>> Microsoft: 'Our products aren't engineered for security'
>> CW360.com Sep 6 2002 4:16AM ET...
>> +Friday 6 September 2002
>> +Brian Valentine, senior vice-president in charge of Microsoft's
>> +Windows development, has made a grim admission to the Microsoft
>> +Windows Server .net developer conference in Seattle, USA.
>> +"I'm not proud," he told delegates yesterday (5 September). "We
>> +really haven't done everything we could to protect our customers.
>> +Our products just aren't engineered for security," admitted
>> +Valentine, who since 1998 has headed Microsoft's Windows division.
>> +"It's impossible to solve the problem completely," Valentine said.
>> +"As we solve these problems there are hackers who are going to
>> +come up with new ones. There's no end to this."
>> It looks like the folks at Microsoft are discovering something
>> that has been known for decades...
>> The First Law of IT Security.
>> Security is not an addon, it has to be a fundamental property
>> of the system and the applications, both in the implimentation
>> and the design.
>Unix wasn't designed with security in mind when it was first
The youngsters here forget how old Unix is ...
1st Edition November 3, 1971 [QCU] QCU= A Quarter Century of UNIX
2nd Edition June 12, 1972 [QCU] Peter Salus
3rd Edition February, 1973 [QCU] Addison-Wesley
4th Edition November, 1973 [QCU] ISBN 0-201-54777-5
5th Edition June, 1974 [QCU]
6th Edition May, 1975 [QCU] LWU= Life With UNIX
7th Edition January, 1979 [QCU] Don Libes, Sandy Ressler
8th Edition February, 1985 [QCU] Prentice-Hall
9th Edition September, 1986 [QCU] ISBN 0-13-536657-7
10th Edition October, 1989 [QCU]
Quote:>Unix was designed though.
Well, thanks to Caldera/SCO ...
... if your willing to trudge though the old K&R C source code
.. you can see the well formed filesystem and memory models still
in use to day.
Quote:>Along with that the KISS
>philosophy has made it relatively easy to add security to Unix later.
and the older ...
>It is not necessary to see MS's code to know that it is an
>unmaintainable humongous mess. The past record only shows it going
>from bad to worse. Even MS realise that a total redesign is their
>only long term chance. Will people continue to pay for their existing
>*every year for the next 5 years. I don't think so.
Microsoft does not help itself by intoducing totally new API interfaces
on almost a yearly basis. You need to stick with an API for a long
time to iron out all the bugs and vulnerabilities.
David Mohring - X11R6:Network/Binary compatable back to 1986 X11 Clients