OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Ballmer: Raising Microsoft's security game

From: InfoSec News (isnc4i.org)
Date: Wed Oct 22 2003 - 03:09:36 CDT

http://news.com.com/2100-1002-5094279.html

[Its hard to take Steve Ballmer seriously over computer
security, especially after watching this a few times...
http://www.ntk.net/media/dancemonkeyboy.mpg :) - WK]

By Mike Ricciuti
Staff Writer, CNET News.com
October 21, 2003

ORLANDO, Fla. -- Microsoft CEO Steve Ballmer on Tuesday defended his
company's efforts to secure its software and fend off open-source
rivals.

Ballmer, speaking here at an industry conference market research firm
Gartner sponsored, acknowledged that the software maker has been late
to introduce better ways for its customers to patch their systems but
said Microsoft is now making strides. "I know we need to do better,
but we are in this challenging position where the hacker only needs to
find one vulnerability, and we need to keep them out," he said.

"We have put a lot of energy into patching, later than we should
have," he said. "We have been raising our game."

Ballmer also said increasing the quality and security of the company's
software is vital to retaining customer confidence. Microsoft is in
the midst of a nearly 2-year-old plan, called Trustworthy Computing,
to better secure its systems.

Critics say the plan has been slow to take effect. And that's no small
matter, according to researchers who have been pointing to the dangers
of overreliance on Microsoft software, especially the Windows
operating system.

"We rarely fail at something that is our top priority, and this is
absolutely our top priority," he said. "It's hard. It's not like
horseshoes--we can't just come close. We have our best brains on it.
The issue of customer satisfaction can slow down progress for the
whole industry and can help us differentiate ourselves from the
competition. It's a defining-moment issue for us."

Ballmer said the mechanism for applying patches to the company's
Windows operating system and related application "needs to be more
predictable, with one simple installation, (with) rollback and
management tools." Microsoft earlier this month said it will focus on
adding new security technologies to its products and improving its
process for releasing patches.

The Microsoft chief executive also contrasted the quality of software
that's produced by commercial makers to that of software that's
developed under the open-source model. "Should there be a reason to
believe that code that comes from a variety of people around the world
would be higher-quality than from people who do it professionally? Why
is its pedigree better than code done in a controlled fashion? I don't
get that," he said.

"There is no road map for Linux, nobody who has his rear end on the
line. We think it's an advantage a commercial company can bring--we
provide a road map, indemnify customers. They know where to send
e-mail. None of that is true in the other world. So far, I think our
model works pretty well," Ballmer said.

In response to a question about whether Microsoft plans a version of
Office for the Linux operating system, Ballmer said no, but "never say
never. But we have no current plans and don't see that as an
interesting opportunity."

Ballmer said the market for Linux on client systems is still small.
"It's smaller than the market for the Mac. The Mac is a nice, small
business for Microsoft. But it is a small business. If someone says
you have an opportunity to support a new platform that's less popular
than the Mac, I'm not sure that is a good starting point," he said.

"People aren't used to paying for software on Linux. This isn't about
religion, it's about business. We need to figure out what they need to
get done and what they will pay for," Ballmer said.

Ballmer also disputed the notion that open-source code is more secure
than Windows. "The data doesn't jibe with that. In the first 150 days
after the release of Windows 2000, there were 17 critical
vulnerabilities. For Windows Server 2003 there were four. For Red Hat
(Linux) 6, they were five to ten times higher," he said.

"The vulnerabilities are there. The fact that someone in China in the
middle of the night patched it--there is nothing that says integrity
will come out of that process. We have a process that will lead to
sustainable level of quality. Not saying we are the cat's meow
here--I'm saying it is absolutely not good reasoning to think you will
get better quality out of Linux. "

In the area of software management, Ballmer said Microsoft is working
on new tools to "manage systems at a reasonable cost. That has not
been our historical strength."

Microsoft earlier this month said it is working on new management
tools, including its first Web services management software.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.