Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Microsoft

MS Invites Security Questions 259

Posted by Zonk from the what's-a-bug? dept.
daria42 writes "Microsoft is inviting ZDNet readers to submit security-related questions online to a team of Microsoft security gurus. Microsoft's Ben English and his team will take questions online until the 30th of May. A selection of questions and answers will be published by ZDNet starting from the 6th of June. Submit your questions starting now!"
This discussion has been archived. No new comments can be posted.

MS Invites Security Questions More

MS Invites Security Questions

Comments Filter:

  • What I asked (Score:5, Insightful)

    by Dante ( 3418 ) * on Friday May 20, 2005 @05:15PM (#12594043) Journal
    Why does microsoft not eat it's own dogfood? As a network administrator
    I'm contstatly struggling with rights on workstations. I know that MS
    gives admin right to all of it's own users. (I live in seattle I've seen
    it.) But I can think of no security hole larger then giving out rights
    to users who *SHOULD* not need them.

    There is a laundry list of applications written *by* Microsoft that do
    not work properly without additional rights.

    This has been true sense NT 3.51. How did this happen? Upgrading to
    longhorn it not a soulution. If I worked for Microsoft this would be
    my first priority. Take away rights, fix existing applications.
    • True since NT3.51? No, no...True since DOS was released.

    • Re:What I asked (Score:4, Interesting)

      by dwlovell ( 815091 ) on Friday May 20, 2005 @05:29PM (#12594215)
      They are trying. Clearly the previous OS's didn't make it easy to not run as admin, but it is possible in XP, 2000 and 2003, despite a few jumps and hoops.

      See Aaron Margosis' blog [msdn.com] on msdn.

      A choice quote:
      "My #3 reason applies just to Microsoft personnel, particularly those of us in customer-facing roles. Hey, y'all! We need to lead by example. People look to us for best practices, for the right way to do things. We are trying to convince the world that we are thought leaders in software and in software security. In the Unix world, they never run as root except when necessary. They "su", do what they need to do, and revert back. We are not leaders when we run as root all the time. Comrades: you need to run as "User", and your customers need to see you doing it. If you run into issues, don't add yourself back to the admins group - file a bug against the offending product. Customers: if you see any MS sales, MCS, Premier, PSS, etc., doing web or email as admin, please tell them, "You're not setting a very good example. I am disappointed.""

      So when Longhorn is released we can see if they made good on this idea, but until then, they openly agree with you and are working towards making it the standard to not run as root.

      -David

      • Re:What I asked (Score:3, Interesting)

        by Dante ( 3418 ) *
        "They are trying. Clearly the previous OS's didn't make it easy to not run as admin, but it is possible in XP, 2000 and 2003 Aaron Margosis, despite a few jumps and hoops."

        If this was true ms would have their *regular users* not running as adminstrators. The receptionists run as administrator!

        I just don't see Aaron Margosis comments anything but lip service. Microsoft don't even try!

      • Re:What I asked (Score:3, Informative)

        by sconeu ( 64226 )
        Clearly the previous OS's didn't make it easy to not run as admin, but it is possible in XP, 2000 and 2003, despite a few jumps and hoops.

        Please have your admin install the following, and then you may try to run them as a non-admin user:
        * The Sims

        * Mavis Beacon Teaches Typing 15
      • Depends on the company. GM Canada effectively forces all computers to run as admin, as their login script tries to patch things whenever GM feels like it. Many of their installers are actually ZIP archives extracted to the proper places.

    • Corollary: (Score:3, Interesting)

      by temojen ( 678985 )
      Is there an easy way to see which files have been denied access to (and what types of access) so admins can set ACLs quickly to allow regular users to use programs which normally require administrator access, but shouldn't (ie simply accounting)?

      • Re:Corollary: (Score:5, Informative)

        by csirac ( 574795 ) on Friday May 20, 2005 @09:37PM (#12595985)
        Over at sysinternals.com [sysinternals.com], there's filemon [sysinternals.com], and regmon [sysinternals.com]. These are real-time registry/file activity loggers, will show which processes access which files with the result code (open success/fail/permission denied/disk full/file not found/etc). These are absolutely invaluable tools, especially when you come across a new virus that your virus scanner doesn't pick up and general bug hunting... sysinternals has the most useful tools that I really miss from the unix world.

    • Here's the problem with that (and this is from real-world expierence).

      Go to 2003SBE server. Add user in "Active Directory Users and Groups".

      Go to computer. Join computer to domain. Tell user to log in with their username and password, making sure that the login screen says "Log on to: SomeDomain".

      Then:

      User calls. They can't install office. Log onto server via terminal services, push MSI office install to user's desktop, tell them to restart. OK.

      Then:

      User calls. They can't install weatherbug. E
      • Here's the problem with that (and this is from real-world expierence).

        Simple solution - give your users some details of a *local* admin account and introduce them to the "Run As" command.

        Incidentally, you're better off setting up software distribution via AD such that users can install stuff from the "Add Remove Software" Control Panel rather than pushing software out to them. They can do this without admin privileges.

    • Microsoft has made most of its fortune not by developing a solid and stable OS but by developing something which they could sell the masses (read: home users). The masses, who couldn't care less about security, and who will only become frustrated when something doesn't work out of the box.

      I know lots of people who thought that SP2 broke stuff on their computers because it had bugs. For the most part, breaking applications was the price of enhanced security.

      I generally log in as root on my linux box a

  • I Just Asked them the Big Question (Score:3, Insightful)

    by mfh ( 56 ) on Friday May 20, 2005 @05:15PM (#12594045) Homepage Journal
    My Question
    Why don't you open up your source? I have an analogy to Open and Closed source:

    With closed source, you are in a room full of razor blades everywhere and you are blindfolded. With Open Source, you are in a room full of razor blades everywhere and you are NOT blindfolded, so you can see where the exit is and perhaps avoid getting too cut up.

    Which is really safer, closed or open source? Would you rather be blindfolded?

    • Re:I Just Asked them the Big Question (Score:2, Insightful)

      by Anonymous Coward
      Microsoft's Answer:

      With Open Source, you are in a room full of razor blades and you can see, but it's really too much of a strain on you to get yourself to the exit safely. You can't possibly do it, and you might actually try to take a razor and cut someone else.

      With closed source (or really, just MS) you are blindfolded because you are far too stupid to avoid getting hurt, and we really can't trust you not to use those razors to attack someone else. So we are going to hold your hand and gently lead you
    • Ability to use metaphor implies capability for higher thought... Is this useful in a business environment? What are the upscaling interoperability and B2B / B2C / B2D implications of using higher thought if it disassociates your personal intelligence quotia from the actual intelligence quotia of the low-TCO due to high-WorkerProd with minimal training requirements? Security with open source is no good, because your TCO suddenly becomes higher, and that includes updating and everything - we've done studie
    • Our business model depends on selling licenses to use our products.
    • Here is my version of the analogy:

      With closed source, you never enter the room, something breaks and is visible from the outside and you say "Microsoft, thou shalt fix this or I will take my maintenance contract elsewhere!", and then Microsoft sends its devs into the room of razor blades with their own lights to fix the problem. (Now you might debate their effectiveness, but thats another issue.)

      With open source, stuff breaks, no one is there to help you and you have to visit hundreds of howto sites in or
      • With open source, stuff breaks, no one is there to help you and you have to visit hundreds of howto sites in order to get the exact path to traverse the razor blades in the dark without killing yourself, just so you can fix the problem yourself.

        Right, because RedHat, Mandrake, Mozilla and a host of other Open Source companies don't support their products at all. [/sarcasm]
    • Nah, it's more like you are in a field and you know there are land mines out there somewhere. With closed source you are relying on the army that buried the landmines to find them, defuse them and just maybe keep you from stepping on them. With open source you have a technical geologic survey of the area available for everyone to see, but the only geologists that have the ability to read the surveys are out to discredit the army. Generally the army has a bit more credibility so lots of people tend to fol

  • /. em (Score:1, Funny)

    by technomancer68 ( 865695 )
    We should show them the /. effect and send nothing but linux security questions on how to fortify your linux distro ;-)

    • Re:/. em (Score:5, Interesting)

      by pg110404 ( 836120 ) on Friday May 20, 2005 @05:38PM (#12594294)
      We should show them the /. effect and send nothing but linux security questions

      And it would be just as much a waste of effort. The current design of windows is so flawed when it comes to security if microsoft actually listened to their customers, would have to revamp their entire security model in the OS breaking just about everything in windows. Microsoft is in a very tight spot right now with their design of windows and anything more than lipservice on their part would mean making a very hard decision to change the OS so fundamentally that it is not compatible with its predecessors and is something they cannot afford to do. As it stands, the security or lack of security in windows will remain for quite some time. There are tricks they can use to minimize the damage once security has been breached. For example, Upgrade the active/x layer to allow a 'read-only' mode for a given process wherein the first thing the web browser does when it starts up is to neuter itself. Whether you run IE as administrator or not, it's a safe bet that more harm than good can be done letting it run silently. By having IE issue a call to a one-way demotion of privileges, along with a 'this application is trying to do this. Enter your administrator password to override for this one time occasion', would vastly improve but not solve the security problems. With this simple trick, spyware infested web sites would have a much harder time installing their wares without you knowing about it. Again, it wouldn't solve that security problem, but it would greatly improve it.

      Then again, maybe, yeah. We SHOULD ask them how to secure our linux boxes better. At least I'd get a kick out of the reaction from the microsoft soldiers.

      • Re:/. em (Score:2, Interesting)

        by jojo tdfb ( 126691 )
        You know Microsoft has a Linux lab, right? The problem is they probably could answer your questions and possibly seal up a few security issues that could have bitten you in the ass later. Your right about Windows being a flawed model, but they said the same thing about Unix 20 years ago. All security models are flawed that allow people in to do things like "run programs" and "view data".

        I've yet to see a secure os and it's not from lack of effort. I've been looking for an os that doesn't suck for years.
      • You seem to be confusing insecurity in the OS with the problem of people running their desktop as Administrator. Show me where exactly linux protects me if I run my desktop and all my supporting applications as root. It doesn't. By definition root (or Administrator) has full access to the system. I could write a simple bash script to hose your machine. But linux is secure, without question. In effect this is what most spyware writers are doing now a days. They are not taking advantage of any explicit securi
      • The current design of windows is so flawed when it comes to security if microsoft actually listened to their customers, would have to revamp their entire security model in the OS breaking just about everything in windows.

        The Windows security model is better than that in most unixes. What on Earth makes you think they need to redesign it from scratch ?

  • Guarenteed question. Answer: According to many studies that we've funded; yes.
  • "selection"? ;P

  • Unbiased? (Score:5, Interesting)

    by nizo ( 81281 ) * on Friday May 20, 2005 @05:18PM (#12594081) Homepage Journal
    If the Microsoft team gets to pick which questions are answered, I doubt this will be akin to Achilles waving his naked foot right under Paris' nose, since questions like, "Why is Microsoft's security better than Linux security?" are more likely to get answered than questions like, "When did Microsoft hire a team of security gurus?"

    • Re:Unbiased? (Score:5, Insightful)

      by jerometremblay ( 513886 ) on Friday May 20, 2005 @05:38PM (#12594295) Homepage
      Microsoft is full of brilliants people with good ideas and good intentions.

      However other forces within the company are sometimes (some will argue always) taking over. If the suits decide that they prefer more features over less bugs, or if they set impossible deadlines, good peoples aren't enough.
      • The suits control Microsoft. What difference do the intentions, or even the abilities, of the "good people" make, when Microsoft is defined by the suits? This isn't a sympathy contest, it's a globally-essential corporation's increasing everyone's security risk.
      • Really? From the outside it looks like MS is full of sleazeballs without ethics or morals.
  • Almost EVERY website that deals with security have commented on M$FT and their security. That would be a good place for Mr.Ben English to start. Not to troll, but I think this is just another PR stunt by M$FT!

  • In other news... (Score:5, Funny)

    by cainpitt ( 682782 ) on Friday May 20, 2005 @05:19PM (#12594116)
    Slashdot asks what kind of story will really bring the M$ bashing to an all time high?

  • what doesn't get answered (Score:5, Insightful)

    by sumdumass ( 711423 ) on Friday May 20, 2005 @05:19PM (#12594118) Journal
    It would be nice to see the questions that don't get answered. It would be interesting to see if some questions get glossed over or ignored because of some inherant design flaw.

    Maybe someoen would make a lost of all the questions and group all the simular ones together in order to create somethign like this. I guess microsoft is feeling the heat from other vendors stating that microsoft isn't as secure as thier products.

  • Question: (Score:5, Funny)

    by lunchlady55 ( 471982 ) on Friday May 20, 2005 @05:20PM (#12594124)
    How do you keep your jobs?
    I'm assuming you've got some excellent blackmail material on someone in HR but I'd like to know for sure.

  • We all know what will happen. (Score:5, Insightful)

    by Psionicist ( 561330 ) on Friday May 20, 2005 @05:20PM (#12594125)
    They will ignore everything and give generic answers to worthless questions such as "how do I secure my home computer". The answer will probably be something like "use the microsoft firewall and the microsoft anti-spyware program, and a microsoft antivirus program on your geniuine microsoft windowxs xp operating system".

    Nothing to see here, move along.
    • ...how do I secure my home computer...

      Answer: Keep the monitor, keyboard and mouse. Connect them to a Mac mini and you will have a secure computer. If the PC is good enough, get another monitor, keyboard and mouse and use it to play games. Make sure this PC is NEVER connected to the Internet or any other network and it will be very safe from worms and other malware.
  • a selection ... translation easily answered questions made up or planted by microsoft employs. so they dont have to answer the hard hitting questions.
    • If i really cared id say spend your time fixing the fucking gaping security holes, instead of poling the general public on whats wrong with there OS. but since i dont care , eh who cares ?

  • What's considered a security bug? (Score:5, Interesting)

    by Anonymous Coward on Friday May 20, 2005 @05:24PM (#12594180)
    This is pretty much the most basic question possible, but what do you consider to be the range of behaviors that qualify as security bugs?

    For example: do you consider features that require the user to do something insecure (like run as a local administrator) in order for that feature to work a bug? Do you consider system defaults that can cause the user to perform an action they didn't intend to do (such as launching a hostile executable) a security bug?

    If you answered "Yes" to these questions, do you consider ActiveX web browser plugin support and hiding file extensions to be security bugs? How soon will a patch be available to fix these bugs? How does the timeframe from "discovery of bug" to "fix for bug" compare to your competitors average time-to-fix for security bugs?

    Simple enough, really.
    • do you consider features that require the user to do something insecure (like run as a local administrator) in order for that feature to work a bug

      The answer to this is clearly no, if you consider running as a local administrator an insecure operation; there are some things only a privledged user can do. Otherwise there would be no point in having a local administrator account.

      Do you consider system defaults that can cause the user to perform an action they didn't intend to do (such as launching a host
    • Do you consider system defaults that can cause the user to perform an action they didn't intend to do (such as launching a hostile executable) a security bug?

      How do you propose the OS detect the difference between a regular executable and a "hostile" one ?

      Besides, isn't one of the major complaints about Windows the way it tries to guess what you really mean instead of what you just did ?

  • I'm sure they will just beat around the bush like they always do. Gates's arrogance will trickle off.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Friday May 20, 2005 @05:27PM (#12594200)
    Comment removed based on user account deletion

    • Also, it might be nice to have a "trust once" button, to temporarily trust a site for a single visit.

      This is rife for abuse. Remember that once you trust a site, its ActiveX can change all the entire rules for trust.

      Sure, you run without ActiveX on, even for trusted sites. But J. Random Luser who sees the "Trust Once" option doesn't. And he doesn't realize that by trusting a site once, he's giving them the ability to take control his computer forever.

    • If you mean for desktop/home users to manage it themselves, I guess that could be useful (not that I think using IE is a good idea at all)

      In a corp environment, we don't want users to be able to touch those things, and we (at least I) use vbscript/WMI to change things like that. (MicrosoftIE_Security under \root\cimv2\Applications\MicrosoftIE is where it's at). Other stuff can be accessed in the registry. Making scripts to manipulate those lists isn't hard.

      Haven't used IE in so long I've almost forgot wha

  • I have a question... (Score:2, Insightful)

    by WAR-Ink ( 876414 )
    1) Why can't you get software out the door that doesn't contain security flaws that you will be spending the next 6 years trying to fix, and still not get it right?

    2) Word association: Microsoft -> buffer overflow.

    3) Do you understand the concept of "Deny All Except" or has it ever been mentioned to you?

    4) Do the 1 million monkeys Douglas Adams referred to work in Redmond?

    5) Why is Bill Gates such an ass?

    6) Who will protect us from Microsoft?

    Ok. So it was more than one question. But one wasn'

  • Don't do it, it's a trick (Score:5, Insightful)

    by frovingslosh ( 582462 ) on Friday May 20, 2005 @05:29PM (#12594222)
    Come on, does anyone really think that Microsoft is going to select any of the tough questions that they really don't want to address? This is a sham. It gives them a way to say that they responded to users concerns, when in reality they will pick and choose things that can make them look good or give them a chance to attack open source. The more people who participate in this sham the more it servers their purposes.

  • Time 2 Market vs Security & Fiduciary duties (Score:5, Insightful)

    by team99parody ( 880782 ) on Friday May 20, 2005 @05:30PM (#12594232) Homepage
    Dear Microsoft - it's long been known by us shareholders that your stock has only flown so high because you understood the proper tradeoffs between security (slow and unprofitable) and time to market (== profit == shareholder value).

    How can you be betraying your feduciary responsibilities to shareholders by delaying products in the name of security, which history has proven that your corporate customers don't give a damn about anyway.

    To avoid shareholder lawsuits of you not acting in what has historically been shown to be the best for your shareholders, why don't you return to your security-be-damned buggy strategy and return your stock to the glorious heights it once held?

    • I love this message! MOD PARENT UP!

      My take on the answer: competition (linux) and changing conditions (internet) have simply changed the "sweet spot" between security and time to market.

      A harsher world means getting better or dying.
    • The parent is joking. A shareholder derivative suit alleging a violation of fiduciary duty will be preempted by the business judgment rule. As long as Microsoft decisionmakers were not self-dealing and looked at the relevant research, there is no basis for such a suit.
    • Dear Valued Cu^H^H Shareholder,

      You ask us "How can you be betraying your fiduciary [konqueror spell check used, thank you] responsibilities to shareholders by delaying products in the name of security ... why don't you return to your security-be-damned buggy strategy and return your stock to the glorious heights it once held."

      Don't worry, our future products (TM) will always be buggy. The only problem is that we are out of start-ups to screw out of mature programs because all the developers and startu

  • I asked (Score:5, Interesting)

    by RealAlaskan ( 576404 ) on Friday May 20, 2005 @05:31PM (#12594237) Homepage Journal
    Gates recently declared security to be ``Job One''.

    Why wasn't it a high priority from the begining, and why haven't we seen any meaningful results?

    The first part of that question is legitimate, and not flame bait.
    The second part we can almost say that about: it would at least give them the chance to boast.

    I predict we won't see an answer to either part.

    • Re:I asked (Score:2, Insightful)

      by RaffiRai ( 870648 )
      Not to defend MS, but that's trolling. "Security" wasn't a high priority in the beginning because it didn't exist as a highly important factor until like 1999. XP is based on 2000 which is based on NT 4.0 which is based on NT 3.51. There's no way they could have forseen security being as important to the computer world as it is now. Granted, it took them a bit to realize it, but they can't change the entire NT codebase without releasing a new OS, which they're doing. SP2 is about all they can do withou
      • XP is based on 2000 which is based on NT 4.0 which is based on NT 3.51. There's no way they could have forseen security being as important to the computer world as it is now.

        There's nothing lacking in the design of NT - from the start - with regards to security. It's multiuser, with a very fine grained permissions model.

        It's amazing how much people go on about how important XP's SP2 was, when all it really did was twiddle a few default settings and recompile many of the core libraries to protect against

    • Re:I asked (Score:3, Interesting)

      by praxis ( 19962 )
      If you take a look at the vulnurabilities found in the first six months of Windows 2000 Server being on the market and the vulnurabilities found in the first six months of Windows Server 2003 being on the market, you'll note that the number has gone down dramatically (I don't remember the exact figures). Also, for many vulurabilities, a default 2003 installation will not expose the vulnurable area whereas a default 2000 installation will. Those are meaningful results.
      • I would add that the security track record of Windows 2000 (awful) actually compares pretty well to the security track record of Linux 2000 (the awful Redhat 5/6 for example).

        Both companies have cleaned up their act, but MS still has to deal with a massive W2K installed base, and RedHat does not.

  • What the hell. (Score:3, Insightful)

    by killjoe ( 766577 ) on Friday May 20, 2005 @05:31PM (#12594242)
    Has ZDNET given up even the pretense of being a tech magazine? Have they finally embraced the fact that they are nothing more then a thinly veiled publicity arm of Microsoft?

    Where are the real journalists asking the tough questions to the executives of MS and other tech firms. Instead they invite questions from the public there the "experts" will pick the softballs and spew on an on about how safe, secure and super-duper-keen-nifty windows is compared to that communist linux.

  • Answering template (Score:5, Funny)

    by gmuslera ( 3436 ) on Friday May 20, 2005 @05:32PM (#12594249) Homepage Journal
    Dear Microsoft customer:

    42

  • Benefits of Firefox and competition (Score:3, Interesting)

    by augustz ( 18082 ) on Friday May 20, 2005 @05:32PM (#12594250)
    With ActiveX, when all the junk spyware sites would try to install software, it was impossible to always deny the publisher install rights, but you could easily ALWAYS allow publishers to load up your computer with the worst junk imaginable.

    If you've ever been to a retirement home using Internet Explorer on a shared computer, you would laugh at how much junk computers would be loaded with.

    Along came Firefox, and with it the freedom from training folks to click a million times no to a million ActiveX dialogs. Pop-ups and other forms of nastyness reduced.

    All of a sudden a fire seems to have been lit under Microsoft around security and its browser.

    Aside from the above listed changes, what other positive changes do you think Microsoft will introduce as a result of some competition, particularly in the browser space, but also elsewhere.

  • How could you consider this even vaugely unbiased, when ZDNet have a HUGE great Microsoft advert at the top of the page ?

    Sheesh.

  • They have it backwards (Score:5, Funny)

    by starling ( 26204 ) <strayling20@gmail.com> on Friday May 20, 2005 @05:36PM (#12594280)
    Based on past performance, the MS security gurus should be asking questions of the general public.

  • What I posed (Score:3, Interesting)

    by Amoeba ( 55277 ) on Friday May 20, 2005 @05:36PM (#12594281)
    What I posed to them was "What is the current status of the Mako project and which of the 3 focus areas has been the most difficult to implement and why? We've seen some movement in the firewall/anti-virus area but I've read or seen little regarding the dynamic-systems-protection or behavioral blocking."

    Quick background on Mako: http://www.microsoft-watch.com/article2/0,1995,176 4087,00.asp [microsoft-watch.com]

    Having previously been a contractor at Microsoft and being intimately familiar with the security setup of their online properties (Hotmail, passport, messenger, etc.) the dynamic systems protection area was one that would get the most play (and benefit) on the server side. Automagically monitoring system state and port management would be extremely useful if it was a part of the server OS.

  • My question... (Score:5, Interesting)

    by cperciva ( 102828 ) on Friday May 20, 2005 @05:37PM (#12594286) Homepage
    On March 2nd, I reported to the Microsoft Security Response Center a serious flaw in the implementation of Hyper-Threading on recent Intel processors requiring operating system patches. On May 13th, FreeBSD issued a patch, and several other operating systems have followed suit since then.

    When will Microsoft issue a patch or advisory concerning this?

    Of course, most linux vendors haven't issued patches or advisories either, but at least some of them have been talking to me...
  • ActiveX Web Controls: What the hell were you thinking?
  • Instead of flooding them with so many questions that they can easily ignore the hard hitting ones, how about a Slashdot Interview style selection of good questions which we then submit as a group.
  • Maybe this would generate a whole new set of jokes similar to the Radio Yerevan jokes [wikipedia.org]. Now, please complete this template with your jokes: The Microsoft Experts were asked: "<Is it true that...>" The Microsoft Experts answers: "<In principle yes, but...>"

  • Where are the tools? (Score:3, Insightful)

    by disposable60 ( 735022 ) on Friday May 20, 2005 @05:40PM (#12594318) Journal
    Microsoft apparently has fine-grained access, rights and permissions built into WindowsXP. Where are the tools to manage those permissions?

    By the way - HOME users need those tools, too. They would (could) go a long way to preventing zombification.
  • Microsoft has been inviting security questions for ages. But I assume this time they are preparing to actually answer them?

    Microsoft: the plan is simple and reliable -- build a new OS entirely and then write a 'legacy' VM on top of it to run the current and old stuff. You can be secure and overcome the old crap. Why aren't you doing that?
  • Microsoft is constantly telling folks lies, and then creating "independent" verifications about them on performance issues. Witness the veritest reports

    So you know as we all do that every morning Microsoft engineers are waking up, and KNOWING that these tests are totally bogus and blatently rigged, go out and lie like crazy to their customers about what the results prove.

    Even if the product is faster, at least avoid creating such crap tests. I remember the garbage J2EE benchmarking as well, and wonder wha
  • my question I keep getting this strange error message "0-\/\/-/\/-3-|) by Cowboy Neal, He Be 1337 hax0r " is that a security threat that I should worry about?
  • I've got the O'Reilly XP Hacks book, but I'd like to see official, supported stuff from the horse's whatzit.
  • I've got a question here. When I find security bugs in your software, how on earth can they be submitted for you to fix them? The support [microsoft.com] page offers little guidance.

    Last time I found a security bug in IE, I ended up e-mailing it to Scobleizer [weblogs.com] who thankfully picked up on it quickly. This doesn't seem like a very effective system though!

    -dgr
  • Have these Microsoft security "gurus" been hiding out on Tattooine for the past 10 years?

    Look at me, I go and see Star Wars, and I'm already a Trekkie!
  • The article says that Microsoft will respond to ZDNet Australia readers. That's it. And why Australia and not world wide? Was that a randomly selected country or did Microsoft have a specific reason for choosing it? If MS's Q and A's are anything like the so-called "studies" they do, it won't even be worth the time reading the replies.
  • You know, I have to wonder -- why care about the security of Microsoft programs? There's so much more that is so fundamentally wrong with the architecture of any Microsoft program that security seems like a rather secondary matter.

    To me, it seems almost like discussing the problems of intellectual property in communism. There are so many other, much more important, issues about communism -- it's founded on an absurd philophical model and a historical perspective that's outright wrong. It's pointless to be

  • Isn't the term "Microsoft security gurus" an oxymoron?

    What's next, a /. Q&A from the US military's "human rights and Geneva Conventions gurus"?

    (sigh)
  • why not ask things like:

    given microsoft's excellent track record in security (based on documents published by microsoft,) what does the open source community need to emulate the good practices of microsoft?

    given that microsoft does not disclose security flaws in its product to protect the users from malicious attacks reaching them before patches are made, how will the oss community improve on its disclosure rules and prevention of possible news regarding security flaws?

    you get my point. just make t

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close