Microsoft security - are they serious this time?
I hope the Security Shootout indicates a genuine shift of direction by Microsoft, towards real security in their products..... but I must admit to being skeptical.
Since 1999, I have been associated with New Media Security, who develop strong encryption solutions for PC and PDA devices, so I've come to understand a lot about the security shortcomings of various Windows versions.
During that period, Microsoft introduced Windows 2000 and the Encrypted File System (EFS). On the face of it, this seemed like a positive development. However, Windows 2000 and XP still suffer from one extremely serious flaw in their security, to do with the way in which passwords are encrypted.
Without going into technical details, this shortcoming allows a hacker to boot the system using a Linux shell and change the Administrator password at will. I have done this myself, using a widely available tool; it takes approximately 60 seconds to gain control of any machine running Windows 2000 or Windows XP, unless the Administrator password is extremely long. I believe the tool works for passwords of up to 16 characters, which is certainly longer than any password I've ever used.
So, I'm interested to see that Microsoft appear to be moving security up the agenda.... but remain suspicious of their ability to deliver in this important area.
I'm interested to hear from any Microsoft fans or employees on this subject. Do you think the company is serious this time?
Patrick, very valid apprehensions. I am not a MS fan or employee. I think, for MS security is not actually an issue as long as there are MS users who like the usability of their OS.
I too hope security becomes an agenda for MS.
Rajesh
http://www.samooha.com
Microsoft security is major problem but why they fail to address it in their OS?
Couple of reasons given by experts:
1. Microsoft wants to keep selling new OS every year. If hey make one perfect OS, who will feel need to upgrade? same applies to their support & architecture which forces old PC users to upgrade their hardware as well as software.
2. Backward compatibility: In order to allow running previously created applications, they have to compromise on architecture.
3. Major flaw into Win OS is their control. Currently any application can take ownership of hardware and other resources (including memory) and bully OS as they wish.
There should be strict control over resources. Similarly greater degree of separation between system files and document files is required within OS file structure. Which is not yet possible in Win OS.
One more theory says that MS is allowing these flaws into their OS so FBI & CIA can sneak into other peoples systems and gather necessary information. If its true, they will sink one day with it...
Imagine a chef is creating a recipe. He made one very simple recipe for a small audience. But soon he realised that something is missing, so he added more salt and sugar into it. Still its not up to the mark, so he added more TADKA to it. Still its not up to the mark, he adds some more boiled vegetables. Still its not up to the mark, he adds some more spices. Still its not up to the mark......
In a nutshell current Win OS is like spoiled recipe. As its chef realises that it is not up to the mark, he keeps adding more ingredients into it.
Some hard line decision should be taken by MS to start from scratch. Forget about backward compatibility and create OS which is secure like Unix and with rich interface like Mac. Rest of the world will automatically catch up with it and re-compile their applications to match with it.
Best-of-luck
.....a headline from reuters.com:
Microsoft warns of three "critical" security flaws
Keep working at it, guys.....