Microsoft's Security Development Process Under CC License 164
An anonymous reader writes "The H Online writes: 'Microsoft has placed its process for secure software development under a Creative Commons License. The company hopes that this will lead to more developers utilising its process for programming software more securely across the entire product lifecycle ...'"
Oh boy... (Score:2, Insightful)
Cue a multitude of Slashbot posts pointing out that Microsoft could never do "secure software development".
Re: (Score:3, Funny)
Yeah, this is kind of like the church releasing its guidelines for picking up hookers under Creative Commons.
Re:Oh boy... (Score:5, Insightful)
Yes and no. The MS OS is actually written with a lot of safeguards in place to make the OS more secure. Years of being attacked tends to make one a bit defensive and certainly more technically adept.
I think their problems are on multiple fronts:
Overly complex code
Lax permission requirements,
Too many admins (still default on workstation installs)
Poorly written apps that in turn requires them to bend the rules or to provide workarounds.
MS could take a hard line, and force apps to comply with OS guidelines, but they'd be shooting their compatibility in the foot. although I see them nudging folks in that direction, with more functions locked out by default, they have a long way to go. Instead, they bend over backwards to try to work around compatibility issues and legacy support, and as a result, leave tons of loopholes. I had great hopes for their VirtualPC bit and was hoping they would take a more Apple-centric approach, allowing them to just start with a fresh slate while virtualizing old OS compatibility. It appears that was a wasted hope however...
Re: (Score:1, Funny)
I think their problems are on multiple fronts:
Or "they're not done re-inventing UNIX yet."
Re:Oh boy... (Score:4, Insightful)
Or "they're not done re-inventing UNIX yet."
Now, now, they've been reinventing VMS, not Unix, as anyone should know.
Re: (Score:2)
Fair point. I could have used BOOT.INI;(n-1) more than once in the day.
Re: (Score:2)
What aspects of the VMS security model is the NT kernel missing? It has ACLs on just about every kernel object. Or did you mean the various security mistakes in Windows that have nothing to do with the kernel that Dave Cutler created? It has always seemed to me that the Windows security problems were from flawed apps running as admin, not the kernel itself.
Re: (Score:2)
Most of the WIndows suckage (especially the Win9x stuff) is a direct result of aggressive backwards compatibility, especially WRT security, where MS has never taken a hard line and broken all legacy apps (as it so desparately needs to for that goal). That's what the customers wanted, though - people simply value legacy support over security, or reliability. That's why chip-and-PIN credit cards have so many security flaws too - legacy support. I'm not how that makes anyone a greedy bastard.
Re:Oh boy... (Score:5, Informative)
UNIX doesn't have ACL security.i
Take your pick: SELinux, GRSecurity, classic or new Solaris ACL's. Use a supporting filesystem with NFSv4.
You can even go MAC with SELinux if you're at a TLA or similar.
Re: (Score:3, Interesting)
Pretty sure you have no idea about Unix internals vs NT internals. UNIX doesn't have ACL security.
So, the "Unix internals vs NT internals" is resumed as UNIX not having ACL security?
Pfffff.. Yeah, looks like you know a lot more on the subject.
WRONG. Unlike windows, which only supports ONE ACL scheme which is builtin, the most variety of UNIXes out there supports complex ACL mechanisms through a modular design or patches. Windows ACLs are also very basic compared to the full access control provided by SELinux.
Keywords: SELinux, GRSecurity, FS extended attributes, PAM, ...
Now go back under the rock you ca
Re: (Score:1)
So, still, the release (if it's very accurate in its desciption) could also act as a guideline of what not to do? ;p
Re:Oh boy... (Score:5, Interesting)
I think it's simpler than that.
Windows can be very heavily locked down so end-users can literally do nothing more than that which is explicitly made available to them. Heck, with something like SteadyState, it can even roll back any changes with a simple reboot.
But far too many third party developers seem to actively go out of their way to break any security - they seem to have some sort of mental block understanding that the assumptions you make when you're designing an application which will run on a system which you can more or less guarantee will only ever have one person using it (and that person has no realistic hope of screwing it up badly simply because there's so little to screw up) simply do not work on a modern multi-user, multi-tasking networked operating system.
I've lost count of the number of applications - and these aren't crappy things you find on download.com, they're expensive commercial products that are intended to have multiple users - that explicitly expect the end-user to have local admin rights and their first support response is "Does the user have admin rights? No? Go away and come back when they do. I don't care if you can explicitly prove that this isn't the issue here...".
Re: (Score:2)
As Bill Gates once put it, they create software that adds new features. They don't think about big fixes, people don't buy software for big fixes.
So it's the same at 3rd party software companies. They add new features so people buy their software, fixing the software security model isn't something many end users would care about unless you explained what benefits that would provide.
Re: (Score:3, Informative)
...unless a serious rootkit gets installed with whatever piece of malware infected your machine while you were using it
A user without administrative access cannot install a rootkit.
Sadly, .NET is still broken. The exploits still affect all versions of the OS. The exploits still dont need the user to have admin rights. The exploits still bypass security measures on a locked down machine.
It sounds like you're talking about a local privilege escalation exploit, and those are usually patched pretty quickly. Do you have any examples or sources to back up that claim?
Re: (Score:3, Informative)
A user without administrative access cannot install a rootkit.
Thats inaccurate. A non-admin can very easily get infected with a userland rootkit with no exploits necessary. Google "n00bkit".
Re: (Score:2)
Thats inaccurate. A non-admin can very easily get infected with a userland rootkit with no exploits necessary.
It depends on your definition of "rootkit", I suppose. The term has been watered down drastically over the last few years with people using it to describe malware in general. If we take Wikipedia's word then:
A rootkit is software that enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. [...] Once a rootkit is installed, it allows an attacker to mask his intrusion while gaining root or privileged access to the computer.
If the installing user does not have administrative rights then it's not possible for a rootkit to gain those rights (failing the requirement of gaining privileged access). A standard user might somehow get a user-mode "rootkit" on the machine, but it will only have access to their files and other us
Re: (Score:2)
It does not fit all definitio
Re:Oh boy... (Score:5, Insightful)
Yeah, as I indicated, it's called "Windows Updates" - check it out sometime!
Perhaps now you see what I am talking about... if not, check your hotfixes/ Windows updates, read what they supposedly fix, then look at the similarities between the multiple attempts to fix the same damn issue over and over again.
So the answer is... No, you don't have any real sources. The generic description that comes with a Windows Update is just that -- generic. They all sound pretty much the same. Even the MS security bulletins like you linked to are usually pretty scant on details because they're designed to give an overview, not the nitty-gritty exploit information found elsewhere. I did look around Google for references to privilege escalation issues with .NET and didn't find anything.
If multiple updates which all say "This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight." has you convinced they've been trying to patch the same vulnerability for 10 years, then you have other issues.
As it stands, the specific vulnerability you point out doesn't even mention privilege escalation! It's also blazingly obvious what "Users whose accounts are configured to have fewer user rights on the system could be less impacted" means. If you don't have admin rights the worst thing the malware can do is put some entries in your startup folder/registry. If you're a full-on admin then we're talking kernel-mode drivers, raw disk access, machine-wide registry changes, the whole shebang. Big difference between the two.
Re: (Score:2, Interesting)
Wow, not just did you ignore most of the text in the advisory, but you dont know anything about how malware works either, do you? Gee, adding things to the startup folder/registry means it might take what... two boots? to fully infect a machine with a piece of malware that has then gained full privileges? I've watched (on both Windows 7 and Vista) malware initiate itself using svchost and smss to, with admin privileges, install themselves with the same privileges. All it took, on a locked down machine, was
Re:Oh boy... (Score:5, Informative)
Wow, okay, let's take this slowly, piece by piece.
Wow, not just did you ignore most of the text in the advisory, but you dont know anything about how malware works either, do you?
I did read it, and I do understand.
Gee, adding things to the startup folder/registry means it might take what... two boots?
A standard user can only write to HKEY_CURRENT_USER. This key controls only their profile. So yes, malware run as a standard user can be set to run when that specific user logs in. Not upon machine startup.
to fully infect a machine with a piece of malware that has then gained full privileges?
Only if that user has administrative rights. If it was a standard user, then no, the malware did not magically gain more rights than the installing user had. That's why I asked about privilege escalation -- an exploit like that makes the situation much, much worse.
I've watched (on both Windows 7 and Vista) malware initiate itself using svchost and smss to, with admin privileges, install themselves with the same privileges.
Yes, it's common for malware to use existing system services to run. There are several methods from DLL injection, App_Init DLLs, remote thread creation, etc. However, ALL of these require administrative access. A process cannot play with system services unless it has rights to. A standard user cannot inject DLLs, write to shared memory, or do anything else to processes running with SYSTEM access unless the user itself has admin rights.
All it took, on a locked down machine, was a couple reboots.
There's nothing magic about rebooting Windows. Some registry keys aren't processed except at boot-time, but there are MANY ways to infect a machine with malware without rebooting the computer. Of course, these ALL require administrative rights.
So yeah, kernel mode drivers and full access may be worse, but in the end, it doesnt matter. The end results are the same.
No, they aren't. The results for malware infection via standard user and that via an administrator are drastically different, with the latter being terribly worse. A standard user's infection can be cleaned up in 5-10 minutes with ease. Simply deleting their user profile and creating a new one is the easiest method. Anyone can do it.
A machine that's been infected by somebody with administrative rights may as well be infinitely worse. Without taking the system offline and analyzing the hard drive in a separate computer (or maybe by booting to a different OS), you will never, ever know if the system is clean. Even offline analyzing isn't guaranteed to work unless you know of and can check every single infection vector, a very challenging task. You're almost always better off reinstalling the machine.
Hopefully that helps clear things up.
Re: (Score:2, Redundant)
No, it does not. A standard user infection that utilizes privilege escalation (exploits), then becomes the same as one installed when an admin was logged in. There have been numerous.
Here's an example of one escalation - and NOT a big (or prominent) one, that was only partially fixed.
http://en.wikipedia.org/wiki/Shatter_attack
There are bigger and worse ones. Now perhaps my statements make more sense.
Re: (Score:3, Informative)
--
RobertM: Malware is taking advantage of
nmb: Which escalation exploits?
RobertM: The
nmb: That wasn't an escalation exploit.
RobertM: You don't need an escalation exploit. The Windows operating system allows any proces
Re: (Score:2)
Nice try... I never said an escalation exploit is needed or not needed. My premise was IF it was needed, it could still happen.
Point is, they just fixed one that they think may bypass privileges. Point was, it wasnt the first time. Point is, they have claimed more than once to fix this - and then another piece of malware proves them wrong, and a new patch is released and they claim "ooh, really, we fixed it this time" and another piece of malware comes out.
Explain why .NET ClickOnce and other .NET expl
Re: (Score:3, Informative)
This will be my last post in the thread because you clearly don't know what you're talking about and refuse to realize that.
Point is, they just fixed one that they think may bypass privileges.
Citation please.
Explain why .NET ClickOnce and other .NET exploits still infect machines that are locked down (up until Aug 10th supposedly).
Citation please.
Or perhaps, the malware authors will simply choose one of the other numerous attack vectors created by .NET's security holes. As has happened for almost the last 10 years with .NET and ActiveX.
They might. And maybe you could give a citation of a currently unpatched privilege escalation attack vector.
So, if a rootkit drops a piece of malware (hmmm, maybe named svchost or smss?) into a "secure" folder
If a standard user has write access to a "secure folder" it isn't very secure, is it? Oh, and the name of the file doesn't really matter.
maybe in the System Volume Information folder?
Administrator and/or SYSTEM rights are required to even read from that folder, let alone write to it.
does it matter that the account of the next person who logs in is a limited user account? Somehow I dont think so.
A user mu
Re: (Score:2)
This will be my last post in the thread because *I* clearly don't know what you're talking about and refuse to realize that.
Point is, they just fixed one that they think may bypass privileges.
Citation please.
Since Vista's release (again, remember I didnt mention ones being in existence at this moment) - Some recent, some not:
http://www.scmagazineus.com/hot-or-not-local-privilege-escalation-vulnerabilities/article/34794/
http://digg.com/news/technology/Vista_Exploit_Surfaces_on_Russian_Hacker_Site
http://xforce.iss.net/xforce/xfdb/60679
http://www.neowin.net/news/microsoft-warns-of-critical-unpatched-windows-shell-vulnerability
- (Sophos, even though MS downplayed it, claims "that the flaw bypasses all Windows
Re: (Score:2)
You just mentioned a real threat. Don't let us digg it up. So there is a malware that meets all of these requirements:
a) Infects a system by simply visiting a webpage and clicking harmless looking buttons and links in a recent browser
I mentioned past real threats. Some recent, some within a year, some a few years ago. There is a list in my post right after this one, and it is far from all inclusive.
b) Circumvents the users restricted rights and gains administrative / system rights
See list in post below - and then you can dig for more if you are still interested.
c) Infects the machine without any user interaction
I never made such a point. There were ones where all a user had to do was surf to the wrong choice of websites though. That is a form of user interaction. But there was no further interaction needed (such as click a prompt to OK an install, "OK" a UAC box,
Re: (Score:2)
Dude. Not one of your citations mentions .NET being vulnerable to anything, they all refer to Windows flaws in native components.
You also don't seem to understand what the firefox plugin is, and i'm scratching my head as this was an issue 2 or 3 *YEARS* ago, and there was no "patch" this summer to address it as you keep claiming.
The firefox plugin was added in the only way that Firefox allowed system-wide plug-ins to be added. Java, and several other plug-ins use the same mechanism.
Firefox has since been
Re: (Score:2)
Dude. Shatter is completely "fixed". It was partially fixed in 2002... years before Vista came out, but that was a patch. Vista eliminates shatter by providing beefed up security for windows messages, and forcing services to run in a different Terminal screen from the interactive user. The article you reference talks about the way Vista addressed the issue.
In other words, Shatter hasn't been an issue since about 2004. Please stop regurgitating 7 10 year old exploits as if they were valid today.
Re: (Score:2)
Shatter attacks were only partially fixed? Ummm.. I beg to differ.
Starting with Windows Vista, shatter attacks were completely fixed.
You're right, MSFT didn't retrofit the massive architectural changes to completely fix shatter attacks in Windows XP. But they DID fix the entire class of vulnerabilities.
And on XP, they fixed all the EoP vulns that were enabled by shatter attacks.
This is not to say that there aren't any EoP vulns in Windows. There are. But MSFT patches EoP vulns as quickly as it finds th
Oh boy, you really don't know much about .NET (Score:2)
and nor about SteadyState.
.NET is actually a security success-story. Compared to similar (i.e. Java), .NET has experienced almost an order of magnitude fewer vulnerabilities, especially if you consider the severity of the vulns.
.NET (using 2.0): http://secunia.com/advisories/product/6456/ [secunia.com]
Java (JRE 1.5 which is contemporary): http://secunia.com/advisories/product/4228/ [secunia.com]
------
SteadyState makes a virtual harddisk. In essense it is itself a "rootkit" in that uses copy-on-write at reads/writes the changed block f
Re: (Score:2)
and nor about SteadyState.
.NET is actually a security success-story. Compared to similar (i.e. Java), .NET has experienced almost an order of magnitude fewer vulnerabilities, especially if you consider the severity of the vulns.
.NET (using 2.0): http://secunia.com/advisories/product/6456/ [secunia.com]
Java (JRE 1.5 which is contemporary): http://secunia.com/advisories/product/4228/ [secunia.com]
------
SteadyState makes a virtual harddisk. In essense it is itself a "rootkit" in that uses copy-on-write at reads/writes the changed block from/to a log file. When rebooting it simply deletes the logfile and the disk is back to the original state. I would like to see the rootkit which can survive that...
Wouldnt the answer to that last statement be ANY real rootkit? Just curious. Isn't infecting the MBR the way that rootkits bypass such protections? Wouldn't some rootkits then also be able to hose SteadyState's ability to revert the file system back to previous state? Aren't the file system and MBR two different things, even though they work in conjunction?
Just curious, hence the questions instead of statements.
Also, it's a bit disingenuous to simply pick one version of .NET, as systems come with all o
Re: (Score:3, Interesting)
WTF are you prattling on about? .NET insecure? Seriously? Do you even know what you're talking about? You are making vague claims that make little sense. Like calling the Firefox plug-in a security flaw.. It's using the mechanism that Firefox provided for machine wide-plugins. Firefox has since improved on that, but it wasn't MS's fault nor was it a security flaw.
Please, point me to some evidence of any severe unpatched .net flaws or exploits. I don't know of any. I think you are confused and simply
Re: (Score:3, Informative)
...I think their problems are on multiple fronts:
Overly complex code
Lax permission requirements,
Too many admins (still default on workstation installs)
Poorly written apps that in turn requires them to bend the rules or to provide workarounds.
You forgot a few very very important ones:
- Way too much legacy code that was not written with network security in mind
- Way too many technologies, that by their design and the functions they provide, can never be made secure (ActiveX, .NET Click Once and more)
- NO interest in removing "core components" that compromise the security of Windows systems (.NET and ActiveX) as (1) too many of their clients use it and (2) (the really important one) those technologies are Microsoft's bread and butter in the ser
Re: (Score:2)
Your comment about ActiveX is valid, but .NET is about as safe as Java. Other then implementation bugs, it's a secure virtual machine that can run applications in sandboxes, just like Java applets.
Not everything Microsoft does is insecure.
Re: (Score:2)
That's odd. I thought there were hundreds of fixes (and near a dozen large patches) for the .NET framework due to a plethora of vulnerabilities. Well, I know that's the case. The list is daunting. I thought that the most recent one was just this month (3 fixes for exploit vectors).
And I thought that Java implementations could not escalate privileges on a fully secured machine that a user was not using as an admin without explicit permission(s) being given. And I know that various .NET "technologies" allow
Why not say what you mean? (Score:2)
Other than that, Mrs. Lincoln, how did you like the play???
Re: (Score:2)
As I wrote it, xAMP was to stand for "(anything)AMP" (where x is any operating system, such as Linux, AIX, OS/2, eComStation, and (ugh) Windows and so on).
Coulda just written AMP I guess, but figured people would understand xAMP with less brain effort than they would simply AMP - and it was easier than writing "LAMP/WAMP/OAMP (or WAMP or AMP2)", etc.
Re: (Score:2)
It's too bad WAMP seems to have the most interesting ring to it, as a name...
Re: (Score:2)
Their problems mostly are that whatever they do, on the OS level, if it's not a "third party developers don't have to do anything", they seem to have to rollback/dilute whatever "Good" was in the offering.
Partly because of the basic multi-user design, partly because of the pre-written unix-based apps, partly because as meaningless as unix 97 and posix are, they do kinda provide enough of a formal api os basis that third parties do not expect to be able to write just anything, has probably more to do with ho
Re: (Score:2)
Yeah, this is kind of like the church releasing its guidelines for picking up hookers under Creative Commons.
Don't you mean "guidelines for running kindergartens"?
Re: (Score:2)
Ouch?
At least they're trying. (Score:2)
Re:At least they're trying. (Score:5, Funny)
Re: (Score:2, Funny)
It is for Microsoft.
In other news: (Score:2)
Roseanne Barr has published her diet plan under a C.C. license. She says she hopes this will encourage others to eat as live as healthy and be as thin as she is.
What are they trying? Not engineering. Not PR. (Score:3, Insightful)
Why waste time publishing that crap? It's not even good for PR because it only serves to highlight the failure. It's only worth is documenting years of fail and we have Mitre [mitre.org] and CERT [cert.org] for that. Every generation of Windows has been the model of bad design and insecurity, including Vista and Vista7. Before M$ reps revised it, /. even had a vista failure [slashdot.org] tag, for the version to come along after tagging was implemented. Otherwise there would have been a special tag for the XP SP2 [google.com] disaster.
The SDL is what
Re: (Score:2, Insightful)
To be fair, there would no doubt be many M$ software engineers and coders know how to produce quality and secure code. It is the M$ marketdroids and bean counters who push it out the door before it is done, or cut out quality modules because it will cost money and not generate extra profits, or dismember features because they were only for marketing purposes or shunt stuff off to the next pretend version so they can sell it as a upgrade.
There are undoubtedly several cliques within M$ the useless Ballmeri
Re: (Score:2)
Microsoft are very trying.
Re: (Score:2)
Oh?
I'm not familiar enough with the license they chose, but does it guarantee patent protection? The thrust that MS is currently using against FOSS seems to depend on software patents. If they had chosen the GPL, or GPL3, or BSD, or AGPL I would have an idea of what the significance was, but Creative Commons isn't commonly used for FOSS software, so I don't know what that means as far as patents. (WRT copyrights I can make fair guesses, but that's a different matter.)
Re: (Score:2, Insightful)
M$
good job ruining any credibility your post might have had and classifying yourself as a troll.
Re: (Score:2, Insightful)
Re: (Score:2)
Did you *read* the article?
What MSFT is doing is to release their stuff under CC so that other companies can incorporate the *text* of the SDL and other documents into their internal training materials.
The text is covered under copyright laws and *can* be licensed.
secure? (Score:3, Funny)
Re: (Score:2, Interesting)
Re: (Score:3, Insightful)
Re:secure? (Score:4, Informative)
Talk I've heard from friends in Microsoft indicate that they're quite paranoid about security, putting strict checks on all levels of development. To mention one small portion of it, C and C++ contain some functions that, if misused, can be easy attack vectors. VC++ has a number of non-standard replacement functions for these that they use that include runtime safety checks. They're warned off the "insecure" functions, and anyone that uses them needs a full rationale written up on why. Needless to say, most coders will have an adjustment!
Re: (Score:3, Informative)
Actually, even dead-simple basic security like closing ports by default, reducing default services, not including the current working directory in the executable or library search paths, not auto-running anything, reducing app attack surface by turning off embedded format decode by default and a vast many other things are completely off the table at Microsoft. Doing security breaks backward compatibility. It removes popular features, and the fact that the features are in and of themselves the security vul
Re: (Score:2)
yup. it'll be a "how to develop secure apps suing our innovative methods, so your .NET apps will always be fully unbreakable, blah blah blah, buy Visual Studio and download the free secure option guidance pack now".
They never give anything away for free that isn't a loss-leader for you to buy some of their other products.
That Microsoft Icon On Slashdot (Score:3, Insightful)
Isn't it long past time it be updated and possibly the correct one be used?
Bill Gates hasn't worked at Microsoft in years, and really has almost no involvement with the company any longer.
It would be like used the Edsel to represent Ford, or still using the New Coke logo.
It no longer serves its purpose, and says more about slashdot than Microsoft these days.
Re: (Score:2)
Mod this coward up. AFAIK there are no other icons on /. that are designed to denigrate the subject.
How about using (Score:2)
Balmer's ugly, bald, sweaty, monkey-boy mug for the Microsoft icon?
Gates is gone and now the marketing and legal departments are now in charge over there.
Might as well call a spade a spade...
Re: (Score:2)
Isn't it long past time it be updated and possibly the correct one be used?
Bill Gates hasn't worked at Microsoft in years, and really has almost no involvement with the company any longer.
It would be like used the Edsel to represent Ford, or still using the New Coke logo.
It no longer serves its purpose, and says more about slashdot than Microsoft these days.
I disagree. The Edsel is dead and gone. The legacy Gates has left us is definitely very alive and prevalent. There is the big difference. Unless .NET and ActiveX are entirely killed and Windows is honestly rewritten from the ground up, and the damage that Microsoft has done to competitors is reversed, then Gates' legacy - especially as related to things like this topic, is alive, well and still on control of most of the PC related marketplace. Credit where credit is due thus indicates it should be his logo
Re: (Score:3)
Re: (Score:2)
A MUCH more appropriate icon would be Ballmer in a jester hat with a I heart Apple!" T-Shirt, since he seems bound and determined to try to be Steve Jobs. And THAT would fit with the current situation at MSFT much more than the old Gates Borg, since without Gates it is like the Borg being led by Reno 911.
Well, you've got my vote for that!!!! :-)
Re: (Score:2)
Re: (Score:2)
Gates created a sclerotic company that cannot shoot straight. He succeeded because his monopoly was handed to him. Microsoft has never innovated anything. In the current environment, he'd be a failure..which is my suspicion as to why he gave up a boogied.
Re: (Score:2)
Isn't it long past time it be updated and possibly the correct one be used?
Bill Gates hasn't worked at Microsoft in years, and really has almost no involvement with the company any longer.
You mean we need a Ballmer version of the icon with Borg implants? :-)
Seriously? (Score:4, Insightful)
The PROCESS is Creative Commons licensed. Not the tools. Ok, but you know what? I would never have taken Microsoft as an example of a company whose secure coding practice I would want to follow.
Just sayin'
And why bother with a CC license for this? Just publish the practice, and don't take out "business process" patents. Microsoft did that with "Code Complete".
Anyway, I now have to read the frakkin stuff, just to stay on top of it. Maybe I'll be pleasantly surprised...
I hope
Re: (Score:2)
Re:Seriously? (Score:5, Informative)
Re: (Score:2)
Wish I hadn't used up my mod points earlier today. This comment is a rare buoy in the frothing sea of "if it's Microsoft, it necessarily sucks," tripe.
You wouldn't happen to work for a company named similarly to your username would you?
mistagged? (Score:4, Funny)
Shouldn't this be tagged as "humor"?
MS Security... (Score:5, Insightful)
Re: (Score:1)
So someone in Redmond decided... (Score:4, Funny)
That the world needed a free lesson in how not to develop secure software?
warning to others? (Score:2)
http://despair.com/mis24x30prin.html [despair.com]
Ugh, doc (Score:4, Funny)
Unless someone converts it to PDF I'm not downloading that....
Re: (Score:2)
Unless someone converts it to PDF I'm not downloading that....
Maybe you are suppose to modify and extend it.
Secure from *what*? (Score:2, Interesting)
Secure from cracking, or secure from competition?
Because, at least prior to Bush's Justice Department dropping all charges against Microsoft, the secound would be a pretty long list of felonies.
Re: (Score:3, Informative)
The antitrust suit against Microsoft was not dropped and did not ever involve any criminal charges.
The Problem is... (Score:2, Interesting)
Companies that run these operating systems and other software do not think of security at all. They just assume that everything's fine. Home users are even worse. That attitude will also have to change for things to get bet
Re: (Score:2)
That attitude will also have to change for things to get better.
It won't. Security is a process, not a condition, but people don't think naturally in those terms because it requires continuous effort (and ongoing expense.) Most people prefer to just make an initial investment in security and forget about it. Now, that works when you're talking about a bank vault, maybe, but not computer security.
I beg to differ (Score:2)
I see no reason why software can't be 100% secure. I just think it's unrealistic to expect this from commercial software written by people who don't really care.
Re: (Score:2)
I see no reason why software can't be 100% secure.
Well, the reason is two-pronged.
First, software can be 100% secure only if it is 100% bug-free. And the only software you can be sure is absolutely bug free is a "hello world" running on an embedded device without operating system. Except, hardware/FPGA/microcode/firmware bug might be exposed through your "hello world", leading to potential security exploit, so scratch that.
Second, whenever you manage to make the software idiot-proof, nature develops a better idiot, who'll work around your puny artificial s
That's a fallacy. (Score:3, Insightful)
Software that accepts external inputs is secure if it rejects invalid or malicious input. That's all there is to it. And it's perfectly possible to write a program that does just that. It doesn't even have to be 100% bug-free.
Re: (Score:3, Insightful)
Software that accepts external inputs is secure if it rejects invalid or malicious input. That's all there is to it. And it's perfectly possible to write a program that does just that. It doesn't even have to be 100% bug-free.
That doesn't cover valid input which triggers a bug.
Even defining "invalid or malicious input" to include "otherwise valid input that just happens to expose a bug in the code" doesn't help, because you don't know what you'd need to filter out (or if you did, better fix the bug).
Also, security is not just input, it's also output. All kinds of output. For example, there's a class of security exploits which depend on timing (mostly cryptography and authentication related). It's not enough that input is valid
Re: (Score:2)
>> That doesn't cover valid input which triggers a bug
It does. That would be what I call "malicious input". It's perfectly possible to write programs that reject it or otherwise error out without doing any harm.
My point is, there's nothing _fundamentally_ impossible about writing secure software. It can be done. It's just very hard and the cost/benefit ratio is not quite there to support it.
Important point: it's a CCSA license (Score:3, Insightful)
Can we please get past the cheap shots about Microsoft's security, and pay attention to the trend wherein Microsoft, practically founded on opposition to sharing code, has been experimenting with open source licenses and making overtures to the FLOSS community?
It's not a free CC license (Score:2)
Can we please get past the cheap shots about Microsoft's security, and pay attention to the trend wherein Microsoft, practically founded on opposition to sharing code, has been experimenting with open source licenses and making overtures to the FLOSS community?
Not all CC licenses are free software/open source. In particular, the license that Microsoft used is CC-BY-NC-SA. This is not a free or open source license. The problem is the NC clause -- NC means non-commercial. A non-commercial license does not satisfy the definition of free software or open source.
Is this guide helpful or not? (Score:2, Informative)
So could someone with some knowledge please actually READ the darned document and say something relevant about it?
To me it looks like common sense practices:
- Make the software so it could work without administration priviledges except for certain actions. It should work under UAC with a non administrative account. To me this makes sense. 90 % of all security problems in Windows > XP are gone once you don't work with administrative priviledges, IIRC.
- Software is not allowed to make the system more insec
NonCommercial? (Score:2)
Attribution-NonCommercial-ShareAlike 3.0 Unported
Under some takes on this license, no for profit corporation (the idea is that everything such an entity does is by definition for profit) would be allowed to make use of the licensed work. And who will trust MS not to take such a view, now or at some point in the future once the damage is done...
all the best,
drew
Just PR (Score:2)
How sweet the irony... (Score:2)
As Mahatma Gandhi said "First they ignore you, then they laugh at you, then they fight you, then you win."
Balmer, and one comp-sci teacher, must be rueing the day that Linus questioned the accepted wisdom and stated is little OS project.
Who Cares? Anyone read what the MS SDL is? (Score:2)
I know that RTA is not commonplace, so I guess I don't expect many to go even further and go to the MS SDL page, and then go even further to the "What is the Microsoft Security Development Lifecycle (SDL)?" page, but I was bored, so I did.
What is the Microsoft Security Development Lifecycle (SDL)? [microsoft.com]
The Microsoft SDL is a security assurance process that is focused on software development. It is a collection of mandatory security activities, grouped by the phases of the traditional software development
Re: (Score:2)
Ooooh, wow!!!! Microsoft is open sourcing a list of methods that developers should follow to ensure security of their applications!!!! Wow!!!
It's not even an open source license. The license is CC-BY-NC-SA 3.0. NC as in non-commercial. This license does not satisfy any reasonable definition of open source/free software.
Richard Stallman said that one of the reasons he opposes the CC licenses is because it's very easy for people to confuse the free CC licenses with the non-free CC licenses, and mistakenly think that a CC-licensed work is free when it's not free. I'm beginning to think that he's right.
"Utilising" (Score:2)
That is very noble of them to make this available in hopes of "more developers utilising the Microsoft process for developing software".
Unfortunately without an explanation this will go over most people's heads. It's one thing my boss likes to poke fun at...
To "utilise" something is to use it for something other than its intended purpose.
While searching for a good reference, I found this one to be appropriate [msn.com].
Re: (Score:2)
What's a "utilise"? I've never heard anyone utilize that term before.
Re: (Score:2)
I didn't say it was a good source, just an appropriate one. Most other dictionaries don't go into explanation about it, but it is implied by the definitions. "make use of" and "find a practical use for" doesn't really apply if you're just using something as it was intended. There is no use to "find" or "make" in that case.
If you like you can search Google for "use vs. utilize" and all of the top hits will be long explanations about it. I thought it more appropriate to link a dictionary, even if none of them
Microsoft track record (Score:2)
It seems that a majority of posters here are out of touch with Microsoft's track record regarding security. It was terrible 10 years cut starting from XP SP2 they have done well.
Those of you looking for a mainstream commercial software vendor that pays little regard to security should take a look at Adobe or Apple.
Re: (Score:2)
Besides the obvious jokes about Microsoft and security, the very serious question is what patents of theirs you could infringe by following their process and when they will sue you for it?
Probably never. Other operating system vendors could maybe learn from this, sure, but since most of them are already much farther along the security curve than Redmond has ever been, it won't matter. What this might do (assuming that it's sensible, and I've not read it so I don't know) is help Windows application developers write more-secure code, better avail themselves of Windows' existing security features. That's the real benefit to Microsoft, and there's no point in suing people coding for your platfor