Microsoft's war against hackers

[Crazy_Canuck]

Microsoft Corp. chairman Bill Gates, whose company's software is often derided for being buggy and vulnerable to hackers, showed off planned features for shoring up its programs and heading off cyberattacks.

Progress is being made against viruses, network attacks and sloppy code that make systems vulnerable, said Gates. But, he added, a lot more work remains. "The people who attack these systems are getting more and more sophisticated," Gates said Tuesday. "For every time we take a type of attack and eliminate that as an opportunity, they move up to a whole new level. That's not an unending process - we can make it dramatically difficult."

Speaking to thousands of security experts at the RSA Conference in San Francisco, Gates said Microsoft's Trustworthy Computing Initiative, unveiled two years ago after several embarrassing Windows flaws were exploited by viruses and hackers, is paying off.

In the first 300 days after the launch of the Windows 2000 Server operating system, 38 security bulletins were issued. The first major product released after the initiative, Windows Server 2003, has had just nine bulletins in the first 300 days.

"Everything we're doing has been impacted (by the initiative)," Gates said. "Over the past two years, we have made a lot of progress."


Gates showed off an upcoming Windows XP update that focuses on security improvements. Service Pack 2, which will be available later this year, includes a centralized control centre where users can automatically check their computer's security status, such as whether all critical updates have been applied or whether antivirus software is running.

Unlike earlier Windows releases, Microsoft's firewall software will be turned on as part of the default installation. A firewall blocks intruders from entering a system.

In the new service pack, the Internet Explorer browser will now have a pop-up ad blocker as well.

Beyond the Windows service release, Gates also showed off "active protection technologies" that will gird Windows computers against attacks by sensing changes in the network that indicate virus activity. If a problem is detected, the computer's firewall will dynamically ratchet up defences.

A number of companies at the conference were showing products similarly geared toward detecting unusual activity in networks.

Microsoft isn't limiting its fixes to its operating system. The company also plans to update its popular Visual Studio development software so that, for example, code can be scanned for potential problems as it's being written.

Gates also said e-mail spam, which often contains viruses or is sent from infected computers, is being targeted. He proposed technology that would confirm the sender of an e-mail is authentic. Caller ID for E-Mail will be tested in the company's Hotmail service, he said, without providing a specific time frame.


Gates said Microsoft is working with governments and companies by sharing its software source code, or blueprint. Thirty governments and thousands of companies now have access to Windows code to look for problems.

This month's leak of a portion of the code to a previous version of Windows was not the result of the Shared Source program, Gates said.

Gates also announced a deal with RSA Security Inc. to make it possible for companies to use a more secure system than simple user names and passwords to log into Windows computers.

In addition to providing a password, users of the RSA system must enter a random number that appears on a keychain or plastic card they carry with them. The number changes every minute, generated by an algorithm that also resides on a server inside a company's computing centre.

Microsoft's trustworthy computing plans are important, but they are a piece of a much larger puzzle, said Robert Holleyman, president of the Business Software Alliance. A broader understanding among users is necessary to ensure security.

"There's not a single solution to the problem of cybersecurity," he said. "It's a range of solutions that need to be deployed collectively to raise the overall security."

[MobileMark]

and to summarize.......

[iroc409]

tcg has some scary things on the table.

security? at what price?

[SENSEX]

idiots. You would think a company like Microsoft employed security experts to find holes.

[Rorschach]

Fuck Microsoft and FUCK trusted computing. Nazi bastards.

[iroc409]

Quote:

Originally posted by Rorschach
Fuck Microsoft and FUCK trusted computing. Nazi bastards.

their proposals are more frightening than the politicians, especially considering they come from a private organization.

with one click, they can own a country.

[notjoe]

Quote:

Originally posted by MobileMark
and to summarize.......

Sorry for fucking up your business and the internet. We're working to try and get caught up with implementing technology we should have implemented 3 years ago.

As for our sloppy code, we're sorry too. We're working hard to make sure our programmers arent fucking up your shit anymore!

[Krille]

thanks for the short summary

[johnbosh]

Quote:

Originally posted by iroc409


their proposals are more frightening than the politicians, especially considering they come from a private organization.

with one click, they can own a country.

that goes a bit too far

[Rorschach]

Quote:

Originally posted by johnbosh
that goes a bit too far

No it doesn't... trusted computing is some serious big brother shit, they're basically saying give us the key to your computer so we can do whatever we want and don't have to tell you about it, as well as knowing exactly who you are and exactly what you're doing.

[notjoe]

Quote:

Originally posted by Rorschach


No it doesn't... trusted computing is some serious big brother shit, they're basically saying give us the key to your computer so we can do whatever we want and don't have to tell you about it, as well as knowing exactly who you are and exactly what you're doing.

That is the most extreme case..however, i would never trust a "trusted computing services". If we have learned anything about this company it is that they do NOT know how to secure their shit and i wouldnt trust any sort of personal information with them.

[iroc409]

heh... it's some truly scary shit.

the ability for them to have complete control over your computer under the guise of "enhanced security".

part of it is which they can disable a system, or any number of systems remotely. this could include an entire country that another country is at war with.

the new system is even built to destroy your files - if they think they're violating a copyright (ripped one of your cds for your own enjoyment? oops - deleted!).

it's also designed so that non-tcg software won't be able to play with tcg software. it vastly opens the door to subscription services (such as .net), and provides much better anti-hacker/piracy options. didn't pay your bill this month? no more software.

it's still in the proposal stages - but they're proposed implementations starting with palladium (ETA 2005).

[iroc409]

Quote:

Originally posted by notjoe


That is the most extreme case..however, i would never trust a "trusted computing services". If we have learned anything about this company it is that they do NOT know how to secure their shit and i wouldnt trust any sort of personal information with them.

do you know who's part of tcg? not just microsoft.

try ibm and intel, among others.

there's money there, and that doesn't include the hard-ons it gives control-freak politicians and the RIAA/MPAA.

let's hope it doesn't come to this... yet.

[Rorschach]

And the next stage will be making x86 hardware that only runs with trusted OSs... so goodbye *nix on the desktop.

[Rorschach]

This says it all really...

The Right to Read

It was reading this that really made me turn my back on proprietary software.

[iroc409]

Quote:

Originally posted by Rorschach
And the next stage will be making x86 hardware that only runs with trusted OSs... so goodbye *nix on the desktop.

they'd have trouble with that. notice ibm is starting to push heavily with linux again? they wouldn't spend money on a superbowl commercial for it if they weren't serious.

that may become an eventuality, but they can't phase out open hardware.

[Steve W]

FUCK MICROSOFT
FUCK THEIR UPCOMING SERVICE PACK WITH AD BLOKCING SOFTWARE
FUCK THEM.


If they release that shit I know it will only take a few weeks until they get sued by several companies. Fucking bitches. I need popups. that's how I make a living. WTF else am I supposed to do?

[notjoe]

Quote:

Originally posted by iroc409
heh... it's some truly scary shit.

the ability for them to have complete control over your computer under the guise of "enhanced security".

part of it is which they can disable a system, or any number of systems remotely. this could include an entire country that another country is at war with.

the new system is even built to destroy your files - if they think they're violating a copyright (ripped one of your cds for your own enjoyment? oops - deleted!).

it's also designed so that non-tcg software won't be able to play with tcg software. it vastly opens the door to subscription services (such as .net), and provides much better anti-hacker/piracy options. didn't pay your bill this month? no more software.

it's still in the proposal stages - but they're proposed implementations starting with palladium (ETA 2005).

I could believe this would happen....if we lived in china. North America and other parts of the world have privacy acts which would prevent this from ever happening.

[notjoe]

Quote:

Originally posted by Rorschach
And the next stage will be making x86 hardware that only runs with trusted OSs... so goodbye *nix on the desktop.

This would work just about as well as the serial number hahahahahaded into p3+ chips worked out. How many software packages require the e mbedded processor serial number to be enabled?

[Rorschach]

Quote:

Originally posted by notjoe


I could believe this would happen....if we lived in china. North America and other parts of the world have privacy acts which would prevent this from ever happening.

yeah but especially in America money talks and civil liberties take the back seat.

[Trax]

Quote:

Originally posted by Rorschach


yeah but especially in America money talks and civil liberties take the back seat.

blah blah
its still not going to happen
fuck "money talks"

there are countless laws who will never going to make that happen

[iroc409]

Quote:

Originally posted by notjoe


I could believe this would happen....if we lived in china. North America and other parts of the world have privacy acts which would prevent this from ever happening.

have you heard of carnivore or the patriot act?

aside from that, most of the proposed items could be done with no actual "violation of rights".

[Basic_man]

Quote:

Originally posted by iroc409
tcg has some scary things on the table.

security? at what price?

Why are you talking about TCG ?

[notjoe]

Quote:

Originally posted by Rorschach


yeah but especially in America money talks and civil liberties take the back seat.

Sure, lots of times you can "bend" the rules... hell, i bend the law every time i get into my car but you can only go so far before you'll have your ass handed to you (i have to go to court for speeding).

While M$ may be able to get away with such bullshit as automatic updates (which already installs updates/code from M$ without asking first) trying something like this will definitely raise a lot of red flags everywhere.

[cypocrypt]

fuck M$
stick to linux

[notjoe]

Quote:

Originally posted by iroc409


have you heard of carnivore or the patriot act?

aside from that, most of the proposed items could be done with no actual "violation of rights".

Do you even know what you're talking about? There is a HUGE difference between sniffing network traffic for keywords vs having total and complete access to all of your personal computer files, and anything/everything else.

Seriously, you want to sniff my network traffic then go for it, what the fuck do i care? Anything important which is done over the net should be encrypted anyways.

[fvurakki]

What a cry baby!!!

[iroc409]

Quote:

Originally posted by notjoe


Do you even know what you're talking about? There is a HUGE difference between sniffing network traffic for keywords vs having total and complete access to all of your personal computer files, and anything/everything else.

Seriously, you want to sniff my network traffic then go for it, what the fuck do i care? Anything important which is done over the net should be encrypted anyways.

ok, yes, perhaps i should clarify.

the more extreme parts of the proposal are definitely violations of rights, but they could easily be construed under "just cause" and all that BS. but these parts are also the parts that are most difficult to pass through.

the parts about the non-tcg software doesn't get to play with tcg software, or the subscription based softwares, that kinda stuff is easily passed through.

same even with the "magic button" to shut your shit off - just like remotely disabling a car. in theory it would only be used with a justified means - such as criminal actions or war (the theory behind a war is that a target country would not have the time to change their systems away from microsoft in the event of a conflict). this would be just cause, just as carnivore or the patriot act is supposed to use. and, of course, i could see the implementations of the snooping and file gathering just the same - the avenues are there, in the case that it is necessary.

[myjah]

blah, blah, blah. their software will always suck and will always get hacked into

[notjoe]

Quote:

Originally posted by iroc409


ok, yes, perhaps i should clarify.

the more extreme parts of the proposal are definitely violations of rights, but they could easily be construed under "just cause" and all that BS. but these parts are also the parts that are most difficult to pass through.

the parts about the non-tcg software doesn't get to play with tcg software, or the subscription based softwares, that kinda stuff is easily passed through.

same even with the "magic button" to shut your shit off - just like remotely disabling a car. in theory it would only be used with a justified means - such as criminal actions or war (the theory behind a war is that a target country would not have the time to change their systems away from microsoft in the event of a conflict). this would be just cause, just as carnivore or the patriot act is supposed to use. and, of course, i could see the implementations of the snooping and file gathering just the same - the avenues are there, in the case that it is necessary.

I agree to an extent that while they might try to implement something as such it will fail without question, and here is why.

1) Would intel be willing to drop the entire X86 platform to go with this type of system? To get rid of all their customs who runs servers and computer systems which do not have internet access?

2) Will banks and other such insitutions be willing to open their entire network and allow for total control of their machines by microsoft/big brother?

3) Software developers will also lose out on this HUGE market share as well.

4) This would create a monoply. Will they open the trusted enviroment to ANYONE who has an OS out for sale?

[iroc409]

Quote:

Originally posted by notjoe


I agree to an extent that while they might try to implement something as such it will fail without question, and here is why.

1) Would intel be willing to drop the entire X86 platform to go with this type of system? To get rid of all their customs who runs servers and computer systems which do not have internet access?

2) Will banks and other such insitutions be willing to open their entire network and allow for total control of their machines by microsoft/big brother?

3) Software developers will also lose out on this HUGE market share as well.

4) This would create a monoply. Will they open the trusted enviroment to ANYONE who has an OS out for sale?

yes and no.

first of all, there is no need in this for any hardware maker such as intel to alienate any of their customers. they're not going to change their processors, this is only a software implementation.

this is to an extent a gain to commercial software developers. it almost puts and end to piracy (this is in part what .net has been pushing for with subscription-based services).

this isn't quite an all-encompassing thing. it's not where microsoft has access to your computer to sniff out data. the file deletions would be implemented automatically into media player and such, where if a file could not be verified of its legality, it would be deleted. nobody is sniffing through your computer looking for illegal materials, it's handled automatically.

the back door to turn off services (including your OS) is more of a piracy issue, where if you don't keep up your subscriptions, your software is disabled. and of course if your OS is disabled, so is your computer.

it does pave the way for a monopoly, no doubt. quite similar to the IE debates, however i think that it could gain momentum considering the players afoot. and they're not necessarily saying that you can't run non-tcg software, it's just that previous non-tcg software can't be used with tcg software (for example, office plugins). it's also a path to allow microsoft to force updates. they've done this for a while with different tactics, this is just a more efficient means. this doesn't mean at all that you can't use software not tcg approved, but that the interoperability microsoft is driving towards will not be there between tcg and non-tcg.

[mpulse]

Security...who has it? I heard that the new version of Photoshop (8) requires you to call in to activate it once you install it (for PC) but not for MAC. Eventually, these softwares will be self reporting to the companies, I believe.