×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

627 comments

Download.Ject (3, Informative)

romper (47937) | more than 9 years ago | (#10111254)

From TFA:

WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?

In case anyone is wondering about Download.Ject, check this link [www.mikx.de] out. It's only a matter of time until a high-volume site gets compromised with this exploit. Scary stuff.

Sadly, Firefox isn't affected.

Re:Download.Ject -- CORRECTION (5, Informative)

romper (47937) | more than 9 years ago | (#10111300)

Sorry to reply to my own post, but figured I should before the flamethrowers start in.

Download.Ject information is actually here [microsoft.com] . The exploit referred to above is actually the "what a drag" exploit. Still pretty scary if you ask me.

Anyway, the editor (me) regrets this error. =)

huh? (-1, Flamebait)

no reason to be here (218628) | more than 9 years ago | (#10111306)

Sadly, Firefox isn't affected.

what exactly do you mean by that, praytell?

You want that firefox would be affected?

It's a JOKE (0, Flamebait)

romper (47937) | more than 9 years ago | (#10111328)

I was kidding, dipshit. =)

Re:It's a JOKE (5, Funny)

Ignignot (782335) | more than 9 years ago | (#10111371)

You may think that its funny that firefox doesn't support Download.Ject technology, but for the rest of us in the real world, how can we offer it as an alternative to explorer? My PHB will just say "Ignignot, I like this FireFox thing you have working on my computer. But I've read in the Wall Street Journal that it doesn't support Download.Ject. I'm afraid we simply can't afford to make this switch."

We need this feature fixed now if not sooner, otherwise we're all going to be stuck using this insecure MS offering!

When will there ever be a feature complete open source internet explorer??

Re:It's a JOKE (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10111383)

THANK YOU! Finally, someone else with a sense of humor. :)

Re:It's a JOKE (-1, Offtopic)

mattdm (1931) | more than 9 years ago | (#10111468)

THANK YOU! Finally, someone else with a sense of humor. :)

Ahhhh, I see the ":)" you have there. Now I understand. Because, see, on the in-ter-net, one can't tell if anything is funny unless the author puts a smile symbol after it. Without that cue, how could anyone possibly recognize humor? Well, they couldn't, that's how. Well, that's how not. Anyway: it would be impossible. Text on computers just doesn't have the same social cues we get in person, or from reading printed words that might be funny. The original post didn't have the right explanatory code, so of course no one realized the hilarity of the jest. But now we do. Thank you.

Re:It's a JOKE (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10111428)

Well, I got a joke for you: I'm gonna tear you a new asshole.

Re:It's a JOKE (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10111471)

So much violence in the world.

Can't we all just GET ALONG???

Re:It's a JOKE (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10111477)



Well pilgrim, only after you eat the peanuts out of my shit.

Re:Download.Ject (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10111309)

Sadly? How is that sad?

Re:Download.Ject (5, Funny)

daeley (126313) | more than 9 years ago | (#10111311)

Sadly, Firefox isn't affected.

When will Open Source advocates realize that it's just this sort of behind-the-times technological gaffe that will keep Linux in single-digit marketshare forever? ;)

Re:Download.Ject (2, Informative)

W2k (540424) | more than 9 years ago | (#10111316)

If there's no fix for Internet Explorer, then what do you call this [microsoft.com] ?

Oddly, the site you linked [www.mikx.de] says that SP2 users are affected, but Microsoft [microsoft.com] 's page says they're not. Clearly someone must be wrong, or the page you linked is about a completely different bug (it does not mention Download.Ject in its body). What gives?

Re:Download.Ject (4, Informative)

Jim_Maryland (718224) | more than 9 years ago | (#10111386)

If I'm not mistaken, XP SP2 includes the work around which changes a registry entry related to the exploit. XP SP2 doesn't really fix this particular problem but disables the functionality that is being exploited. In a way, users aren't at risk, but if you rely on that functionality, well your out of luck for now or you must run with the risk.

Re:Download.Ject (1)

GlassUser (190787) | more than 9 years ago | (#10111373)

In case anyone is wondering about Download.Ject, check this link out. It's only a matter of time until a high-volume site gets compromised with this exploit. Scary stuff.

I've tested this on several machines with different versions of IE, windows SP, and such. It hasn't worked on a single one. I'm going to say this is FUD.

Honesy (2, Insightful)

dsk052 (230739) | more than 9 years ago | (#10111260)

Hey, at least their honest about it. They could have put a spin on it.

Re:Honesy (1, Funny)

Anonymous Coward | more than 9 years ago | (#10111350)

You know what they say:

"Honesy is a virtue. :)

Re:Honesy (5, Insightful)

krog (25663) | more than 9 years ago | (#10111356)

They left the spinning to Slashdot. RTFA. The interviewee says:

It's not a switch that can be flipped. Software written by humans will always contain errors. We're fundamentally changing the way things operate, to help to make software more resistant to attacks. We're two and a half years down a much longer road; it's more of a 10-year timeline.

What me meant is that Microsoft is completely reworking the way their browser operates -- not just toughening a few system calls here and there. A total reconsideration of how a browser should be designed.

The Slashdot editors took that and spit out "AHAHA M$IE INSEKURE UNTIL 2011! LOL@GATES"

Hardly seems fair.

What is unfair here? (4, Informative)

revscat (35618) | more than 9 years ago | (#10111404)

A) A Microsoft representative said that it will take an estimated 11 years to fully secure Windows
B) Slashdot reports this

What spinning or unfair editing took place here? Your pullquote doesn't seem to show anything unfair. Yes, they are reworking key system components. But that still doesn't change the fact that Windows is so insecure that it will, by their own admission, take over 10 years to fix it. That's pretty important.

Re:Honesy (4, Insightful)

Ignignot (782335) | more than 9 years ago | (#10111446)

They could have put a spin on it.

It is likely that this is spin. When someone has a job that depends on the future security of a product that is likely next to impossible to make secure without a complete rewrite, what can he do? He has limited budjet, and unrealistic goals. So he makes a 10 year plan, saying that they will be secure in 10 years. He shows progress to his boss, and his boss is happy. He gets to keep his job.

Then, 2 years down the line, he revises his 10 year plan to expire in another 10 years - as long as the deadline is far enough away, he keeps his job, he puts food on the table, and the PR bunnies have something to hop about. This happens all the time in business, particularly publicly held companies. I would be very sceptical about any future Microsoft promises about security.

Re:Honesy (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10111469)

Hey, at least their honest about it.

Their honest? Is that instead of my honest? Or your honest? Perhaps you really meant they are, which is abbreviated as they're.

Also admitted (5, Funny)

ReidMaynard (161608) | more than 9 years ago | (#10111268)

Stephen Toulouse also admitted he is retiring in 2010...

Firing offense? (0, Troll)

Sean80 (567340) | more than 9 years ago | (#10111270)

Geez, if I said things like that about my product, to the extent where I wouldn't even use it because it's so insecure, I'd be shown the door in next to no time.

So, either he's incredibly brave, incredibly stupid, or that's a point for Microsoft, for allowing their employees to be candid about the state of their products.

Totally (2, Insightful)

mfh (56) | more than 9 years ago | (#10111312)

Geez, if I said things like that about my product, to the extent where I wouldn't even use it because it's so insecure, I'd be shown the door in next to no time.

Yeah, who wants to bet that Stephen Toulouse gets a pink slip? It wasn't long after Salon suggested people switch to Firefox or Mozilla until IE was patched, before we learned that MS was selling the magazine.

Re:Firing offense? (0)

Anonymous Coward | more than 9 years ago | (#10111342)

I like how MS is starting to open up. You can read honest (and not always very flattering) accounts on both MSDN Blogs [msdn.com] and Channel 9 [msdn.com] Just a few years ago it would have been impossible to imagine MS ever running a wiki [msdn.com] !

Re:Firing offense? (3, Informative)

gregarican (694358) | more than 9 years ago | (#10111344)

I recall years ago working for the RAID manufacturing division of Conner (the hard drive/tape drive company, which was bought out by Seagate). The building right down the street from ours was responsible for tech support of their tape drives and backup software. What did our facility use for backup software? Not Backup Exec! We used Legato Networker. I recall some tours the corporate big wigs were given every now and then. Their expressions were funny to see if they peeked in the server room!

Re:Firing offense? (1)

Monkeyman334 (205694) | more than 9 years ago | (#10111401)

The way I see it: It's nice to know someone at MS isn't a stupid drone, and is at equal or greater technical prowress of my parents (who figured out that mozilla would be a good idea).

Re:Firing offense? (0)

Anonymous Coward | more than 9 years ago | (#10111408)

No it just shows you the power of LOCK IN!

Can you imagine any other product maker saying stuff like this and still having business?

Hell, can you imagine any other product *staying on the market* with the kind of performance Microsoft has displayed?

Microsoft has something beautiful (for them).. a user base that just can't afford to switch.

Re:Firing offense? (5, Informative)

brickbat (64506) | more than 9 years ago | (#10111425)

This really needs to be modded down, as it's not only not insightful, it demonstrates a total lack of comprehension of Toulouse's response.

He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.

And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.

So, please mod the parent down -1, Needs a Clue.

Missing: Interview (5, Insightful)

RobertB-DC (622190) | more than 9 years ago | (#10111274)

What sort of "interview" only includes four loaded questions? Wired gets hold of the Microsoft "security program manager", and these are all the questions they ask? I'm no M$ fanboy (though I must admit I make a living writing programs for Windows), but surely they can do better than this obvious hatchet job:

WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take?

In other words: So, when will you stop beating your wife?

Meanwhile, Firefox and Opera look awfully appealing.

Ok, the guy really stepped in it here when he plugged Firefox (though I'm an Opera fan [opera.com] , myself).

What about removing capabilities from IE to beef up security?

You think you'll get him to promise to cut off "capability"-dependent programs (and their programmers) at the knees?

Seems like you're fighting a losing battle.

Objection: counsel is badgering the witness. The only appropriate answer would probably be, "Yes, we are, f*** you very much."

Re:Missing: Interview (5, Insightful)

MrMr (219533) | more than 9 years ago | (#10111381)

In other words: So, when will you stop beating your wife?
Except that to make the analogy complete, you should add that in this case the question is put to somebody who is actually busy beating his wife...

Objection: counsel is badgering the witness
Overruled, Wired reporters are not counsel but more like prosecution, and this guy is not a witness but a suspect.

Re:Missing: Interview (1)

njfuzzy (734116) | more than 9 years ago | (#10111392)

An aggressive interview is actually a great technique to give the interviewee a chance to provide their best stuff. It is used all of the time in the UK. At first, I thought it was extremely unfair. After a while, I realized that you can cover a lot more ground, and defend your position a lot better, if the interviewee takes on the role of the detractor.

Re:Missing: Interview (2, Informative)

BrynM (217883) | more than 9 years ago | (#10111402)

What sort of "interview" only includes four loaded questions?
In the print version of the September issue, it's just a sidebar. Wired does this a lot. There are often little tidbits in sidebars throughout the magazine. This was one of them. Go look at a copy at your local newsstand. I don't remember what page it's on, but it was never meant to be a full blown article/interview. I'm actually impressed that they include their content in the web version so completely.

Re:Missing: Interview (3, Informative)

Tet (2721) | more than 9 years ago | (#10111407)

Ok, the guy really stepped in it here when he plugged Firefox

But he didn't even do that! All he said was that he needed to upgrade Firefox to fix a security problem. Not that he used it as his main browser, and certainly not that he didn't use IE every day like all good Microsoft employees. Merely that he had it installed on his machine, and patched it as appropriate. In his job, I'd expect him to have a copy of alternative browsers on his system. I'd be surprised if he doesn't have Opera installed, too.

Re:Missing: Interview (1)

Bloater (12932) | more than 9 years ago | (#10111440)

> So, when will you stop beating your wife?

The day before I first met her.

Re:Missing: Interview (1)

mrchaotica (681592) | more than 9 years ago | (#10111472)

So you went back in time and beat her? I think those temporal police from The One are going to come after you...

Re:Missing: Interview (0)

Anonymous Coward | more than 9 years ago | (#10111445)

OH come on.

Microsoft's record here is abysmall. Their arrogance astounding.

Products of Microsoft's popularity (or should I say, "widespread distribution") simply should *NOT* have the defect rate they do.

I know it's possible to write secure software. I use OpenBSD and DJB's tools and I sleep well at night. If these guys can do it, so can somebody at MS.

Since most folks can't afford to switch away from MS, we *must* hold their feet to the fire until they get a clue and make changes pronto.

We know they screwed up, they know it, let's not pretend otherwise.

I security really that important? (2, Insightful)

ellem (147712) | more than 9 years ago | (#10111278)

Windows hasn't been all that secure since, well, forver. Has the horrendous security done anything other than support thousands of jobs and spawed a massive aftermarket security industry?

Put your bank data online and give out your IP (0)

Anonymous Coward | more than 9 years ago | (#10111374)

Make sure you're using a Windows box.

Then tell us if a secure OS is important...

Re:I security really that important? (0)

Anonymous Coward | more than 9 years ago | (#10111443)

actually OP makes a good point. How bad is this insecurity?

Palladium? (5, Interesting)

onree (680951) | more than 9 years ago | (#10111279)

Sounds like an acknowledgment of the extended timeline for something like Palladium/Trusted Computing. I've been curious to hear more about when and where that's actually going to show up.

He runs Firefox, duh!? (4, Insightful)

garcia (6573) | more than 9 years ago | (#10111286)

He also reveals that he runs Firefox.

If you were working in the X divison of a company wouldn't YOU be using a competitors program so that you could know what they were doing to make their side better? I know I would.

In fact, I would be completely disappointed if he DIDN'T run Firefox.

Among other browsers, I'm sure! (5, Insightful)

addie (470476) | more than 9 years ago | (#10111385)

He also reveals that he runs Firefox

Indeed, parent post is correct. Besides, the article doesn't say that he uses FireFox exclusively by any means. In fact he only mentions FireFox to prove that all browsers are susceptible to attacks.. Here's hoping he also uses NS, Opera, Safari, and whatever browser he can to do testing and research.

Yet more spin by /. zealots who don't take the article at face value.

Longhorn (1, Funny)

Orange Apple (809503) | more than 9 years ago | (#10111287)

Now I really havea reason to buy Longhorn... I would move to Linux full time but I can't get MySQL running, grr...

Re:Longhorn (1, Offtopic)

FyRE666 (263011) | more than 9 years ago | (#10111414)

Eh?! MySQL has to be one of the simplest pieces of software to install (on Linux at least). Just create a user/group called mysql (in the unlikely event that you don't already have them) ungzip it somewhere, and make sure ALL the directories/sub directories are owned by mysql and group mysql (this trips people up). Change to the directory created when you ungzipped it. Type ./configure and it'll sort itself out and start up. Then change the password for root etc... For subsequent boots, add an init script to start it automatically, or change to the mysql directory, type "bin/safe_mysqld &" and you're running.

Re:Longhorn (0)

Anonymous Coward | more than 9 years ago | (#10111420)

Ummm... how can't you get MySQL running? What distro are you using?

I'm surprised (0, Funny)

Anonymous Coward | more than 9 years ago | (#10111288)

I thought having a CTO/CEO declare security as high priority would get the soldiers all in line and squash all those bugs in millions of lines of code. After all, MS is better at writing software than any other corporate entity right?

Reading between the lines (5, Funny)

El (94934) | more than 9 years ago | (#10111291)

"it's more of a 10-year timeline... but my stock options will be fully vested in 5 years, so I'll be long gone before the shit hits the fan on security still not being fixed!"

I dont know if he really *uses* firefox... (4, Interesting)

angst7 (62954) | more than 9 years ago | (#10111294)

The context made it seem more like he saw an opportunity to mention a flaw in the competing product.

Re:I dont know if he really *uses* firefox... (4, Insightful)

Aneurysm9 (723000) | more than 9 years ago | (#10111430)

Exactly. When was this interview done that he had just installed the shell exploit fix that morning? Besides, that's a fix for a *Windows* problem and he should be more concerned with fixing it than making hay about someone else's patch for their problem.

Four Questions (3, Insightful)

AKAImBatman (238306) | more than 9 years ago | (#10111295)

Only four questions? Yikes! That's not much of an article!

Re:Four Questions (2, Interesting)

spidereyes (599443) | more than 9 years ago | (#10111460)

Not only is it a very short article, but it seems to deal mainly with the browser. It would have been nice to see some details about the rationale behind the 10 year wait to a secure operating system.

And if it does take Microsoft 10 years to secure it's operating system, one could only imagine the leaps Linux will take :-).

in related news (0, Funny)

Anonymous Coward | more than 9 years ago | (#10111302)

slashdot reveals it will not fix the IT color scheme for 10 more years...

7 Years To Go? (3, Funny)

MooseByte (751829) | more than 9 years ago | (#10111307)


... So please refrain from computing for the next 7 years. Just go about your lives. Pay no attention to the penguin and cute little red daemon over there. Hey look! Over here! Have this complimentary Plush Clippy!

Re:7 Years To Go? (0)

Anonymous Coward | more than 9 years ago | (#10111438)

LOL an article about Microsoft and somone mentions clippy holyshit your'e a comeeeedian! You should have mentioned BOB too and you'd have split my sides you one funny guy!!!!

Service Pack 2 (4, Funny)

mishehu (712452) | more than 9 years ago | (#10111310)

And gee, I thought that service pack 2 with a firewall that can be controlled by ActiveX was going to fix all of those holes!

Oh, wait, actually service pack 2 renders some computer unbootable, so that must be the real trick!

Re:Service Pack 2 (0)

Anonymous Coward | more than 9 years ago | (#10111368)

If it can't boot, it can't be hacked...How much more secure can you get?

Oh...you wanted it to work.

hrm.... interesting... (0)

MrAnnoyanceToYou (654053) | more than 9 years ago | (#10111318)

"softvvare vvritten by humans vvill alvvays have errors..." (Amusing hovv my keyboard gives this microsoft guy the Transylvanian accent he deserves....) Does this imply a movement in the future tovvards Microsoft having softvvare vvritten by softvvare so as to have no errors? VVouldn't bugs in the original softvvare code simply propagate themselves later on in a more magnified version? Hrm.... Things to think about.

Fat lot of good it will do... (5, Funny)

darth_MALL (657218) | more than 9 years ago | (#10111321)

According to the Mayan Calendar [levity.com] We'll only get a year to enjoy it!

Move the timeline out indefinately... (4, Funny)

Anonymous Coward | more than 9 years ago | (#10111332)

If everyone is spreading viruses, it ceases to be a stigma, and becomes the accepted norm. Think of it this way:

If everyone had AIDS, you wouldn't have to be all that concerned about STDs now, would you?

New Apple add:
iMac, its like a computer with a condom!

Security Update (5, Insightful)

MikeMacK (788889) | more than 9 years ago | (#10111334)

Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system.

But that's just it, at least he had an update to install, MS doesn't release security updates as quickly as it needs too, as the first question mentioned.

Re:Security Update (5, Informative)

Archangel Michael (180766) | more than 9 years ago | (#10111375)

Actually, the exploit only worked on Windows Machines. Firefox for Linux, MacOS etc was not affected. It had more to do with native Windows security than it had to do with Firefox.

Re:Security Update (1)

kidgenius (704962) | more than 9 years ago | (#10111462)

IIRC, this particular hole dates back to over a year ago, when IE had the same exact hole. They fixed it, but it only looks like they fixed it part way. They prevented IE from exploiting the hole, but they left the hole there, potentially allowing programs in the future to exploit it.

Buy a car from my company now! (3, Interesting)

tie_guy_matt (176397) | more than 9 years ago | (#10111340)

Yes buy a car from me today. Look at all the great features! The controls are so easy to use! Any idiot can drive one!

Of course we won't perfect the brakes or the air bags for another 10 years or so, but hey the seat belts work most of the time. So buy my car version "XP" now so you can get a taste of what a safe car of the future will be like

Fine... (1, Funny)

Mateito (746185) | more than 9 years ago | (#10111343)

Windows Not Expected Secure Until 2011, Says MS

Fine. I'll hold off installing XP until 2011 then.

Homeland Security Implications (0, Funny)

Anonymous Coward | more than 9 years ago | (#10111345)

Man, that's a long time for Mr. Bush to loose sleep. Should not the States just occupy Microsoft, to prevent an obvious, known threat to Homeland Security?

Story comes with ad for Microsoft "security" (3, Funny)

Animats (122034) | more than 9 years ago | (#10111361)

This Slashdot page is being served with a Microsoft ad boasting about their security. Really.

Bash away... (2, Insightful)

MalaclypseTheYounger (726934) | more than 9 years ago | (#10111362)

Everyone bashes Microsoft because of their fallible software.

Let's think about this for a moment: ALL SOFTWARE IS INSECURE. Microsoft is just the biggest player, so they are targeted the most often. There have been 'proof-of-concept' viruses written for Linux, Macintosh, even cellphones via BlueTooth.

Compare Microsoft to automobile makers. When they started, they were unsafe. So they added a 'fix' like seatbelts. Then they added crumple zones, an enhancement to make them safe. Airbags, side impact curtains, rear-sensors for backing up, and so on, and so on.

If the stupid driver of the car wants to get drunk and drive backwards 100mph down the freeway with no lights on, do we blame the automobile manufacturer?

No... so, maybe we should just START to take a little blame for windows security problems. Stop running that cute screensaver your Aunt Matilda sent you. Don't go to webpages that advertise 'warez' and 'free 3leet mp3z!'

Microsoft is partly to blame, but they're the biggest fish in the sea. Every 'fisherman' is out to get them. When Linux or Mac or Mozilla or whatever becomes the primary player, they will be found out to have just as many liabilities in the security department, I'm sure... They may get fixed quicker because of the relative smallness and open source attributes, but the bugs are there. Just no one is looking/caring too much. Yet.

(I fully expect to be modded down a bajillion points for making a case for Microsoft here. Go ahead, then)

Re:Bash away... (-1, Flamebait)

MalaclypseTheYounger (726934) | more than 9 years ago | (#10111455)

Aha! That took about 4 minutes... typical knee-jerk SlashDot moderator response to mark a well thought out comparison of Microsoft's product as FLAMEBAIT because it doesn't 'go with the flow' of the OSS typical community found here.

I don't agree with you, so that makes me wrong/flamebait.

Putz.

(BTW: THIS post IS flamebait)

Re:Bash away... (5, Insightful)

BenjiPenguin (767955) | more than 9 years ago | (#10111465)

"Microsoft is partly to blame, but they're the biggest fish in the sea. Every 'fisherman' is out to get them. When Linux or Mac or Mozilla or whatever becomes the primary player, they will be found out to have just as many liabilities in the security department, I'm sure... They may get fixed quicker because of the relative smallness and open source attributes, but the bugs are there. Just no one is looking/caring too much. Yet."

Linux is already one of the biggest players in the server department, and that's where a majority of viruses and exploits are aimed at... I still don't see announcements for all these business running Linux servers being compromised.... The fact is, Linux is theoretically and in actual practice more stable and secure. Windows isn't.. A virus won't JUST affect your user account files in Windows... I think they're mostly to blame...

" No... so, maybe we should just START to take a little blame for windows security problems. Stop running that cute screensaver your Aunt Matilda sent you. Don't go to webpages that advertise 'warez' and 'free 3leet mp3z!'"

People aren't that smart.

Migrations... (4, Interesting)

Alaren (682568) | more than 9 years ago | (#10111363)

Well, when a similar announcement was made about the insecurity of IE, we managed to migrate an entire university library (1000+ machines) to FireFox. I know the migration was significant across the country.

Maybe this will provide some impetus to get us converted to Linux?

What?? 100% known secure isn't possible. (4, Insightful)

DunbarTheInept (764) | more than 9 years ago | (#10111366)

What in the blazes does it mean for something to finally be "secure"?? It's not as if it's actually an achievable goal, and it's not as if you'd have a way to detect when you'd achieved it even if it was achievable.

The 100% secure line is an asymptote. You can get fractionally closer to it, but never ever actually achieve it.

To be fair... (5, Insightful)

artemis67 (93453) | more than 9 years ago | (#10111372)

he didn't say that FireFox was his primary browser, he just said that he had to patch it because of a vulnerability.

I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.

firefox (1)

joeldg (518249) | more than 9 years ago | (#10111377)

glad to see he is running firefox.
seems these days, everyone is switching over to it because running IE means that you can expect to have your computer taken over every other day.

firefox hopefully will put those anti-spyware programs at least partially out of business.
and
If MS is running firefox, I image the next version of IE will look familiar to those of us who have already switched away..

In case you're wondering... why? (4, Insightful)

Penguinoflight (517245) | more than 9 years ago | (#10111382)

First, someone posted above, the analogy between windows security fix, and Slashdot's terrible "IT" theme.

Second, the idea that an MS head is using firefox is hardly surprising, it's much more at issue that he's willing to admit it to Wired, and doesn't even seem to mind that open source is a better alternative.

Microsoft has had a history of using open source projects, most famously with qmail+unix on their hotmail, but even branching to the MSN gaming zone, etc. It's really not too surprising, considering a lot of the unix foundation implemented in their NT-XP series.

Sad (5, Insightful)

apoplectic (711437) | more than 9 years ago | (#10111394)

What kind of pathetic headline is that? When did MS say "MS not expected secure until 2011"?!?! This is called sensationalist GARBAGE, people! Stop putting this swill up as headline material.

Having someone say "it's more of a 10-year timeline" does not equate to "MS not expected secure until 2011"...much less "MS says" 2011. The phrase "more of a..." connotes a generality. The headline is pure, conjured specificity.

Crap like this makes me become seriously disenchanted with Slashdot.

Even XP SP2 is easy to tamper with (5, Informative)

mslinux (570958) | more than 9 years ago | (#10111403)

Change the following registry value to 4 and the new "Windows Security Center" will stop working upon reboot... it runs as a service that any admin user can kill. Did I mention that by default all XP users are admin ;)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w scsvc\Start

Also, here's a Python script [vt.edu] that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.

This is just two example of what MS does to "secure" their systems. God help us all.

10 years? what are they doing in Seattle? (0)

Anonymous Coward | more than 9 years ago | (#10111405)

Take them 10 long years? what are those Microsoft folks doing? smoking a halibut or something? I think Microsoft should start hiring decent programmers and test engineers to test their product before they release.

In other news from MSFT (1)

YankeeInExile (577704) | more than 9 years ago | (#10111417)

The Benevelent Software Source is pleased to report that in the last quarter, the seventh three-year-plan for software patches has been overfulfilled by 98%

Meaningless (2, Insightful)

Lord_Dweomer (648696) | more than 9 years ago | (#10111423)

In that much time, there will be new vulnerabilities discovered in new software that is created. There will ALWAYS be a way, and there is no way they can guarantee this. Will computers be a little more secure? Sure, in many ways. But they will also be a lot more insecure in others. Remember, we're dealing with the same idiots who install Bonzi Buddy because he seems friendly, or Weatherbug because it sounds so convenient that they don't care abou the EULA.

takes a long time to turn a big slow boat (1)

methuselah (31331) | more than 9 years ago | (#10111436)

Guess its official Microsoft has reached beaurocratic status. That sounds an aweful lot like a government timeline. Oh well, the masses are content. So whatever happened to innovate? hmmmm...
Oh they are a monopoly they don't have to do silly things like compete anymore. Too bad there isn't someone out there that created a secure solution already. Its not like Microsoft would steal it and drive them into bankruptcy. Hey, thats a great idea I am sure that some entrepeneur will get right on that....

Firefox has bugs (2, Informative)

qwerty75 (775323) | more than 9 years ago | (#10111437)

Not certain what the big deal is about him running firefox. It seems to me the only statement he made was that he has to download patches for that program too not that he exclusively used Firefox as his browser because of secruity problems with IE.

The only secure computer is one that is turned off and encased in six cubic feet of concrete surrounded by a faraday cage.

Only a matter of time (1)

daemonc (145175) | more than 9 years ago | (#10111439)

Until Windows includes a Mozilla-based browser by default.

I worry about what will happen after that though...

Will Mozilla stagnate without any competing browsers?

Will MS start committing code to Mozilla?

How to make Windows secure: (1)

JBMcB (73720) | more than 9 years ago | (#10111441)

1. Read the C2 security certification guide from the NSA.
http://nsa2.www.conxion.com/

2. Remove the network card from your computer.
3. Install Windows 2000 Workstation.
4. Install all service packs and security hotfixes from Microsoft from CD.
5. Turn off all unecessary services, including server, messenger, networking, etc...
6. Get 2000lite and nuke internet explorer off your computer.
http://www.litepc.com/

7. Lock down a restricted user for general machine use.
8. Install OpenOffice.org for office applications.
9. Remove floppy and cdrom drives and lock case.
10. Epoxy shut the USB ports to discourage thumbdrive use.

All done! I dare anyone to hack into this machine :)

Clarke had it Right... (1)

Hellbuny (444564) | more than 9 years ago | (#10111464)

The previous year Lucifer appears in the sky, and in the following Windows will be secure... Coincidence or Prophecy... You decide ^^

Funny though, I figured it would take MS more than one year to gather all the souls it would need to sell in order to make it secure... either that or I need to read my EULA more carefully..

What the...? (4, Insightful)

Jugalator (259273) | more than 9 years ago | (#10111475)

Since when did security become a goal you can achieve after a certain amount of time?

It's something you always need to keep an eye open for, and combat exploits whenever necessary. How can Microsoft say "it's more of a 10-year timeline". That statement alone makes me wonder how sane Microsoft's security program manager is. So Microsoft are going to dismantle their security team in 2011?

What would the Linux community think if Linus went out claiming that "we expect the Linux kernel to be secure in version 3.0"??

Anyone who takes software security seriously should understand that you can never expect a product to be secure after some period of time.

"Secure" is also relative and not at all an absolute term.

MS != evil (0, Flamebait)

numLocked (801188) | more than 9 years ago | (#10111476)

I've always felt that MS isn't inherently an evil company, it's just that any company that size is going to screw up. The fact of the matter is that no one else can pull off what MS has done - it takes a huge amount of resources to make some of their products and innovate like they do. Yes, Linux, Firefox, and a host of other free software has pretty much identical functionality, but that functionality wouldn't have ever been thought of without MS. This interview indicates to me that MS is not trying to hide anything, but is instead genuinley trying to improve their products. They know that apps that size are going to have products, and they apologize - it's too bad when they are accused of being a horrible company because of bugs. Applications these days are just too complicated to be completely secure. In recent months MS has actually been very forthcoming with what their plans for the future are. As much as you might like open source, MS's influence has been integral to the developement of those technologies. I'm not exactly sure what my point is, but articles like this really make me like MS more - maybe even feel sorry for them as they fight a losing battle against people who want to cause damage to their customers and to the company itself.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...