Gates takes a side-swipe at Apple, Linux security

ZDNet ^ | January 27, 2004 | Matt Loney

[HAL9000]

As the MyDoom virus spread rapidly across the Internet on Monday, Bill Gates extolled the value of such attacks and warned against other operating systems' complacency

Microsoft chief software architect Bill Gates took a side-swipe at rival operating systems on Monday, as he reiterated the importance of security for Windows; in particular its next version, which is codenamed Longhorn.

As the latest mass-mailing worm spread across the Internet on Monday, infecting many tens of thousands of Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on 1 February, Gates stressed the importance of security to his company's products, but said that competing vendors -- such as SCO -- were courting danger by sitting back.

"A high volume system like [Windows] that has been thoroughly tested will be by far the most secure," Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. "To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux.

Noting the large number of major virus epidemics during the past two years, Gates said that in some ways "hackers are good for maturation" of the platform, because they have forced the company to develop new inspection techniques for the code.

But patch management continues to be the largest headache, said Gates. "Everybody who had their software completely up to date [during the epidemics] was immune to those problems. But only 20 percent of our customers were, so obviously we weren’t doing enough." Part of the problem is with taxonomy, said Gates, such as making clear whether a patch is essential or just advised. Furthermore, patches are too large, and their regularity was not predictable. For instance, in December, Microsoft issued a patchthrough its Automatic Update service just one day after saying that it would issue no patches that month.

Gates said that "virtually all" Microsoft customers are now using automatic patching, but in the past even this has proved problematic. Last August, many companies were left open to a new virus because a flaw in the Windows Update service led them to believe -- wrongly -- that they were protected from MSBlast.

Microsoft software architect Chris Anderson, who is working on Longhorn, explained another problem with patches: "Today, virus writers don’t find holes," he said. "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours."

Gates also said Microsoft is looking at ways of developing email protocols so that a recipient can verify the sender of the email. "This is critical for security," he said, "and for getting rid of spam."

[HAL9000]

"A high volume system like [Windows] that has been thoroughly tested will be by far the most secure," Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre.

Bill Gates is a prevaricating dork. Anyone with a grasp on reality knows that Windows is by far the LEAST secure operating system.

"To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux.

Linux and Mac are more secure because of superior design, not "because no one is attacking it".

[Lil'freeper]

Bill Gates extolled the value of such attacks

That's as far as I got.

[Izzy Dunne]

Bill Gates is a prevaricating dork.

That should be:
Bill Gates, K.B.E., is a prevaricating dork.

He was knighted, remember?

[tiamat]

I have a Mac. Love it. I don't get viruses, either.

Tia

[surely_you_jest]

Dork, Sir Dork, whatever.

To paraphrase the Immortal Bard:

What's in a name?

That which we call a Dork by any other name would smell as sweet.

[ikka]

Well, Bush2000, do you agree with Mr. Gates' view on this issue? How about you, Brass Buzzard?

[RayChuang88]

Unfortunately, Linux is NOT as secure as people think. The default installs for most commercial distributions can leave some quite nasty security holes, sad to say. If you know UNIX concepts clearly, you could make Linux extremely secure, but that is beyond the knowledge of the majority of computer users out there. :-(

[Lael]

Windows; in particular its next version, which is codenamed Longhorn

Gates says that before the intro of every version of Windows.

I'm currently reading "Switching to the Mac" by Pogue, of "The Missing Manuals" series. My next machine WILL be a Mac!!

[af_vet_rr]

Let he who is without sin....

[FastCoyote]

What I don't get is why people don't realize the automated patching system will eventually cause the Mother of All Meltdowns. A couple possibilities exists. One is that someone spoofs the DNS servers and everyone downloads a crippling upgrade (I had a virus that spoofed my hosts file, got in through a hole in Internet Explorer). Another is that a very bad patch goes out - it's like you are recompiling your kernel once a month after all. And think of this, as long as longhorn is taking, that means they may be closing in on a half billion lines of code - imagine how many holes are likely in that mess.

[Izzy Dunne]

A high volume system like [Windows] that has been thoroughly tested will be by far the most secure,

You can't test-in security.
You can build-in security.

[Prodigal Son]

Linux and Mac are more secure because of superior design, not "because no one is attacking it".

Hmmm. I don't know. I don't think any system is 'secure'. The human body has a great immune system but it is by no means secure. If Apple had a 90% market share, virus writers would come up with a whole buttload of viruses for that platform. Same with Linux. If Linux ever overtakes Microsoft, I guarantee virus architects will find many very creative ways to infect those computers.

This is not to say that Windows is not weak on security, of course.

[GOP Jedi]

Gates also said Microsoft is looking at ways of developing email protocols so that a recipient can verify the sender of the email. "This is critical for security," he said, "and for getting rid of spam."

Longhorn creeps me out. I'm sure no government would ever abuse the ability to track e-mails back to such users as, say, pro-democracy leaders in China.

[Prodigal Son]

Bill Gates extolled the value of such attacks

That's as far as I got.

Hmmm. I see biological viruses as having value as well. Disease has always acted to weed out the weaker members of a species. In that context, his comments make a certain amount of sense.

[shadowman99]

The thing to remember is that most of these viruses are nothing of the sort. They are Trojans. They are in most cases trigered, knowingly or not, by the user of the Windows machine, often times during a session of Outlook.

Is is possible that a future e-mail trojan could target Linux machines? Yes. But one key difference is that if a normal user on a Linux machine executes a virus, he/she will hose their /home/user directory and files within. The user will not have File Permissions to write to or change global system files. Clearing the machine of the "virus" would mean deleting that user's home directory and if I had my way their account.

If the Root user were dumb enough to triger a trojan, that would be a different story. System files could be compromised because of that user's file privlages. And that Sysop should lose his job for being a dumbass.

[tiamat]

Go for it!

If you go Mac, you'll never go back!

Seriously, a computer is a TOOL, you ought not to be having to nurse-maid it constantly.

I LOVE my Mac! I know what I want, I tell it, it does it! GREAT!

Don't let people tell you that it's a "toy" or that "only gays and liberals" use them!

They are WONDERFUL machines! Not to be worshipped, they are tools to be used!

Tia

[aruanan]

"To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux.

Apple is secure because, unlike Microsoft OS, it isn't shipped already bent over with all ports held open to the wide, wide world.

[Codeflier]

I guess I'm one of the few that loves Linux and Microsoft because there is so much you can do behind the scenes with each so to speak. However, I despise MAC. The complete dumming down of computers as far as I'm concerned.

Also, there is a great deal more you can do with Linux and Microsoft than you can with MAC. I guess if you are not really into Networks and all you want to do is type a letter, browse the internet, and other such applications then MAC is fine. Just keep it off my network.

To me Linux is the most fun to play with, but to think it is without security holes is ludicrous. There have been many such holes in Linux. However, the Linux community deals with these in a better way than the Microsoft community by nature of its open source design.

[lelio]

Anyone else see the humor in Bill Gates talking about security after Bagle made the rounds and now Mydoom is flooding everyone's inbox?

[tiamat]

Ah, now see?

I don't do that. Don't program, don't tinker, don't network. .

I surf web, send e-mail , do some reaserch and play ( a LOT! ) of graphic-heavy games. I have FAR fewer headaches since I switched!

I have a friend who loves Linux.

Tia