Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Microsoft To Stop OS Development in February, Learn Secure Coding

By mercenary in News
Thu Jan 17, 2002 at 08:12:45 PM EST
Tags: Software (all tags)
Software

A story by John Markoff in the New York Times [free registration required] says that Bill Gates has issued a memo ordering all Microsoft developers to place more emphasis on "trustworthy" software. The company is going to stop development of new OS software for the month of February and send 7,000 developers to "special security training." They also plan to review all OS code for flaws.


ADVERTISEMENT
Sponsor: rusty
This space intentionally left blank
...because it's waiting for your ad. So why are you still reading this? Come on, get going. Read the story, and then get an ad. Alright stop it. I'm not going to say anything else. Now you're just being silly. STOP LOOKING AT ME! I'm done!
comments (24)
active | buy ad
ADVERTISEMENT

Unnamed sources say that the memo "resembled previous broadsides" by Gates, such as the famous Internet memo of 1995.

Do you think this is going to change anything?

Frankly, I believe we might see some changes because of this. Microsoft, for all of its problems, has a core of dedicated programmers who would love to write bulletproof software given the chance. It may be that Microsoft's "new features at any cost" culture is so ingrained that only a fatwa from Gates can effect any change.

If anyone can post the text of the memo, please do so.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o A story by John Markoff in the New York Times [free registration required]
o Also by mercenary


Display: Sort:
Microsoft To Stop OS Development in February, Learn Secure Coding | 37 comments (32 topical, 5 editorial, 0 hidden)
The memo (4.33 / 3) (#6)
by John Thompson on Thu Jan 17, 2002 at 07:28:03 AM EST

The Register has the original memo text.

The register (none / 0) (#15)
by Rift on Thu Jan 17, 2002 at 10:27:38 AM EST

I know this is a bit off-topic, but am I the only one who reads articles like this in the Register and thinks it was written by a 15-year old who just installed RedHat?

The line at the end "But we'll leave that for you to decide." seems to imply that they are attempting to be actual impartial journalists. I'd quote parts of the article that show otherwise, but then I'd have to cite the entire thing (sans quotes from the memo itself).

Now, I like the Register for some things, but I wish that when they had something like the text of this memo to present, they'd go just a bit lighter on the sarcastic Microsoft bashing - it'd make it a lot easier to read the opinion of the author.

--Rift
A pen is to a car what a meteor is to a _____
[ Parent ]
It's funny (none / 0) (#20)
by greenrd on Thu Jan 17, 2002 at 01:25:42 PM EST

That's the point. Theregister is a humourous news site, in case you haven't worked that out already. Can you imagine CNN saying things like "Microsoft have finally realised how crap their security always was"? It's refreshing to come across a news site like which just says hilariously impolite things about everyone.

Well, anyway, humour is a matter of taste.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes
[ Parent ]

The Open Source World Needs to Learn Secure Coding (3.75 / 8) (#7)
by Secret Coward on Thu Jan 17, 2002 at 07:36:07 AM EST

The open source world needs to learn secure coding as well. If you follow the news at Linux Today, you would notice several security fixes every week. The most common security hole, is due to buffer overflow exploits. We have known about buffer overflow exploits for over a decade, yet developers keep making the same mistakes over, and over again!

If the security holes posted at Linux Today applied to Microsoft software, there would be no end to the criticism. Counting the sheer volume of exploits, Microsoft security holes pale in comparison to Linux security holes.

Linux appologists cheer and say "good programers don't use strcpy()" and "open source security holes are fixed lickity split quick, just do an apt-get". This naive and simple advice has gotten Linux nowhere. Every time a product is updated, you run the risk that someone introduced a new buffer overflow bug.

Security is a huge problem on the internet, and it is about time software developers take steps to prevent security holes in the first place! First and foremost, open source developers should port their code to a language with built in bounds checking (except perhaps where speed is critical, such as OS kernels). This very simple advice would instantly eliminate the majority of security holes. Beyond that, someone needs to do an analysis of why security holes keep coming up. Then we need to developer processes and/or technologies to prevent them.

OpenBSD (3.00 / 1) (#9)
by Anonymous 6522 on Thu Jan 17, 2002 at 08:37:38 AM EST

Open Souce. IHBT.

[ Parent ]
Well.. (5.00 / 2) (#14)
by DeadBaby on Thu Jan 17, 2002 at 09:24:10 AM EST

Once you put gnome or KDE on it, run a web browser, have any sort of server software running outside of the daemons that the OBSD people audit... you're still very open to security problems.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]
True... (none / 0) (#34)
by locke baron on Fri Jan 18, 2002 at 03:56:15 AM EST

But OpenBSD remains one of the most secure OS's, out of the box (one of the most stable, too).

Micro$oft uses Quake clannies to wage war on Iraq! - explodingheadboy
[ Parent ]
it's the language (none / 0) (#21)
by rebelcool on Thu Jan 17, 2002 at 01:34:41 PM EST

There really needs to be a replacement for C and C++ that can compile natively. I think java is great, but for many applications (such as kernels, drivers and other low-level software) it can't cut it, because of the JVM middleman.

C is approaching what..30 years of age now? It was designed for simpler machines in a different time. Replace it with a more modern language that has more built-in checks.

Replace C++ with a cleaner OOP implementation, and template syntax that is actually readable. Garbage collection would be nice, too. Similar to java, but without the JVM.

Now I know there are java-native compilers out there now...has anyone used one? How well do they work? How fast and stable are the programs they crank out?

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

I believe them. (4.66 / 9) (#8)
by DeadBaby on Thu Jan 17, 2002 at 08:21:45 AM EST

Not surprisingly, people on some other sites are scoffing at this as PR non-sense but you have to ask yourself several key questions if you feel that way:

Are Microsoft programmers capable of creating secure software?

The obvious answer is yes. An average programmer can write secure software given time and incentive to do it. A major source of Microsoft security issues are existing issues that were just never fixed properly. A code audit of the NT code base alone, barring major re-design needs, would fix a tremendous number of issues in a very timely manner.

What is it about Microsoft's current development practices that cause the infusion of security problems?

There are surely several reasons but at very least one of them is feature bloat. Microsoft programs often do too much, too quickly. It takes several releases before bugs are worked out. This goes back to the business theory of giving your customers what they want. In the past Microsoft's major selling point, software wise, was more features and better ease of user over competing products. Obviously, there are few competing products left so that entire train of thought goes out the window. Now customers are demanding security and stability. I see no reason to think Microsoft cannot adapt.

Think back to the mid-90's, Microsoft's late to release a quality web browser and it appears Netscape and Sun could very well be on their way to making Microsoft's control of the PC market irrelevant. However, Microsoft admitted their mistake and spent the next few years building quality internet software. Here we are in 2002 and Microsoft is more powerful than ever.

The one thing everyone should have learned by watching Microsoft over the last 20 years is simple:

If Microsoft, as a whole, set its sights on a goal they almost always succeed.

I really doubt this will be any different.


"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
Why I rated this comment a "5" (5.00 / 2) (#11)
by wiredog on Thu Jan 17, 2002 at 08:47:10 AM EST

That last paragraph, the one that starts "Think back". The teenagers and people in their early twenties probably wouldn't understand it. But those of us who remember Internet Explorer before version 3 will.

Peoples Front To Reunite Gondwanaland: "Stop the Laurasian Separatist Movement!"
[ Parent ]
HEY! (none / 0) (#32)
by bzbb on Thu Jan 17, 2002 at 08:52:29 PM EST

Wait a minute, I'm 17, and I remember the MS takeover of the browser market. After that I swore an oath to avoid IE at all costs, and make this post from opera.
-- It does not require a majority to prevail, but rather an irate, tireless minority keen to set brush fires in people's minds."

Samuel Adams
[ Parent ]

Microsoft's Internet Software (3.00 / 1) (#12)
by Elkor on Thu Jan 17, 2002 at 08:48:53 AM EST

Microsoft admitted their mistake and spent the next few years building quality internet software.

This might sound like bashing, but it seems more like Microsoft spent the next several years figuring out how to cram IE down people throats.

I (happily) use Netscape at home, though I use IE at work mostly because my company requires it. Having used both IE5.0 and Netscape 4.7, I can say that Netscape is much more reliable. IE crashes on me daily and quite often loses its history when I try using the "back" button.

I hope they do get their act together. I might think about udgrading to a newer OS (I still run 95 at home)

Regards,
Elkor


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
[ Parent ]
Well, Gee. (none / 0) (#16)
by rmitz on Thu Jan 17, 2002 at 11:00:04 AM EST

Running Windows 95 is probably the source of much of your trouble. While I use Debian Linux for most of my work, I do work with Windows boxen, and while 98 was rather fine for most uses (I don't remember any crashes with IE), Windows 2000 was much better, as one would expect due to the different code base. 95, however, I continue to see be the cause of much trouble.

[ Parent ]
Not at work... (none / 0) (#25)
by Elkor on Thu Jan 17, 2002 at 02:52:19 PM EST

I have no problems at home running Netscape.

At work I am running Windows NT with Service pack (checks) 4.

As for the OS being "out of date" my rejoinder would be "Well, you'd think they would have fixed it by now."

As for migrating to 98, why would I pay (at the time) to upgrade from one system whose bugs I am familiar with, to an OS whose bugs I am not familiar with? And then do so again to migrate to Win2k or XP.

As it is, I am not interested in getting IE to work on my home system. The packages I have work quite well for what I do (netcruising, e-mail, occasional typing and some older games).

Call it the voice of cantakerosity (probably not a real word, but it sounds neat) but if a car manufacturer sold you a piece of crap car, would you go back and buy another one the next time they come out with one?

Not without a lot of persuading, I'll bet.

Regards,
Elkor
Not Persuaded yet


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
[ Parent ]
the problem is.. (none / 0) (#31)
by rebelcool on Thu Jan 17, 2002 at 07:17:35 PM EST

with that kind of thinking, its like comparing the reliability of a '81 ford with a 2001 model. 95/98 and their ilk of a totally different breed of system than NT/2K/XP.

It's been my experience that 2K simply doesnt crash. Occasionally faulty drivers will cause some problems (one of XP's big features is the driver-verification thing to try and minimize even this), but the OS itself is quite stable. I have uptimes better than many linux users..

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

Well... (none / 0) (#18)
by DeadBaby on Thu Jan 17, 2002 at 11:57:42 AM EST

Try Mozilla 0.0.4 on Redhat 5.2 and it probably won't be very stable either.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]
95? (none / 0) (#19)
by rebelcool on Thu Jan 17, 2002 at 01:22:26 PM EST

As another poster mentioned, theres a big source of your problems. You're using an OS 6 years old. 98 was a considerable step up from 95 when it came out, 2000 was a HUGE step up from 98 (I use 2k, never crashes) and XP is quite a step from 2k in itself (XP is simple to install and get running.. m-soft's included drivers support most hardware right from the start)

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

You lost me at "XP" (none / 0) (#22)
by theantix on Thu Jan 17, 2002 at 01:51:46 PM EST

I love XP, and I use it every day on my main development machine. But it is certainly not a revolutionary advance over Win2K. Sure it's prettier and has some neat features, but those are minor. I agree, anybody running Win9X that is capable should run WinXP for massively increased stability. But since a properly configured Win2K rarely crashes, the benefit to upgrading that is marginal (unless there is hardware requirements) (oh, and unless you have a laptop and can take advantage of ClearType).

--
You sir, are worse than Hitler!
[ Parent ]
Theres a few advantages (5.00 / 1) (#24)
by rebelcool on Thu Jan 17, 2002 at 02:30:56 PM EST

If I were building a new machine, id put XP on it. There are some added stability tweaks, the boot time is faster, and with everyone moving to XP, I think 2K drivers may slowly be left in the dust by manufacturers.

I do like 2K. I use it on this very machine, and I've no plans to upgrade the OS. I installed XP on my parents machine though a couple weeks ago, and was amazed at how useful it was right after installation. All their hardware worked and had decent settings. Even the soundcard and video were working just fine and at decent resolution and color. I still went and installed drivers for optimal performance of course, but I was quite impressed. If only my 2K installation had gone off that well..I had video driver problems galore at first.

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

Win2k driver issues (none / 0) (#33)
by locke baron on Fri Jan 18, 2002 at 03:51:56 AM EST

I've had a few of these... For example, the Radeon/FS740/Win2k bug. Not really sure whose fault this is, Compaq, Microsoft or ATi, since Radeon/FS740/Linux, GeForce2GTS/FS740/Win2k and Radeon/MV700/Win2k all work, go figure. Now, if only I knew who to report the bug to.


Micro$oft uses Quake clannies to wage war on Iraq! - explodingheadboy
[ Parent ]
+1, good discussion possibly... (3.00 / 4) (#10)
by DesiredUsername on Thu Jan 17, 2002 at 08:40:37 AM EST

...even if only hypothetical.

What *would* happen *if* Microsoft started making secure software?

Would users like it as much (whaddya mean I have to jump through fifteen hoops to send the latest "elf bowling" fad to my friend??)?

Would NT/W2k start coming back in some of the converted Linux/Unix shops?

Would a secure Microsoft OS even be backwards compatible with their current OSes? Seriously, think about some of the fundamental design flaws that makes some of these hacks possible.

Would Slashdot shrivel up and die when a dearth of Microsoft security flaw articles reduces them to "How can I tell my mouse from my keyboard?" Ask Slashdots?

Play 囲碁

My first thought... (3.66 / 3) (#13)
by Elkor on Thu Jan 17, 2002 at 08:51:16 AM EST

Was that someone had meant to put this in Topic:Humor.

"Microsoft? Take time to write secure code? THAT's funny!"

I hope it is true. Then we might see some real improvements to how the OS performs and behaves.

Regards,
Elkor


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
Feh! (3.00 / 3) (#17)
by J'raxis on Thu Jan 17, 2002 at 11:29:02 AM EST

“Microsoft Programmers Learning to use strncat, strncpy; Film at Eleven.”

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]

long term requirements (4.00 / 1) (#23)
by rebelcool on Thu Jan 17, 2002 at 02:02:23 PM EST

I think its all well and good, as its not just microsoft which has a security/stability problems, its computing in general.

Many pieces of unix software (particularly in the desktop arena) are horribly unstable, and new security bugs are found everyday in software across the board.

I feel the problem is the languages used. C and C++ are around 30 and 20 years old respectively. I once had a professor who put it in these terms: "With C, it's easy to shoot yourself in the foot. With C++ it's harder to shoot yourself, but when you do, you tend to blow your whole leg off."

They were designed for simpler systems in an age where programs were largely isolated from each other. C was really meant to be a just-friendlier-than-assembler way of programming with virtually no bounds checking. And it does that well.

It's not that programmers are bad, but they are human. They make mistakes. They forget things. These are what lead to insecurity and instability.

What I want to see done is: Good replacements for C and C++. C is the only viable mid-level language out there currently (that I know of anyway..). A newer version of it with bounds-checking and increased mistake-proofing needs to be done.

C++ should just be replaced altogether with a language that makes templates and OOP fun, rather than an exercise in syntactic horror. It should be natively compiled for speed optimizing, or runable under a VM for portability. Garbage collection is a given.

I'd love it if M-Soft would task some of their magnificent research department on creating some tools for simplifying algorithmic analysis and proofing. Really, for security and stability, algorithmic solidity is key, and thus the Holy Grail of all computing.

COG. Build your own community. Free, easy, powerful. Demo site

not quite.. (5.00 / 1) (#27)
by andrewm on Thu Jan 17, 2002 at 05:02:24 PM EST

Garbage collection is a given
er, I think you misspelled the word 'tool' there :)

Garbage collection is one technique for managing memory, and it should be available, but making it the only allowed option is not a good idea. Having support in the language for multiple techniques is a good idea, though. developers need to be able to chooser the tools that have appropriate performance for the task at hand.

[ Parent ]

i agree (4.00 / 1) (#30)
by rebelcool on Thu Jan 17, 2002 at 07:03:39 PM EST

I've thought some more on it since I posted, I think it would be grand to have 3 options. No GC, synchronous GC or asynchronous GC.

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

minor comments (none / 0) (#35)
by kubalaa on Fri Jan 18, 2002 at 05:17:10 AM EST

As for "safe c", I believe you're talking about Cyclone. The reason C++ is so popular is precisely because it fooled so many people into thinking they could program in C++ just because they already knew C. There are already a dozen high-level languages that could viably replace C++ for application development (smalltalk/squeak, ocaml/miranda/haskell, lisp/scheme, java, objective-C, even scripting languages like python/ruby/perl are fast enough these days to handle 90% of application development). The fact that these are new, not-C languages is precisely why they aren't widely popular, though.

I agree that "Algorithmic solidity is the key to security and stability", but these are not the "Holy Grail of all computing". Computers exist to make work easier for humans. Achieving this, whether through more intuitive languages, AI, better interfaces, etc. is the Holy Grail of computing.

[ Parent ]

Where security matters (5.00 / 1) (#26)
by skim123 on Thu Jan 17, 2002 at 02:55:15 PM EST

Where is security most important? I would wager Bill is not talking about spending oodles of time to make the home computer user's computer more secure. Yes, Outlook viruses are annoying, but people will put up with it - what else is Ma and Pa Kettle going to use but Windows?

I think where spending the time to do security right is more important in Bill's eyes is on the server side, where they have decent competition from the UNIX and Linux folks. I would wager stopping SIRCAM is lower on the list than fixing IIS to not allow for Code Reds and its derivitives. Furthermore, with Microsoft's full-fledged swing to .NET, where services will be exposed via the Internet/intranet, security becomes a big concern. What businesses will be willing to share sensitive data via Web services if these Web services can either be compromised or brought down (think DOS) easily by some script kiddies.

I would bet Microsoft takes this seriously and responds adamently. I interned at Microsoft during one summer of my college education, and the one thing they do not lack are smart, creative geniuses. Furthermore, Microsoft doesn't ever give up, or say, "It's good enough, we can stop now." To get my jist, read Cringely's column: Sharper Than Ever. If I were a gambling man, I'd put my money on Microsoft to come out on top with this matter. They have almost always done so in the past.

Money is in some respects like fire; it is a very excellent servant but a terrible master.
PT Barnum


The return of Multics :-) (none / 0) (#28)
by Maniac on Thu Jan 17, 2002 at 05:04:46 PM EST

Hmm. In reading Bill's email message, it used several words taken from the original Multics goals. To quote from a general description of Multics ...
As described in the 1965 paper Introduction and Overview of the Multics System by Corbató and Vyssotsky, there were nine major goals for Multics:
  • Convenient remote terminal use.
  • Continuous operation analogous to power & telephone services.
  • A wide range of system configurations, changeable without system or user program reorganization.
  • A high reliability internal file system.
  • Support for selective information sharing.
  • Hierarchical structures of information for system administration and decentralization of user activities.
  • Support for a wide range of applications.
  • Support for multiple programming environments & human interfaces.
  • The ability to evolve the system with changes in technology and in user aspirations.
I used Multics for several years and it delivered those capabilities quite well. With little support, it lasted about 30 years. However, as a system, it lost in both the market and internal company politics. For those reasons, I expect Bill's initiative will be done half heartedly at best.

Multics and Microsoft Security (none / 0) (#37)
by thvv on Sat Jan 19, 2002 at 11:35:15 AM EST

A few facts. Steve Lipner, Microsoft director of security, quoted in the news story, worked on Multics security with me in the 1970s. He is an extremely sharp and knowledgeable person, who has worked on computer security for many years. He knows what was good about Multics security and how to do even better.

Although Steve now has the support of his boss, he does not have magic powers, far as I know. Microsoft has a huge base of old code that has exhibited bugs in the past, and thousands of programmers. It may take a long time to turn this oil tanker. But I am hopeful that this direction from the top will lead to better security in Microsoft products.

[ Parent ]

What are they going to do? (none / 0) (#29)
by GreenCrackBaby on Thu Jan 17, 2002 at 05:57:08 PM EST

Throw their code in the garbage and start over?

No?

Well, then I don't have much hope. Sending 7000 developers on a crash course about security isn't going to solve anything. For anyone who's ever worked on a large software beast before, you should know that security is in the same boat as performace -- you may be able to increase both a little by working with what you've got, but unless you start at ground zero and design with security/performance on your mind, you will never achieve much.

Regardless, you won't be seeing any changes from this for years -- the normal length of time it takes for something to go from idea to implementation.

It's all PR (none / 0) (#36)
by plug on Fri Jan 18, 2002 at 06:38:07 PM EST

Has anyone actually had 3 or 4 weeks worth of training? In my experiance - it's experiance that makes all the difference. Training can give you ideas or concepts but not a lot else. I'd like to know who'll be training these developers and how. Will they be truely conversant with the code or rather with the concepts of security. I can imagine a couple of scenarios. Either the developers feel patronised and switch off. Or they come back from 4 weeks of enlightenment to a ongoing project and cannot possibly implement all the neccessary changes within time and budget enough make a profitable product.

Besides this will just make people want to hack their software even more.


"If God really existed, it would be necessary to abolish him."Mikhail Bakunin

Microsoft To Stop OS Development in February, Learn Secure Coding | 37 comments (32 topical, 5 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!