Ask Microsoft's Security VP 543
There's always lots of discussion on Slashdot about Microsoft's security problems, and whether Windows is or isn't more secure than other popular operating systems. In a "Let's clear the air" move, Mike Nash, Microsoft Corporate Vice President, Security Technology Unit, has agreed to answer 12 of the highest-moderated questions you submit here. (You can skip the "Microsoft and security in the same sentence?" comments we've all heard 1000 times, and ask actual questions, since Mike is answering for himself instead of having PR do it for him.) We'll post his answers next week.
I have a question for you (Score:1, Insightful)
I would of fire my Security VP if we had a track record like MS.
The Credibility gap (Score:2, Insightful)
Will you ever sort and modularize Windows? (Score:5, Insightful)
Rationale: Many security problems are due to everything running as Administrator, with privileges, or as part of the OS. One thing I like about GNU/Linux is that each part is separate, so Firefox runs on X which runs using services, which runs using the kernel, with only the kernel having privileges. Generally a buffer overflow problem in X, or Apache doesn't let someone format my hard drive. Also you can put something to analyze or intercept things between such layers - even things like ltrace or strace.
security through obscurity & the many eyes (Score:2, Insightful)
Whatever (Score:2, Insightful)
Just ask him when he stopped beating his wife.
Comparisons with open-source (Score:4, Insightful)
Product Activation (Score:3, Insightful)
Comment removed (Score:5, Insightful)
Off by Default (Score:1, Insightful)
Is it really a secure system? (Score:5, Insightful)
Re:Patch Release Cycle (Score:2, Insightful)
Re:Why not improve the default permissions? (Score:2, Insightful)
Why doesn't microsoft make common use of the use of the administrator account a thing of the past? All of the pieces have been there since NT for Windows to use a strict separation of user versus Administrator accounts like we see with OS X and all of the Unix based operating systems? Having just recently setup an XP system for family, I noticed that the default install encourages, for all practical purposes, the user to run with Administrator privileges. Having worked as a Windows Administrator in a corporate environment I found that there are many things that were difficult for the end user to do without having Admin. rights. By comparison, I rarely get requests for things that require root access from users on a Unix/Linux desktops who do similar functions because the applications and system are setup assuming that root/admin. access will not be available to the user. In addition, it would seem that the default permissions for user files could be tightened up without creating a difficult work environment. As it is, the addition of security features in windows looks it has been treated as an afterthought, not an integral part of the operating system configuration - particularly for home users who are likely not to change from the defaults their system came with.
Re:Usability and Security (Score:5, Insightful)
The revised mantra of Microsoft application security has been "Secure by default", a strategy that was applied with varying degrees of success to many of your products in recent memory. In security circles, this might seem like a no-brainer, but for consumer-level applications the strategy can be a nightmare. For a company that spends so much on usability and ease-of-use for end-users, the act of explicitly prohibiting certain operations or features seems to fly in the face of that investment. The users get what is perceived as a broken product, and the administrators get the headache of decreased security (say, after they install a patch that break "secure by default"). For various reasons, these two contradictory approaches seem to serve neither usability nor security.
In that vein, what other effective strategies have been considered? For years, the NSA has provided a unique service to the users of various products, including Microsoft Windows operating systems. They produce "hardening" guides for these products in an effort to ensure their continued security and viability in the wilds of the Internet. Has Microsoft ever considered producing guides like these, seeing as how they're the authors of their own products? In that vein, has Microsoft considered redacting the secure by default to enhance usability, yet instead produce tools or wizards that electorally enable hardening for your applications and OS'?
MSFT employee here (Score:5, Insightful)
I have just one question for you. Why do we STILL ship products with KNOWN security issues?
I'll even tell you how it works in the trenches. Folks build the product. At the end of it all a "Security Push" gets declared. For two to three weeks people pretend they care about security by coming up with potential security issues and assigning DREAD+VR scores to them. Then management arbitrarily sets the "bar" below which we don't fix potential and real security issues. This bar is usually very high, sometimes at around 8, because hardly anyone has time in the schedule to fix all issues found. Now, DREAD score 8 means that flaw will affect a ton of customers and cost Microsoft significant litigation. Some of very severe bugs slip under the bar just because they don't affect more than 10% of customers. Now, even this exercise is a joke, because most developers don't know what DFD is and how to put one together.
This wasn't even the most ridiculous part of the exercise. The most ridiculous part is security "code reviews". It's when feature owners walk into a room with a huge stack of printouts and pretend they can be reviewed in a couple of hours they've allocated for this. You can barely glance through this much code in this much time, 90% of security issues remain unnoticed during this "code review".
After all is said and done, product is only slightly more secure (SOME of the most ridiculous things have been fixed), and management gets delusional saying that product is now Fort Knox secure.
If you ask me, that's abomination, not a proper security process. Are there any plans to change it?
If you had to store your Credit Card Number ? (Score:5, Insightful)
Also: is/was Microsoft lying? (Score:2, Insightful)
Since Win2k/XP was supposed to be a complete, from the ground up, re-write after Win3.0/NT/9x, and Long^H^H^HVista is supposed to be a complete, from the ground up, re-write after Win2k/XP... why was code from 1990 [slashdot.org] included in these later releases?
Just what is going on with this latest security debacle? Are these supposed to be re-writes or recycles?