MS' new security model

[noODle]

Microsoft chairman Bill Gates has send out an e-mail message to the security community.
As all of you know Microsoft has priortized the security in their product.
Gates writes:

As a leader in the computing industry, Microsoft has a responsibility
to
help its customers address these concerns, so they no longer have to
choose between security and usability. This is a long-term effort. As
attacks on computer networks become more sophisticated, we must
innovate
in many areas - such as digital rights management, public key
cryptology, multi-site authentication, and enhanced network and PC
protection - to enable people to manage their information securely.

In previous Microsoft releases, product features typically were enabled by default. However, Gates wrote, "Today, we are closely examining when to pre-configure products as 'locked down,' meaning that the most secure options are the default settings.

How do the AO members feel about this ?
Do you actually think MS has improved its' security ?

It also seems that Microsoft has given up on the 'security by obscurity' concept since they give away source code to governments now,
russia being the first (http://www.antionline.com/showthread...hreadid=238717).
Is this a good idea.
I can imagine that if someone leaked this code....

Read more about Gates e-mail

[gore]

To be honest I think (at lest in MY opinion) they are trying and getting somewhere with reliability, not sure about security, because with computers nothing seems impossible and if it is wait a month loll. I dont have XP but i have actually heard a few good things about it from friends, i think if they REALLY wanted to shocj people they could re release XENIX whixh was prolly there most reliable product ever in terms of how long itcould keep going, hell they went from XENIX to Windows ME, what was he thinking? i cant remember which member said it but they said something about "Windows got the boot tim down to 20 seconds in ME, thats also close to its uptime." I almost pissed myself laughing, even though when i used it for a few weeks on a PC i bought for OS tests i didnt have problems, but then again iv managed to run windows 98 SE happily and have no problems, i seriousy could leave the machine on without crashing or lagging, granted, that right now im using an all Linux system i havnt lagged much at all and this has been going for over two days ( on Windows 98 SE i could be on AIM for more than 40 hours with no probs at all, but i also update my OS ad software and install patches so maybe its true what v BEEN saying, its not the OS that sucks or makes anything ustable, its the user loading and installing programs that arent very compatible, but i guess thats why i had no real problems, honestly it rarely crashed on me, but i was also really good with Windows ninex so i made sure basic security meassures were taken.

[Dahvid]

microsoft has been the butt of many jokes for a long time and obviously they are trying to do something about it .. by reading that article it will make the average user get a warm fuzzy feeling about their "secure windows machine"

there is no doubt that there will always be new vulnerabilities found and that nothing is 100% secure but it seems that microsoft (in recent times) is actually starting to get serious about security and who knows soon they may reverse their image of being insecure

who knows ...

[HTRegz]

There's no doubt that M$ has been getting better with their security.. it'll be interesting to try out 2003 and see how secure it is...

[noODle]

Is it not a bit ironic that on the same day MS's chairman sends a message to the security industry, half the internet comes down because of a flaw in one of Microsoft's products.
Pay attention to the following:

While we've accomplished a lot in the past year, there is still more
to
do - at Microsoft and across our industry. We invested more than $200
million in 2002 improving Windows security, and significantly more on
our security work with other products. In the coming year, we will
continue to work with customers, government officials and industry
partners to deliver more secure products, and to share our findings
and
knowledge about security. In the meantime, there are three things
customers can do to help: 1) stay up to date on patches, 2) use
anti-virus software and keep it up to date with the latest signatures,
and 3) use firewalls.

STAY UP TO DATE

Perhaps the next time a worm like we have experienced this weekend will contain a destructive or backdooring payload.
Read bugtraq mailing list to see if the products you are using contains flaws.
Use the MS Baseline Security Analyzer to find what patches you might have missed.