Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Microsoft: Insecure, as Always



 By: eWEEK
2004-05-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
The cost of the company's doctrine of "features first" is becoming too great.

Microsofts corporate vice president for the Windows client, Tom Button, told this months WinHEC attendees in Seattle that the company recognized its need to "nail the fundamentals." Coming in a week when Sasser infections were spreading around the world, Buttons declaration was ironic and his choice of verb unfortunate. His remarks may have triggered graphic images in the minds of frustrated users and IT managers, as they perhaps envisioned nailing the hides of the architects of Windows to the nearest available wall.

In most of the previous high-profile IT security incidents, one could argue the burden was on IT buyers to warn their users against the hazards of opening attachments, let alone downloading software of doubtful provenance. The Sasser worm—family of worms, to be more precise—has awakened a new and more incendiary anger by attacking systems without any aid from their unwitting users.

Sasser compounded the insult, moreover, by attacking through a loophole in a piece of code—the Local Security Authority Subsystem Service—thats actually supposed to be managing security functions on users machines. Worst of all, Sasser advertised the emperors nakedness by using a form of exploit—the buffer overflow—that has been discussed in theory for almost 50 years and has been known in practice since the early 1970s. So much for reviewing and fixing old code before writing new.

Resource Library:

Buttons WinHEC speech went on to lament, with breathtaking lack of tact, the slow pace of Windows 9x users migration to Windows XP. "Most of the opportunity here," he said, "is not about selling a retail copy of Windows XP onto an old piece of hardware; its really about helping people understand the benefits of moving onto a new PC or of adding a new PC to their lives." When users of Windows 2000 and XP are frantically patching their machines, while users of the aging Windows 9x look on in sympathy but with far less need to worry, those benefits may be difficult to discern.

And when Sun is sitting in the lobby, ready to offer a flat rate of $100 per employee per year for a productivity solution that is not an ongoing security nightmare, the word for Microsofts situation may not be so much "opportunity" as "peril."

Microsoft can no longer credibly assert that minimizing user burden is more im- portant than maximizing integrity of operation. The cost of the companys doctrine of "features first" is becoming too great, and users today are far more ready to take on the burden of enabling their machines to do only whats desired: to "deny by default" rather than "enable on install."

Enterprises likewise need to demonstrate determination to take back control of their own technology base, tailoring it to their needs instead of accepting any vendors agenda. And Microsoft needs to think of its users, not its PC OEMs, as its ultimate customers.

Were interested in what you think. Send your comments to eWEEK@ziffdavis.com.

Check out eWEEK.coms Windows Center at http://windows.eweek.com for Microsoft and Windows news, views and analysis.
Be sure to add our eWEEK.com Windows news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Microsoft: Insecure, as Always
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By eWEEK
 


xv"(\AMس䅫MA l2mirW;!d;̙ئzO5Oo<KMϵ5]BPD(BQȹ="1(NӁGLzg$wv޽{}Ⱦ7`\˨ ;AZFɐ,)~-sd2j;;#|69;| `OS;SuuɘqPɈޠ͉>}^nduLbhqIlGtyG`fZFvl{0Ba50vK]K nCQeK햡l<vy!e23#g ݻHjPrFNw!205NR#[dTZ Ӿc)e8r `pJ)JPtGL'nK>!P:x 3~bAq/#!꿩$gaW +0_?2}h ΋2 ˺}}]еnG3C2q]Ԓ],p"UM c Ї@2t-2谖ʲn g 329jjxU/JJjUsm8e2 ɇAysj\t.[gW~]o-ж$u>{_} e}#5y`Z*I|/ Z@c::-gVyj] tx[UR,f3} +i3*,GQD~64/VI㳣V;l,a\42V(],ȏwU5M}!kr:nv8SIdjAZ|[kUV1?0|kh2`=p8LwJx  ?_d@OGcd&,'Yt7Q[,7/3$|FrZ~@X*V Q3gF5 tA%0ȄSHu t~mI'ԃ6kiLuf!0ND95jcfM2,eg{0@M)6wk 3!RBʼQWS ^R·\(PE!P샖_. ꚢ$ٛ"G;z<ψ+\RRG0Al8{`bLTt/ݜ~,j\{G.כEsLt];3yя0-(<O \/;mtt0">cq4Y`N-. 8ǹ:*on:jAl:RJUV1p-~nl0B m] :ԧV}4|0;}B[ 5m;>:D#ɠ:ڴb{\gf&h`CZ]Ҏ:Lg_a;^h.[ N-9_,\aPsB}D5i-DCw 0Ie& yG νdrgoM~(wInh_>X^0 vjs.HpyY?)@]q2Ч> o  t&Qc:>x?˜K) Dt =JI^ }Ft"AђF *4 g3#X"C"'G3`[X;;.V\,y"M':ΝSŇbx&,R,BV-KᗄPf9i2m4 -&D7r"7], S m3-Muc{PPvP*Mzá90a 3C == 3Դ Ҁ%Lla`3Ґ( sy=O G:uG  V̚S=S,ƃ5Œ;j<͉iÂql$rTDhL˄|=6=c]2#uuK-ncys3tWNn~|FpIN3hy>grGֶLo E jJ}: %r% 5kb$T`CY3j-ysp dO,s1r@i_Sr,9S<ǰ}O7>DoL(^HIRЙj!@9zѧl):[V[J7˪ڏRue"$l }oaXZ @-Ei-d[00^yE]z@VRk(XKezdxYt$mE6L- $mCslaC}nvPjr^jc#SV)jV^Ϛe+ L 4 WC~0-j(6 SXSq:hzE>_>OW cp6xz4%2? [BS+jb35-F  ?|'˖X e*8t5u{~q=_XvN¶tِp̧&i+BoÄ}9Je!6C{iV㶍WHLZ`!?W՘$Gi/#Y XTб,~=aDm6#GQ>-H.L{ irpj\DZiI&~n~0*y.z?L}굌VV0\ ?@R)Ö1oi&GYT'*/?CU^fO,"r%cjxSC+j\-r7+~n{ ߥ '|}/7d3Z#E9Jo{om^:J19X>: ;3l12&z@jAbv6jVJ8v}4dݤ/H[D`{ nESU[zf9@L Oz}H `QtEIUҘ o:+@%5-r ?֊kƭt)D a`ׂ!35Ma&k}]\SA%WִuRb^8> (u0H%=Gl0)>tVyGK)ݔ5m"uy絁r3LѢt`֎R*=z)TʔYo(QU-q'F.Ҁ^Ks98$D"2I*"Ee|8NY HXLʅR_ kRQKA`"U!TQ>#O7(~ (zC9km5;n>k'_U]xT'7 F|/E%~ͳI^#GNB%3WRZ57e XsB5x)afKK%qhʌg dRb u k(&7 uYx\1f%v ˽'jD@KYJ7jUNHZʳ$t`۳m9:J";E2qfn*)=וG4g?0Twgṫ'Sj$NRimX.e?'D.LqC` HTyPdQvD d0RI)`WTdP@BZNbx<'b{H '? a+c7~&Rȓ}$ |q`b|\_y cCէ~zU^51@E1 wzcy* n= A$Kyw:Oۗ]q:rw| 8}_UڗAJΚg(@/^);-4.K˓oX%juԺh|l0[-tJj2m&A.dRýW%i}OgUuQuay`A$av۾p.[K5W%˦u ۾܉筏, YF#<^9>o6OM1+0fhg<"ԃcxH;xidLi+-/Ҿ>i^sfsg9kI.Dz=d_5v8Aϐa6( Օh4lϝ%~uYs PH|P\*? (JUHR ~tIsu]N .FWD@AnpKz!NUHy*4Д e5ѓ:)K4 x| r/HUɉi } i T t6~OW 0bAd*Vr[i'>>!k^&68[h)9OWIBpǻ"Ts8搌Màv)nթ8EG {tO0 ch9a(gz&I[ˎtKb TtJ!SBt 02H PV,O&e=lI1 iKBih%OI39u >J9[Urs@İ&{6g^%[ë ;[ .ViH0_Ӹ\b趎D XY+oxta}XkI-jշʫ؍C6oY`0!9˩Bn]ʩzpPu{bԣerFi:n;GT@(NVu2k-P#_YL.t0=9]#ΓdtW>##v-Q xqf=;03t7!L[ıwp߆؍ ?G.9r jkQD=%7&^`q h5ݮ "qԳDb!N4nڈb򇜴eK5i\~鞁&GM_ |0$?T-@N vpߋT意G 93rs+njf5e'Sٽ_RI턟ycP>KS$٘NFBESU-l/bYpJeGV2;nd+n$c,nP2vA rS{A[:?=إFnv^9!Śuϯe4"]bweB!uov~ֲ,(rD.qykEwWEsOqzy^J ȓCD6K`!i4ED"fFc8EE[}6 ?&'KMx<݌;`!ː_4hgaͰ=>Ι dJ;noݍnL M A;"J ܝ[4 ⫆̆U õaV`j8- '$\}5 ߈;6bE I_-c򽱢vp u\wךW)~cbƚ[KLBI =3q7Z}ߓqi+xfы%͖l~ ƦKl2:-3X#/o`( #lP=9lE|kiy)9c:{#ΐƅ91|seyxwt]WXtf~@'>pַ)Twi{'gbXI ][@e՝WWdx\qU8MZDžzg:Q+sN2dd$0lM+gQ| (ILN8w0_Bd""A>sBl%kB{ @-ckmpeq PUX{ˌBAGXj!(As&XM_߸x`S*BdaE`7TU:cXic+0ԲgbڀT.>C!ltDhtZ! [y*D[LK@ٞ}¦[|:ShghH8mR sǦJsڗJ/8̩E XA`W3X4,7B}¯0K/0؛2HXI7|L<.,E%"o+| hJA[-kDOBqB>[N"7'_V!Io˦ll3_M/Lc^tO"A.Hl0B7Kʺ\Bnrc*_qB<{̜_ŀ,"c11-.7}}}}ԯV+J|Աnz=Wuht1ZեZQ)p0= |X=[zm׻밊,G<}y1gm3/R‰ XÀ9h|6ºt=eϷJm|T+Hjw`%Bi6d/p6gCz0hdv0o ^x!ݞOAlȘVϭMtD]{xDȰR'LP%]F+2T88(,x{Cf @ [gHo፩YD S%lȉ/zBJnR:h;@4SϘt[r,Օn2`͡U\؊b $ܑT< .aPʌD tԟ\uC+4F& L8eQH׎nHcbHW)m5O!" !~ 5?&08` ֌!Sd=2gUߐJ/hĠF9i#s$y9'E[) .WPoc67Du3p˯4YEd_Jp ʷێ(XN q@*Ky,߮0j){eGHwA"ܷ9]=L )SzUNwI/&?ݍݍݍݍܘAݘ?Rcx~%{[1xnXA18!UE,":gF?mƭq \[}u޷xˈL~ɤ˴h :g>໫ k{xͳoJtaq$[e)-:.?:>[=|xOGG3 қg"$ָ׷rny:>4\2i6ƨ^]"p XY# A\E 7#E|e ۔H^Ӈ'%\ 7^X> V3Cҫ{$zĆX{K`Yߨطg]8֚x}y3)0lRd޿F9$quRTڅWBF綞G͑o\[;"gGp?{TOΝXpCcT j=&y3O$.bS_҅F ox$S \('ev> \DRΝ+b| ş _zypj3U0]-_8[")ciB/̴ǽ`}. ѻ#{P Bjgf5'F/BSk+#./ԍfi-WV4. mX[`8,ij0\򽧻. +<:qB u,*+Wbp,ȉyIwIdL3@84+IY'V [IHgc~ 2"*NhfH03۬a`D 5{/Brp@{cgh,|JMsLcW,13{O?/Em/4oqms|aY@{|6I7m)f!Zz8Rw@/j ,F>evEqnOC !n1J]y0NX3LM?^2 q̂fS~g f0ۡeo0q_7nmoxʘ}o?؉^h!??oSaRM'Vۭkk'D!pS 𷊛q'H"{FEM];< pPRaw)Ƕ3|2V0s.M[C p}BYê B(l; FjIAw_ZO TeQONѧRE28MީJ(+aZcWF%5z J 07~AX^HS3&Od갲6_d[aZx1V$GBx `,%7fub?=GutNk-b"]L1xy[ݏ̀+5fL|7P;qQ6'0HuPG'@VH49_O~Ũt 6O y^Šx!}VC GBk&pVy k mLY8Ow| 􄼥޼tcGQH㙛輙^eȩE[TxvXӟ )=챥^G@!ZM)RӰp-|2i?NRezB9xIfӓk|?U-RRu;/!_єV)!Ϗ.?HFy(2s'}sYXkO:Rga^1X J)ySi HP$6_跔_8Gp0l˖C0Ÿn4ܕ4Q,+襍ڵ˔8H`6 +^Tc"WO,d2۰NWD]%Fb1t)6AP;cD :c< +Kf0̊ۢo4J۹aiJ %09m6}a }t K1vzG*%F¯RވfFܞVk]lRBʇh9=P\jxÀ|wSO L9& H!Yiv' .'G' vWp+$_z*JvNGȚX'N8AnJib Q:#o§I`(8Nm@}ިWK}U+-i;8l@"2?<I:Ns#~NP?ԓG)׀ǎ!, `Oh$NKm1e>4O].>_dsrټ7u=<cg2sY}c`#o׆M}FG7"ߟ֞39$l0W >KQ+#l9e`l#@^i O>1B|1[GB(T9Ĝ#MJAyeG9Px Iݺ\~>6L-;hЈIED#ThbGD#&NI79m6O-ր aFJLLn#B s8xfHGi)S@OB`#j~th|n8[' T6CĊ1gGi.#@쨶;D:CE T&}nA=bAa~J­!~RJs#ݜ 9_Z,a&4;`,:NP0t?\Gezy}Vwe~vkt7O`r'fp͒s\jfN:e_ g >򽉾0uSc/f[7K ፈB$P!%h$bzsʀ<zwl| {=1QobS{JBveX &zw[wy|C^͒es=M蕴B9^2!CvGC>Th`}c&z،\cݾ嘩7ο5ift>u[WV57x ZҷpKtԭs>rܾrںl^].LSf&R0mwi]ɇNkgM:]b\k}/s>/?/D\g& ǚ ȿX{f|/A~.%kCk^ڠ_kWk_\Y ] >ϐy]>y ~~oެhfM77k/9IҚykq S,5Lh K//<ˇ%_J Xikث5t.3묑Kܿ2~62Ao]O aqʍ%9Mk[N֠}G{1>Wi K{{yH L+gل@CX{#u_?+ wOʻϝ1i҇su9mM}ӉzZ<Ś/J?3wd#3-F"afDd'hV n#=Dz?|[r-o ~<Ċ=P.v9)nדepKCG0nsOkr>h<[~|_kwecC=:? ߒD,y  C?s H7{izY.U~͸APcv%^ LewdtR˳O> j*85ߜ:I<;7@jeְ<;I\c/15D =C}34]N7zpޣ6vF3O7zij#5q}TдZj\,2v俓k$2>q(t <ˈɪ"+w9 طV+)B`"8 T:QȀFuoo*F0nh9=qÐa1Vx!'\CHcztd[ƶQUYm\PP,{Pyثގe@|Lov(u`O}g~:[{8x jg9Q _5q~) MW&bЦ!IX9#l]i"ⱭA0 mc|򷁞?dji }b!009 hwm=ƾw<^A_McH29H讠W =\șPV=}_\xP ˪&bw(l z ODQ@N-7Lj1bPS**u2$9%ǖޝc.ÉL=u{Ȋdatty1d<6/ipx@ ޹Fnf1 7w*a91soY50{o=3 # (C!}6bZ1icоuq`,H,g̀_hO,ow ;݈qe@(e6L6u;!i<܃X{A}q&K6`~uu;Lђ?P'/R^!N6EXHx53L{O;BLr(pIDhzxSq'=Ah"v]"6 R Ň%od39L#dϬ<>I ’Bc MlL߼;-C{)B9 H|Q\+u`_GFb+&2 U^&tp;y:6M({\fVX"em5[WeԢر"촮HDZ9eo#,vcPP"cq/!3aps4K(g55i7_.5(l$9=ASh4ϛ5yX%%39wr\ 籽$0\"g~\e;Tht[`,5^b>0v!$[Sp|"g֨zLU"zʴ5ڤDq ^vޒۍƾ dv}.v=E3Һ"i'ɗ@BW H,܈ AQ6+yJ>? T|- 5G\6 DR }J0N խ`,s<`(D0rC/7^?J B ϱɮx3@FC0!6\jџ'H.Ѯ܁,1Ał?rLw&9sg_(LˀWvm2yDt[] vD hӾexi< D#V|BrX}PoS.t 7tlib @#xQ|@ ۊnFTN`GYe`+r 8ǩ3`-hq#Ƨ1u-8=`;Щ0D\MXy܄1\ѨpCVDǎ3mǺgyeDmE>m+:ЍaO11igNb +2zX ^|޹+o5Љe6ï|NN7p2$82#" $8r奖I;;Uh1K;<>>ؐ/fD?8- cL;bcXJg,͎t7O8L |g[иY;1jPHP9͑_ a0*=7ZЮS,MǎCga+E`2PNXTc.G\ *@=փP=`B4<6TF_E@ Eg!UĔI'60M;r3@ýŵk]^g*!^R/xvtυ|P :9]/>%Ӭe~v3O{ċ--MAW$ă|֤gw'>{ϝwП8{UDԿ˾ė_xb1j N!ؿvQ e^0!/pE%@5X<qduȏ5Pb t;U+P 3 Uy@9 r>nÉwYS&y5r\x,g?DޏqgwK*{Zdx Ucw]=Rep )H0\=,Fe18Gt@{3$Nm;+,>}y02i ɜk}`/W07tBgsk4_+eMa?й±谲V@^n{L?'];1CP[uG=OeP|VwUr\o\~Uд@]U 0Z?YOv\:(lpa VTVXZˆ`Oӱ^"LV_Z-.J*1"1 I%$'I<؃M5E%>Ȃ1&P|ANZ/M9n˫##i>V0%S&ޝ㍦贔B'*nPIs {}هO&Hw;DJjg&~ѭEŠ2XLcqkn8 2"- .5uT|]``~dC"0ҧ< I_Q,*hF0'drAK~RMD e˔9c[Jt|֞N^Ytl"_.d\oDiB"lǞD^A\M~.Kj/hf}mC  L ]9d7ulIJV"\q V#e:hw2405MoaH=̢ M6rͺfxϽ;^BfޝA+ʄTnCY63 )B:7hi Z<+[ B>FDŽWj_{<>P+ڙ}] 6G sCzS6,F>(WS8ǻŮAҀ4\@ `w ᔊ_x '(-AA„;r2篝[(:D7" F$ƞ=^Stv7DJTMNܷ4kGPo![49\uCen0=i6M{ZC%Ծ,K<\d9sЇJi8+\t׾,ڗM/|ؤANدxk)s*!fy.fLVˆ/6]_R0n}TIxP-h1z,^~K*$V)=au/ι$c0f͞GN'BR;rUk|YZ։ Fn6vz%>Бu+y_HGQIθQ#(Q˄#x4an@w>װd'"(Mб>'o*lx|9A^Cy^} (N28EJإJ G ?Kޑ S,T, J`J%QD.pr"f ][oE1nRb=9P