Passport provides another blow to Microsoft’s security credibility.
Last week I attended Microsoft’s Twin Cities launch event for Windows 2003. Thousands of local IT folks filled the largest theater in the Minneapolis Convention Center to hear Dave Thompson, vice president of Windows Server Product Group for Microsoft. He is in charge of all Windows server development and directed all the new development surrounding the server product. The presentation was very impressive, and afterward I found myself thinking the Windows Server 2003 will be the server of choice for most companies.
Thompson put security first and foremost in his talk. He even went so far as to say that Microsoft development is the most security-conscious in the industry. He also said security is why this version of Windows server was not released with Windows XP but was delayed 18 months to check every line of code for possible security holes. Windows Server 2003 was to be the keystone of the new Trustworthy Computing initiative.
In the past, Microsoft’s priorities led them to develop for features first, ease of use second, and security last. One example of this was Microsoft’s past policy of leaving all features on by default. Of course, every feature left on is a potential security risk. For example, feature-rich applications such as Outlook/Exchange provided fertile ground for worms. Thompson said in the talk that all features will be left off by default in Windows 2003 and related applications. This would make it harder for users and administrators to use the products but also harder for hackers to obtain unauthorized access. The default issue is supposed to illustrate that Microsoft now places security first, ease of use second, and features third.
After the talk, I spoke with Thompson about several related topics, especially security. I was particularly interested in what he had to say about buffer overflows. If Microsoft’s new development process really is more airtight than any in the industry, would we see a reduction in buffer overflow vulnerabilities in Windows 2003 over the high number of instances in Windows 2000? He said buffer overflows were more of a problem because of a lack of education about the severity of the issue. He said nothing about just how Microsoft’s new development regime specifically builds systems invulnerable to buffer overflows. He did say that Windows 2003’s built-in auto-update feature, which automatically patches systems as soon as vulnerabilities are discovered, would cure most of the buffer overflow problems we have seen because administrators would not miss needed patches due to inattentiveness. This was not the answer I was hoping for; Microsoft has a history of downplaying problems when they come up until their best customers scream for patches. In the time between the discovery of a vulnerability and the installation of a patch by auto-update, critical systems can be vulnerable to attack.
The fact is, Microsoft suffers from a credibility gap. We want to believe them when they say their code is the most secure in the industry. But then they go and do something stupid, like ignoring warnings from concerned security researchers or denying CERT reports that are later validated by the company. The latest was the