[ISN] Ballmer: Raising Microsoft's security game

From: InfoSec News (isn@private)
Date: Wed Oct 22 2003 - 01:09:36 PDT

  • Next message: InfoSec News: "[ISN] Join the U.S. Hacker Corps; see the world"

    http://news.com.com/2100-1002-5094279.html
    
    [Its hard to take Steve Ballmer seriously over computer 
    security, especially after watching this a few times...  
    http://www.ntk.net/media/dancemonkeyboy.mpg   :)   - WK]
    
    
    By Mike Ricciuti 
    Staff Writer, CNET News.com
    October 21, 2003
    
    ORLANDO, Fla. -- Microsoft CEO Steve Ballmer on Tuesday defended his
    company's efforts to secure its software and fend off open-source
    rivals.
    
    Ballmer, speaking here at an industry conference market research firm 
    Gartner sponsored, acknowledged that the software maker has been late 
    to introduce better ways for its customers to patch their systems but 
    said Microsoft is now making strides. "I know we need to do better, 
    but we are in this challenging position where the hacker only needs to 
    find one vulnerability, and we need to keep them out," he said. 
    
    "We have put a lot of energy into patching, later than we should 
    have," he said. "We have been raising our game." 
    
    Ballmer also said increasing the quality and security of the company's 
    software is vital to retaining customer confidence. Microsoft is in 
    the midst of a nearly 2-year-old plan, called Trustworthy Computing, 
    to better secure its systems. 
    
    Critics say the plan has been slow to take effect. And that's no small 
    matter, according to researchers who have been pointing to the dangers 
    of overreliance on Microsoft software, especially the Windows 
    operating system.
    
    "We rarely fail at something that is our top priority, and this is 
    absolutely our top priority," he said. "It's hard. It's not like 
    horseshoes--we can't just come close. We have our best brains on it. 
    The issue of customer satisfaction can slow down progress for the 
    whole industry and can help us differentiate ourselves from the 
    competition. It's a defining-moment issue for us." 
    
    Ballmer said the mechanism for applying patches to the company's 
    Windows operating system and related application "needs to be more 
    predictable, with one simple installation, (with) rollback and 
    management tools." Microsoft earlier this month said it will focus on 
    adding new security technologies to its products and improving its 
    process for releasing patches.
    
    The Microsoft chief executive also contrasted the quality of software 
    that's produced by commercial makers to that of software that's 
    developed under the open-source model. "Should there be a reason to 
    believe that code that comes from a variety of people around the world 
    would be higher-quality than from people who do it professionally? Why 
    is its pedigree better than code done in a controlled fashion? I don't 
    get that," he said.
    
    "There is no road map for Linux, nobody who has his rear end on the 
    line. We think it's an advantage a commercial company can bring--we 
    provide a road map, indemnify customers. They know where to send 
    e-mail. None of that is true in the other world. So far, I think our 
    model works pretty well," Ballmer said.
    
    In response to a question about whether Microsoft plans a version of 
    Office for the Linux operating system, Ballmer said no, but "never say 
    never. But we have no current plans and don't see that as an 
    interesting opportunity."
    
    Ballmer said the market for Linux on client systems is still small. 
    "It's smaller than the market for the Mac. The Mac is a nice, small 
    business for Microsoft. But it is a small business. If someone says 
    you have an opportunity to support a new platform that's less popular 
    than the Mac, I'm not sure that is a good starting point," he said.
    
    "People aren't used to paying for software on Linux. This isn't about 
    religion, it's about business. We need to figure out what they need to 
    get done and what they will pay for," Ballmer said.
    
    Ballmer also disputed the notion that open-source code is more secure 
    than Windows. "The data doesn't jibe with that. In the first 150 days 
    after the release of Windows 2000, there were 17 critical 
    vulnerabilities. For Windows Server 2003 there were four. For Red Hat 
    (Linux) 6, they were five to ten times higher," he said. 
    
    "The vulnerabilities are there. The fact that someone in China in the 
    middle of the night patched it--there is nothing that says integrity 
    will come out of that process. We have a process that will lead to 
    sustainable level of quality. Not saying we are the cat's meow 
    here--I'm saying it is absolutely not good reasoning to think you will 
    get better quality out of Linux. "
    
    In the area of software management, Ballmer said Microsoft is working 
    on new tools to "manage systems at a reasonable cost. That has not 
    been our historical strength."
    
    Microsoft earlier this month said it is working on new management 
    tools, including its first Web services management software.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Oct 22 2003 - 05:49:09 PDT