and in there they talked of security roles. I put my hand up and asked "why have roles when you could have used Windows groups?" The guy ummed a little, gave a little laugh and said "ah yes, I see where you're coming from with that... next question"). Obviously some team at MS had decided to roll their own security system rather than rely on the underlying thing, and this is what still happens today.

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41789909)

... Linux was a crashy bit of crap for many years,..

Not hardly - version 1.0 was absolutely rock solid & soon after the ipmasq/iptables started happening making it more secure than M$ stuffola.

As for "not network aware", yes, msdos & early windows wasn't but Microsoft had many years of Novell & Arcnet & similar networking tacked on that, while building Win95 et al, decent security could have been built in. Seems I recall that early winsock implementations still had Berkeley copyrights in them. But alas, the rush to market, or dullness of developers/mgmt, didn't take any of Linux' lessons. Seems I recall that it wasn't 'til well after XP that BG decided security was bad enough to halt things in order to have some internal seminars focusing on security. Apparently it didn't help...

Re:Never designed to be network-aware (5, Insightful)

Waffle Iron (339739) | about 2 years ago | (#41788745)

Windows (and MS-DOS before it) was not originally designed to be network-aware

And how is that relevant? ... The base of the Windows you are running today was designed to be similar to VMS from DEC, an operating system that actually had the "mainframe mentality".

It's relevant because for many years they shipped their OSes configured "out of the box" to bypass or hobble much of that wonderful-on-paper NT security model. This was so they could preserve the nonrestrictive DOS/Win95 the user experience that people were so used to. The security technology might as well not be there if nobody actually uses it.

This problem was compounded by a lack of quality control on much of the system code outside of the kernel itself. Remember when the half life to 0wnage of a fresh XP box connected to the Internet was measured in minutes?

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41788763)

BZZZZ! WRONG! Unix was written as a "personal" operating system that would be a lot simpler than the operating systems under "mainframe mentality" (whatever that was at the time) and would free its users from the rigors of time-share systems etc.

You should read up a little on Unix http://en.wikipedia.org/wiki/Unix

Re:Never designed to be network-aware (3, Informative)

Dr. Evil (3501) | about 2 years ago | (#41788779)

NT4 moved the graphics into the kernel. It was controversial back then. http://technet.microsoft.com/en-us/library/cc750820.aspx [microsoft.com]

The biggest PITA to run outside of an administrative account was the software. It wasn't until XP that software *started* to work as a 'user'.

Microsoft made big leaps in security in the past decade. Security advisory/patch cycles to entrypoint randomization, driver signing, code signing, policy refinement, non-executable stacks, WSA, antivirus etc.

I don't buy that this cost them their leadership. Crappy decisions did. I'll add that ironically, because they didn't create marketplaces like itunes, their music player almost *relied* on piracy "cybercrime" for their marketshare.

very, Very, VERY GOOD (C2 rated)... apk (-1)

Anonymous Coward | about 2 years ago | (#41788931)

4 very good points from you, especially considering "orange book" C2 certification was on Windows NT far before Linux (or MacOS X):

"Windows NT had far more security features than most desktop Unices at the time" - by terjeber (856226) on Saturday October 27, @09:16AM (#41788583)

Right - see above!

---

"and Windows still has a much more sophisticated security model than, for example Linux." - by terjeber (856226) on Saturday October 27, @09:16AM (#41788583)

Right again, see above, AND the fact that the NSA had to "bolt on" SeLinux & its MAC (mandatory access control) to get even CLOSE to NTFS DACL's...

---

"Even the basic file system security of Windows is heads and shoulders above most Linux file systems." - by terjeber (856226) on Saturday October 27, @09:16AM (#41788583)

Right yet again - see SeLinux & MAC vs. NTFS ACL's above...

---

"WinNT was designed from bottom-up to be a network operating system. In many ways, it has far more network awareness and security built in than does, for example, Linux." - by terjeber (856226) on Saturday October 27, @09:16AM (#41788583)

Not so much anymore, but it had features FAR before Linux did in terms of controlling access to resources & far more "granular" ones by user groups/usernames too...

---

"Windows has better file and run-time security than almost any personal operating system in use today, including OS/X and Linux.." - by terjeber (856226) on Saturday October 27, @09:16AM (#41788583)

For the reasons, specific reasons, I noted above...

APK

P.S.=> MacOS X &/or Linux have tended to play "catchup ball" in this area, but Windows NT-based OS had those things first...

... apk

Re:Never designed to be network-aware (2)

DarkOx (621550) | about 2 years ago | (#41789337)

Windows has better file and run-time security than almost any personal operating system in use today, including OS/X and Linux.

Thank you for your post I was waiting for someone to set the record strait. I do take some exception with your final thought though.

The NT Kernel has better file and run time security than pretty much everything else out there. That is true, but in practice its not and has never been used fully. The presentation and application layers of Windows pretty much until failed to expose lots of the features until Server 2003. Even now many of them are not widely used because making much use of them tends to break functionality up the stack.

Yes they are there and you can harden a special purpose windows box to the point where I would strong doubt the best pen tester could get it. On the other hand prior to Windows 7 it impossible to do that to a more general use desktop and have it be usable. It is much much better on Windows 7, Server 2008, and though.

Re:Never designed to be network-aware (1)

PPH (736903) | about 2 years ago | (#41789681)

Oh, so wrong, so wrong. Clueless drivel in fact. Windows NT had far more security features than most desktop Unices at the time, and Windows still has a much more sophisticated security model than, for example Linux. Even the basic file system security of Windows is heads and shoulders above most Linux file systems.

Number of security features does not result in more security. The Unix/Linux security model is simple. But that simplicity gives the administrator or user the ability to get a few settings correct and secure system resources or user data. The more additional 'features' you add, the more likely the average user* will screw them up and open a hole.

Unix was designed with a simple 'everything is a file' model. Anything details you want on top of that are the responsibility of the application developer. For example: The permission model implemented by the Apache web server is more complex and has more settings than offered by the underlying Unix OS. Fine. If you need that level of control, you build it into the application.

Even VAX/VMS had a more complex security and file model. This made life easier for some developers. There were different file types one could use for different applications without having to worry about things like records and versions. But if the OS model didn't fit, you'd end up with a non-optimal solution. Or you'd have to roll your own anyway.

*Even on a Linux system, the user/group model can confuse a beginner. How many people have set up a user/group system on their laptop that keeps their e-mail, web browser sessions (one for porn, one for banking) and other apps separated from each other?

Microsoft had Xenix? (1)

nurb432 (527695) | about 2 years ago | (#41788863)

From what i remember, it wasnt designed to be all that secure, and beisdes, it wasnt theirs anyway. It was rebranded/licensed from SCO, back when they were still a legit company producing code.

And dont forget even MSDOS wasnt original in the beginning, they bought ( stole ) it from another company.

Hell they even had to buy SQL server from another company to get that started.. ( have they ever had a true original thought from the beginning? )

Overall microsoft is a huge joke, and would have never had a chance if it wasnt for their founding unfair advantage with ibm that give them the upper hand in the market.

If he didnt have the inside track and CP/M was given a fair chance with the PC, the landscape would be far different today.

Re:Never designed to be network-aware (0)

Pinhedd (1661735) | about 2 years ago | (#41788963)

MS-DOS was a thinly disguised clone of Digital Research's CP/M, circa 1974

Yeah... this was thoroughly debunked

Re:Never designed to be network-aware (2)

MightyYar (622222) | about 2 years ago | (#41789165)

I'm not up on the current conspiracy theories, but my understanding was that the notion that Microsoft STOLE CP/M was debunked. It's pretty clearly patterned off of it, IMHO. At least the command line interface is superficially very similar.

Re:Never designed to be network-aware (2)

Pinhedd (1661735) | about 2 years ago | (#41789705)

MS-DOS took a very similar approach from an interface perspective but that's about it. Underneath the hood its neither a clone nor a clean room re-implementation of CP/M.

There's a very thorough article in IEEE Spectrum by an author who used modern disassembly, debugging, and code similarity techniques and applied them against various versions of DOS and CP/M. Everything led him to a dead end.

http://spectrum.ieee.org/computing/software/did-bill-gates-steal-the-heart-of-dos/0 [ieee.org]

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41788991)

This comment reeks like you watched a 90-minute documentary on "Computers and the Internet" and are now trying to recollect that information without any concrete knowledge of what actually transpired.

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41789471)

So, enlighten us.

Re:Never designed to be network-aware (0)

Anonymous Coward | about 2 years ago | (#41789531)

Windows (and MS-DOS before it) was not originally designed to be network-aware, much less network-safe.

I buy that for MS-DOS and Windows up to some point before 3.11 for workgroups. But as of 3.11 for workgroups, they were clearly marketing directy for network-aware.

I can even give the benefit of the doubt and allow for Win3.11 for workgroups not being designed for suitability for the internet, as in assuming only hundreds or thousands of potential malicious users, instead of millions.

But Windows 95 was "internet-aware", as was every version of Windows that followed it.

By the 1990s, MS wasn't some small company that hit a big thing and was scrambling to become a mature company, and things slipped through the cracks. They were already big. They had the resources to do a better job. Somebody frakked up and did not make security the issue that it needed to be.

Uh-huh (0)

Anonymous Coward | about 2 years ago | (#41788437)

Noting that Microsoft had a music player before the iPod and a touch device before the iPad.

Yes, the Zune was shit. And so are Microsoft's mice, depending on which part of the world they're manufactured in.

Obviously the dog ate their decent designs... (5, Interesting)

tylikcat (1578365) | about 2 years ago | (#41788439)

He's discussing the time period right about when I finally bailed on MS. I had been trying to be a security advocate for my group for a couple of years - and was told over and over again that users don't want security, and who cares? (Admittedly, the group I'd worked for before that, which was more server focused, was also more security focused.) ...and then the security initiative began, and while I was cheerfully packing up my office, I suddenly had coworkers stopping by, picking my brain and trying to get me to give them my phone number so I could, continue to work for the company I was so eager to depart from, for free. And, of course, the security infrastructure they produced was incredibly annoying and non helpful for most users. (Somewhere in here my not particularly computer literate mother switched over to linux.)

Of all the stupid statements I've heard coming out of Microsoft about why they have made lousy products and terrible missteps which were, inaccountably, not embraced by customers, this has got to be the stupidest.

Mobile? The core problem continues to be that mobile is much more about hardware (which Microsoft itself has finally acknowledged). And even aside from the hardware, more about clean interface design than market dominance.

What bufoonery.

Re:Obviously the dog ate their decent designs... (0)

Anonymous Coward | about 2 years ago | (#41788721)

Cool story bro.

Re:Obviously the dog ate their decent designs... (1)

tylikcat (1578365) | about 2 years ago | (#41789993)

Thank you, though for the sake of the record, I'm no one's bro. (And "sis" just has the wrong sound to it, y'know?)

Re:Obviously the dog ate their decent designs... (1)

houghi (78078) | about 2 years ago | (#41789031)

And even aside from the hardware, more about clean interface design than market dominance.

I think you are missing a few steps here. It si about the hardware and the software combined. Just like Windows got dominance on the desktop: Pre-installed systems.

Sure, they want to have some options. Just like when buying a car, you would want to be able to make a few choices, but in the end you want to buy a card and drive it out of the store.

Plenty of people use Android and have no problems with it not being Windows.

It also shows the reason why this will not be the year of the Linux Desktop: No pre-installed systems in REAL huge numbers.

With security out of the way... (1)

transporter_ii (986545) | about 2 years ago | (#41788447)

With security out of the way, it looks like they can knock out a new version about every 18 months now. Lucky us. Especially if you happen to be in the business world and they screw you over and say they are not even going to offer more service packs for an operating system a lot of businesses just installed.

Microsoft needs a new business model that doesn't involve forced, non-needed upgrades. Don't know what that exactly is, but the current method is not working.

Re:With security out of the way... (1)

Opportunist (166417) | about 2 years ago | (#41788661)

Well, they've been trying to get software-as-a-service pushed down our throats. And if it doesn't work directly, well, I guess this is their way to cram it down our neck.

Whiney jerk (1)

rumpledoll (716472) | about 2 years ago | (#41788459)

What a whiney rant to cover up his own malfeasance.

Time lost playing catchup (1)

dbIII (701233) | about 2 years ago | (#41788469)

In other words the corners cut ignoring the lessons learned on *nix and other systems before MS Windows even existed eventually needed to be at least partially dealt with.

I'm glad they sped there time on Windows. (0)

Anonymous Coward | about 2 years ago | (#41788471)

It's a pity they could not keep up with apple gadgets, but at least all that time they diverted to fixing security holes in Windows means that they now have an operating system that can't be hacked into by cyber criminals. The only question is: will they ever ship this operating system?

Re:I'm glad they sped there time on Windows. (0)

Anonymous Coward | about 2 years ago | (#41788761)

The only question is: will they ever ship this operating system?

You mean Singularity? [wikipedia.org] Never.

Yeah, we remember the Zune. (1)

robbak (775424) | about 2 years ago | (#41788473)

The reason for MS's failure in that field was clear to all. Even it the poor company it shared, it still stood out as a crock.

Re:Yeah, we remember the Zune. (4, Informative)

jimicus (737525) | about 2 years ago | (#41788515)

He can't possibly be talking about the Zune. It came out in 2006; the iPod came out in 2001 and was on its fifth revision by the time the Zune came out.

Here we go... (4, Insightful)

Anonymous Coward | about 2 years ago | (#41788477)

"Microsoft was basically the only company that had enough volume for it to be a target"

Tying security to volume of installs shows, to me, a lack of understanding of the actual models underlying the operating systems.
Windows is an entirely different creature from say Linux. Linux is merely the kernel, everything else is a package. A properly secured linux box, (proper PAMs, selinux, permissions, Least user privs, and minimum packages) != a hardened windows box. They are not even close. Volume has little to do with the security models. I hate that is always pops up. As if.

The guy reads Slashdot, apparently. (0)

Anonymous Coward | about 2 years ago | (#41788549)

Actually ti sounds like this guy reads Slashdot.

How many times has it been stated here that because of PC monoculture, MS' market dominance, etc ... all the viruses, trojans and other exploits are targeted towards MS products? And used that argument for the need of multiple OSes on the market - and also as a reason why Apple and Linux aren't targeted as nearly as much.

Is Linux more secure? Maybe. But it's hard to tell because when there's an exploit somewhere, you very rarely hear (at least in the non-security lay press) what OS it is unless it's an MS product..

Although, Apple is starting to get the same treatment with the recent exploits on iOS - because they have the dominate market share of handheld computing devices.

Re:The guy reads Slashdot, apparently. (1)

noh8rz9 (2716595) | about 2 years ago | (#41788949)

Although, Apple is starting to get the same treatment with the recent exploits on iOS - because they have the dominate market share of handheld computing devices.

links or it didn't happen. Recent iOS exploits? I don't think so.

By other MS protectors, plenty of times. (0)

Anonymous Coward | about 2 years ago | (#41788981)

But then the common thread is the protection and defense of Microsoft in the face of their explicit incompetence.

It's A Redmon Propaganda Meme (0)

Anonymous Coward | about 2 years ago | (#41788703)

Redmond wants everybody to believe that everybody else is equally insecure as their products. Which is bonkers if you look at the Apache server, Linux and BSD. It runs 90% of the internet that matters and it doesn't get collectively shut down every three weeks. I am referring to the infrastructure, not the PHP crap built on top of it.

So he just regurgitates the Redmond Propaganda Line. The truth is that they sit on a huge crap-pile of software which they don't properly understand themselves. It's full of insane features, full of decades-old insecure code running in the kernel, full of half-arsed architecture decisions which came out of politics and not from proper technological reasoning. Just look at the Stuxnet virus and you know what I mean. As a nugget, they simply ran "guest" user print jobs with "Admin" privileges because that was most convenient way of implementing it. This is just one example of their insane decision making.

Re:It's A Redmon Propaganda Meme (0)

Anonymous Coward | about 2 years ago | (#41789827)

Stuxnet didn't run on Windows.

It took Vista a long time to be born... (2)

The Rizz (1319) | about 2 years ago | (#41788491)

In part because of that, Windows Vista took a long time to be born

Too bad they didn't use that extra time to abort...

Well duh (5, Insightful)

Solandri (704621) | about 2 years ago | (#41788509)

The reason for the failure to execute, in his words: 'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.

You took an OS which effectively ran with superuser privileges (DOS) all the time, and added a graphical shell on top of it (Win95, Win98). You then tried to switch it to a more secure user / superuser model, but you made it so inconvenient that it was easier for everyone to just run as superuser all the time (NT, 2k, XP). Finally you started trying to enforce running as a regular user except when needed (Vista). But the industry had had a decade to acclimate to running as superuser, so you were met with so much resistance you had to scale it back (7). Of course you're going to have a huge security problem.

You should've just bitten the bullet and enforced the user / superuser paradigm as early as you could have. i.e. Back when the Internet became big, around when Windows 95 came out, you should've realized the future was for all computers to be networked, and that user vs. admin privileges were going to become very, very important. But no, you took the easy way out and stuck with the one-computer one-user model, and you've been paying the price for it for the last decade and half. You made your own bed; it's disingenuous to now blame someone else for having to lie in it.

Part of being a good leader (of a group, country, market, whatever) is to foresee and recognize what's going to become important or a problem in the future, long before your followers do. A good example is what the NSA did with DES [schneier.com] . They had done enough secret research into DES that they knew of a vulnerability; and when DES was proposed as a standard they made some secret changes to it which eliminated that vulnerability before the public was even aware of it. Your job as a leader is to act on that foresight, even if your followers can't see what you see and complain about it. If you can't do that, you just aren't cut out to be a leader.

MS != Leader (1)

Anonymous Coward | about 2 years ago | (#41788643)

Microsoft is a Marketing Operation With Some Shoddy Software. They are very good at polishing the surface of crap-balls so that the naive/dumb/ignorant "management talent" with their MBA "degrees" buys their crapola. Just look at their MFC container classes - they don't have a fecking clue about complexity analysis. They don't know what an automatically growing hashtable is. So they employ tons of software developers who apparently never went through a proper CS fundamentals course.

Google knows their stuff because they weed out those who have no grasp of basic CS concepts when interviewing them. If you look for a technology leader, look at Google. Or NSA; actually those two are more or less two faces of the same coin. And yeah, I don't like them collecting like mad. But MS, they are all amateurs in the business of drawing nice glossy pictures and making tools for that end.

Re:MS != Leader (0)

Anonymous Coward | about 2 years ago | (#41789341)

Microsoft is a Marketing Operation With Some Shoddy Software

Of course! A MOWSSS! Exactly!

Add to that ... (1)

Anonymous Coward | about 2 years ago | (#41788737)

... that in XP, all the users you created at install time (up to 4, IIRC) in addition to the "Administrator" root account, were members of the "Administrators" group, that the account type for newly created users in control panel defaulted to "Computer administrator", and you had to change that on purpose to "Limited" (who - if they are not computer experts, wants to be limited?); the new naming convention ("Standard User" instead of "Limited") in Win7 is much better.

Obviously, the fact that a lot of programs that originated in Windows 3 or 95 by default wrote their configuration to an *.ini file in the install directory, and that most games would not run for limited accounts at all, contributed to this: if MS had made users run as limited accounts, lots of old programs and games that used to work on the user's old machine would have stopped working, and users would have blamed MS.

BTW: Win2K, before XP, put all limited accounts by default into the "power users" group, which had a similar effect - almost - as making them administrators.

And the number of rants on the internet about annoying UAC prompts - "It is my machine, and I'm damn well decide which programs to run and what to do", and the articles about how to turn UAC off, often by quite proficient computer users, only prove that some people are just too plain stupid to use a networked computer.

Re:Well duh (1)

SuricouRaven (1897204) | about 2 years ago | (#41788875)

At the time of 9x, every piece of software written for DOS and win 3(.11) was written with two assumptions: That it could put files wherever it wanted, and that it could do low-level hardware access for sound, graphics, etc. What you propose they should have done would have broken that. It would have been a business disaster: Users would get their shiny new Windows 95, and discover that none of their software or games would run! People would have held back upgrading for years, by which time competitors could have gotten established. Moving to a true user/superuser model was the right thing from a technical perspective, but suicidal from a business perspective.

Re:Well duh (1)

doshell (757915) | about 2 years ago | (#41789065)

That it could put files wherever it wanted

They could have implemented VirtualStore as early as Windows 95 as a stop-gap measure for write-anywhere programs. Sure, it's an approach with its own problems, but sometimes you have to trade something in for security.

low-level hardware access for sound, graphics, etc

Trap the hardware interrupts in software, then emulate the low-level I/O routines at the OS level. Possibly with a performance penalty, but again: you have to decide where your priorities are.

And yes, I know hindsight is 20/20. Maybe not all these things were obvious back then. I still think that, security-wise, Microsoft spent the whole 90s and a good part of the 00s asleep at the wheel.

Re:Well duh (4, Interesting)

QuietLagoon (813062) | about 2 years ago | (#41789737)

You should've just bitten the bullet and enforced the user / superuser paradigm as early as you could have. i.e. Back when the Internet became big, around when Windows 95 came out, you should've realized the future was for all computers to be networked

Bill Gates, that great visionary at Microsoft, famously missed the onslaught of the Internet. He didn't even see it coming until he had to play catch-up.

Tecnical debt (1)

Tei (520358) | about 2 years ago | (#41788589)

If you release a lot of crappy software, sooner or later, somebody will have to pay the bill. The secret of Microsoft is that make so the customer is the one paying this bill, but sometimes Microsoft has to pay part of it. Imagine if Microsoft where forced to retroactivelly pay for all the lost because of OS crash, and all the expenses because of antivirus software. But we don't live in a world where Microsoft is being forced to pay for his crappy products faults.

Cry Me a River (1)

mbone (558574) | about 2 years ago | (#41788595)

The OS was horribly insecure. That it took them a decade to (more or less) fix that is their fault, not the fault of their market-share.

Re:Cry Me a River (4, Insightful)

DarkOx (621550) | about 2 years ago | (#41788815)

Yes and the worst part is the very argument shows top brass at Microsoft still regard security as a distraction rather than a key design requirement in their products.

Re:Cry Me a River (0)

Anonymous Coward | about 2 years ago | (#41789231)

Mod parent up.

We're incompetent because we're incompetent.

"executional missteps"? (1)

Rogerborg (306625) | about 2 years ago | (#41788609)

Awesome term. Can anyone translate into human? I think he's saying that they done fucked up, but for all I know, he's talking about literally killing employees who didn't fit in with the corporate culture.

Re:"executional missteps"? (2)

gbjbaanb (229885) | about 2 years ago | (#41788775)

Ximinez: Hm! She is made of harder stuff! Cardinal Fang! Fetch...THE COMFY CHAIR!

[JARRING CHORD]

[Zoom into Fang's horrified face]

Fang [terrified]: The...Comfy Chair?

[Biggles pushes in a comfy chair -- a really plush one]

Ximinez: So you think you are strong because you can survive the soft cushions. Well, we shall see. Biggles! Put her in the Comfy Chair!

but Ballmer used and threw an office chair - see, he managed to fuck up even this simple act of corporate motivation.

Ximinez [with a cruel leer]: Now -- you will stay in the Comfy Chair until lunch time, with only a cup of coffee at eleven. [aside, to Biggles] Is that really all it is?
Biggles: Yes, lord.
Ximinez: I see. I suppose we make it worse by shouting a lot, do we? Confess, woman. Confess! Confess! Confess! Confess

ah... well, I suppose he does try to make up for it by shouting a lot.

Microsoft and Apple Tablets (1)

obstacleman (634020) | about 2 years ago | (#41788621)

Microsoft came out with a tablet and it did everything you liked about a laptop but less. Apple came out with a tablet that did everything you liked about a smart phone only more. Apple was a bit more clever.

Re:Microsoft and Apple Tablets (2)

UnknowingFool (672806) | about 2 years ago | (#41789395)

My interpretation is that Apple embraced touch and built their OS around it while MS tried to shoehorn it into Windows and call it a tablet.

Build it right the first time (2)

number6x (626555) | about 2 years ago | (#41788635)

When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.

All of Windows competitors competed in the same market with the same 'cyber-criminals'. They built products that better withstood attack. All of the parties building products for sale in all of these markets were subject to the same market forces. By the time we got to the world of touch surfaces, music players and phones, Microsoft had a few things it could have used to its advantage: $49B in the bank and market dominance. They are complaining that they had to re-direct resources to make Windows secure. Then they should have tapped into their reserves and gotten more resouces!

Maybe if they didn't waste money on ads for churros and running shoes with Jerry Seinfeld and put that money towards product development they would have succeeded.

Microsoft failed in these markets because they failed to understand what consumers wanted. They have no one else to blame but themselves.

Build procucts people actually want to buy.

Re:Build it right the first time (2)

plover (150551) | about 2 years ago | (#41789275)

When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.

No, it could not have been built securely from the ground up. It was built on the legacy of MS-DOS, which was more of a boot-loader than an operating system. The security model was the old one of physical isolation - if you wanted the contents to be secure, you put it in a room and locked the door. As all security was external, there was no consideration of security in the products being written, and there were a lot of them. As Windows evolved from 1 to 2 to 3, they still had a rich legacy of DOS apps they had to continue to support. End point security came in the form of protecting the system from disk-borne viruses. Then along came Ethernet adapters, and with networking began the job of isolating users. Security was handled at the server level, because the primary threat model was unauthorized people accessing applications and data. Windows still didn't have a networking API at the time -- networking meant remotely mounted files.

When Windows 95 came around, they did a better job of hiding DOS beneath the covers, while retaining the ability to run MS-DOS programs. But that still meant no security at the OS level. A true multitasking kernel was required to secure the machine. They had one in the form of NT, but NT's incompatibility with the PC games of the day meant it was never suitable for average home users.

In the 1990s, what was far more important to Microsoft's security than "cybercriminals" was IBM. OS/2 was a real 32-bit multitasking OS, and Warp was being released in 1995. Microsoft had to get something out the door immediately. Keep in mind that they were still six years of work away from releasing a real multitasking kernel suitable for the home, but they didn't have six years, so they rushed Windows 95 out the door. They used that time to get people writing Win32 games and wean people off the legacy of DOS. But that meant security continued to take a back seat to everything.

Had Microsoft bit the bullet and tried the NT kernel route for the home users back in 1995, they would have sold nothing to the home market, and OS/2 would have sealed the fate of Windows.

Microsoft made their choices based solely on dominating the market. Delivering real security would have meant the death of Windows, and everyone on Slashdot would probably be bitching about OS/2 and AIX today. It would have been better for the world, but that's the way the cards played out.

Time wasted working on *AA's cybercrimes division? (0)

Anonymous Coward | about 2 years ago | (#41788649)

Wasn't Vista the one where the network ground to a halt whenever you played music?

Re:Time wasted working on *AA's cybercrimes divisi (1)

haruchai (17472) | about 2 years ago | (#41788803)

Yes, it was. I believe that's what Clueless Craig would term an "executional misstep".

Round and Round (1)

Whiteox (919863) | about 2 years ago | (#41788665)

TFA and Craig Mundie believes his own spin.
If MS managed to avoid having security loopholes, what makes anyone think that Zune or Touch would've made it? How easy it is to forget DRM and playing by MS rules, proprietary file types, half-baked software, codecs and technology that dosen't fit anything else.
Oh, and just insert Apple pretty much anywhere if you're not a fanboi.
What troubles me the most is the attempt to rewrite history. Much like modern politics I suppose....

Translation (3, Insightful)

folderol (1965326) | about 2 years ago | (#41788671)

It's everyone else's fault. Not ours.

Mmm dost protest too much maybe? (1)

erktrek (473476) | about 2 years ago | (#41788687)

I was under the impression that at least early on Microsoft kinda sorta turned a blind eye to pirating - that way they could spread their stuff far and wide. Only after everyone was "hooked" did they start tightening the screws.

I remember how easy it was to install ms office (and other sw) throughout a business with a single set of installation CDs/diskettes + add extra bogus seats/connections/licenses to your server etc.

Just sayin'

Not quite (0)

Anonymous Coward | about 2 years ago | (#41788833)

> During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.
 
Unlike Unix who thought about security from very early on, with file protections, separation of OS and user privs, etc.

Just really sad. (0)

Anonymous Coward | about 2 years ago | (#41788925)

If anyone truly believes this at MS, they need to leave.

Microsoft ever had "leadership'' in mobile? (1)

gweihir (88907) | about 2 years ago | (#41788941)

News to me. I think this is a case of rewriting history to not admit abysmal failure across the board.

Incidentally, I think that if MS had any real competition for Windows and Office, they would fail about as bad. The technology is still decades behind.

Re:Microsoft ever had "leadership'' in mobile? (0)

Anonymous Coward | about 2 years ago | (#41789191)

Microsoft was competing actively with palm for the pda market and later the early smartphone/pda hybrid. They do (did?) have a lot of expertise to fall back on. But windows mobile always was a mess, they could not touch palmOS simplicity and they stoped trying when it became clear that palm was going no where. Then RIM happened.

Mundie was the Trustworthy Computing guy (0)

Anonymous Coward | about 2 years ago | (#41789063)

Mundie's bio [microsoft.com] . He was an engineering manager and CEO in the minicomputer business before coming to Microsoft. Impressive background, but kind of a weird fit; contrast that with Apple's relentless focus on consumer design.

Mundie, Mundie (ba-da ba-da-da-da)
So good to me (ba-da-da-da-da)
Monday morning, it was all I hoped it would be
Oh monday morning, monday morning couldn't guarantee (ba-da ba-da-da-da)
That monday evening customers'd be here with me

- John Phillips, Mamas and Papas

Willful blindness and disobedience. As M$ OS. (0)

Anonymous Coward | about 2 years ago | (#41789133)

Yeah Microsoft, stop committing cybercrimes and cyberespionage, and focus on providing the operating system and honoring the purchased licences.

So this is what business has come to? (0)

Anonymous Coward | about 2 years ago | (#41789237)

1) Create company
2) Manufacture substandard product
3) Whine about piracy and cybercrime when said product flops
4) Get law passed (lobbying) or cash money (Bailouts)
5) ?
6) Profit!

Laugh (1)

koan (80826) | about 2 years ago | (#41789271)

"'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering."

Because there never was a move to secure the OS when it was initiated, and it only became a priority after numerous public attacks forced it.

But really, to say that a corp the size of Microsoft can't develop new products and secure their existing ones at the same time is naive at best and more like;y propaganda.

If Vista was here sooner... (0)

Anonymous Coward | about 2 years ago | (#41789325)

If Vista had been released sooner, Microsoft would have been worse off. If Windows's glaring security issues were overlooked for so long, it's their own fault for letting them fester instead of addressing them initially. What's this guy's point again?

Corporate culture (1)

PPH (736903) | about 2 years ago | (#41789517)

Victimhood [wikipedia.org] .

What really happened with security (1)

Animats (122034) | about 2 years ago | (#41789631)

Actually, Windows NT 3.51 was in good shape on the security front. It was intended to run 32-bit programs only. The 16-bit subsystem, which was an optional add-on (you could install NT without it), was intended as a short-term conversion aid for legacy code. It didn't support many of the vagaries of Windows 95.

The Intel Pentium Pro had a similar problem. It was a good 32-bit CPU, able to run 16-bit x86 code as well, but not with full performance. Reviewers gave it bad reviews running Windows 95 with 16-bit applications. Both Microsoft and Intel overestimated how rapidly the industry would convert to 32-bit applications.

Recovery from this was done by dumping vast amounts of Windows 95 code into the NT line, to the detriment of security. This resulted in NT 4 (a turkey) and, after a huge effort, Windows 2000 (reasonably good). That's where the effort went.

Also, remember, Microsoft went into the game console business. That cost them a lot more than they expected. The original Xbox was a PC. It ran a version of Windows 2000, and you could run XBox games on Windows 2000 (if you were a developer, had the development kit, and were developing your own game; the DRM prevented running the games of others). It lost money from launch to discontinuation. The XBox 360 was a new design, was incompatible with Windows, required much new software, and finally made money for Microsoft. It sucked up a lot of talent.

(Not as bad as the PS3, though. Developing tools to deal with the Cell architecture sucked up all the talent in SCEA's R&D operation for years. Sony is dumping the Cell for the next round.)

And why did Microsoft have to shift focus? (1)

QuietLagoon (813062) | about 2 years ago | (#41789725)

During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.

Why did Microsoft have to shift focus? Because Microsoft had taken a "features have priority over security" mindset previously. That mindset led to software that was so full of security issues, it is amazing it wasn't exploited more than it was.

.
This premise is substantiated by the fact that other vendors have software in the marketplace and appear to weather the cyber-criminal attacks much better than Microsoft does.

Microsoft will fix its strategic problems only when it stops trying to blame others for the missteps that Microsoft has taken. My for a first step: fire Mr. Ballmer.

No Security (1)

hhawk (26580) | about 2 years ago | (#41789791)

Microsoft has never taken security seriously until the point that Mundie mentions and even after that one can hardly given them a glowing review. That Microsoft failed to build in security from the start was clearly a gamble of some sort. Clearly Microsoft knew of computer security issues; that MSFT choose to ignore serious security for the sake of profits, market share or whatever other factors only to have to stop and fix things, isn't the fail of hackers; that MSFT choose to ignore security is what made it easy for black hat hackers to thrive.

Microsoft was run by idiots. (3, Interesting)

knorthern knight (513660) | about 2 years ago | (#41789871)

I remember Redhat 6.x from the ealy 2000's. It installed with all services+listeners running by default. Stuff like SMTP and RPC and bind was listening. For a Redhat install, the only safe way to install was from CD. Then run "lsof -i" and see what services are listening to the internet, and spend the better part of an hour shutting them down, and/or uninstalling them altogether. Worms like L10n and Ramen were rampant. After a lot of yelling+screaming Redhat finally listened, and stopped installing that stuff by default. Installs could be done without needing a firewall. The worms went away.

Microsoft was run by a bunch of idiots who wanted everything to "just work". One of the advertising claims for Windows 3.1 was "ease of administration". You could send a script as an email to all users in the office, and they simply had to click on it and it would re-configure their PC as you desired. This worked great in a 10-person office before the WWW. On a hostile web/internet, it was a disaster waiting to happen.

In order to make things "just work" for home PCs, Windows defaulted to NetBIOS/NetBEUI and RPC all turned on. This was one of the causes of all the worms that spread by portscanning. To make things worse, by Win98SE, *YOU COULD NOT TURN OFF RPC EVEN IF YOU WANTED TO*.

The "Autorun" mentality was another problem. We all know about sticking a USB key into a Windows machine, and it "automagically" ran stuff. That was not the only such problem.

Excel had "autoexec macros" that ran when you fired up the spreadsheet. MS' first response was to change Excel to set a bit in the file header of the spreadsheet, flagging that it had autorun macros, and Excel shouldn't run them if the user had changed his Excel config to disallow autorun macros. It didn't require genius for bad guys to save a spreadsheet with autoexec macros, and edit the file header of the spreadsheet with a hex editor, telling Excel that the spreadsheet was "safe". Excel then proceeded to run the autoexec macro when loading the spreadsheet, regardless of the user's settings. That was eventually fixed.

Outlook Express (known "affectionately" as "Outhouse Excuse") also "auto-rendered" files. This allowed photos to be displayed inline, and music files (WAV, etc) to be played automatically. The "security" consisted of filtering against a list of safe file extensions (WAV, JPG, etc), and then handing off the file to the OS to run. The OS ignored the extension, and determined the file type by checking the file header, then it handed off the file to the appropriate program. So the bad guys renamed "virus-installer.exe" to "song.wav", and it was automatically executed. This is how SirCam and Bubble-Boy wormed their way around the web.

And then we get to Active X, known "affectionately" as "Active Hacks". This was the mechanism behind so many "drive-by-downloads". What made it worse was that Active-X was rammed down people's throats by Internet Explorer. Let's say you disabled Java, Javascript, and Active-X in IE.

* Java was Sun's product. You launched a webpage with a Java applet, the applet didn't download and run, but the rest of the page displayed properly. IE "degraded gracefully".

* Javascript (originally called "Livescript") was Netscape's baby. You launched a webpage with javascipt, the javascript didn't run, but the rest of the page displayed properly. IE "degraded gracefully".

* Active-X was Microsoft's baby. A lot of webpages had Active-X code. When IE came across a page with Active-X, and IE had Active-X, then IE came to a screeching halt, and put up a modal dialogue about how "This page may not display properly". It would not budge until you clicked OK. With all the Active-X applets on the web, IE was effectively unusable with Active-X disabled. Just like UAC several years later, people got sick and tired of clicking "OK" every 30 seconds, and simply enabled Active-X in IE. That was what kept drive-by-downloads going.

Microsoft have only themselves to blame.

If they'd done it right in the first place... (1)

asdf7890 (1518587) | about 2 years ago | (#41789967)

So let me get this straight: nasty criminals taking advantage of the security holes stopped them making and marketing glorious new products with glorious new security problems? Perhaps if security wasn't so bad to start with that would have been less of a problem. (yes, I know Windows security is pretty good these days, but it wan't then which is both my point and, essentially, his too)

Microsoft was basically the only company that had enough volume for it to be a target

Crap. Volume is not the only value of import here at all. Volume isn't insignificant, but the overall problem is more proportional to volume * ease-of-attack. If it were just volume then Apache would have been in the news for security problems more than IIS rather than the other way around.

That's not the whole story Microsoft (1)

erroneus (253617) | about 2 years ago | (#41790029)

You built Windows starting with DOS and slapped Windows on top. With each release, it was a new evolution which mixed in the result of Microsoft's collaboration with IBM's OS/2 to create NT.

The Apache web server got its name because of how it was built and developed. But if any one product deserves the name, it's Windows. It is simply far too patchy to be secure.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?