Bugtraq mailing list archives

RE: Microsoft and Security

From: "Radoslav Dejanovic" <radoslav.dejanovic () opsus hr>
Date: Mon, 5 Jul 2004 09:40:09 +0200 (CEST)

figure out exactly what you're looking for.  Perhaps it's just a platform
to
vent at Microsoft - fine, vent away.  If you have any suggestions for
improving the process, perhaps you should try and express those
suggestions
in a coherent manner that could be used, rather than choosing several
contradictory stances and insisting that Microsoft satisfy them all.


IMHO, security issues in Microsoft OS are closely interwined, due to the
centralized nature of the software. While you can easily fix Mozilla or
KHTML problem without worying that it is going to break some part of Linux
kernel, this might be of great concern on Windows platform. I think
Microsoft got caught with all this security stuff; remember that up to
Windows NT there weren't any serious security measures on desktop and
networking side. Just as Microsoft got caught with the Internet (if you
remember "MSN is going to be the network of the future" statements back
then, and all those plans to put communication sattelites in the orbit),
they got caught with security issues - if I may say, Redmond
underestimated them. Now, it is going to be tough one to solve: software
is centralized and interdependent, it will teke time to solve all those
issues while breaking as few things as possible, and the transition simply
*must* be easy for the end user, not to mention the business world that
needs to get things fixed, not broken up. So I belive this security game
is going to be tough and expensive for Microsoft, mainly for the reason
that they integrated a lot of things. This bunch of interdependencies is
going to give them a big headache.
If you ask me for one advice to help resolving this in the future, it
would be: stop integrating, diversify! After all, this Unix philosophy of
having a myriad of small tools to solve comnplicated tasks has proven to
be tougher for end user, but safer and more versatile in the end.
But for Microsoft it has been just the opposite strategy. With it's set of
great advantages, but with a set of painful disadvantages as well.

-- 
Radoslav Dejanovic
founder and director
Operacijski sustavi d.o.o.
http://www.opsus.hr

Current thread:

RE: Microsoft and Security Alun Jones (Jul 05)
- RE: Microsoft and Security Radoslav Dejanovic (Jul 05)
- Re: Microsoft and Security Justin Wheeler (Jul 05)
  - RE: Microsoft and Security Alun Jones (Jul 06)
    - RE: Microsoft and Security David F. Skoll (Jul 06)
    - Re: Microsoft and Security Adam Shostack (Jul 07)
    - Re: Microsoft and Security Valdis . Kletnieks (Jul 09)
    - Re: Microsoft and Security Charles Otstot (Jul 16)
    - Re: Microsoft and Security Lucas Holt (Jul 18)
- Re: Microsoft and Security Jason Coombs (Jul 06)