Microsloths new security stance

[EvIl eLf]

Hello all this morning at about 6:40 .A.M est Bill Gates announced that security would now be at the forefront of all windows products{about time}. Bill also claimed that individuals would receive training in Microsoft Security {any oxymoron if i ever heard one} .:Ladies and gents i can see it now People having a full 7 test certification to secure a product that doesn't truly belong to microsoft , I am curious to hear what you think.



eViL

[Kewl_Zero]

I think it is time to stop thinking of Micro$oft products as the defacto standard... god...my stomach just can't take any more of this $hit!!!

[Vorlin]

I'm thinking it's something that Bill wants to get out into the open so that MS will have less heat from everyone, but this is nothing new. Until you get your departments talking to each other and programmers working together (what a concept), security will be limited to what each individual can do, and given the nature of the "code" existing right now for IE, Winblows, etc...I'd say there's a long way to go.

Steps to take to "secure" MS products:

1: start talking to each other at work
2: stop bullshitting around and worrying about politics
3: walk through every line of miserable "code" and remove bloatware
4: stop "patching" functions at the end of the code...patch it where it's broken, not at the end you f'ing morons.
5: check all variables and VALIDATE all user input against a strict function. Put rules on everything.

Example of #5 (in perl):

# declare get_name function to get the name from standard input (STDIN)
sub get_name() {
print "Enter your name: ";
$name=<STDIN>;
# call function check_name() for validating $name
&check_name();
} # end the function

# define the function check_name()
sub check_name() {
# check against empty/null lengths and those greater than 15
if (length($name) < 1 || length($name) > 15) {
printf "Illegal name length : %d\n", length($name);
# call get_name again
&get_name();
} else {
# keep going
&continue_parsing();
} # end the if check
} # end the function

This is a very very simple check for just length and empty/null variables. I could do more, but I don't know if people really want to read all that shite, hehe. If people want it though, I could post varying checks both in shell, in c, and in perl for simple error checking. Maybe if MS starts doing "simple" stuff like this, we'll stop seeing crap like this. How many bugs exist that just come from buffer overflows (unchecked data length), and variable exploits (unchecked variables and assignments)? Too many...way too many.

[gold eagle]

What do I think? I'll tell you what - I'm tired of patching their crap os's, apps and browsers. I still have to patch various unixes and other os/apps but M$ keeps us almost daily patching, hotfixing or service pking.

[zion1459]

micro$oft sux... it's as simple as that...

[Maverick811]

Originally posted by EvIl eLf
Hello all this morning at about 6:40 .A.M est Bill Gates announced that security would now be at the forefront of all windows products{about time}. Bill also claimed that individuals would receive training in Microsoft Security {any oxymoron if i ever heard one} .:Ladies and gents i can see it now People having a full 7 test certification to secure a product that doesn't truly belong to microsoft , I am curious to hear what you think.



eViL

Okay, now I'm confused - you mean Microsoft is going to release software that you don't have to patch 23 times a week? Since I agree with what Vorlin said, Microsoft probably can't pull this off so I'd say that these new statements from Microsoft mean nothing. However, if Microsoft software is more secure in the future, it'll probably only require 15 patches and fixes per week. Of course, I guess that is an improvement Well, at least Microsoft realizes that their software just ain't the most secure in the world.

[Focmaester]

There is something fundamentally flawed with Windows. But I think when it comes to making new products that the M$ marketing department has more to say then engineering does.

[TechnologyBudda]

I agree with anything said against Microsoft. I've never understood why M$ can't just do one of two simple options:

1. Distribute Windoze source code, so the leigons of computer literates on the net can help in the monumental task of debugging it. (yeah, right)

2. Make Windows open-source, like most UNIX-based Os's, and allow an option for people to send the revised code directly back to the programmers, so they can implement it in future versions of Windoze.

I know that Gates is to interested in $$money$$ to take the time to put a decent OS on the market.

[smirc]

Just a thought:
<breath>I reckon that if even half of the decent programmers out there who are sick of Microsoft OS's, worked together for half the amount of time that is spent bitching about Microsoft dodgy product, they could write an OS that is at least twice as good as any Windows!</breath>

[zion1459]

Originally posted by smirc
Just a thought:
<breath>I reckon that if even half of the decent programmers out there who are sick of Microsoft OS's, worked together for half the amount of time that is spent bitching about Microsoft dodgy product, they could write an OS that is at least twice as good as any Windows!</breath>

We don't need to... we've already got linux!
but ur right... we shouldn't waste so much time on bitching about M$, we should use our time to do something creative and injoy our interests.... but if "bitching about M$" is ones main interest then I find it quite alright for him/her to do it all he/she wants to... lmao ... we all (well, except Bill Gates) hate M$ and it's unsecured, overgraphical, flawfull programs so let's fight the power and kick them the hell out of the 'puter market! revolution! yea!