10.20.10
Gemini version available ♊︎Bruce Schneier: “Keeping Control of Your Source Code Didn’t Magically Make Windows Secure”
Bruce Schneier photo by sfllaw
Summary: Harsh words about Windows security from a security guru but promotion from the MSBBC
India’s “Grand Secret OS” (developed with involvement of the Indian government) has just led Bruce Schneier to making this statement which reminds us that transparency — not control — may be the key to making software more secure.
The only way to protect it is to design and implement it securely. Keeping control of your source code didn’t magically make Windows secure, and it won’t make this Indian OS secure.
Recall some of the latest (published this month) Microsoft security propaganda from the MSBBC [1, 2, 3]. “Who does Maggie Shiels work for? MS or the BBC It’s getting harder to tell,” argues our valued regular ThistleWeb, who respond to this latest advertisement from Maggie Shiels. She has been doing this for a while (pretending or neglecting to state that zombie PCS are a Windows issue). ThistleWeb adds, regarding this same article: “prepare for a new wave of malware, all powered by the infected MS cloud, instead of regular powered MS desktops”
Well, here is another new report about such issues:
A recently discovered category of malware — advanced evasion techniques — can sneak through most intrusion-prevention systems to deliver even well-known exploits such as Sasser and Conficker to targeted machines without leaving a trace of how they got there, researchers say.
When will the world’s governments realise that secure platforms are produced by collaboration rather than secrecy? And when will the BBC cease to be the second home of Microsoft UK? It has become embarrassing for a network which taxpayers are forced to fund. █
ᶃ Gemini Space
This post is also available in 
Content is available under CC-BY-SA
mcinsand said,
October 20, 2010 at 7:24 am
Open or closed, there is no friggin’ way Windows could ever be secure given its current architecture. With everything coded together as a massive megalithic blob, cracking your way into one area gives access potential to everything else. Opening up the code would help MS out of their self-created security mess somewhat, but they can never be anything but a suite of security holes until they fix fundamental design flaws, such as getting the browser, and many non-OS utilities, out of the OS.
Regards,
mc
Dr. Roy Schestowitz Reply:
October 20th, 2010 at 8:39 am
The problem is, in some countries like Korea the ties between the OS and ‘the’ MSIE are very close due to ActiveX. Web sites too will need to get ‘fixed’.
mcinsand Reply:
October 20th, 2010 at 8:58 am
The world needs to recognize that MSIE is one of it’s greatest security risks. I have a neighbor that is an agent with the US State Department, and they have actually woken up; using MSIE is a terminable offense because of security. Countries will have to decide whether they want to leave citizens open to attack or have cute eye candy. Granted, Java has security concerns, too, but they are not nearly so great as having an browser integrated into the OS.
In the US, there are also only two manufacturers of gasoline (petrol) handling pumps, and these are now sophisticated enough to connect to the internet, call for shipments, and arrange deliveries. One of these companies uses MSIE-only, and an executive (another neighbor) dismissed customers that want to avoid MSIE for security reasons as ‘whiners.’ Petrol is dangerous and, in today’s world, we can’t leave tanks open to crackers to mishandle or misroute.
MSIE is a global security risk that we cannot afford.
Regards,
mc
Dr. Roy Schestowitz Reply:
October 20th, 2010 at 9:08 am
There is a whole book called “Don’t Click on the Blue E!”
http://oreilly.com/catalog/9780596009397
mcinsand said,
October 20, 2010 at 4:30 pm
Thanks! That book might make a nice holiday gift for some family members.
Regards,
mc