Gates Misses the Mark, and the Point, on Security

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Bill Gates wants us to believe security is Microsoft's new Number Onepriority. He wants us to believe they have the users' best interests atheart.

I, personally, want to believe the moon is made of green cheese. Theproblem with both of these situations is I know too much for either toever happen.

Until Microsoft announces a major effort to rearchitect the source codefor the Windows operating system, everything he says about securityshould fall on deaf ears.

Windows machines account for somewhere between 70 and 90 percent of allcomputers on the Internet -- for safety's sake, we'll put those numbersin the U.S. Windows' Number One selling point is ease-of-use for the enduser. Well, that and it's cute, too.

From the beginning, the emphasis has not been on security.

How can I make such a bold statement? Two words: Buffer Overflow.

In the very first class I took in programming (those many years ago), wewere berated class after class about proper bounds checking to preventbuffer overflows. What this means in simple terms is that every time myprogram asked the user for input, it had better check to make sure theinput fit in the place I reserved for it. If I asked for a ''Y/N'' and Igot a ''yes'' or a ''no'', those extra characters had to go somewhere andI had better be prepared for them.

Buffer overflows are just the beginning of security flaws written intothe Windows operating system.

Gates states that the new IE 7.0 will fix ''most security flaws'' inInternet Explorer. That's great, but it will only be available toWindowsXP Service Pack 2 users. What? If you're running Windows 2000,that's just too darn bad. Security isn't for you.

But that's kind of OK, because it really isn't for the XP SP2 crowd,either.

Why is that? Service Pack 2 is a package of patches, updates, and fixesall rolled into one large executable. It's also the size of a smalloperating system (about 40Mb). And it doesn't fix everything or wewouldn't currently be experiencing the revival of the MyDoom virus onnetworks around the world.

According to