[Am-info] IP: The Gates Declaration and Microsoft Security Day

Gene Gaines Gene Gaines <gene.gaines@gainesgroup.com>
Thu, 17 Jan 2002 11:22:26 -0500 

,

Forwarded from Dave Farber's IP list:

>The Gates Declaration and Microsoft Security Day
>Richard Forno
>16 January 2002
>rforno@infowarrior.org
>(c) 2002 by Author. Permission is granted to quote, reprint or redistribute
>provided the text is not altered, and appropriate credit is given.
>
>Summary: Analysis of the latest Microsoft foray into information security
>
>By now, you've seen the news article. Microsoft founder and Chairman Bill
>Gates announced in a memo (text) yesterday that security would have the
>'highest priority' in its products and that security is now 'more important'
>than any other part of Microsoft's work. This is the company's latest public
>attempt to address security concerns with its products and services.
>
>Undoubtably, history will remember January 16, 2002 as Microsoft Security
>Day - harkening back to that wonderous day in 1995 when Chairman Gates
>announced that the Internet was to be part of all Microsoft products and
>services. That proclaimation produced such well-known Redmond innovations as
>Melissa, I Love You, Code Red, SirCam, Code Red II, BadTrans, UPnP, and
>VBScript, among other notables, resulting in burned-out system
>administrators and a flourishing information security industry.
>
>Gates is also reported to have said that the September 11 attacks are a
>major reason to stress security of America's critical infrastructures,
>including its computer systems. Huh? Has Chairman Gates been asleep at the
>keyboard for the past several years, knowing that while his bloated, buggy,
>and exploitable products were achieving marketplace dominance - and monopoly
>status - they were becoming a self-inflicted vulnerability on the wired
>world we currently inhabit? Security all of a sudden is important to Microsoft?
>
>Perhaps this sudden change of heart has to do with the recent BBC report
>that the US National Academy of Sciences is calling for laws to punish
>software firms that produce insecure products. Or, could Microsoft's
>legal
>team be afraid that what the company produces and sells as "products" - in
>actuality, shrink-wrapped denials of service and prepackaged network
>compromises - could contribute to electronic criminal or terrorist acts
>against America's critical information resources? Could it be that Microsoft
>is actually scared of something?

<snip>



Gene Gaines
gene.gaines@gainesgroup.com
Sterling, Virginia