Microsoft a Weak Link In Possible Cyber War 371
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
He said what? (Score:4, Insightful)
Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods.
If he really said that I bet Microsoft execs are spewing their cornflakes as we speak!
Re:He said what? (Score:5, Funny)
*in deep trailer-guy voice*
"In 2010; Chairs WILL be Thrown"
Re:He said what? (Score:5, Insightful)
Re:He said what? (Score:5, Insightful)
Part of managing a company is knowing your weaknesses.
Knowing your weaknesses is not the same as having them advertised to the world by a White House advisor!
Re:He said what? (Score:4, Informative)
I guess the point of it is "Is Microsoft the weak link when it comes to security?" to which the only answer can be "Yes." Kudos to the White House team for telling it like it is!
Re:He said what? (Score:5, Informative)
Clarke is not on the "White House team". He retired a few years ago. Come on, people, would it hurt you to at least read the summary?
Re: (Score:2)
Re: (Score:2)
No, there's a big difference. If he was a current government official, then the statement would represent a government policy.
Re:He said what? (Score:5, Insightful)
No, there's a big difference. If he was a current government official, then the statement would represent a government policy.
"This company dominated the market with low-quality products" is not a policy. It is an observation. It's true or it's false no matter who says it or how "official" they are. Try thinking for yourself and being less impressed with authority.
Re: (Score:2)
Admittedly: If the opinion directly touches on something he does at the organization, he may need to put a massive disclaimer on his statement (that these are his own opinions) or in extreme cases even abstain from comment altog
Re:He said what? (Score:5, Insightful)
Could it be that someone "out of office" is the only one with the freedom to say such things in public? Anyone in office would fear for his job. It would be my guess that this statement was desired and even requested by people in office. Who better than someone who once held the seat (read: an expert on the topic) and someone who has nothing to lose (read: already out of office).
Re: (Score:2)
BTW, hell of a post.
Re:Windows, vs. LINUX, vs. MacOS X (security vulns (Score:5, Insightful)
Linux 2.6x KERNEL SECURITY VULNERABILITIES
It doesn't make sense to compare a line of kernels dating back to 2003 to an operating system that came out last year. The 7 kernel is just a derivative of the Vista kernel, for example. And in '03, XP was still going strong. Furthermore, 2.6 or whatever is just a name. I am running 2.6.32. How does the NT 6.1 you are presumably running compare to that?
Re: (Score:3, Interesting)
I was comparing the "latest/greatest" from Apple, Microsoft, & the LINUX camp
If you're including linux from 2003, you have an odd and erroneous definition of "latest/greatest". Not only that, Windows 7 is an OS, Linux is not. And, furthermore, if you are comparing kernels, you have to include the Vista kernel to the 7 kernel which you did not.
I'm not going to bother refuting the rest of your drivel since it all rests on this one blatant fabrication. If you want to attack Linux's security record, at least do it in good faith then people might be willing to listen to your argument
Re: (Score:3, Informative)
Look at the severity of the advisories (They are rated from 1-5). Neither windows nor Linux has any unpatched vulnerability rated higher than "less critical" (i.e., neither has anything unpatched that is 3 or higher). So for vulnerabilities >2/5, they both have a 100% patch rate. The difference is in "less critical" advisories, (1 or 2).
Window's 7, in its short life, has had 8 advisories rated "less critical" or lower. Of these 2 are unpatched. That
Re:Windows, vs. LINUX, vs. MacOS X (security vulns (Score:5, Informative)
It's a frequently used troll post. It has been completely debunked in the past several times. All of the critical bugs listed for the Linux kernel, for example, were local exploits only -- NONE were remote. In contrast, Microsoft's exploitable bugs are famously remote exploits meaning they can be done over a network connection. Mac OS X is another bag of worms... but thankfully, Apple controls and limits its users such that it will never be big or ubiquitous enough for large scale general use like Windows and will never likely get used in critical government or business operations.
Re: (Score:3, Informative)
That's not a troll post.
Even if his post is false,
It's a troll for one very simple reason. He's including 2.6 kernels from 2003 and comparing them to Windows 7 which uses the NT 6.1 kernel which is a derivative of the NT 6 kernel used in Vista. Intentionally distorting facts to support your argument is trolling. Furthermore, he's bringing up secunia stats as if that is the whole story without mentioning the relative severities. Of course, it's a red herring anyway as I've already pointed out.
Re: (Score:3, Informative)
I have checked various registries of accreditation and do not find Anonymous Coward in any of them. Perhaps you should start by revealing your identity and proving your assertions of credentials. Next, don't assume I have less experience and no accreditation. I have a degree. I have certifications and I have been in the industry since I was 16... I am 42 now. I have experience with everything from mainframes to the most obscure PCs and just about everything in between. I know the lay of the land. I k
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Part of managing a company is knowing your weaknesses.
Knowing your weaknesses is not the same as having them advertised to the world by a White House advisor!
There was something in Hamlet about a ghost not needing to appear to tell us this.
Re: (Score:3, Insightful)
I think by the time you get to the C-level execs, it's more about leveraging your synergies and maximizing your returns.
They don't likely know much about the technology, and believing in the company and drinking the Kool-Aid is mandatory.
In their mind, they produce high quality goods. The best there is.
Re: (Score:2)
Spew Cornflakes, sure.
Actually do anything about it? Dream on.
Re: (Score:2)
Makes you wonder why all the white house staff have brand new I-pads.
From what I hear they just happened to "fall off a truck" in the Chicago area and Rahm Emanuel new the guy that "found" them. It's a small world ... ;-)
Microsoft Weak Link ... (Score:2, Insightful)
Film at 11.
I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.
Re: (Score:2, Insightful)
False.
It may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.
Windows is widely used where it matters (Score:4, Insightful)
[Windows] may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.
Compared to home desktop PCs, servers are more likely to be administered by someone with a clue about locking down and updating the system. Small mobile devices have only a sporadic connection to the Internet, much like home PCs in the dial-up era, and many use an executable whitelist managed by the device maker. So barring a security hole in something like a home router appliance, desktop PCs running Windows are likely the juiciest targets for establishing a botnet.
Re:Windows is widely used where it matters (Score:5, Insightful)
Most of whom choose a non-Windows OS. When people with a clue avoid something and people who don't know better flock to something, it says a lot about that something.
To put it another way, I have never met a person who was highly competent with using Windows and also highly competent with using a Unix-like OS (Linux, *BSD, etc) who still preferred Windows. I'm sure someone will pipe up now that I've posted this but the point remains, such people are quite rare. Your preference for one thing is meaningless if you are not at least as familiar with an alternative.
Actually a beefy *nix server with extremely high bandwidth, multiple CPUs, and multiple gigs of ram is the juiciest target to be a member of a botnet. It's also a lot more difficult to compromise. Windows PCs are not the juiciest targets. They are the low-hanging fruit that can be harvested in large numbers with automated tools, making it not worthwhile for the botnet owners to spend too much effort taking over any one target no matter how tempting it is.
Re:Windows is widely used where it matters (Score:4, Insightful)
Actually a beefy *nix server with extremely high bandwidth, multiple CPUs, and multiple gigs of ram is the juiciest target to be a member of a botnet. It's also a lot more difficult to compromise. Windows PCs are not the juiciest targets. They are the low-hanging fruit that can be harvested in large numbers with automated tools, making it not worthwhile for the botnet owners to spend too much effort taking over any one target no matter how tempting it is.
I'd tend to disagree with that comment - look what bot nets are used for?? very rarely are they used for mass processing power or for anything more than a spamming and dos'ing..
- A personal computer on a basic always on connection which tend to keep a dynamic ip for several days then move (some providers it is longer) VS a server that doesn't..
- a Home computer with a user none the wiser that doesn't even bother to see what is running VS a server that would have an Admin responsible for it and regulatory checking up on thing
- a home computer on a dynamic ip block owned by a large telcom who doesn't give a shit about crap on that part of the network that won't cut it off or relay infection details or won't respond to your calls VS a server on a company owned block that will checkup on reports and will respond.
In my experience when we are getting spam or bot attacks - if the source is coming from a private company's network or anyones owned IP block (not blocks for residential service) they always respond to inquiry and normally say thank you. I've NEVER had one blow me off - Now when it's coming from some dynamic block I've been blown off so many times that i don't even bother calling them.
Take it how you will but i think you are confusing what you personally would want to have with what is sufficient and functional for bot nets.
Re: (Score:3, Interesting)
Things that require little processing power but do require lots of (aggregated) bandwidth. This is where it's easier for botnet owners to compromise a thousand Windows PCs connected via cable modems than one or two high-end multi-homed Unix servers that could handle the same load.
Botnet owners also have a disadvantage: they don'
Re: (Score:3, Informative)
http://news.cnet.com/8301-1009_3-10413951-83.html [cnet.com]
they already have - seems like they did exactly what they did with other setups..
Re:Windows is widely used where it matters (Score:5, Insightful)
To put it another way, I have never met a person who was highly competent with using Windows and also highly competent with using a Unix-like OS (Linux, *BSD, etc) who still preferred Windows. I'm sure someone will pipe up now that I've posted this but the point remains, such people are quite rare. Your preference for one thing is meaningless if you are not at least as familiar with an alternative.
OK, I'll bite :)
Most people that are competent couldn't answer the question "Do you prefer Linux (etc.) or Windows?" (unless the answer is "both"). It begs the question, prefer it for *what* exactly? At work, I have both Windows 7 and Ubuntu systems at my desk running Synergy. I use whichever one happens to be best suited for my current task. Same at home, except that the Linux box has been decapitated and shoved in a closet. I prefer windows (7) on the computer I sit at at home, because in my experience, I spend far less time screwing with it trying to get stuff to work (Mac might be an option, if it wasn't for games).
Re: (Score:2, Insightful)
Re:Microsoft Weak Link ... (Score:5, Insightful)
Film at 11.
I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.
That's a flawed argument. It isn't bad because lots of people use it, it's bad because it's bad.
Microsoft's Business (Score:5, Insightful)
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."
Re: (Score:3, Insightful)
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
What a stupid statement that is complete tautology. The entire point of starting a business is to make money. Otherwise the business *ahem* goes out of business.
Re:Microsoft's Business (Score:4, Insightful)
The entire point of starting a business is to make money.
This is false. While a company needs to make money to be successful, this is not the only reason for a company to exist. And I thought I was jaded.
Re:Microsoft's Business (Score:4, Insightful)
The entire point of a business is to provide goods and services for money. Otherwise you're running an NPO.
Re:Microsoft's Business (Score:5, Insightful)
No, the real world's not binary like that. Plenty of people running businesses not just (or not at all) for the money. Yes, the balance sheet at the end of every month needs to be right, but there's a huge difference between lots of profit, and enough to get by.
Re: (Score:3, Interesting)
Correct, but that's not the point.
Do you have some examples?
Yep. My small business.
The point, in general, is this: There are many was to run a business. Just because 99% do it a very specific way doesn't mean it's the only way.
Re: (Score:2)
The entire point of a business is to provide goods and services for money. Otherwise you're running an NPO.
Logically defending Microsoft's profit motive!? You're not being a very good Linux Nutcase right now. Here, let me help you with that:
We agree the entire point of a business is to make money. Since that's the entire point then there is no fraction of a point for them to even make or support an operating system. Therefore Microsoft, being a business, has no point in making an operating system because all of its energies are concentrated on this nebulous "profit" or "prophet" if we're talking about Apple. Therefore Windows does not and cannot exist. It was just a bad nightmare that everyone had now let's all collectively wake up.
*picks up glass of cyanide flavored koolaid*
Who's ready to 'wake up' with me?
I think that demonstrates my qualifications. Please e-mail me the credentials to that account and I'll take good care of her.
Re: (Score:2, Interesting)
No, that is a broken philosophy. In two ways:
1) In the modern trading environment, making short-term quarterly goals is overemphasized to the point of sacrificing long term prosperity. There's something to be said for demanding returns within a certain timeframe, but 4 months is too short.
2) It can be trivially shown that mankind could drive itself into distinction, all the while with a majority of investors "making money." The lack of a moral imperative to not only be personally profitable, but also be
Re: (Score:2)
erm, extinction, not distinction. EPROOFREADINGFAIL
Re:Microsoft's Business (Score:4, Insightful)
This is false. While a company needs to make money to be successful, this is not the only reason for a company to exist.
Agreed. Though a more important question, as far as I am concerned, is whether or not something as important, and voluntarily, as computer/network/internet infrastructure should be run for profit (specifically government/utility system software/hardware). One could argue that there is a financial incentive for companies to make a good product, but time and time again it seems that companies are happy sacrificing the long term for short term profit. Even when that means taking short cuts that risk creating significant problems down the road. Thankfully my country, Norway, has decided to start shifting all software used by the state over to Open Standard alternatives.
Re: (Score:3, Insightful)
There is only financial incentive to make a good product if you are in a highly competitive market and your product needs to be better than the competitors...
Otherwise, the financial incentive is to actually make a poor product so that you can sell upgrades more easily.
In the case of MS, lock-in ensures that competition is kept at bay enabling them to produce extremely poor quality products. Keeping customers locked in is also far more profitable for them than offering an open product and then having to fac
Re: (Score:2)
What a stupid statement that is complete tautology. The entire point of starting a business is to make money. Otherwise the business *ahem* goes out of business.
Making money isn't always the sole aim.
Good companies try to make a good product or provide a good service and the money just happens. Bad companies try to make money and nothing else.
Re: (Score:2)
Not necessarily. It would just mean that they would have to work harder to design and develop new features that continue to improve functionality & ease of use while maintaining those high quality standards.
Re: (Score:2)
Every business is in business to make money. Some businesses make money by selling a premium product at a premium price. Others, like Microsoft, make money by selling a good enough product at a competitive price.
Re: (Score:2)
They make money by selling an overpriced product into a market that is locked in to their products and thus has to buy them regardless of quality or price. MS are really selling a second rate product at a premium price because they can get away with it.
Re: (Score:2, Interesting)
You can't really call it a competitive price when the competition is free. It's good enough for a premium, at best.
Prof. Lester C. Thurow said in his book "Head To Head" that it isn't about price or quality, but market share. Once you achieve the greatest share, you can control the market. Whether the product improves or not, only time will tell. Anyone who tries to enter the market has to have a better product at a lower cost than the holder of the market share. Although this is no guarantee of acceptance. This is how the Japanese got a foothold in the American auto industry, (but not in Europe) with cheap, crap autom
Re: (Score:2, Insightful)
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware. OSX doesn't have enterprise level support/management, and it's arguable that the only reason that OSX is more "secure" is simply because they are less of a target.
Linux may have some technical merit, but is a mess where people without advanced compute
Re: (Score:2)
While you sit and wait for OSX to work on "more than a handful of hardware configurations" to "take it seriously", Microsoft themselves have identified Apple as a clear and present danger for several years now and are scrambling to catch up
Re: (Score:2)
Re:Microsoft's Business (Score:4, Insightful)
You praise Microsoft for "running on any hardware" while that is the vendors' drivers responsibility (and open standards such as SATA, PCI, USB).
The praise directed at Microsoft is for managing to convince hardware vendors to put a Windows driver on the included CD and not include a Linux driver.
Re: (Score:2, Insightful)
This is all true. Microsoft is learning, painfully slowly, how to construct a better network operating system. I think Windows 7 (or maybe Vista...sort of skipped that one) is their first OS that requires an initial password to proceed with installation. Something as basic as requiring a password for your administrator account...and it was left out for over a decade, despite security issues in the news again and again.
With the latest Windows 7, Microsoft may finally be getting security right, at least fr
Re: Microsoft's Business (Score:5, Insightful)
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
The same can be said of Windows. People ask me for help with their Windows computers all the time, but I can rarely help because I don't often use anything besides Linux, and contrary to what you'd like to believe, there's nothing inherently intuitive about the way Windows works.
Re:Microsoft's Business (Score:5, Insightful)
The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware
Yup, OS X only runs on three hardware platforms; ARM, PowerPC, and x86. Five if you count the 64-bit variants of PPC and x86 as different. Windows runs on x86, x86-64, and PowerPC (XBox). It used to run on MIPS and Alpha as well, but hasn't since NT 4.
Or are you talking about device drivers? Because I hope that you realise that most of these are provided by the hardware manufacturers, rather than by Microsoft. So, your argument for Windows' superiority is that more third parties support it? That's certainly a valid reason for using it, but not really an indication of its intrinsic quality.
Oh really? (Score:2)
Try to install Windows on a powerpc. Thank you, thanks for playing. Retard. Since when is x86 all there is?
Re: (Score:3, Interesting)
A great deal of what you say is true, but is true mainly for circtuitous reasons. Some of it is false. The level of complexity between OSX and Windows is perfectly compareable. One of the reasons that OSX has had such a relatively good reputation for stabiltiy is the fact that they limit configurations and (here's the key) write or modify the drivers that they use for those configurations. If Apple were willing to allow OSX to be put on non-Apple hardware, it would simply be a matter of producing driver
Apologist much? (Score:4, Insightful)
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. ... while windows will run on pretty much any hardware.
Set the koolade down and step back. Microsoft Windows works on a much wider range of hardware than OSX, but it's still quite limited. I will concede that only Microsoft Windows excels at making use of a proprietary piece of crap like a Win-modem or a Win-printer.
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
My experience is that the average XP user is more baffled by Windows 7 than by Ubuntu. And don't even think of suggesting that Ubuntu can't be set up by someone knowledgeable.
Sure windows had bugs, but many of those aren't MS's fault, but rather vendors that write crap drivers.
Microsoft provides an ever-changing foundation of thick muck. And like you, they are quick to blame others for any problems.
Re:Microsoft's Business (Score:4, Informative)
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware.
Uh, no. Windows runs on one, and only one platform, the x86 (x86-64 is still x86). OSX used to only run on RISC (PowerPC) but recently made the switch to x86 as well. It should be noted that Apple did a pretty good job making the old stuff written for RISC run on x86 for a time in order to complete the transition. The core of OSX also runs on a few different mobile platforms as well for i-phone/pod/pad devices.
Linux will run on just about anything. Sure, you can't download the latest Ubuntu and install it on an Alpha based machine, but you can find Linux distro's designed for just about any platform.
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
Linux is easier to set up or operate than either Windows or OSX. The problem is that 99% of all computers sold come with either Windows or MacOS installed, so it's what people learn. Once you learn a system, it is easy to you, even if it's some antiquated, console driven, remote accessible Unix app.
MS is having problems selling upgrades. Why do you think ~90% of businesses are still on XP? Because it was/is a useable, relatively stable OS that did what people wanted.
People are not upgrading because XP is good enough and it's cheaper to keep running XP than it is to upgrade. Even if the OS itself was free, you still have to pay your IT guys to create an image for every machine config in the office, install it, train your employees to use it, and pay for the downtime they experience backing up their old stuff and learning the new OS.
You can say what you want about MS, but the fact is, they are the best OS for Businesses, and most consumers
No. MS produces the OS used by most businesses and consumers, therefor, it is what most businesses and consumers choose when they upgrade. It's easier to make the upgrade from XP to 7 than it is to upgrade form XP to Ubuntu 10.4, just as it's easier to make the move from Ubuntu 9.10 to 10.04. When you upgrade to a newer version of your current OS, odds are that you lose nothing. If you switch OS's entirely, you have find replacements for every application you currently depend on and still convert all your files to the new format.
When Linux is usable by joe user, I'll take it seriously.
My three year old daughter runs Linux and she can't even read yet. Hopefully Joe User is more savvy than an illiterate three-year-old.
Re: (Score:2)
Re: (Score:3, Insightful)
And a large portion of that hardware is nominally standards-compliant. Not saying you're wrong, but it's a monitor lizard, not Godzilla.
Re: (Score:2)
You can get equivalents to AD for Linux and OSX, Novell's current eDirectory product for instance which is descended from Novell (of which active directory is a rather crude clone), Sun/Oracle also makes something similar and there are various systems you can roll your own... Active directory is a HUGE security nightmare...
As for "enterprise" features - in a business you don't want millions of different hardware configurations, you want as few as possible, so long as suitable configurations are available it
Re: (Score:2)
So you are saying the number of drivers determines the complexity of the OS?
Yes. If a defect in some classes of device driver is exploitable, it can be used by a computer criminal to wedge open systems with that device and add them to a botnet.
Re: Microsoft's Business (Score:2)
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
More specifically, a stock pyramid, though that model has faltered in recent years.
Re:Microsoft's Business (Score:4, Insightful)
I see you are getting hammered with comments that I believe misunderstand your professor's statement. Of course businesses are in business to make money, what people don't seem to get is that Microsoft's core competency, main objective, mission statement, sole purpose, etc. is to make money.
I could be wrong but I don't believe that Microsoft developers intentionally make bad products with the intention of getting customers hooked and then forced to upgrade. I believe this is just the end result of a business strategy that permeates virtually all of business management in the United States today. I would describe the U.S. business models as, greed is good slash and burn, hookers and extortion profit margin goals, end times are near hoarding and investment(or lack there of), and disaster focused management.
Greed is good slash and burn: There is an entire generation, perhaps more, of MBAs who watched Wallstreet [wikipedia.org] and fell for Gekko's speech about greed [wikipedia.org] as a driving factor for all human pursuits but either failed to watch the entire movie or did not make the connection to the plot where greed did not result excellence in business pursuits but instead led to cheating, destruction of other people's livelihoods to transfer wealth from a group of people to an individual, and out right criminal activity. And we don't need a movie to tell us that greed is not good, we have real life events that occur over and over and over that show us how greed left unchecked simply leads to crime not excellence.
Hookers and extortion profit margin goals: Profit margins are important for the viability of a business and its ability to expand and invest into future business opportunities, however, the greed mentality has created a deranged market concept that becomes detached from the real market and real viability of a product. I have seen this mentality at work at a hardware manufacturer during management and engineering meetings where Part B had a lower profit margin than Part A and it was repeatedly suggested that Part B should no longer be manufactured and Part A should be ramped up using the manufacturing capacity of Part B. Unfortunately the MBAs and engineers refused to listen to sanity, the bulk of the market wanted to buy Part B not Part A and the final products that used Part A also required Part B. Without the low margin Part B there was no market for Part A! Once logic failed I gave in to the greedy profit margin goal and suggested we replace all the engineers and manufacturing employees with hookers and thugs as the profit margin in the Hookers and Extortion business was probably better than making parts. As an engineer I would not be needed so I left.
End times are near hoarding and investment(or lack there of): Again driven by greed, rather than having long term multiple year future plans many U.S. corporations are more concerned with 3 month business plans as if there will be no future for the planet or business beyond the next 3 months. If your engineering project does not have an acceptable ROI within 3 months then it stays on the back burner. Even after presenting the same 3 year plan after 3 years on an annual basis and explaining that 3 years ago if it had been implemented the benefits would have been rolling in the project is perpetually placed on the back burner while the funds that could have financed the project are hoarded until upper management bonus time rolls around.
Disaster focused management: And as a result of the previous management techniques the focus of U.S. business management becomes continually locked in disaster recovery mode. With everything focused on greed the little things like safety, sustainability, future capability, etc. are all left to the way side until they becom
Re: (Score:2)
Presenting the pieces in a unique and useful way IS the product. Subpar news aggregators fail due to lack of viewers while sites that have figured out appealing ways to do this (Slashdot, Digg, Reddit and plenty more) get the eyeballs.
Re: (Score:2)
The "have nots" are unimportant largely because their actions have little impact on anyone else, ie anything they do is on an extremely small scale. Tackle the big problems first and all that.
It is simple Darwinism (Score:5, Interesting)
Same goes for ecosystems of comptuers. Given 90% are running Wintendo, you find that the pests (virus and other exploit authors) take adavantage of that monoculture. The weaknesses are then exploited and have to be "patched" in order to ensure survival of data and/or systems.
Given an ecosystem with multiple operating systems - Windows, Linux, Unix/OSX, zOS - you'll find a greater ability to defend against continual threats.
Re:It is simple Darwinism (Score:5, Insightful)
Really, if Microsoft wanted to, they could start marketing an OS designed for security sensitive environments (perhaps with a compatibility mode that allows Windows software to run in some kind of VM), and leave Windows as a "home PC" operating system. The fact that they are not doing anything like that, despite the fact that MSR developed such an OS, speaks volumes about Microsoft's priorities.
Re: (Score:3, Interesting)
Re: (Score:2)
What I was suggesting is that the single-use of any OS - whether Windows, Linux, Unix or AmigaOS - would make an ecosystem far more vulnerable and e
Re:It is simple Darwinism (Score:5, Insightful)
I would submit that most non-windows systems are also poorly managed.
The difference is monoculture vs diversity. Look at windows users, and you will find lots of people using the same tools. Outlook, as soon as a company installs exchange you can be sure that the vast majority will be using outlook to connect to it. You find a vulnerability in outlook, or word, or a system service, and you can suddenly hit huge swaths of machines.
Now, Unix? You have multiple hardware architectures, distributions of even similar systems like Redhat and Debian Linux have made different choices for default daemons for various services. A hole in pine or mutt may not effect evolution users, or thunderbird users.
So in addition to a smaller audience, you get a smaller percentage of that audience.
to put it in business terms, the ROI of windows vulnerability exploits is just higher. That is, unless you are targeting a specific system, in which case, well, I know that where I work, many more windows servers exist than the entire unix environment, but, the Unix environment has a higher percentage of the mission critical (or more to the point, patient care critical) servers.
So thats not to say there isn't definite ROI on such attacks, it can even be higher. However, I don't think that such attacks realy factor into this discussion since specific attacks on specific machines for their content is the exception rather than the rule for most systems/users.
-Steve
Summary misdirected (Score:5, Insightful)
For once, I RTFA. The summary seemed interesting. However, the FA was even more interesting, although it had little to do with all the money that Microsoft had in its back pocket, and how it's market dominance was based on low cost products.
The main thrust of the FA, for those of you who don't want to click the link, is that because the Windows OS is so prevalent in civilian and corporate usage, a Cyberattack could devastate the economy (and western civilization).
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2, Interesting)
Cost is not just the cost of the box.
Let us say, as a business, I want to run some servers.
A quick look over at a job site: Windows Admins - £25-30k, Unix - £30-45k.
Re: (Score:2)
If you think of cost in terms of both $$$ and time, then I think probably Windows is the least cost solution. I think the majority if home computer owners get turned off by the higher price tag of OSX machines, and are pushed toward the Windows and Linux price points. Then they consider that they don't know anything about Linux works, but do know that since most of their past computing experiences have been on previous versions of Windows they can probably figure out the new version pretty quickly.
I think
Re:Summary misdirected (Score:5, Informative)
While true, by the time MS became an expensive option it no longer mattered - millions of people were already locked in.
Back in the days, MS (and the cheap hardware they ran on) were a cheap option compared to Novell, Sun, DEC, SGI, IBM, Apple and all the other highend vendors... MS and x86 were massively inferior to everything else on the market, but with such a huge price differential they were able to make it up on volume...
Ford cars are clearly inferior to Rolls Royce or Ferrari, however you see a lot more Fords on the roads for the same reason. However, cars are standardised enough that its impossible to lock someone in, thus ensuring there is a healthy level of competition in the industry.
Re: (Score:2)
Re: (Score:2)
That applies to any monoculture, from corn to poultry. Consider this example [canadianpoultrymag.com].
Lack of genetic variation, simply put, equals greater risk. Members of a population that shares the same set of genes can all be overcome by a disease, but if a population’s members contain different gene sets, there is a chance some will survive.
Unfortunately monocultures are convenient, even in IT.
I disagree (Score:5, Insightful)
Re: (Score:2, Interesting)
I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.
Well, that gets to the issue of who bears the responsibility; that which sells a poor but patchable/fixable product, or the buyer who is ignorant of the necessary fixes?
Is this more like owning a house, where the owner is responsible for regularly checking the foundations for cracks, the locks for security, etc... Or more like owning a car, where the owner is still responsible, but the manufacturer builds in many, many indicators and warnings when things need attention?
Re: (Score:3, Interesting)
This is why I think and greatly fear that closed systems may end up in our future on mainstream computing just due to the dancing bunny problem.
Device operating systems are moving that way where if one wants to run stuff on a smartphone, it must pass a gatekeeper, either always like in the case of Windows Phone 7 or iOS, or a reactive system with an after the fact kill switch like Android has.
Because Joe Sixpack doesn't care about security, it really doesn't matter what OS he uses. He will su to root, log
Clark is all right (Score:5, Informative)
Microsoft created this problem (Score:4, Insightful)
Re: (Score:2)
That's the problem genius. Tivo-ization only hurts linux.
Interesting (Score:5, Insightful)
Weak links (Score:3, Insightful)
The weak link is old Software (Score:4, Insightful)
There's nothing wrong with the newer rounds of MS software; the problem is the older stuff, which as time goes further back, tends to get less & less secure (all the way to Win98/95 which actually had no security at all).
Even now I occasionally run into boxen running thoroughly rooted Windows.....98. That's your problem.
Re:The weak link is old^H^H^H NEW Software (Score:4, Insightful)
Only government agencies can afford to spend a year designing a bullet-proof system, then another year writing the software and a year or two more making sure that no-one can ever break in to it. Are yo prepared to slow down software development by a factor of 8, from 6-monthly release cycles to a new version every 4 years? It would be commercial suicide and far too expensive.
Microsoft is the market leader. (Score:3, Insightful)
As such you would expect them to excel at security nowadays since it seems a very big concern amongst most users. Still their security efforts are pretty laid back and half assed. Microsoft dont take security seriously, its a pr problem for them at the most.
As a market leader one would expect Windows spanking Linux, BSD and Apples behinds but in reality Windows security sucks. Not because its more prevalent but because its a sitting duck. At Microsoft, features and ease of development has always stood higher than security on the priority lists. The only thing that can change that is monetary pressure like demand for accountability of their products. Until then, Microsoft security is a game of statistics, lies and damn statistics.
i'm still waiting for the warhol worm (Score:2, Interesting)
http://en.wikipedia.org/wiki/Warhol_worm [wikipedia.org]
one of these days, some genius asshole is going to, just for the lulz, shut down the whole goddamn internet in 15 minutes. he or she is going to it with a worm that, of course, will be based on something in the microsoft constellation of oses/ products/ third party software. perhaps from our other security averse friend, adobe
i thought it was going to be code red or sql slammer, but no, these infections were content to zombify, not zombify and enslave the nonzombies (
i am internet final boss (Score:3, Funny)
if you defeat me, you get a live-action cutscene of me doing your mom
unless you won teh internets by traversing the far more difficult /b/tard PvP realm in the Retards and Trolls Comment Board (tm) expansion pack (beta)
in which case you get a hentai animated cutscene of rule 34 THAT NEVER ENDS AN ETERNAL HELL OF FURRIES GROUP SEX OH MY GOD MY EYES
You can't have secure AND popular (Score:4, Interesting)
Once you get away from using popular applications and O/S's, the price rises incredibly quickly. Instead of spreading (say) a billion dollar development costs across 100 million product sales, you have maybe 10,000 customers who can be persuaded to pay for a product. This immediately means no-one will buy it unless forced to by law, or unless they can in turn, pass on the costs to their customers. The smaller market also means there will be fewer suppliers - probably just one. Which in turn will drive up costs due to lack of competition and decrease any incentives to fix problems or develop new wares in a timely fashion.
We know what a secure operating system for the year 2010 will look like. It will look like VMS from 1995, for all the reasons discussed above. Now, which are we prepared to pay for: Microsoft products on every store shelf, running the country or critical systems with the security, features, lack of connectivity from the mid-90s?
Re: (Score:2)
Re: (Score:2)
By that token, Apple, Ubunto and ALL operating systems are exactly the same "cheap"
Because Apple chooses not to have an ultra-low-end computer line, Mac OS X doesn't come preinstalled on cheap hardware. Compare Acer Aspire Revo ($200) to Mac mini ($600).
Re: (Score:3, Insightful)
Why do you people always say this? Windows is the Single-User system botched into a multi-user environment, not Unix.
Re: (Score:2)
anyone could have told you this.
True, but now that it's been posted on /. it's officially official.