-
January 17th, 2002, 01:37 PM
#1
Member
Microsloths new security stance
Hello all this morning at about 6:40 .A.M est Bill Gates announced that security would now be at the forefront of all windows products{about time}. Bill also claimed that individuals would receive training in Microsoft Security {any oxymoron if i ever heard one} .:Ladies and gents i can see it now People having a full 7 test certification to secure a product that doesn't truly belong to microsoft , I am curious to hear what you think.
eViL
-
January 17th, 2002, 01:57 PM
#2
Member
What I Think?
I think it is time to stop thinking of Micro$oft products as the defacto standard... god...my stomach just can't take any more of this $hit!!!
-
January 17th, 2002, 02:53 PM
#3
I'm thinking it's something that Bill wants to get out into the open so that MS will have less heat from everyone, but this is nothing new. Until you get your departments talking to each other and programmers working together (what a concept), security will be limited to what each individual can do, and given the nature of the "code" existing right now for IE, Winblows, etc...I'd say there's a long way to go.
Steps to take to "secure" MS products:
1: start talking to each other at work
2: stop bullshitting around and worrying about politics
3: walk through every line of miserable "code" and remove bloatware
4: stop "patching" functions at the end of the code...patch it where it's broken, not at the end you f'ing morons.
5: check all variables and VALIDATE all user input against a strict function. Put rules on everything.
Example of #5 (in perl):
# declare get_name function to get the name from standard input (STDIN)
sub get_name() {
print "Enter your name: ";
$name=<STDIN>;
# call function check_name() for validating $name
&check_name();
} # end the function
# define the function check_name()
sub check_name() {
# check against empty/null lengths and those greater than 15
if (length($name) < 1 || length($name) > 15) {
printf "Illegal name length : %d\n", length($name);
# call get_name again
&get_name();
} else {
# keep going
&continue_parsing();
} # end the if check
} # end the function
This is a very very simple check for just length and empty/null variables. I could do more, but I don't know if people really want to read all that shite, hehe. If people want it though, I could post varying checks both in shell, in c, and in perl for simple error checking. Maybe if MS starts doing "simple" stuff like this, we'll stop seeing crap like this. How many bugs exist that just come from buffer overflows (unchecked data length), and variable exploits (unchecked variables and assignments)? Too many...way too many.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
January 17th, 2002, 03:17 PM
#4
What do I think? I'll tell you what - I'm tired of patching their crap os's, apps and browsers. I still have to patch various unixes and other os/apps but M$ keeps us almost daily patching, hotfixing or service pking.
Trappedagainbyperfectlogic.
-
January 17th, 2002, 10:30 PM
#5
Senior Member
micro$oft sux... it's as simple as that...
zion1459
Visit: http://www.cpc-net.org
\"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds
-
January 17th, 2002, 10:50 PM
#6
Re: Microsloths new security stance
Originally posted by EvIl eLf
Hello all this morning at about 6:40 .A.M est Bill Gates announced that security would now be at the forefront of all windows products{about time}. Bill also claimed that individuals would receive training in Microsoft Security {any oxymoron if i ever heard one} .:Ladies and gents i can see it now People having a full 7 test certification to secure a product that doesn't truly belong to microsoft , I am curious to hear what you think.
eViL
Okay, now I'm confused - you mean Microsoft is going to release software that you don't have to patch 23 times a week? Since I agree with what Vorlin said, Microsoft probably can't pull this off so I'd say that these new statements from Microsoft mean nothing. However, if Microsoft software is more secure in the future, it'll probably only require 15 patches and fixes per week. Of course, I guess that is an improvement Well, at least Microsoft realizes that their software just ain't the most secure in the world.
-
January 18th, 2002, 12:20 AM
#7
There is something fundamentally flawed with Windows. But I think when it comes to making new products that the M$ marketing department has more to say then engineering does.
-
January 18th, 2002, 12:31 AM
#8
Member
I agree with anything said against Microsoft. I've never understood why M$ can't just do one of two simple options:
1. Distribute Windoze source code, so the leigons of computer literates on the net can help in the monumental task of debugging it. (yeah, right)
2. Make Windows open-source, like most UNIX-based Os's, and allow an option for people to send the revised code directly back to the programmers, so they can implement it in future versions of Windoze.
I know that Gates is to interested in $$money$$ to take the time to put a decent OS on the market.
-
January 18th, 2002, 01:00 AM
#9
Just a thought:
<breath>I reckon that if even half of the decent programmers out there who are sick of Microsoft OS's, worked together for half the amount of time that is spent bitching about Microsoft dodgy product, they could write an OS that is at least twice as good as any Windows!</breath>
OpenBSD - The proactively secure operating system.
-
January 18th, 2002, 11:24 AM
#10
Senior Member
zion1459
Visit: http://www.cpc-net.org
\"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|