Microsoft is expanding its security business unit with a group that will establish new software development processes and create tools for its programmers so that future Microsoft products will have fewer security flaws, a Microsoft executive said.
Microsoft Creates New Group to Clean its Coding Act
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
They got the message. The public wants products that suck less.
with the ultimate goal being that customers will take security for granted in Microsoft products
this will take time and not only time till they have their products secure. it will take time, till the user-base will change their mind about that thinking.
sorry i’m not sold, remember “XP has zero unchecked buffers” straight from the horses mouth, then 2 weeks later a remote vuln is found due to a buffer overflow? Its a step in the right direction though
you have to look diffrend to the statements comming from microsoft. one part is marketing and the other is the technical part.
the marketing departement will lie lie lie… just to sell the product.
but they are realy getting better on security. however…. once i lose trust in something… i can’t give them my trust that easy back. trust for me is not a game. either you trust or you don’t. but you don’t trust one day and the other you don’t trust.
There’s still no exploits for Windows Server 2003. That’s pretty darn good compared to previous Windows releases.
i think it will take some time, till all the bug/exploit hunter are usin w2k3. and i think it will take some time till they find EXPLICIT w2k3 exploits.
the older releases of windows where to close to their old version and the bug/exploit hunters had a easy game. but w2k3 will be diffrend in that point. but it would surprise me if they would not find anything. at the end: microsoft is microsoft. they must have some nasty exploits in their products.
Hmm, it’s been out for less than a month and there are zero exploits that proves it! LOL!
Your search – “XP has zero unchecked buffers” – did not match any documents.
Care to cite a source for that?
So this new group is going to create tools to help the developers find security flaws in their code.
These kind of tools already exist, and they can be helpful. But to totally rely on this kind of tools… that isn’t good enough.
The OpenBSD team is doing a great job writing secure code, and finding flaws in existing code. And they’ve found and fixed plenty of flaws that weren’t discovered by automated code checkers.
How do they do it? By having a team of very skilled people go over each and every line of code. And by making security the #1 priority when writing new code.
So if Microsoft wants to secure their software, they’ll need a big team of security freaks to examine every line of code…
That’s very hard to accomplisch. First of all, they’re going to have a hell of a time finding the right people for this huge work. It’s going to cost a lot of money, and it’s going to take years of hard work.
Since Microsoft’s primary goal is to turn a profit, they’ll stick to the much cheaper method: Keep on telling that they’re doing the right thing to make their products secure, while only doing minor things to improve security.
>a group that will establish new software development
>processes and create tools for its programmers so that future
>Microsoft products will have fewer security flaws, a
>Microsoft executive said.
A washingpouder that will remove ALL your stains from any texture, a washingpouder producent said.
Right lets pretend we are doing something so people stat believing us. microsoft is after your money not your pleasure.
If its ells its good not if it secure or stable..
What is next? Windows 2004 Advanced High Security Fortress Gate Communicate suit…Pfffffff getting tired of all those so called innovations. Always the same shit it´s buggy, unstable, virus magnet, non-free, non-scalable, non-linear, no fun etc.
The chance for buffer overflows are minimized by using a different language. I’m wondering if that is part of the new tools? As Dijkstra said: testing will never proof the absence of bugs, just their presence.
Start here: http://crn.vnunet.com/News/1125281
Then go here: http://www.infosecnews.com/opinion/2002/04/17_01.htm
Finish here: http://search.microsoft.com/default.asp?qu=unchecked+buffer+xp&bool…
There are a ton of articles making the claim, you just have to use a better search string. 🙂
This is yet another propaganda stunt from Redmond. When will reporters get tired of repeating whatever comes out that place ?
It sounds like this : “Microsoft just sneezed”, …, “Microsoft coughed”, …, “Microsoft is chuckling”, …
Meanwhile, when we check a website like Kerneltrap, we are informed about real progress that’s being made by free OSes.
Microsoft executives behave like Michael Jackson : they know they are useless. Therefore, they welcome whatever appears in the media, as long as it keeps them under the spotlights.
the government. Instead of fixing problems, lets start up another layer of bloat and paper shuffling.
Heck, I’ve been living in Australia for 2 years, and every time something happens, there are two things that always stand out, “we need more funding” and “lets start another department”.
Mean while back in NZ they’re slicing and dicing those departments away and making sure that the CEO’s of the government departments are held accountable for their actions.
That is what Microsoft need, more managers being made accountable for their decision making, especially those who sit in their office, completely clueless about Information Technology and suddenly make the decision, for some reason, to ship product foobah in September even though the Microserfs who are coding for their dear lives and screaming out for more time to test the code properly.
If you want something/someone to blame for shoddy Microsoft products, it isn’t the programmers, it is the management and their computer illiterate decisions they make.
Reading CooCooCaChoo statements, I’m completely baffled. Are you sure you are in Australia and know something about NZ??? We currently have the biggest scandals after the government distributed our money to crook after crook and I haven’t seen any minister disappear here.
If NZ is an example MS must follow, I suggest people sell there MS stock now.
And to blame the manager where it actually is the programmer that wrote the shit: man, it’s time to learn that you are responsible for your own code. If you can’t write the way you want, or the way it must be, quit. If you don’t know how to write code, and wait for a manager to tell you, and blame him when he doesn’t, go work for our competitors please.
This sounds like big government because just like big government , private owned abusive illegal monopolies are just as bad at wasting money, stifling innovation and competition. Ever read “Wealth of Nations” ? The effect of a illegal monopoly in any sector of any given market has almost the same effect as abusive government regulations.
No exploits yet? Just look on the vulnerability tracker on security focus. Yeah.
“so that future Microsoft products will have fewer security flaws”
Are they therefore explicity admitting that at least some of their software currently being developed (ie not using those new tools) will *definitely* have security flaws? Not that it’s a surprise, but possibly revealing.
The OpenBSD team is doing a great job writing secure code, and finding flaws in existing code. And they’ve found and fixed plenty of flaws that weren’t discovered by automated code checkers.
How do they do it? By having a team of very skilled people go over each and every line of code. And by making security the #1 priority when writing new code.
Although a big part of OpenBSD’s security comes from using older code that has been patched for security only. Microsoft might be able to get away with this to some extent in their server line, but on the desktop people want the newest features as they come out. OpenBSD won’t usually do feature adds until other distributions have taken the security risks.
I am a New Zealander, and I do follow the news via http://www.stuff.co.nz however, it is hard to know what is really happening as the majority of the media are still on the Helen Clarke Love Pill.
Sure, NZ hasn’t got things right, however, if you look at what was done to the public sector in the 1980s, IMHO, they did the right thing. Do you know how long it used to take a bloody telephone to get hooked up in New Zealand when Telecom was a government department? try 6 weeks, and that was on a good day.
Sure, economic rationalisation of the 1980’s was tought, but atleast now we have lower taxes than Australia, a larger fiscal surplus and a focus on paying for things without the need to introduce more taxes as with the case of Australia and the numerous industry bail outs. Ansett, sugar mills, HIH, car industry, farmers, the list goes on and on.
Re: PainKilleR (IP: —.GDGSC.Com)
You are indeed comlpetely right that Microsoft will never get away with this on the desktop, sadly enough.
This pretty much means that Microsoft (desktop) operating systems will never be secure, unless the view of the majority of users changes… And that’s not very likely to ever happen.
Oh well, luckily there are operating systems that do value security
Sheesh! 10 people! Well I can now sleep at night,
with my servers now secure.
Really, Bill and Balmer have got to GO!
Microsoft’s only real innovations are in the “Lock In” strategy department. i.e. Trusted Computing, which if you’re smart, you don’t.
The only thing that will change MS is if there is a change in Upper Management. They direct the company. They reward the programmer’s who follow the party line. That line is find ways to protect the Monolopy. Not, do Great Computer Science. They hire the programmers. They reward the programmers. If you work for MS you don’t get a raise for developing great software.
Oh well, luckily there are operating systems that do value security
Yes, and those of us that are concerned about having a secure desktop will simply keep a secure OS between our desktops and the outside world
Sure, there are ways to get at the desktop OS regardless of what it’s going through to get out, but most of those can be prevented by proper understanding of what not to do (like open that e-mail attachment sent from someone you barely know).
Personally, it’s good to know that MS is at least acknowledging that they should be working on security. Regardless of everything else, 2k and XP are still the systems I use the most because I have to for work (2k) and for the majority of PC games (XP).
In about 5-10 years when the first wave of computer literate people gain senior roles in governments things will change quickly. Expect “lemon” laws to protect against dodgy commercial software including refunds and warranties. It may slow software development a bit but it will be far more usable and reliable.
>a group that will establish new software development
>processes and create tools for its programmers so that future
>Microsoft products will have fewer security flaws, a
>Microsoft executive said.
A washingpouder that will remove ALL your stains from any texture, a washingpouder producent said.
Did you even read what you quoted? It says “fewer” not “none”.
“This is just another PR stunt.”
“Microsoft sucks.”
“Microsoft products will never be secure.”
These are all baseless claims. In the past, when Microsoft has said they are changing their focus, they REALLY change.
Take the internet for example. Or the .NET strategy (heck, security in .NET with managed code is great).
What is the point of making comments such as the above? In reality you do not know what is going to happen, and saying these sort of things just makes you sound like a complete idiot, as you come off as a mindless drone.
>Microsoft executives behave like Michael Jackson
-Almost similarly to a compulsive pederast promising
not to do it again…