Linked by Thom Holwerda on Wed 2nd Aug 2006 21:08 UTC
Microsoft Microsoft will focus on rapid acquisitions to quickly build its security capability, the company said this week. Recent acquisitions such as Winternals and virtual private network specialist Whale will help Microsoft build a comprehensive range of integrated services that cover every aspect of security, according to Gopal Kutwaroo, Microsoft's UK security product manager.
Order by: Score:
Security and backwards compatibility
by sbenitezb on Wed 2nd Aug 2006 21:54 UTC
sbenitezb
Member since:
2005-07-22

If they keep backwards compatibility, no matters how much skilled security experts they get, it's going to be the same Windows.

But they have to.

Reply Score: 4

Nex6 Member since:
2005-07-06

true, but vista rewrote alot of code. and added a ton of better design. which should in turn make things easyer to fix and identify in the future.

including the low rights framework which IE will use, and any app can use. also .NET has some pretty good stuff built into it.

-Nex6

Reply Score: 2

RandomGuy Member since:
2006-07-30

"and added a ton of better design."
Not really easy to "add" good design/security as an afterthought...

I might be wrong but using virus & firewall with windows, I always felt like painting a thin wooden door to look like a massive metal door so that nobody would break it ;)

Reply Score: 1

rayiner Member since:
2005-07-06

Not really easy to "add" good design/security as an afterthought...

Not only that, but you can't acquire security.

This reflects a systematic cultural problem at Microsoft. They fail to understand that security and stability are inversely proportional to complexity and size. You don't achieve security by adding things, you achieve it by taking things away.

Reply Score: 4

Nex6 Member since:
2005-07-06

even Linux, and FreeBSD are adding stuff to there OS's.
you can not remove functionality. but going back, and recoding stuff or change designs can correct alot of problems.

-Nex6

Reply Score: 2

RandomGuy Member since:
2006-07-30

Absolutely. Reminds me of this:
"Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away."
Antoine de Saint-Exupery

Although that should probably go with Einstein's famous quote "Make things as simple as possible, but not any simpler"

I really wonder if it would do MS more harm in the long term if they opted to ditch 100% compatibility and use something like the emulation mode now used for dos apps...

I mean, it is pretty obvious that their current development model is not going anyway in the long term...
They really have to come up with a solution to handle the ever growing complexity instead of just piling stuff on top of their aging architecture...

Reply Score: 2

Nex6 Member since:
2005-07-06

i agree, but i dont think Microsoft will drop backwards compatibility. instead i think there are go to add things like the low rights framework, audit the old stuff. and have better/good design princeiples going forward, with the hope of one day being able to remove it as everyone goes to .NET.

-nex6

Reply Score: 2

rayiner Member since:
2005-07-06

That's definitely a good point, and one I think a lot of people don't realize. The complexity of Windows is growing geometrically. I don't think Microsoft can keep it up. Vista +1 will never come out if they keep their current development model.

Reply Score: 1

rcsteiner Member since:
2005-07-12

If they keep backwards compatibility, no matters how much skilled security experts they get, it's going to be the same Windows.

But they have to.


I strongly disagree.

Most applications only communicate with Windows on the API level, and most Windows APIs aren't really concerned with the underpinnings of the kernel, filesystem(s), etc.

The API could easily be emulated on top of another platform. That's how Wine and Odin work, but Microsoft would have the huge advantage of having access to the real Windows internals. They wouldn't have to guess.

Besides, with today's virtualization technology and CPU resources, it wouldn't be all that hard to completely virtualize individual Windows instances under something totally dissimilar to the existing platform.

The "backwards compatibility" card has been played since Windows 95, and it's just as invalid now as it was back then. Perhaps more so.

Edited 2006-08-03 19:23

Reply Score: 1

Money can't buy you love ...
by Tom K on Wed 2nd Aug 2006 22:42 UTC
Tom K
Member since:
2005-07-06

... and security. You can't just "buy" security. Security in computer software is part mentality, part skill, and part proper engineering.

Microsoft, in the past, was picking two.

Reply Score: 2

RE: Money can't buy you love ...
by Nex6 on Wed 2nd Aug 2006 23:14 UTC in reply to "Money can't buy you love ..."
Nex6 Member since:
2005-07-06

but, some of the design and architechual stuff was all done. pre internet, when security was simpler. also:
microsoft has backwards compatibility accross all its older OS's. which noone else does to the degree MS does. if they ditched backwards compatibility, i am sure security would improve by leaps and bonds.


-Nex6

Reply Score: 1

twenex Member since:
2006-04-21

microsoft has backwards compatibility accross all its older OS's. which noone else does to the degree MS does.

There are two answers to that.

The first is: Not true; I recently ran an unmodified (UNIX) Version 7 binary /on Linux/, without problems. Someone (I forget who) claims publicly to have recently run binary/ies from Linux 0.9 on a modern Linux system. True, Linux doesn't go as far back as DOS, but what do you want? To be able to run binaries from Linus's first (owned) OS (the VIC-20 monitor) on Linux? You probably can!

Also true, I probably couldn't run an unmodified DG-UX binary on Linux, but that would probably be classed as cross-compatibility ("sideways compatibility", or maybe "diagonal [backwards and sideways] compatibility"). Now even XP doesn't offer "diagonal compatibility" for OS/2, IIRC.

The second is: Everyone else runs backwards compatibility in virtual machines. Given the security holes MS's approach to BWC entails, why would you WANT to do it the MS way?

Reply Score: 1

rayiner Member since:
2005-07-06

That's true. People often don't give credit to Linux for its level of binary compatibility, because they mistake configuration issues binary compatibility issues. Binaries designed for RedHat 5.x may very well not run out of the box on Fedora 5. However, that doesn't mean binary compatibility has been broken. Rather, the dynamic link libraries in question have been deprecated, and are not installed by default. If you install the old libc5 and the pre-1.0 version of GTK+, that binary will run just fine.

Not to mention that Linux can run DOS binaries just fine --- in the same way Windows does, in a VM.

Reply Score: 0

twenex Member since:
2006-04-21

microsoft has backwards compatibility accross all its older OS's. which noone else does to the degree MS does.

There are two answers to that.

The first is: Not true; I recently ran an unmodified (UNIX) Version 7 binary /on Linux/, without problems. Someone (I forget who) claims publicly to have recently run binary/ies from Linux 0.9 on a modern Linux system. True, Linux doesn't go as far back as DOS, but what do you want? To be able to run binaries from Linus's first (owned) OS (the VIC-20 monitor) on Linux? You probably can!

Also true, I probably couldn't run an unmodified DG-UX binary on Linux, but that would probably be classed as cross-compatibility ("sideways compatibility", or maybe "diagonal [backwards and sideways] compatibility"). Now even XP doesn't offer "diagonal compatibility" for OS/2, IIRC.

The second is: Everyone else runs backwards compatibility in virtual machines. Given the security holes MS's approach to BWC entails, why would you WANT to do it the MS way?

Reply Score: 0

twenex Member since:
2006-04-21

Apologies for accidental double-post.

Reply Score: 1

Nex6 Member since:
2005-07-06

Well, that is true there is some backwards compatibility with the *Nixs. but: as far as most generic packages, or even ISV software. generally will only work on the baseline it was made for cuz of dependencys and stuff like gcc versions, QT/GTK versions etc.

even in the old days of vb5 and vb6 all you had to do is bundle your dll, or ocx file and you where good to go. I am not saying one is better then the other, i am just say..

for example i have office 97 and i can install it on:
w95,w98,wME,wNT,W2k,wXP,wVista without problems.

-Nex6

Reply Score: 2

RE: Money can't buy you love ...
by Bit_Rapist on Thu 3rd Aug 2006 02:55 UTC in reply to "Money can't buy you love ..."
Bit_Rapist Member since:
2005-11-13

... and security. You can't just "buy" security. Security in computer software is part mentality, part skill, and part proper engineering.

No you can't just buy security, but you sure can hire people who know KNOW security if you have the money.

Winternals was a prime catch, Mark Russinovich arguably knows windows better than anyone who works at MS and his work with Root kits has been nothing short of ground breaking.

I don't know if any of this will matter much for vista, but down the road these aquisitions may lead to better security in MS products.

Microsoft, in the past, was picking two.

Agreed 110%

Reply Score: 2

Yeah!
by corentin on Thu 3rd Aug 2006 06:18 UTC
corentin
Member since:
2005-08-08

Let's buy a few more kilograms of computer security to add on our complex products!


Too bad it doesn't works like this ;) ("Firewalls are a network response to a software engineering problem." -- Steve Bellovin)

Reply Score: 3

Acquisitions
by hraq on Thu 3rd Aug 2006 10:38 UTC
hraq
Member since:
2005-07-06

MS used to buy pieces of code and through it in the huge bot of windows code. Some tools in windows were never touched and some even MS workers themselves do not understand, examples are the Command line tool and the gpedit.msc, and these seem to be a mess too (like cumulative permissions of Group Policy Objects); once I heard that cmd.exe syntaxes are just understood fully by 2 people who happen to be its inventors. People who work on windows right now seem not to understand windows ins and outs fully, i mean 100% and alot of this code ~60 % were never touched since 98. So this explains why MS cannot fix windows NT till now and all they can do is workarounds to the problems without dealing with it fully. They even started their buisness by Acquisitions of others code like what happened with DOS, and all they did was tagging it "Microsoft" and stick the "license Agreement" which was not fair and which will guaranttee for them the future dominance of this baby company.

I, long time ago, understood that MS cannot innovate in the OS arena like they did in Office, Media Player, and Games; mainly because of the weakness they had with their OS division (or OS sub-divisions more accurately).

We were able to see MS developers do some job with some components of Vista like, eg terminal services, kernel, networking stack, audio stack and GUI and others but the missing part and where the problems exist is at the higher levels ( not subcomponents, not components but supracomponents) where design and cooperation between these components should happen; and even this good and fast revive of windows components didn't happen since long time ago (year 1998).

And still there is this problem of MS not caring to create a design team who will be judging and approving developers proposed GUI interfaces, which currnetly is so primitive and hindering in comparision with lets say OSX or Linux where users can do things quickly due to their better design and usability; It seems like MS is letting the developers -who definitely lack style and usability knowledge- to dictate the final product GUI designs. I know what they respond to that critisism: "we want to put costs down, for the sake of our shareholders body".

Anyway, MS will remain unsecure untill they understand their OS well and redesign it from the ground up to be more secure and If they cannot then I advise them to switch to Unix (Acquire a Unix company and build things on top of it).

Reply Score: 0

RE: Acquisitions
by Nelson on Thu 3rd Aug 2006 20:16 UTC in reply to "Acquisitions"
Nelson Member since:
2005-11-29

Why was this modded down? A lot of truth to what he says.

MS will probably drop backwards compatability sometime after Vista. After all Vista was meant to keep people busy while MS works on it's next version of Windows.

Reply Score: 1

sounds like Microsoft...
by bolomkxxviii on Thu 3rd Aug 2006 11:22 UTC
bolomkxxviii
Member since:
2006-05-19

Just in time for the release of a major new version of it's OS, Microsoft brings in more security experts.

HEY MICROSOFT, isn't it a bit late? How about bringing them in BEFORE you write most of the code???

Or are your doing it now so they can be involved with the NEXT version of Windows? Then you can say, "New Windows (new name here), the most secure version of Windows ever!". Where have we heard that before?

Reply Score: 1

MS in acquisition mode:
by alucinor on Thu 3rd Aug 2006 15:04 UTC
alucinor
Member since:
2006-01-06

Feed me, Seymore, feed me!

Reply Score: 0