Gates takes a side-swipe at Apple, Linux security

Gates takes a side-swipe at Apple, Linux security

Summary: As the MyDoom virus spread rapidly across the Internet on Monday, Bill Gates extolled the value of such attacks and warned against other operating systems' complacency

SHARE:
TOPICS: Security
48
Microsoft chief software architect Bill Gates took a side-swipe at rival operating systems on Monday, as he reiterated the importance of security for Windows; in particular its next version, which is codenamed Longhorn.

As the latest mass-mailing worm spread across the Internet on Monday, infecting many tens of thousands of Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on 1 February, Gates stressed the importance of security to his company's products, but said that competing vendors -- such as SCO -- were courting danger by sitting back.

"A high volume system like [Windows] that has been thoroughly tested will be by far the most secure," Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. "To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux.

Noting the large number of major virus epidemics during the past two years, Gates said that in some ways "hackers are good for maturation" of the platform, because they have forced the company to develop new inspection techniques for the code.

But patch management continues to be the largest headache, said Gates. "Everybody who had their software completely up to date [during the epidemics] was immune to those problems. But only 20 percent of our customers were, so obviously we weren’t doing enough." Part of the problem is with taxonomy, said Gates, such as making clear whether a patch is essential or just advised. Furthermore, patches are too large, and their regularity was not predictable. For instance, in December, Microsoft issued a patch through its Automatic Update service just one day after saying that it would issue no patches that month.

Gates said that "virtually all" Microsoft customers are now using automatic patching, but in the past even this has proved problematic. Last August, many companies were left open to a new virus because a flaw in the Windows Update service led them to believe -- wrongly -- that they were protected from MSBlast.

Microsoft software architect Chris Anderson, who is working on Longhorn, explained another problem with patches: "Today, virus writers don’t find holes," he said. "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours."

Gates also said Microsoft is looking at ways of developing email protocols so that a recipient can verify the sender of the email. "This is critical for security," he said, "and for getting rid of spam."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

48 comments
Log in or register to join the discussion
  • considering the fact that microsoft is the weak link in this equation, i.e it is used as the transport agent for the attack, one wonders what mr Gate's is on about. Microsoft's crust is all too readily cracked.
    anonymous
  • Ha mythos over logos Billy Gates. MS Windows is a bucket with holes. So now he wants to claim that it is becasue Windows has monopoly (he would call it market) hold that it is a bigger target... no it is becasue it is easier to hyjack jack-ass.
    anonymous
  • BS Bill! Mac OS X is inherently more secure than Windows. Security through obscurity is a myth. See for example:

    http://www.nytimes.com/2003/09/18/technology/circuits/18POGUE-EMAIL.html?ex=1075352400&en=1d2b3f94578e2bac&ei=5070
    anonymous
  • Once again, the naivet
    anonymous
  • Gates is right as usual. It's amazing how people's jealosy breeds such misplaced hatred. Did anyone stop to think that both parties might be right at the same time? It's obvious that Windows will be attacked more than other OSs with their paltry market share. Only a fool could deny a motive that strong. It's also obvious that Windows is not totally secure. Every new exploit will continue to show us that until they stop. That goes for Linux and OS X as well. As long as there are any unpatched vulnerabilities or those patches are not universally applied those platforms will never be totally secure. We'll start seeing how secure the press says Linux and OS X if they ever get any appreciable market share.
    anonymous
  • Jealous of Gates? Grow up, child.

    It takes a small mind, indeed, to think that jealousy is the prime motive for all the animosity Gates and MSFT have garnered over the years.
    anonymous
  • This is the greatest ball I ever listened to in my life. The fact that it came the very first day of MyDoom render it more ludicrous, if possible.

    That also clarify what users mean to Mr. Gates. This guys buy everything (even what's not supposed to be on sale), crush the competitors, make billions through monopoly and have the guts to talk.

    Last time I checked, Windows viruses caused problems that, in 2003 alone, amounted to 55 billion dollars. None of whom has been spent by Linux or MacOS users.
    anonymous
  • <<Gates said that in some ways "hackers are good for maturation" of the platform>>

    What a moron.

    That's like saying a high number of defects in automobiles is good for the maturation of the car model. It sucks for the consumer but it's an interesting data point for the manufacturer.

    "Hmm... looks like our Ford Pintos, when rear-ended, are prone to exploding. We should probably have someone take a closer look at that."
    anonymous
  • Microsoft applications and operating systems are designed from the beginning with more vulnerabilities.

    An example is when Microsoft first offered Active X as an answer to Java.

    Now, both Java and Active X have had their share of security problems, but Java was designed to provide a sand box from the beginning, so the only danger was someone finding a crack in the sand box walls, which has happened once or twice, and been patched fairly quickly.

    Active X, on the other hand, was designed in a completely different manner. The idea being that you would only run trusted code from trusted suppliers. So, the goal with Active X, from the hacker perspective, is to convince the computer that your code is trustworthy. Note that this provides a much larger area in which the hacker can then play.

    While security pundits pointed out how unweildy and dangerous this approach was, Microsoft scoffed and claimed it was just as safe as Java. Well, it isn't. Active X is responsible for a great deal of the security problems IE has.

    My point here, is that you design a system from the ground up with certain inherent philosophies guiding you. If security is a key sticking point, then you make it secure first, then add bells and whistles.

    If bells and whistles are the priority, you design those, and try to tack on some security later when you get a chance.

    Unix (MAC OS, BSD, Linux, Solaris, HPUX, AIX, and yes, even SCO unixware) products are designed first to be secure. Features are added after the basics of secure design are taken care of.

    Microsoft products are designed around an abundance of features, and real security is often little more than an afterthought.

    Anyone who buys Bill Gates' party line about windows being hacked more because it's popular may be interested in some beautiful water front property I have available in the middle of Florida, USA.
    anonymous
  • First off, I am not a Mac guy or Linux user. I am simply a frustrated PC user. A Windows PC user.

    Bill's comments are a disgrace. Why does Microsoft have such a hard time admitting their code is not as secure? They made decision as part of their .Net strategy to leave ports open? There are fundamental design issues with Windows.

    We would forgive them. Windows is built on technology for another time. We would understand. But the lying makes me not trust them with my valuable data.

    I have speculated for some time that the reason Longhorn has slipped so many years is not really new functionality--although there will be a lot. My take is they have to completely re-write Windows to fix the systemic flaws.

    I am tired of the culture and ethics that are Microsoft. I stayed with them through security holes and sneaky privacy moves.

    But after reading this article, I think it is time to get with the program and move on to something other than a MS product. Or at least explore the options.
    anonymous
  • I am guessing that Bill Gates uses the same Crack as Darl McBride !

    Anyway.. Microsoft software is more secure than linux/OSX... hmmm

    So remind me Mr Gates what OS did you hide behind during the melissa virus? Which platform for the last few years has spread virus' like wildfire, constant microsoft website user hacks?

    And if linux is so un-secure why hasn't anyone hacked google and had all 10,000 of their boxes doing DOS attacks on SCO/MS etc??

    How many microsoft webservers have been hacked and had peoples payment details stolen compared to linux servers?

    And I wish MS would stop harping on about people not upgrading to the latest patch all the time when they know perfectly well that people avoid installing MS patches straight away after they verify what the payload actually contains (DRM/Spyware/Other fixes that break systems etc...)
    anonymous
  • Why not have a "Cracker Showdown"?
    Let's challenge the best Hackers out there to crack each OS and see the result. This could be sponsored by Microsoft since they are so confident in their OS! I know where I would place my bets. C'mon Billy, impress us!!! NO?... Chicken!
    ;)
    anonymous
  • I think the FBI (USA Internal investigations for those not in the know) says it best:

    Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!

    Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.

    from:
    http://www.securityfocus.com/columnists/215

    (Mac's aren't that much more if you compare evenly. That's not the point, though. The point is Gates should be embarrassed by that comment aka FUD.)
    anonymous
  • This statement by Bill is a bit like someone on a ship ridden with holes saying they have the most sea worthy vessel.

    What a joke. I run OS X and don't even pay attention to the virus reports. Also, isn't SCO(the focus of the attacks from our latest virus) partially owned by Microsoft? Aren't the allegations of SCO code in Linux nothing more than another attack from Microsoft via a puppet?

    I would like to see the relationship between SCO and Microsoft investigated in the press.
    anonymous
  • Gates is using the sensible defensive strategy: go on the offensive. His claims can't be proven but make for a good distraction.

    The bottom line is that the e-mail virus problem on Windows hasn't been solved in how many years now? Eight?. So I don't see the progress that he is talking about.

    Hearing Bill one would think that no one works on anything else but Microsoft products. But the question remains: Which is the better model in defense against viruses: a closed proprietary
    system or an open one? I put my money on openness.
    anonymous
  • Gates understands the situation very well. How else could he ALWAYS be saying the exact opposite to truth?

    If Gates says Linux and Mac OSX are vulnerable, then they both can relax in the certain knowledge that they are essentially, invulnerable. Microsoft is no doubt doing everything they can to develop viruses for both these operating systems and if they or their partners had had any success doing so the viruses would be out there. Duplicitous behavior is, after all vintage Microsoft, in fact it's ALL they know. To the best of my knowledge OSX has NEVER had a virus and has been around for years. Linux smaller market share hasn't been so invulnerable but their virus count is tiny compared to the 1970's era sieve that Microsoft calls Windows.

    In Gates defense, he is in a very difficult position. Microsoft has an operating system that is absolutely obsolete and if they change it to something modern, useable and secure they will be just like all the other UNIX based operating systems and be unable to use their proprietary software monopoly to extort huge piles of cash from users. They also would have NO unique (proprietary) application base and therefor would be bankrupt in a matter of months. They simply have, NO LEGITIMATE options to maintain their monopoly. Even Microsoft knows their loosing customers so to address this, they will make another lame proprietary attempt to close some holes with Longhorn at the users expense of course by increasing Microsoft's virtual access to everything on your computer. Nothing will be allowed to run without their blessing. Experts feel Longhorn may be USABLE by 2010 if it stays on schedule. Are we prepared for five more years in this hell we live in? Longhorn will of course set up yet another round of forced upgrades to all applications and the money taps are once again wide open and flowing mountains of cash. History repeats and we all swallow the Microsoft LIE whole, one more time. If they were capable of anything superior to absolute crapware we would have seen it LONG ago. Look at Apple they made the operating system transition flawlessly by all accounts, in just a few years, this simply is outside Microsoft's capability. In order to keep all current customers all software transitions must take decades or they risk loosing a customer to something that already works, not some fictional future date when all will, miraculously be wonderful and work too, this time, really.

    Currently Windows has nearly a virtual lock on viruses that cost us each the purchase cost of our computer each year and thats just down time. Add to that the virtual certainty that we will each loose all our data each year on average and have to reinstall everything once twice or more each year. One begins to question the sanity of using anything Microsoft. NO other operating system endures this sort of perpetual rape of the customer base, so why do we continually put up with it? Is the certainty of being screwed by Microsoft better than, the uncertainty of changing to something that actually works, is secure and respects people's privacy? It seems insane doesn't it? Microsoft spends BILLIONS of our extorted money each year on FUD to keep us in mortal fear of this change. Microsoft's life literally depends on our stupidity, vulnerability and fear! Fortunately for humanity the shift from blind stupidity has started, so wake up a brother or two if you've come to your senses and if not, open your mind and realize that the years of FUD are simply lies to keep us captive SLAVES to Microsoft!
    anonymous
  • Security through obscurity - that old saw has been put to bed. It isn't true. OS X and Linux are more secure becuase of design! Not becuase of obscurity - which may play a part, but it's not close to the whole story.

    Windows out of the box is much less secure. The facts speak for themselves. I have yet to get a virus in four years!
    anonymous
  • Windows is fundamentally flawed code and Gates knows this. If he wants to fix it, he'll do what Apple did, put a Windows GUI on a stable (Unix or Linux) system.
    anonymous
  • An apt analogy might be the quarterback, who, after being sacked repeatedly and suffering numerous concussions because of a consistently faulty defense, still believes that his team will ultimately get better as a result of the abuse thrust upon his team.

    Sooner or later, the coaching will have to be replaced. And, the quarterback had better quit before irreparable damage is done as a result of numerous concussions.

    If windows didn't have such an overwhelming advertising presence (which is probably the only excellent component here) I believe the public would understand that there are several far more functional and secure options to use. There is a world beyond Bill Gates
    anonymous
  • There is, indeed, a world beyond Gates and Windows. I, for one, didn't even receive ONE spam email; nothing with any attachments ... nada. My sympathies to those who live with the patchmeister.

    A close buddy, within two days of getting his HP after he had to junk his one-year old compatible, had his browser affected by some porn-oriented macro that filled his history with unsavory sites.

    In trying to be too clever with their products, Microsoft has consistently delivered inferior products. It's the result of having too much money and staff with nowhere to go; a monopolist's disease. The Mac sites will go to town on the idea that the attacks makes Windows more secure.
    anonymous