Gates pledges better software security

Started by Metgod, January 24, 2003, 12:23:38 PM

Previous topic - Next topic
Does anyone believe this pledge of Gates ? Don't get me wrong, Gates is a good business man, and he has done a lot, but still... security and stability wise ... well, afraid that's not something he's not good with. And while I didn't read this article in its entirety, it is still interesting to say the least. And Gates is right, passwds are are poor part of security for most people. Because they don't follow 'rules'.

Anyhow, it is interesting. Comments ?


Subject: [ISN] Gates pledges better software security

http://www.nandotimes.com/technology/story/732406p-5342980c.html

[Ten weeks of security training for employees is commendable, but
security is always evolving; this is akin to the state driving school
you take so that speeding ticket isn't on your record. You watch a
couple gory traffic movies, a few lectures from the police on the
dangers of speeding and sure enough after the course you're driving
around town like a total saint. It's only a matter of time before you
start falling back into your old habits, and then you're back driving
around like Emerson Fittipaldi.

If these lessons are going to stick, the security classes have to be
held on a regular basis, otherwise there's bound to be another one of
those massive pileups and traffic will be backed up for miles.  - WK]

-=-

By TED BRIDIS, Associated Press

WASHINGTON (January 23, 2003 9:11 p.m. EST) - Microsoft Chairman Bill
Gates promised that his software company will continue improving
security in its products, part of a campaign to convince large
customers that the Windows operating system is safe for even sensitive
businesses.

"New security risks have emerged on a scale that few in our industry
fully anticipated," Gates wrote in a 1,500-word e-mail distributed
late Thursday to about 1 million people. He cited figures showing
corporate losses to hackers and other types of electronic attacks
exceeded $455 million in 2001.

Gates said Microsoft will improve support for "smart cards," devices
that can replace or augment computer passwords.

A single computer user may need dozens of passwords for e-mail, Web
sites and connecting to office systems. Most passwords are easy to
guess or difficult to remember.

In his e-mail, Gates called passwords "the weak link."

Smart cards carried by employees can help authenticate a person's
identity when plugged into a computer slot or swiped through an
attached reader device. Some cards flash random numbers that an
employee must type accurately to access a system.

Gates said Microsoft now requires that all its employees use smart
cards to access the company's computers from home or while traveling.

That policy went into effect after a break-in into Microsoft's
internal systems in October 2000. Investigators believe it happened
after hackers hijacked an employee's unprotected home computer.

Gates did not mention improving support in Microsoft's products for
fingerprint or retinal-scan technology. "Over time we expect that most
businesses will go to smart card ID systems," he wrote.

Gates acknowledged that the technology industry must make significant
improvements, adding that, "Microsoft has a responsibility to help its
customers address these concerns, so they no longer have to choose
between security and usability."

Microsoft's products, especially earlier versions of its Windows
operating system and Internet server software, have been long derided
by experts for problems that put consumers' information at risk from
hackers and viruses.

As sensitive transactions - from banking to medical filings -
increasingly take place online, there has been a new focus on such
risks. The Bush administration also has raised concerns that
terrorists or foreign governments could launch cyber-attacks against
the private networks that operate U.S. water and power systems.

Last year, in response to rising concerns, Gates announced a
"trustworthy computing" drive at Microsoft and shut down software
development for 10 weeks of security training for employees.

Gates wrote in his e-mail that the training "taught program managers,
architects and testers to think like attackers," and that it helped
identify an unspecified number of vulnerabilities in Windows software.

Gates also pledged that an upcoming version of Microsoft's flagship
server software, called Windows Server 2003, will have many advanced
features turned off automatically to improve security. Such features,
if used improperly, could make computers vulnerable.

Businesses can use the server software to operate their internal
company networks and to publish Web sites.
"My Terminal is my Soul"

Well, time will tell. This will also be interesting. Im curious to know how he plans on doing this and making windoze more secure.

they closed the window on me so i threw a rock thru it

still waiting for this to come true....

Wilnix
alt email address: wilnix@hackphreak.org

I don't think it'll ever come true..

The truth is, they have so many layers of patches, it'd be extremely hard to fix. All the new Windows versions are based on other Windows. Are those other Windows secure ? Definitely not. That's a problem, because if you base it on, and ADD to it, you're gonna make more problems. By adding to bugs, you are opening the possibility for not only the same bugs but ADDITIONAL bugs...

There was something else I was going to mention we should all remember but I got distracted and can't remember *lol* but I think I got the most important bits down..

Met.



"My Terminal is my Soul"

Do you include 2003 products as well?

Wilnix
alt email address: wilnix@hackphreak.org

SMF spam blocked by CleanTalk