As the latest mass-mailing worm spread across the Internet on Monday, infecting many tens of thousands of Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on 1 February, Gates stressed the importance of security to his company's products, but said that competing vendors -- such as SCO -- were courting danger by sitting back.
"A high volume system like [Windows] that has been thoroughly tested will be by far the most secure," Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. "To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux.
Noting the large number of major virus epidemics during the past two years, Gates said that in some ways "hackers are good for maturation" of the platform, because they have forced the company to develop new inspection techniques for the code.
But patch management continues to be the largest headache, said Gates. "Everybody who had their software completely up to date [during the epidemics] was immune to those problems. But only 20 percent of our customers were, so obviously we weren’t doing enough." Part of the problem is with taxonomy, said Gates, such as making clear whether a patch is essential or just advised. Furthermore, patches are too large, and their regularity was not predictable. For instance, in December, Microsoft issued a patch through its Automatic Update service just one day after saying that it would issue no patches that month.
Gates said that "virtually all" Microsoft customers are now using automatic patching, but in the past even this has proved problematic. Last August, many companies were left open to a new virus because a flaw in the Windows Update service led them to believe -- wrongly -- that they were protected from MSBlast.
Microsoft software architect Chris Anderson, who is working on Longhorn, explained another problem with patches: "Today, virus writers don’t find holes," he said. "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours."
Gates also said Microsoft is looking at ways of developing email protocols so that a recipient can verify the sender of the email. "This is critical for security," he said, "and for getting rid of spam."
Talkback
considering the fact that microsoft is the weak link in this equation, i.e it is used as the transport agent for the attack, one wonders what mr Gate's is on about. Microsoft's crust is all too readily cracked.
Ha mythos over logos Billy Gates. MS Windows is a bucket with holes. So now he wants to claim that it is becasue Windows has monopoly (he would call it market) hold that it is a bigger target... no it is becasue it is easier to hyjack jack-ass.
BS Bill! Mac OS X is inherently more secure than Windows. Security through obscurity is a myth. See for example:
http://www.nytimes.com/2003/09/18/technology/circuits/18POGUE-EMAIL.html?ex=1075352400&en=1d2b3f94578e2bac&ei=5070
Once again, the naiveté of Bill Gates just astounds me. And his swipe at Apple is worthy of Karl Rove. MS needs to address it's weaknesses in a holistic manner and get off of their "increments of just barely good enough" mindset or the consumer will never be able to trust the the latest is really the greatest. Or is that they're marketing strategy...?
Gates is right as usual. It's amazing how people's jealosy breeds such misplaced hatred. Did anyone stop to think that both parties might be right at the same time? It's obvious that Windows will be attacked more than other OSs with their paltry market share. Only a fool could deny a motive that strong. It's also obvious that Windows is not totally secure. Every new exploit will continue to show us that until they stop. That goes for Linux and OS X as well. As long as there are any unpatched vulnerabilities or those patches are not universally applied those platforms will never be totally secure. We'll start seeing how secure the press says Linux and OS X if they ever get any appreciable market share.
Jealous of Gates? Grow up, child.
It takes a small mind, indeed, to think that jealousy is the prime motive for all the animosity Gates and MSFT have garnered over the years.
This is the greatest ball I ever listened to in my life. The fact that it came the very first day of MyDoom render it more ludicrous, if possible.
That also clarify what users mean to Mr. Gates. This guys buy everything (even what's not supposed to be on sale), crush the competitors, make billions through monopoly and have the guts to talk.
Last time I checked, Windows viruses caused problems that, in 2003 alone, amounted to 55 billion dollars. None of whom has been spent by Linux or MacOS users.
<<Gates said that in some ways "hackers are good for maturation" of the platform>>
What a moron.
That's like saying a high number of defects in automobiles is good for the maturation of the car model. It sucks for the consumer but it's an interesting data point for the manufacturer.
"Hmm... looks like our Ford Pintos, when rear-ended, are prone to exploding. We should probably have someone take a closer look at that."
Microsoft applications and operating systems are designed from the beginning with more vulnerabilities.
An example is when Microsoft first offered Active X as an answer to Java.
Now, both Java and Active X have had their share of security problems, but Java was designed to provide a sand box from the beginning, so the only danger was someone finding a crack in the sand box walls, which has happened once or twice, and been patched fairly quickly.
Active X, on the other hand, was designed in a completely different manner. The idea being that you would only run trusted code from trusted suppliers. So, the goal with Active X, from the hacker perspective, is to convince the computer that your code is trustworthy. Note that this provides a much larger area in which the hacker can then play.
While security pundits pointed out how unweildy and dangerous this approach was, Microsoft scoffed and claimed it was just as safe as Java. Well, it isn't. Active X is responsible for a great deal of the security problems IE has.
My point here, is that you design a system from the ground up with certain inherent philosophies guiding you. If security is a key sticking point, then you make it secure first, then add bells and whistles.
If bells and whistles are the priority, you design those, and try to tack on some security later when you get a chance.
Unix (MAC OS, BSD, Linux, Solaris, HPUX, AIX, and yes, even SCO unixware) products are designed first to be secure. Features are added after the basics of secure design are taken care of.
Microsoft products are designed around an abundance of features, and real security is often little more than an afterthought.
Anyone who buys Bill Gates' party line about windows being hacked more because it's popular may be interested in some beautiful water front property I have available in the middle of Florida, USA.
First off, I am not a Mac guy or Linux user. I am simply a frustrated PC user. A Windows PC user.
Bill's comments are a disgrace. Why does Microsoft have such a hard time admitting their code is not as secure? They made decision as part of their .Net strategy to leave ports open? There are fundamental design issues with Windows.
We would forgive them. Windows is built on technology for another time. We would understand. But the lying makes me not trust them with my valuable data.
I have speculated for some time that the reason Longhorn has slipped so many years is not really new functionality--although there will be a lot. My take is they have to completely re-write Windows to fix the systemic flaws.
I am tired of the culture and ethics that are Microsoft. I stayed with them through security holes and sneaky privacy moves.
But after reading this article, I think it is time to get with the program and move on to something other than a MS product. Or at least explore the options.
I am guessing that Bill Gates uses the same Crack as Darl McBride !
Anyway.. Microsoft software is more secure than linux/OSX... hmmm
So remind me Mr Gates what OS did you hide behind during the melissa virus? Which platform for the last few years has spread virus' like wildfire, constant microsoft website user hacks?
And if linux is so un-secure why hasn't anyone hacked google and had all 10,000 of their boxes doing DOS attacks on SCO/MS etc??
How many microsoft webservers have been hacked and had peoples payment details stolen compared to linux servers?
And I wish MS would stop harping on about people not upgrading to the latest patch all the time when they know perfectly well that people avoid installing MS patches straight away after they verify what the payload actually contains (DRM/Spyware/Other fixes that break systems etc...)
Why not have a "Cracker Showdown"?
Let's challenge the best Hackers out there to crack each OS and see the result. This could be sponsored by Microsoft since they are so confident in their OS! I know where I would place my bets. C'mon Billy, impress us!!! NO?... Chicken!
;)
I think the FBI (USA Internal investigations for those not in the know) says it best:
Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!
Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.
from:
http://www.securityfocus.com/columnists/215
(Mac's aren't that much more if you compare evenly. That's not the point, though. The point is Gates should be embarrassed by that comment aka FUD.)
This statement by Bill is a bit like someone on a ship ridden with holes saying they have the most sea worthy vessel.
What a joke. I run OS X and don't even pay attention to the virus reports. Also, isn't SCO(the focus of the attacks from our latest virus) partially owned by Microsoft? Aren't the allegations of SCO code in Linux nothing more than another attack from Microsoft via a puppet?
I would like to see the relationship between SCO and Microsoft investigated in the press.
Gates is using the sensible defensive strategy: go on the offensive. His claims can't be proven but make for a good distraction.
The bottom line is that the e-mail virus problem on Windows hasn't been solved in how many years now? Eight?. So I don't see the progress that he is talking about.
Hearing Bill one would think that no one works on anything else but Microsoft products. But the question remains: Which is the better model in defense against viruses: a closed proprietary
system or an open one? I put my money on openness.
Gates understands the situation very well. How else could he ALWAYS be saying the exact opposite to truth?
If Gates says Linux and Mac OSX are vulnerable, then they both can relax in the certain knowledge that they are essentially, invulnerable. Microsoft is no doubt doing everything they can to develop viruses for both these operating systems and if they or their partners had had any success doing so the viruses would be out there. Duplicitous behavior is, after all vintage Microsoft, in fact it's ALL they know. To the best of my knowledge OSX has NEVER had a virus and has been around for years. Linux smaller market share hasn't been so invulnerable but their virus count is tiny compared to the 1970's era sieve that Microsoft calls Windows.
In Gates defense, he is in a very difficult position. Microsoft has an operating system that is absolutely obsolete and if they change it to something modern, useable and secure they will be just like all the other UNIX based operating systems and be unable to use their proprietary software monopoly to extort huge piles of cash from users. They also would have NO unique (proprietary) application base and therefor would be bankrupt in a matter of months. They simply have, NO LEGITIMATE options to maintain their monopoly. Even Microsoft knows their loosing customers so to address this, they will make another lame proprietary attempt to close some holes with Longhorn at the users expense of course by increasing Microsoft's virtual access to everything on your computer. Nothing will be allowed to run without their blessing. Experts feel Longhorn may be USABLE by 2010 if it stays on schedule. Are we prepared for five more years in this hell we live in? Longhorn will of course set up yet another round of forced upgrades to all applications and the money taps are once again wide open and flowing mountains of cash. History repeats and we all swallow the Microsoft LIE whole, one more time. If they were capable of anything superior to absolute crapware we would have seen it LONG ago. Look at Apple they made the operating system transition flawlessly by all accounts, in just a few years, this simply is outside Microsoft's capability. In order to keep all current customers all software transitions must take decades or they risk loosing a customer to something that already works, not some fictional future date when all will, miraculously be wonderful and work too, this time, really.
Currently Windows has nearly a virtual lock on viruses that cost us each the purchase cost of our computer each year and thats just down time. Add to that the virtual certainty that we will each loose all our data each year on average and have to reinstall everything once twice or more each year. One begins to question the sanity of using anything Microsoft. NO other operating system endures this sort of perpetual rape of the customer base, so why do we continually put up with it? Is the certainty of being screwed by Microsoft better than, the uncertainty of changing to something that actually works, is secure and respects people's privacy? It seems insane doesn't it? Microsoft spends BILLIONS of our extorted money each year on FUD to keep us in mortal fear of this change. Microsoft's life literally depends on our stupidity, vulnerability and fear! Fortunately for humanity the shift from blind stupidity has started, so wake up a brother or two if you've come to your senses and if not, open your mind and realize that the years of FUD are simply lies to keep us captive SLAVES to Microsoft!
Security through obscurity - that old saw has been put to bed. It isn't true. OS X and Linux are more secure becuase of design! Not becuase of obscurity - which may play a part, but it's not close to the whole story.
Windows out of the box is much less secure. The facts speak for themselves. I have yet to get a virus in four years!
Windows is fundamentally flawed code and Gates knows this. If he wants to fix it, he'll do what Apple did, put a Windows GUI on a stable (Unix or Linux) system.
An apt analogy might be the quarterback, who, after being sacked repeatedly and suffering numerous concussions because of a consistently faulty defense, still believes that his team will ultimately get better as a result of the abuse thrust upon his team.
Sooner or later, the coaching will have to be replaced. And, the quarterback had better quit before irreparable damage is done as a result of numerous concussions.
If windows didn't have such an overwhelming advertising presence (which is probably the only excellent component here) I believe the public would understand that there are several far more functional and secure options to use. There is a world beyond Bill Gates…and it works very well.
There is, indeed, a world beyond Gates and Windows. I, for one, didn't even receive ONE spam email; nothing with any attachments ... nada. My sympathies to those who live with the patchmeister.
A close buddy, within two days of getting his HP after he had to junk his one-year old compatible, had his browser affected by some porn-oriented macro that filled his history with unsavory sites.
In trying to be too clever with their products, Microsoft has consistently delivered inferior products. It's the result of having too much money and staff with nowhere to go; a monopolist's disease. The Mac sites will go to town on the idea that the attacks makes Windows more secure.
Bill Gates? Who is this idiot?
I've used a Mac now for 15 years and never once during this time experienced a virus attack. Market share aside, this time span ought to have presented something if Gates (KBE) is so sure about the insecurities of other platforms.
On the other hand, I use a Windows - based PC at work (every day), and the number of virus alerts being sent out by the IS dept. just isn't funny anymore. It's getting to the point that my productivity at work is being hindered. I sympathise with those that have chosen to use Windows as their preference. They deserve much better than they are getting. It appears that Microsoft only has Microsoft's interests at heart and not its customers
Bring 'em on! Hackers make us stronger...and the world is safer without Saddam...Apple and Linux are just complacent...smoking gun...mushroom cloud...virus-related program activities...hey, what happened to my flight suit?
Noting the large number of major virus epidemics during the past two years, Gates said that in some ways "hackers are good for maturation" of the platform...
HA HA HA - Hoo Hoo
That Gates is a funny guy. You must have the most mature platform Billy. I'm talkin' Methuselah maturity
HA HA HA - Hee Hee Hee
First Off, Lets agree that no operating system nowadays is safe from hackers, viruses trojans, worms and the rest of 'em but Windows operating systems seem to be the worst affected, maybe the fact that ports are intentionally left-open doen't help and also the fact that On Kazaa and other P2P (Peer to Peer) networks you can find Virus, Trojan and worm making programmes which even a Kiddie could use. I guess its ok (but dissapointing) for Billy to say "Hackers are good for the maturity of our systems" but what about those who just have a single computer that can't boot-up, cant System-Resore and cant be re-booted from Disk because some weirdo thought id would be funny , there's millions of these people and WE'RE getting pretty fed up with it. As I read in a previous article "one in every 12 email is now infected with a virus" this is just a sign of the sad times we live in, I say find the hackers, make them eat their hard-drive and cut off their hands, that'd stop em !
Dear Mr. Gates: Hackers are good for nothing. Purely malicious attacks against anything are counter-productive. Does 9/11 ring a bell? Before Longhorn ever reaches the market both Linux/OSX will have raised the bar, and Windoze will be falling farther behind. The attrition of the Microsoft monopoly has begun, even mountains can be moved in time.
There are happy Windows users in this world.
I can't judge people because of which operating system they choose to use. However, since I took over a department I decided to get an Apple computer to handle all the mail that comes our way.
Nobody criticises me for being an Apple user anymore. They still want more 'virus-buster'
software despite me effort. How many 'curtains' can we put on these Windows?
First off, let's agree that MY SYSTEM is SAFE from viruses, and YOURS is NOT!!!
Once you agree you have a problem, well, that's the first step to finding a solution.
If, OTHO, you choose to bury your head in the sand, like someone with initials B.G. well, you are in for a rough ride, I suppose.
And 640k is enough for anyone!
You posted this article too early. April Fool's day is still a few months away! How long can Gates continue to get away with bald faced lies like "Windows is well tested", "virus attacks are good for Windows because it helps us make our well tested OS even more secure" and "other OS vendors aren't doing anything but sitting around waiting to be attacked"? Windows isn't even Open System software but 10 year olds can wreak havoc on it! The implication that windows is a better OS because hackers can continuously molest it and other OS's are inferior because they are tougher to hack doesn't fly.
People who see hackers as a scourge miss the point. The point is in the realm of national security not lost productivity on your desktop checking bbc news.
If hackers don't challent operating systems in meaningful ways, you had better believe our enemies will. How disappointing to have our first attack come from a Saudi or Pakistani programmer who decides to shut down our grid because the lemmings chose to run Windows because it was popular rather than secure.
I hate to say it, but I almost rejoice every time there is a virus attack because I know that our operating systems do get stronger.
The fact remains that Windows code is crappy code that opens up the core system to serious attacks. Until Microsoft follows the same pattern of Linux or OS X and keeps root access protected the free world is highly vulnerable.
By the way, I don't use any Microsoft software, I live daily in the the Tech world, I boot up my computer, get my job done and largely ignore viruses, worms and trojan horses. I am just so incredibly sorry that most people don't understand just how viable the alternatives to Microsoft are today.
Especially disappointing to me was the choice by the Department of Homeland Security to choose Windows XP as their primary desktops. What a sad, sad mistake. Recenlty, they received a D- from an auditing agency regarding their security level. Depressing...
Maybe Bill should have a chat with his senior vice-president in charge of Microsoft's Windows development. In 2002 he admitted this. "Our products aren't engineered for security"
http://www.computerweekly.com/articles/article.asp?liArticleID=115571&liArticleTypeID=1&liCategoryID=1&liChannelID=13&liFlavourID=1&sSearch=&nPage=1
Let's apply this logic elsewhere, shall we?
"A City like Baghdad, which has been and is being bombarded, is much safer than, say, Akron, Ohio, which no one is attacking."
Hmm... I think this logic smells a bit dodgy.
This is closer to it:
Baghdad is manifestly safer than London. Baghdad has thousands of well-trained, well-armed American troops on hand to protect the civilian population, and London has none.
After my initial reaction of "What the heck is that man smoking?", it occured to me that there may be an obvious explanation for Gates' comments: After all these years of stealing ideas from Apple, Bill just couldn't resist trying to appropriate Steve's Reality Distortion Field. Trouble is that, just like in real life, Apple's version consistently delivers as promised, while Redmond's ersatz rendition frequently leaves one on hold for tech support.
"Just because no one attacks it it does not make it secure" - Bill Gates
"Just because you say it is secure does not make it true." - Me
Gates is desperate here. The several charges brought against Microsoft on its lack of proper response to various continuing security holes in its OS/apps obviously have him rattled and looking for someplace to create distraction.
If Linus/OS X is so much less secure, then why is it that several pending security-sensitive goverment/military contracts are going their way precisely because of their implied superiority in such matters?
Liar, Liar, Pants on Fire....
What an arrogant SOB.
It is his companys lack of plugging the swiss cheese of operating systems security holes that causes these attacks to be so devestating in the first place.
Either eat your cake or keep it Bill, but you can't do both.
First you say that your next OS 'longhorn' will be the most secure ever. Then you complain that the only reason 'XP' isn't secure is because people don't update it properly.
Sounds to me like longhorn shouldn't have any security advantages over XP is you're taking security seriously with XP. However, it also sounds like if you take security in XP seriously, people won't need to update to longhorn, even though it will be the most secure OS ever.
Oh the bind. To force the upgrade, or not force the upgrade. Maybe instead you could just deliver a decent product.
My opinion about M$:
"One can fool some people on some issues for some time - but nobody can fool alle people on all issues for ever !".
(Approximate quote from Sir Winston Churchill)
Read on the WWWeb:
In the 'wonderful' world of M$ there are no doors neither (fire)walls - so who needs gates ?
If M$ would ever produce anything that wouldn't suck - it would surely be a vacuumcleaner !
windo$e 'XP' smiley stands for:.... PUKE !!!
(or BARF in American English).
By myself:
XP stands for:
eXtended Payments
eXtra Problems
eXit Privacy
eXtreme Piracy
etc. etc. etc.
And... there's several MBs more like these...
I have no idea whose OS is more secure.
I only know that in about 8 years on the internet I have only ever had ONE virus on my series of Macs - that was the MicroSoft Word Macro Virus, which was actually a software bug in MicroSoft Office for the Mac and for Windows.
Who cares why my computer keeps on ticking? It just does.
I don't think that most of you are looking at the bigger picture when looking at the position of one Mr. Bill Gates.
For those of us who are small minded enough to shoot our mouths off about the man without REALLY knowing an iota of what he has to run, is, to say the least, immaturely premature.
Bill Gates has a multinational company to run as well as perform the arduous duties of being the spokespersona for idiots like the man a couple of comments up who seems to just like to slander the establishment instead of saying anything useful.
I believe that Microsoft has the utmost motivation to aleviate the worm problems on the Web. If you sold Tylenol for instance, and suddenly there were opened packages all over North American stores...you wouldn't sit back and do nothing but talk,,,you would try to eliminate the threat to your business. This should be blatantly apparent and if it is not, you are not looking at the picture from the right perspective.
I applaud the man for the work he has done, the safeguarding of your systems, the development of the greatest media to ever hit the planet, and do it all with a smile while supporting almost a hundred different charities.
Beat it naysayers cause the only people that are gonna listen to ya are the other naysayers that no-one listens to.
Daniel J. Belanger
British Columbia, CAN
What is this greatest media ever to hit the planet?
Lets see Apple humm yes alot of hackers want to scan for 3 months to just find a Mac to hack
Linux The so called Open source O/S except no buisness will roll it out unless its from Say IBM with their $250 an hour Interns supporting it. Ohh and go ahead and change their code and see if their patches work or will even support it.
Maybe all you Opensource nuts should look at some of the security sites and add up all the Unix/Linux/Apache/Mac Alerts. Your hate of anything Microsoft is blinding you.
$250 an hour eh? well sign me up son. I just hope you didn't do the hirin' 'cos I think HR might want a quiet word with ya.
$250=cost, not salary. He's saying they COST a lot, but they are (like) interns, so they aren't too helpful. It's called a "metaphor" when you remove the "like" from a simile, you cretin.
bi'chin like little girls and everyone missing the point.yuo do have a choice;free awkward,unsupported and generaly crap,or a nice expensive microsoft product thats well made,well supported,smooth as silk to use and has programs written for it because its worth writing for, guss what,billy bob gets my money anyday!
You are right about your comment and there is one thing that I have to add to that and that is.
.dll
It's like a magnet causing mre problems than you can imagine.
This post has been removed by a moderator.