Biometrics

> > http://www.microsoft.com/protect/yourself/password/checker.mspx

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:175E7266-E50E-40A2-BE3C-305165779621@microsoft.com...

> > Thank you, Steve. I appreciate your feedback. Another problem we face in

> > computing today is the industry is not fully backing tougher security and

> > safety protocols. An example of this is the American Express website

> > which

> > will only allow me to input a password that is less than optimal according

> > to

> > Microsoft's password checker. Microsoft is doing their part in many ways

> > but

> > the rest of the industry must catch up.

> >

> >

> > It is critical in this day and age to have alternatives to just the main

> > Windows operating system that includes Internet Explorer. I am very

> > pleased

> > with Microsoft and their technologies so I will continue to use them

> > frequently. However, as a power user, I am very pleased that users have

> > alternatives such as Mozilla Firefox as an option and it does indeed

> > remain

> > for use with Windows 98 Second Edition at least until December 2008

> > because

> > that is when Mozilla Firefox 2.x support is scheduled to end.

> >

> > http://en.wikipedia.org/wiki/Mozilla_Firefox

> >

> > This is most unfortunate in my view since the 9x source code has definite

> > advantages over the NT business line of source code. 9x computers were

> > meant

> > as stand-a-lone machines and thus are great for consumers who do not need

> > or

> > want the ability to have others tinker with their machines. The many

> > services provided in XP allow for their to many greater points of access

> > to a

> > fully patched XP machine than a fully patched 98 Second Edition machine

> > using

> > Mozilla Firefox compared to Internet Explorer since Internet Explorer

> > patches

> > for Windows 98 Second Edition ended July 11, 2006. The NT source code is

> > at

> > risk as can be seen by the postings of US-Cert which is the computer

> > readiness team and part of the Department of Homeland Security.

> >

> > http://www.us-cert.gov/cas/bulletins/SB08-196.html

> >

> > Microsoft -- windows-nt

> >

> > Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, XP SP2 and

> > SP3, and Server 2003 SP1 and SP2 allows remote attackers to conduct cache

> > poisoning attacks via unknown vectors, aka "DNS Cache Poisoning

> > Vulnerability," a different vulnerability than CVE-2008-1447.

> >

> > unknown

> > 2008-07-08

> > 9.4 CVE-2008-1454 MS

> >

> > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454

> >

> > http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

> >

> > I know a fair amount about computer security and safety and helped beta

> > test

> > Windows Vista Ultimate 32 bit edition for Microsoft as a volunteer. I got

> > the DVD with the ISO image from a friend named Jeff who was a systems

> > engineer and also testing Vista for Microsoft and then got approval from

> > Microsoft to test it and inputed the given product key that Microsoft gave

> > me

> > for the evaluation version. The problem is that Microsoft has only one

> > line

> > of code and that makes it that much easier for hackers to target many

> > machines and take them over.

> >

> > With Windows 98 Second Edition, a single machine might have been

> > compromised

> > but not the whole network. I have had problems with a workplace that I

> > recently worked at that stupidly switched to all XP machines and did not

> > leave any 98 Second Edition machines in place and that included my own

> > Windows 98 Second Edition machine there. That was a huge mistake that I

> > don't think the business will repeat. With the 98SE machine, I knew and I

> > was right that my machine would be very unlikely to be hacked compared to

> > the

> > compromised machines of the NT (XP Professional) in this case. The

> > incident

> > happened in the summer of 2007. I will give you more details via secure

> > email if you like.

> >

> > I have read in a book about Microsoft that early system engineers

> > complained

> > that NT did not have a true maintenance operating system like DOS. Chris

> > Quirke, MVP. has a good article about the safety and security concerns.

> > Windows 9x is safe at its core compared to Windows NT line which includes

> > 2000, XP and Vista of course. There was also a rumor a while back that

> > parts

> > of the NT source code were leaked over the Internet compared to the 9x

> > source

> > code which was never leaked over the Internet, AFAIK.

> >

> > http://cquirke.blogspot.com/

> >

> > (Note: Chris Quirke's 9x website talks about the 9x compared to NT

> > security

> > and safety discussion)

> >

> > There is also Unix/Linux technologies and I have played around a little

> > bit

> > with Ubuntu Linux but I am in no way proficient with it and have only read

> > a

> > small portion of a big book about Ubuntu Linux.

> >

> > Finally, my question to you is that I know about the economics and how

> > costly it would be for Microsoft to continue the 9x line or even overall

> > it

> > to make it usable in today's environment but wouldn't the economic cost be

> > worth the great reward. I have friends of mine at summer camp who are

> > planning mainly on building 98 Second Edition machines just for the

> > ability

> > to play older games and secondly because these friends feel as I do about

> > how

> > it is harder to hack into a 9x machine with the proper safeguards applied

> > such as a wired router that has the wireless broadcast signal turned off

> > so

> > as not to attract unwanted or uneeded attention from hackers.

> >

> > If Microsoft will not develop the 9x source code then at least sell it to

> > the United States Military so that the Defense Department can more fully

> > protect their military infrastructure from external threats and even

> > better

> > from potential internal threats from their network of computers from a

> > potential spy. The possibilities for 9x are endless and so please I ask

> > you

> > as a professional to have Microsoft sell 9x kernel unless Microsoft is

> > willing which I think would be a smart business move to invest money in

> > the

> > another Windows 9x that would not subtract features such as easy access to

> > DOS and ideally the ability to play old classic games like Windows

> > Millennium

> > (ME) did.

> >

> > I am a gamer who is a Generation X'er who got his start on an IBM PCjr

> > playing King's Quest 1 on a 5.25 inch floppy disk that was made by Sierra

> > On

> > Line and had 16 colors and the speaker on the machine supported 3 sounds

> > at

> > once which was cool. The game had 128 kilobytes on one disk and how is

> > that

> > for compression despite the obvious limitations compared to today's games.

> > I

> > still have this machine in storage and it still works! The interesting

> > thing

> > is that a poster to Game Informer which I read posted about how he was 17

> > and

> > liked older classic games and his friends made fun of him for it and his

> > first name was Daniel too. <grin>

> >

> > I also enjoy reading PC World, 2600 which is a hacker magazine (I must

> > keep

> > up to prevent hackers from compromising all of us), and other computer and

> > network books. I took several computer classes in college and who knows I

> > may go back and get another undergraduate degree but this time in computer

> > science. I know that a dream will allow a little guy like me change the

> > world despite all the challenges life has thrown at me. Please feel free

> > to

> > contact me by email or I can contact you by email. My email address is

> > with

> > Microsoft and on their records. I can also give you an srx number on a

> > recent case with Microsoft if you need to confirm my identity. Thanks

> > again

> > for all you do, Steve and Go Microsoft!

> >

> > "Steve Riley [MSFT]" wrote:

> >

> >> Biometrics can never replace passwords, because they aren't secrets.

> >>

> >> It's me, and here's my proof: why identity and authentication must remain

> >> distinct

> >> http://technet.microsoft.com/en-us/library/cc512578(TechNet.10).aspx

> >>

> >> --

> >> Steve Riley

http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

> >>

> >> "Dan" <Dan@discussions.microsoft.com> wrote in message

> >> news:774EE7CB-CA2B-4E7B-82CD-20D2B56C04B4@microsoft.com...

> >> > Bingo! You solved the issue and yes it is one of those cheap

> >> > fingerprint

> >> > scanners where you just swipe your finger so it must have already had

> >> > the

> >> > image of my fingerprint on the scanner. It sounds like someone would

> >> > need

> >> > to

> >> > clean the fingerprint scanner each time and it does indeed seem very

> >> > easy

> >> > to

> >> > fool. So much for the security of Biometrics at least cheap Biometric

> >> > devices

> >> >

> >> > "Juergen Nieveler" wrote:

> >> >

> >> >> Dan <Dan@discussions.microsoft.com> wrote:

> >> >>

> >> >> > How secure and safe is biometric technology? The reason I bring

> >> >> > this

> >> >> > up is because I was able to log in using my finger with a band-aid

> >> >> > attached and this definitely makes me question the security and

> >> >> > safety

> >> >> > of biometric technology at least as far as laptops go. I imagine

> >> >> > there probably is lots of articles on this already but I wanted the

> >> >> > opinions of this newsgroup. Thanks in advance for the replies.

> >> >>

> >> >> If this was one of those fingerprint readers where you simply put your

> >> >> finger on (as opposed to those where you rub your finger along the

> >> >> contact plate in a swipe motion), chances are that the camera inside

> >> >> picked up the latent fingerprint that was still on the glass - this is

> >> >> a common vulnerability of those cheap camera-based readers. All they

> >> >> do

> >> >> is notice "Oh, something is pushing on the glass, and I recognise the

> >> >> pattern" - if the person who last used it had greasy fingers, the

> >> >> fingerprint would still be on the glass, so putting something on the

> >> >> glass that doesn't have OTHER fingerprints will force the camera to

> >> >> use

> >> >> the weak fingerprint image still visible to it...

> >> >>

> >> >> The swipe-type readers are safer in that there can't be an image left

> >> >> on the reader... but many of them still can be fooled by a fake

> >> >> fingerprint made by taking the fingerprint off something somebody

> >> >> touched (lots of how-to's available for that...).

> >> >>

> >> >> Juergen Nieveler

> >> >> --

> >> >> A feature is a bug with seniority.

> >> >>

July 22, 2008

No <smile>

"Root Kit" wrote:

> On Mon, 21 Jul 2008 11:31:00 -0700, Dan

> <Dan@discussions.microsoft.com> wrote:

>

> >Right, Bye

>

> Promise?

>

July 22, 2008

A standalone telephone certainly is secure, and keeps its users safe. For

such a phone will never receive or transmit unwanted conversations, and the

users of such phones will never be bothered with advertisements, thoughts

that challenge their perceptions, or interesting and surprising

opportunities.

A standalone computer certainly is secure, and keeps its users safe. For

such a computer will never receive or transmit unwanted software, and the

users of such computers will never be bothered with advertisements, thoughts

that challenge their perceptions, or interesting and surprising

opportunities.

No risk = no reward.

The value of a networked system increases as the square of the number of

elements in that system. A single system has a value of 1^2=1 a two-element

network has a value of 2^2=4 a three element network has a value of 3^2=9

and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May

2007: http://www.forbes.com/forbes/2007/0507/052.html.)

Chris's distinction between the Internet and "a network" (presumably

private, for Chris doesn't specify) isn't useful today. The network effect

is clearly evident on the Internet I'd argue that in a private network, the

network effect is diminished. Why else would we all be rushing headlong into

the eventual recognition that private corpnets truly belong on the Internet,

and that continuing to make the distinction means a loss of real business

value? (Scott Charney, "Creating a more trusted Internet,"

Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

I quote our own materials here as evidence of the demand from

forward-thinking customers that the industry envision new practices and

develop new technologies that allow for the full realization of the network

effect. Chris's argument that per-user security "creates artificial scopes"

doesn't reflect reality. On the contrary, _stronger_ per-user (and

per-machine) identity and authentication are critical for allowing the

network effect to flourish. Indeed, the lack of strong identity and

authentication has been a hindrance, and that's why you see technologies

like smart cards and TPM chips becoming more common. When we reach the point

where all communications are in the context of validated identities, carried

in transactions with integrity and confidentiality protection, between

endpoints that mutually authenticate their identities and their

configurations, then who cares whether the underlying network is trusted or

not?

--

Steve Riley

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:64852B3D-D174-4D66-8F12-36323BC788D2@microsoft.com...

> Courtesy of Chris Quirke, requesting his feedback be copied and copied due

> to

> his inability to view this post. From Chris Quirke posted via Windows

> Live

> Mail (aka Hotmail)

>

> -------------------------------------------------------------------------------

>

> I can't find the thread, but you could paste from this reply if you

> like...

>

> In summary because 9x was designed as a stand-alone rather than

> network client OS, it is indeed potentially safer than NT. But the code

> base is too outdated to deal with modern hardware, and what makes it

> safer as a stand-alone OS, also makes it less secure as a network OS.

>

> As pro-IT folks will point out 9x has no effective per-user security, as

> NT on NTFS can provide. Server-centric networks need this security

> to work, to manage users (rather than PCs) and to create artificial

> scopes in a pervasively networked environment.

>

> The underlying technologies of this security could be more useful for

> consumers, if freed from the user-centric mindset that pervades pro-IT.

>

> If you were to align these technologies according to code, and to

> maintain scopes between data vs. code, local vs. remote, etc. then

> they could play a meaningful role in keeping stand-alone consumer

> PCs safe from web and malware attack.

>

> But as long as the design is based on user accounts and logon,

> with the ASSumption that all code running during the user's session

> represents the will and intentions of the user who logged in, we aren't

> going to get anywhere. As long as all code within even the most

> limited of user accounts giving all code the right to see, change and

> destroy user data, this system won't protect user's interests.

>

> As long as the Internet is treated as a big network, safety failures

> will abound. The core difference between Internet and networking

> is that the former requires interaction between untrusted parties

> that is in fact the standard interaction in that environment.

>

> It's not helpful to prove a stranger has a particular name, if you have

> no template of expectations for that proven identity. Only when a

> proven identity can be matched with such expectations, do you

> shift into networking between trusted entities.

>

> Instead, you need to limit the potential impact of interactions - and

> that boils down to the distinction between data that is safe to view

> or edit, vs. code that is dangerous to run.

>

> Pro-IT could not tolerate the inability to scope between users, via

> NT's user rights security. As Internet consumers, we need a similar

> ability to scope between data safety and code risk.

>

> Both scopes are artificial just as there's no hard line between users,

> so it is argued there is no hard line between data and code. However,

> just as pro-IT strives to create an artificial line between users, so we

> should strive to create and maintain a line between data and code.

>

> ------------------------------------------------------------------------------

>

> "Steve Riley [MSFT]" wrote:

>

>> Dan, I recommend you rethink your logic.

>>

>> The Windows 3.1/9x code was designed and written in an entirely different

>> age -- one in which TCP/IP was not the standard networking protocol, one

>> in

>> which indeed networks were rare, and one in which everyone (we and our

>> customers) assumed that only good guys used computers.

>>

>> The world no longer lives in that age. If you take any kind of system

>> (operating system, engineering system, whatever) and place it in an

>> environment that is wildly different than the original assumptions, that

>> system will fail catastrophically. There is simply no way we can retrofit

>> that very old code to function correctly in today's world of intentional

>> attacks.

>>

>> I'm not exactly sure how you can make the statement that "a 9x machine

>> with

>> the proper safeguards such as a wired router that has wireless broadcast

>> signal turned off" is more secure than XP or Vista. Firstly, an XP or

>> Vista

>> box behind such a router would be equally "safe" from attack. Secondly,

>> disabling SSID broadcast in reality does not accord you any security --

>> see

>> my article here:

>> http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.

>>

>> You quote a specific vulnerability below, about DNS, and you then make

>> the

>> argument that this is a reason the military should be using 9x instead of

>> XP/Vista. How does that follow? How do you know that 9x doesn't have the

>> same vulnerability? No one can know, because we don't test 9x anymore.

>> It's

>> simply too old.

>>

>> And you mention our password checker. Actually, I think its

>> recommendations

>> aren't strong enough, and I'm working with the folks who own that feature

>> to

>> improve its strength.

>>

>> --

>> Steve Riley

http://www.kb.cert.org/vuls/id/800113

July 22, 2008

I see your point Steve but US-Cert maintains that all NT source code is

vulnerable thus my point being valid about having 98 Second Edition machines

within a network for internal safety reasons and potentially to act as

gateways. How can we allow our military and top secrets to be leaked.

Please see the United States Computer Readiness Team at the Department of

Homeland Security and so you can see how I am getting at the true value of a

source code that is flexible enough to offer external security, internal

safety, and more. Thus we have a source code matrix as presented below. I

am not skilled enough to write the code for this yet but I bet Microsoft and

others are.

--------------------------------------------------------------------------

NT= New Technology --- outer defense network

9x = Internal Safety --- based upon DOS as maintenance operating system --

lacking in XP and Vista --- no true maintenance operating system according to

Chris Quirke, MVP --- Vista is indeed great on security issues but still

lacks in compatibility as the FAA has mentioned only using Windows 2000

(which I like as well --- totally old-school reminds me of Windows 98 Second

Edition) as well XP machines (which are good but too vulnerable in this day

and age due to the large surface area created by too many services and not

having strong enough default settings within Internet Explorer -- another

reason to separate the browser from Windows like the Justice Department

mentioned rightly in the 1998 case although Apple should be investigated now

for the practice of tying Quick time with Itunes and I feel this practice of

tying software must be banned for safety and security reasons in the future.)

Unix/Linux/Mozilla/etc. --- third party programs and open source

technologies mingling as one with closed proprietary software which is

protected by IP. Thank you for continuing this discussion.

-------------------------------------------from us

cert------------------------

Vulnerability Note VU#800113

Multiple DNS implementations vulnerable to cache poisoning

Overview

Deficiencies in the DNS protocol and common DNS implementations facilitate

DNS cache poisoning attacks.

http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x

vulnerable)

http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether vulnerable)

I am sure you know see that 3 dans --- 2 on that website and myself another

Dan have helped bring this issue to light about how critical it is --- kind

of boggles the mind doesn't it ---- good reason to bring 98 Second Edition

and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is

the only one that has the resources to do this and the whole world now needs

your help -- Thank You for seeing the Light of our current situation within

the Defense Network.

----------------------------------------------------------------------------

"Steve Riley [MSFT]" wrote:

> A standalone telephone certainly is secure, and keeps its users safe. For

> such a phone will never receive or transmit unwanted conversations, and the

> users of such phones will never be bothered with advertisements, thoughts

> that challenge their perceptions, or interesting and surprising

> opportunities.

>

> A standalone computer certainly is secure, and keeps its users safe. For

> such a computer will never receive or transmit unwanted software, and the

> users of such computers will never be bothered with advertisements, thoughts

> that challenge their perceptions, or interesting and surprising

> opportunities.

>

> No risk = no reward.

>

> The value of a networked system increases as the square of the number of

> elements in that system. A single system has a value of 1^2=1 a two-element

> network has a value of 2^2=4 a three element network has a value of 3^2=9

> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May

> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)

>

> Chris's distinction between the Internet and "a network" (presumably

> private, for Chris doesn't specify) isn't useful today. The network effect

> is clearly evident on the Internet I'd argue that in a private network, the

> network effect is diminished. Why else would we all be rushing headlong into

> the eventual recognition that private corpnets truly belong on the Internet,

> and that continuing to make the distinction means a loss of real business

> value? (Scott Charney, "Creating a more trusted Internet,"

> http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

> http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

>

> I quote our own materials here as evidence of the demand from

> forward-thinking customers that the industry envision new practices and

> develop new technologies that allow for the full realization of the network

> effect. Chris's argument that per-user security "creates artificial scopes"

> doesn't reflect reality. On the contrary, _stronger_ per-user (and

> per-machine) identity and authentication are critical for allowing the

> network effect to flourish. Indeed, the lack of strong identity and

> authentication has been a hindrance, and that's why you see technologies

> like smart cards and TPM chips becoming more common. When we reach the point

> where all communications are in the context of validated identities, carried

> in transactions with integrity and confidentiality protection, between

> endpoints that mutually authenticate their identities and their

> configurations, then who cares whether the underlying network is trusted or

> not?

>

> --

> Steve Riley

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:64852B3D-D174-4D66-8F12-36323BC788D2@microsoft.com...

> > Courtesy of Chris Quirke, requesting his feedback be copied and copied due

> > to

> > his inability to view this post. From Chris Quirke posted via Windows

> > Live

> > Mail (aka Hotmail)

> >

> > -------------------------------------------------------------------------------

> >

> > I can't find the thread, but you could paste from this reply if you

> > like...

> >

> > In summary because 9x was designed as a stand-alone rather than

> > network client OS, it is indeed potentially safer than NT. But the code

> > base is too outdated to deal with modern hardware, and what makes it

> > safer as a stand-alone OS, also makes it less secure as a network OS.

> >

> > As pro-IT folks will point out 9x has no effective per-user security, as

> > NT on NTFS can provide. Server-centric networks need this security

> > to work, to manage users (rather than PCs) and to create artificial

> > scopes in a pervasively networked environment.

> >

> > The underlying technologies of this security could be more useful for

> > consumers, if freed from the user-centric mindset that pervades pro-IT.

> >

> > If you were to align these technologies according to code, and to

> > maintain scopes between data vs. code, local vs. remote, etc. then

> > they could play a meaningful role in keeping stand-alone consumer

> > PCs safe from web and malware attack.

> >

> > But as long as the design is based on user accounts and logon,

> > with the ASSumption that all code running during the user's session

> > represents the will and intentions of the user who logged in, we aren't

> > going to get anywhere. As long as all code within even the most

> > limited of user accounts giving all code the right to see, change and

> > destroy user data, this system won't protect user's interests.

> >

> > As long as the Internet is treated as a big network, safety failures

> > will abound. The core difference between Internet and networking

> > is that the former requires interaction between untrusted parties

> > that is in fact the standard interaction in that environment.

> >

> > It's not helpful to prove a stranger has a particular name, if you have

> > no template of expectations for that proven identity. Only when a

> > proven identity can be matched with such expectations, do you

> > shift into networking between trusted entities.

> >

> > Instead, you need to limit the potential impact of interactions - and

> > that boils down to the distinction between data that is safe to view

> > or edit, vs. code that is dangerous to run.

> >

> > Pro-IT could not tolerate the inability to scope between users, via

> > NT's user rights security. As Internet consumers, we need a similar

> > ability to scope between data safety and code risk.

> >

> > Both scopes are artificial just as there's no hard line between users,

> > so it is argued there is no hard line between data and code. However,

> > just as pro-IT strives to create an artificial line between users, so we

> > should strive to create and maintain a line between data and code.

> >

> > ------------------------------------------------------------------------------

> >

> > "Steve Riley [MSFT]" wrote:

> >

> >> Dan, I recommend you rethink your logic.

> >>

> >> The Windows 3.1/9x code was designed and written in an entirely different

> >> age -- one in which TCP/IP was not the standard networking protocol, one

> >> in

> >> which indeed networks were rare, and one in which everyone (we and our

> >> customers) assumed that only good guys used computers.

> >>

> >> The world no longer lives in that age. If you take any kind of system

> >> (operating system, engineering system, whatever) and place it in an

> >> environment that is wildly different than the original assumptions, that

> >> system will fail catastrophically. There is simply no way we can retrofit

> >> that very old code to function correctly in today's world of intentional

> >> attacks.

> >>

> >> I'm not exactly sure how you can make the statement that "a 9x machine

> >> with

> >> the proper safeguards such as a wired router that has wireless broadcast

> >> signal turned off" is more secure than XP or Vista. Firstly, an XP or

> >> Vista

> >> box behind such a router would be equally "safe" from attack. Secondly,

> >> disabling SSID broadcast in reality does not accord you any security --

> >> see

> >> my article here:

> >> http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.

> >>

> >> You quote a specific vulnerability below, about DNS, and you then make

> >> the

> >> argument that this is a reason the military should be using 9x instead of

> >> XP/Vista. How does that follow? How do you know that 9x doesn't have the

> >> same vulnerability? No one can know, because we don't test 9x anymore.

> >> It's

> >> simply too old.

> >>

> >> And you mention our password checker. Actually, I think its

> >> recommendations

> >> aren't strong enough, and I'm working with the folks who own that feature

> >> to

> >> improve its strength.

> >>

> >> --

> >> Steve Riley

>

July 22, 2008

You are asserting that one single vulnerability allows "military and top

secrets to be leaked" and thus requires the use of some other operating

system. You simply cannot make this assertion, for two reasons.

1. NO ONE KNOWS whether your suggested operating system has the same

vulnerability.

2. ALL software has vulnerabilities, many of which allow attackers to take

control of a system. Establishing good security practices (patch when we

release, install only the services you need, apply the principle of least

privilege to data, and so on) is MORE important than the particular piece of

technology you've chosen to deploy. And the older the software is, the more

difficult it is to manage and the more likely it is to get attacked --

because older software was not written to be centrally-managed (no group

policy and no machine identity in 9x, for instance) and was not written with

resiliency in mind.

And this talk of "internal safety" regarding 9x is really nonsensical. Vista

and even XP+SP3 are FAR more difficult to attack than 9x was. We at

Microsoft have the benefit of about 10 years of historical data from Watson

reports (online crash analysis, Windows error reporting). We can divine a

lot of information about attacks from this data. Whereas in the past most

attacks were targeted at the operating system, this is no longer true. The

majority of crashes we see now come from third-party software installed on

the box. And in this case, crashes are good: various features in the

operating system (DEP, ASLR, SRP, and more) have detected that something

malicious is happening, and stop it before the attack succeeds. You could

never do that with an OS as simple as 9x.

--

Steve Riley

> http://www.kb.cert.org/vuls/id/800113

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...

> I see your point Steve but US-Cert maintains that all NT source code is

> vulnerable thus my point being valid about having 98 Second Edition

> machines

> within a network for internal safety reasons and potentially to act as

> gateways. How can we allow our military and top secrets to be leaked.

> Please see the United States Computer Readiness Team at the Department of

> Homeland Security and so you can see how I am getting at the true value of

> a

> source code that is flexible enough to offer external security, internal

> safety, and more. Thus we have a source code matrix as presented below.

> I

> am not skilled enough to write the code for this yet but I bet Microsoft

> and

> others are.

>

> --------------------------------------------------------------------------

>

> NT= New Technology --- outer defense network

>

> 9x = Internal Safety --- based upon DOS as maintenance operating system --

> lacking in XP and Vista --- no true maintenance operating system according

> to

> Chris Quirke, MVP --- Vista is indeed great on security issues but still

> lacks in compatibility as the FAA has mentioned only using Windows 2000

> (which I like as well --- totally old-school reminds me of Windows 98

> Second

> Edition) as well XP machines (which are good but too vulnerable in this

> day

> and age due to the large surface area created by too many services and not

> having strong enough default settings within Internet Explorer -- another

> reason to separate the browser from Windows like the Justice Department

> mentioned rightly in the 1998 case although Apple should be investigated

> now

> for the practice of tying Quick time with Itunes and I feel this practice

> of

> tying software must be banned for safety and security reasons in the

> future.)

>

> Unix/Linux/Mozilla/etc. --- third party programs and open source

> technologies mingling as one with closed proprietary software which is

> protected by IP. Thank you for continuing this discussion.

>

> -------------------------------------------from us

> cert------------------------

>

> Vulnerability Note VU#800113

> Multiple DNS implementations vulnerable to cache poisoning

> Overview

> Deficiencies in the DNS protocol and common DNS implementations facilitate

> DNS cache poisoning attacks.

>

>

> http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x

> vulnerable)

>

> http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

>

> http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether

> vulnerable)

>

> I am sure you know see that 3 dans --- 2 on that website and myself

> another

> Dan have helped bring this issue to light about how critical it is ---

> kind

> of boggles the mind doesn't it ---- good reason to bring 98 Second Edition

> and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is

> the only one that has the resources to do this and the whole world now

> needs

> your help -- Thank You for seeing the Light of our current situation

> within

> the Defense Network.

>

> ----------------------------------------------------------------------------

>

> "Steve Riley [MSFT]" wrote:

>

>> A standalone telephone certainly is secure, and keeps its users safe. For

>> such a phone will never receive or transmit unwanted conversations, and

>> the

>> users of such phones will never be bothered with advertisements, thoughts

>> that challenge their perceptions, or interesting and surprising

>> opportunities.

>>

>> A standalone computer certainly is secure, and keeps its users safe. For

>> such a computer will never receive or transmit unwanted software, and the

>> users of such computers will never be bothered with advertisements,

>> thoughts

>> that challenge their perceptions, or interesting and surprising

>> opportunities.

>>

>> No risk = no reward.

>>

>> The value of a networked system increases as the square of the number of

>> elements in that system. A single system has a value of 1^2=1 a

>> two-element

>> network has a value of 2^2=4 a three element network has a value of

>> 3^2=9

>> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May

>> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)

>>

>> Chris's distinction between the Internet and "a network" (presumably

>> private, for Chris doesn't specify) isn't useful today. The network

>> effect

>> is clearly evident on the Internet I'd argue that in a private network,

>> the

>> network effect is diminished. Why else would we all be rushing headlong

>> into

>> the eventual recognition that private corpnets truly belong on the

>> Internet,

>> and that continuing to make the distinction means a loss of real business

>> value? (Scott Charney, "Creating a more trusted Internet,"

>> http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

>> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

>> http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

>>

>> I quote our own materials here as evidence of the demand from

>> forward-thinking customers that the industry envision new practices and

>> develop new technologies that allow for the full realization of the

>> network

>> effect. Chris's argument that per-user security "creates artificial

>> scopes"

>> doesn't reflect reality. On the contrary, _stronger_ per-user (and

>> per-machine) identity and authentication are critical for allowing the

>> network effect to flourish. Indeed, the lack of strong identity and

>> authentication has been a hindrance, and that's why you see technologies

>> like smart cards and TPM chips becoming more common. When we reach the

>> point

>> where all communications are in the context of validated identities,

>> carried

>> in transactions with integrity and confidentiality protection, between

>> endpoints that mutually authenticate their identities and their

>> configurations, then who cares whether the underlying network is trusted

>> or

>> not?

>>

>> --

>> Steve Riley

http://www.aumha.org/win4/a/resource.php

>>

July 22, 2008

1. True

2. That is true but XP and even Vista are totally focused on external

security. Can Microsoft remotely work on a Microsoft Windows 98 Second

Edition computer via India like Microsoft can work on a Windows XP

Professional computer? Microsoft has done remote access work on the XP side

of my dual-boot computer which is in NTFS. My computer has a Western Digital

Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP

Professional.

3. I have tried out Ubuntu Linux within a Windows environment within XP

Professional. I have run Windows Virtual PC 2007 within Windows XP

Professional. It is great but it does not fully meet my needs as a consumer.

Consumers want to play games. My friend Chris from camp is going to build a

98 Second Edition computer with my old motherboard. He wants to play old dos

games that he enjoys. The nice thing about 98 Second Edition is that you can

exit to MS-DOS mode. This allows gamers to play games. It is all in the

Microsoft articles about compatibility.

http://support.microsoft.com/?kbid=146418

---------------------------------------------------------------------------------

"Steve Riley [MSFT]" wrote:

> You are asserting that one single vulnerability allows "military and top

> secrets to be leaked" and thus requires the use of some other operating

> system. You simply cannot make this assertion, for two reasons.

>

> 1. NO ONE KNOWS whether your suggested operating system has the same

> vulnerability.

>

> 2. ALL software has vulnerabilities, many of which allow attackers to take

> control of a system. Establishing good security practices (patch when we

> release, install only the services you need, apply the principle of least

> privilege to data, and so on) is MORE important than the particular piece of

> technology you've chosen to deploy. And the older the software is, the more

> difficult it is to manage and the more likely it is to get attacked --

> because older software was not written to be centrally-managed (no group

> policy and no machine identity in 9x, for instance) and was not written with

> resiliency in mind.

>

> And this talk of "internal safety" regarding 9x is really nonsensical. Vista

> and even XP+SP3 are FAR more difficult to attack than 9x was. We at

> Microsoft have the benefit of about 10 years of historical data from Watson

> reports (online crash analysis, Windows error reporting). We can divine a

> lot of information about attacks from this data. Whereas in the past most

> attacks were targeted at the operating system, this is no longer true. The

> majority of crashes we see now come from third-party software installed on

> the box. And in this case, crashes are good: various features in the

> operating system (DEP, ASLR, SRP, and more) have detected that something

> malicious is happening, and stop it before the attack succeeds. You could

> never do that with an OS as simple as 9x.

>

> --

> Steve Riley

> > http://www.kb.cert.org/vuls/id/800113

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...

> > I see your point Steve but US-Cert maintains that all NT source code is

> > vulnerable thus my point being valid about having 98 Second Edition

> > machines

> > within a network for internal safety reasons and potentially to act as

> > gateways. How can we allow our military and top secrets to be leaked.

> > Please see the United States Computer Readiness Team at the Department of

> > Homeland Security and so you can see how I am getting at the true value of

> > a

> > source code that is flexible enough to offer external security, internal

> > safety, and more. Thus we have a source code matrix as presented below.

> > I

> > am not skilled enough to write the code for this yet but I bet Microsoft

> > and

> > others are.

> >

> > --------------------------------------------------------------------------

> >

> > NT= New Technology --- outer defense network

> >

> > 9x = Internal Safety --- based upon DOS as maintenance operating system --

> > lacking in XP and Vista --- no true maintenance operating system according

> > to

> > Chris Quirke, MVP --- Vista is indeed great on security issues but still

> > lacks in compatibility as the FAA has mentioned only using Windows 2000

> > (which I like as well --- totally old-school reminds me of Windows 98

> > Second

> > Edition) as well XP machines (which are good but too vulnerable in this

> > day

> > and age due to the large surface area created by too many services and not

> > having strong enough default settings within Internet Explorer -- another

> > reason to separate the browser from Windows like the Justice Department

> > mentioned rightly in the 1998 case although Apple should be investigated

> > now

> > for the practice of tying Quick time with Itunes and I feel this practice

> > of

> > tying software must be banned for safety and security reasons in the

> > future.)

> >

> > Unix/Linux/Mozilla/etc. --- third party programs and open source

> > technologies mingling as one with closed proprietary software which is

> > protected by IP. Thank you for continuing this discussion.

> >

> > -------------------------------------------from us

> > cert------------------------

> >

> > Vulnerability Note VU#800113

> > Multiple DNS implementations vulnerable to cache poisoning

> > Overview

> > Deficiencies in the DNS protocol and common DNS implementations facilitate

> > DNS cache poisoning attacks.

> >

> >

> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x

> > vulnerable)

> >

> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

> >

> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether

> > vulnerable)

> >

> > I am sure you know see that 3 dans --- 2 on that website and myself

> > another

> > Dan have helped bring this issue to light about how critical it is ---

> > kind

> > of boggles the mind doesn't it ---- good reason to bring 98 Second Edition

> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is

> > the only one that has the resources to do this and the whole world now

> > needs

> > your help -- Thank You for seeing the Light of our current situation

> > within

> > the Defense Network.

> >

> > ----------------------------------------------------------------------------

> >

> > "Steve Riley [MSFT]" wrote:

> >

> >> A standalone telephone certainly is secure, and keeps its users safe. For

> >> such a phone will never receive or transmit unwanted conversations, and

> >> the

> >> users of such phones will never be bothered with advertisements, thoughts

> >> that challenge their perceptions, or interesting and surprising

> >> opportunities.

> >>

> >> A standalone computer certainly is secure, and keeps its users safe. For

> >> such a computer will never receive or transmit unwanted software, and the

> >> users of such computers will never be bothered with advertisements,

> >> thoughts

> >> that challenge their perceptions, or interesting and surprising

> >> opportunities.

> >>

> >> No risk = no reward.

> >>

> >> The value of a networked system increases as the square of the number of

> >> elements in that system. A single system has a value of 1^2=1 a

> >> two-element

> >> network has a value of 2^2=4 a three element network has a value of

> >> 3^2=9

> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May

> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)

> >>

> >> Chris's distinction between the Internet and "a network" (presumably

> >> private, for Chris doesn't specify) isn't useful today. The network

> >> effect

> >> is clearly evident on the Internet I'd argue that in a private network,

> >> the

> >> network effect is diminished. Why else would we all be rushing headlong

> >> into

> >> the eventual recognition that private corpnets truly belong on the

> >> Internet,

> >> and that continuing to make the distinction means a loss of real business

> >> value? (Scott Charney, "Creating a more trusted Internet,"

> >> http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

> >> http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

> >>

> >> I quote our own materials here as evidence of the demand from

> >> forward-thinking customers that the industry envision new practices and

> >> develop new technologies that allow for the full realization of the

> >> network

> >> effect. Chris's argument that per-user security "creates artificial

> >> scopes"

> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and

> >> per-machine) identity and authentication are critical for allowing the

> >> network effect to flourish. Indeed, the lack of strong identity and

> >> authentication has been a hindrance, and that's why you see technologies

> >> like smart cards and TPM chips becoming more common. When we reach the

> >> point

> >> where all communications are in the context of validated identities,

> >> carried

> >> in transactions with integrity and confidentiality protection, between

> >> endpoints that mutually authenticate their identities and their

> >> configurations, then who cares whether the underlying network is trusted

> >> or

> >> not?

> >>

> >> --

> >> Steve Riley

> >>

>

July 23, 2008

On Tue, 22 Jul 2008 14:51:02 -0700, Dan wrote:

> 2. That is true but XP and even Vista are totally focused on external

> security. Can Microsoft remotely work on a Microsoft Windows 98 Second

> Edition computer via India like Microsoft can work on a Windows XP

> Professional computer? Microsoft has done remote access work on the XP side

> of my dual-boot computer which is in NTFS. My computer has a Western Digital

> Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP

> Professional.

You really need to stop parroting Chris Quirke. As a single source for your

arguments he leaves a lot to be desired.

--

Paul Adare

MVP - Identity Lifecycle Manager

http://www.identit.ca

This system will self-destruct in five minutes.

July 23, 2008

Thank you for your feedback Paul so I guess your system will self-destruct in

less than 5 minutes. <grin --- just kidding and giving you a hard time> I

have realized that I cannot take life very seriously and must laugh at myself

from time to time.

"Paul Adare - MVP" wrote:

> On Tue, 22 Jul 2008 14:51:02 -0700, Dan wrote:

>

> > 2. That is true but XP and even Vista are totally focused on external

> > security. Can Microsoft remotely work on a Microsoft Windows 98 Second

> > Edition computer via India like Microsoft can work on a Windows XP

> > Professional computer? Microsoft has done remote access work on the XP side

> > of my dual-boot computer which is in NTFS. My computer has a Western Digital

> > Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP

> > Professional.

>

> You really need to stop parroting Chris Quirke. As a single source for your

> arguments he leaves a lot to be desired.

>

> --

> Paul Adare

> MVP - Identity Lifecycle Manager

> http://www.identit.ca

> This system will self-destruct in five minutes.

>

July 23, 2008

Dan, how in the world have you conflated remote assistance with file

systems? They have zero relationship.

Besides, the presence of a remote assistance capability does not at all

indicate that the underlying operating system is inherently less secure --

just like the absence of such ability does not indicate that the underlying

operating system is inherently more secure. The remote assistance feature:

* is disabled by default

* requires you to enable it before any connections are permitted

* requires you to invite someone else to connect

* encrypts the communications path with 128-bit RC4

* allows you to disconnect the session at will

Using your terminology, these steps provide sufficient "internal safety."

There is no way that someone from anywhere in Microsoft (not just India) can

or would connect to your computer without your knowledge and consent.

Linking back to file systems -- you do understand, of course, that your

FAT-formatted C: drive is accessible to any remote assistance session. Say

you have Windows 98 on that drive. A malicious remote assistance user could

easily replace those files and -- if you weren't watching -- you'd have no

idea until you next booted it. Compare this Windows Vista: if someone

replaced parts of the non-booted operating system, then next time it's

booted, Windows integrity protection and system file protection alerts you

to this the system either refuses to boot or reverts to its original state

(depending on what was maliciously overwritten). Again, Vista's "internal

safety" is vastly improved over that of any previous version of Windows.

I don't know what else I can say to help you understand.

--

Steve Riley

> http://www.aumha.org/win4/a/resource.php

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:2EB67198-4ACB-4437-A17C-3CA42D5C342C@microsoft.com...

> 1. True

>

> 2. That is true but XP and even Vista are totally focused on external

> security. Can Microsoft remotely work on a Microsoft Windows 98 Second

> Edition computer via India like Microsoft can work on a Windows XP

> Professional computer? Microsoft has done remote access work on the XP

> side

> of my dual-boot computer which is in NTFS. My computer has a Western

> Digital

> Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP

> Professional.

>

> 3. I have tried out Ubuntu Linux within a Windows environment within XP

> Professional. I have run Windows Virtual PC 2007 within Windows XP

> Professional. It is great but it does not fully meet my needs as a

> consumer.

> Consumers want to play games. My friend Chris from camp is going to build

> a

> 98 Second Edition computer with my old motherboard. He wants to play old

> dos

> games that he enjoys. The nice thing about 98 Second Edition is that you

> can

> exit to MS-DOS mode. This allows gamers to play games. It is all in the

> Microsoft articles about compatibility.

>

>

> http://support.microsoft.com/?kbid=146418

>

> ---------------------------------------------------------------------------------

>

> "Steve Riley [MSFT]" wrote:

>

>> You are asserting that one single vulnerability allows "military and top

>> secrets to be leaked" and thus requires the use of some other operating

>> system. You simply cannot make this assertion, for two reasons.

>>

>> 1. NO ONE KNOWS whether your suggested operating system has the same

>> vulnerability.

>>

>> 2. ALL software has vulnerabilities, many of which allow attackers to

>> take

>> control of a system. Establishing good security practices (patch when we

>> release, install only the services you need, apply the principle of least

>> privilege to data, and so on) is MORE important than the particular piece

>> of

>> technology you've chosen to deploy. And the older the software is, the

>> more

>> difficult it is to manage and the more likely it is to get attacked --

>> because older software was not written to be centrally-managed (no group

>> policy and no machine identity in 9x, for instance) and was not written

>> with

>> resiliency in mind.

>>

>> And this talk of "internal safety" regarding 9x is really nonsensical.

>> Vista

>> and even XP+SP3 are FAR more difficult to attack than 9x was. We at

>> Microsoft have the benefit of about 10 years of historical data from

>> Watson

>> reports (online crash analysis, Windows error reporting). We can divine a

>> lot of information about attacks from this data. Whereas in the past most

>> attacks were targeted at the operating system, this is no longer true.

>> The

>> majority of crashes we see now come from third-party software installed

>> on

>> the box. And in this case, crashes are good: various features in the

>> operating system (DEP, ASLR, SRP, and more) have detected that something

>> malicious is happening, and stop it before the attack succeeds. You could

>> never do that with an OS as simple as 9x.

>>

>> --

>> Steve Riley

>> >> http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

>>

>> "Dan" <Dan@discussions.microsoft.com> wrote in message

>> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...

>> > I see your point Steve but US-Cert maintains that all NT source code is

>> > vulnerable thus my point being valid about having 98 Second Edition

>> > machines

>> > within a network for internal safety reasons and potentially to act as

>> > gateways. How can we allow our military and top secrets to be leaked.

>> > Please see the United States Computer Readiness Team at the Department

>> > of

>> > Homeland Security and so you can see how I am getting at the true value

>> > of

>> > a

>> > source code that is flexible enough to offer external security,

>> > internal

>> > safety, and more. Thus we have a source code matrix as presented

>> > below.

>> > I

>> > am not skilled enough to write the code for this yet but I bet

>> > Microsoft

>> > and

>> > others are.

>> >

>> > --------------------------------------------------------------------------

>> >

>> > NT= New Technology --- outer defense network

>> >

>> > 9x = Internal Safety --- based upon DOS as maintenance operating

>> > system --

>> > lacking in XP and Vista --- no true maintenance operating system

>> > according

>> > to

>> > Chris Quirke, MVP --- Vista is indeed great on security issues but

>> > still

>> > lacks in compatibility as the FAA has mentioned only using Windows 2000

>> > (which I like as well --- totally old-school reminds me of Windows 98

>> > Second

>> > Edition) as well XP machines (which are good but too vulnerable in this

>> > day

>> > and age due to the large surface area created by too many services and

>> > not

>> > having strong enough default settings within Internet Explorer --

>> > another

>> > reason to separate the browser from Windows like the Justice Department

>> > mentioned rightly in the 1998 case although Apple should be

>> > investigated

>> > now

>> > for the practice of tying Quick time with Itunes and I feel this

>> > practice

>> > of

>> > tying software must be banned for safety and security reasons in the

>> > future.)

>> >

>> > Unix/Linux/Mozilla/etc. --- third party programs and open source

>> > technologies mingling as one with closed proprietary software which is

>> > protected by IP. Thank you for continuing this discussion.

>> >

>> > -------------------------------------------from us

>> > cert------------------------

>> >

>> > Vulnerability Note VU#800113

>> > Multiple DNS implementations vulnerable to cache poisoning

>> > Overview

>> > Deficiencies in the DNS protocol and common DNS implementations

>> > facilitate

>> > DNS cache poisoning attacks.

>> >

>> > http://www.kb.cert.org/vuls/id/800113

>> >

>> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x

>> > vulnerable)

>> >

>> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

>> >

>> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether

>> > vulnerable)

>> >

>> > I am sure you know see that 3 dans --- 2 on that website and myself

>> > another

>> > Dan have helped bring this issue to light about how critical it is ---

>> > kind

>> > of boggles the mind doesn't it ---- good reason to bring 98 Second

>> > Edition

>> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft

>> > is

>> > the only one that has the resources to do this and the whole world now

>> > needs

>> > your help -- Thank You for seeing the Light of our current situation

>> > within

>> > the Defense Network.

>> >

>> > ----------------------------------------------------------------------------

>> >

>> > "Steve Riley [MSFT]" wrote:

>> >

>> >> A standalone telephone certainly is secure, and keeps its users safe.

>> >> For

>> >> such a phone will never receive or transmit unwanted conversations,

>> >> and

>> >> the

>> >> users of such phones will never be bothered with advertisements,

>> >> thoughts

>> >> that challenge their perceptions, or interesting and surprising

>> >> opportunities.

>> >>

>> >> A standalone computer certainly is secure, and keeps its users safe.

>> >> For

>> >> such a computer will never receive or transmit unwanted software, and

>> >> the

>> >> users of such computers will never be bothered with advertisements,

>> >> thoughts

>> >> that challenge their perceptions, or interesting and surprising

>> >> opportunities.

>> >>

>> >> No risk = no reward.

>> >>

>> >> The value of a networked system increases as the square of the number

>> >> of

>> >> elements in that system. A single system has a value of 1^2=1 a

>> >> two-element

>> >> network has a value of 2^2=4 a three element network has a value of

>> >> 3^2=9

>> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7

>> >> May

>> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)

>> >>

>> >> Chris's distinction between the Internet and "a network" (presumably

>> >> private, for Chris doesn't specify) isn't useful today. The network

>> >> effect

>> >> is clearly evident on the Internet I'd argue that in a private

>> >> network,

>> >> the

>> >> network effect is diminished. Why else would we all be rushing

>> >> headlong

>> >> into

>> >> the eventual recognition that private corpnets truly belong on the

>> >> Internet,

>> >> and that continuing to make the distinction means a loss of real

>> >> business

>> >> value? (Scott Charney, "Creating a more trusted Internet,"

>> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

>> >> http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

>> >>

>> >> I quote our own materials here as evidence of the demand from

>> >> forward-thinking customers that the industry envision new practices

>> >> and

>> >> develop new technologies that allow for the full realization of the

>> >> network

>> >> effect. Chris's argument that per-user security "creates artificial

>> >> scopes"

>> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and

>> >> per-machine) identity and authentication are critical for allowing the

>> >> network effect to flourish. Indeed, the lack of strong identity and

>> >> authentication has been a hindrance, and that's why you see

>> >> technologies

>> >> like smart cards and TPM chips becoming more common. When we reach the

>> >> point

>> >> where all communications are in the context of validated identities,

>> >> carried

>> >> in transactions with integrity and confidentiality protection, between

>> >> endpoints that mutually authenticate their identities and their

>> >> configurations, then who cares whether the underlying network is

>> >> trusted

>> >> or

>> >> not?

>> >>

>> >> --

>> >> Steve Riley

>> >> steve.riley@microsoft.com

>> >> http://blogs.technet.com/steriley

>> >> http://www.protectyourwindowsnetwork.com

>> >>

>>

July 23, 2008

On Tue, 22 Jul 2008 19:03:28 -0700, "Steve Riley [MSFT]"

<steve.riley@microsoft.com> wrote:

>Dan, how in the world have you conflated remote assistance with file

>systems?

Dan, the novel writer, can conflate anything.

>They have zero relationship.

Please don't confuse Dan with facts.

July 23, 2008

My mistake. Thanks for the corrections. Here is Chris Quirke's, MVP reply

to some of this stuff. He has trouble viewing this newsgroup.

Chris Quirke, MVP replies:

At 10:56 23/7/2008, you wrote:

>It would be nice if you could post to the microsoft.public.security

>newsgroup where this heated debate is going on in biometrics.

Newsgroups are tricky for me right now :-/

> > "Steve Riley [MSFT]" wrote:

> >> 1. NO ONE KNOWS whether your suggested operating system

> >> has the same vulnerability.

Or different problems with similar impact. Consider the years of "safe" RPC

in NT up until the patch, and the mass exploits shortly thereafter...

for all we

know, folks may have been quietly exploiting that vulnerability for years.

> >> 2. ALL software has vulnerabilities, many of which allow attackers to

> >> take control of a system. Establishing good security practices (patch

> >> when we release, install only the services you need, apply the principle

> >> of least privilege to data, and so on) is MORE important than the

> >> particular piece of technology you've chosen to deploy.

Yup - and I'd love to apply the principle of ripping out risk surfaces

that I don't need, but that's hard when they are welded into the OS.

I take Steve's point that a supported and patched code base is more

likely to get defects discovered and fixed, but as a stand-alone user,

I'd feel safer on an OS designed as such, not as a network client -

especially when these networking surfaces are exposed to the Internet.

> >> And the older the software is, the more difficult it is to manage

True

> >> and the more likely it is to get attacked --

Possibly false, if the older OS has shrunk its market share and is

different enough to avoid being cross-exploited by attacks made on

newer and more popular OSs. IOW, much of Win9x's present

safety (in terms of less often being attacked) may be similar to that

for MacOS and Linuxen it's now a minority OS.

> >> because older software was not written to be centrally-managed

> >> (no group policy and no machine identity in 9x, for instance)

That's relevant to managed, network-centric IT, but that's not where

we live. That mindset is part of our problem, because in our world,

there is NO remote entity who should control our PCs under any

circumstances. The presence of such facilities is needed so pro-IT

can manage network clients, but it's all risk and no benefit to us.

> >> and was not written with resiliency in mind.

The design briefs were different, so we don't expect 9x to be as

stable as NT. It wasn't too bad, in my experience over the years.

> >> Whereas in the past most attacks were targeted at the

> >> operating system, this is no longer true. The majority of

> >> crashes we see now come from third-party software installed

> >> on the box. And in this case, crashes are good:

IKWYM - "Error messages are your friends"...

> >> various features in the operating system (DEP, ASLR, SRP,

> >> and more) have detected that something malicious is

> >> happening, and stop it before the attack succeeds. You

> >> could never do that with an OS as simple as 9x.

There are several factors that come in here, not just how easy it is

to attack a system. Opportunity, i.e. are exploitable surfaces

exposed? How easy or difficult is it for the user to find the malware

files, or their integration points? Can the user get "air superiority"

over the malware, e.g. by tackling it without running it first? IOW,

concerns go beyond infectability or attackability, and on to the ability

to non-destructively get the system back from an infected state.

> >> > 9x = Internal Safety --- based upon DOS as maintenance

> >> > operating system -- lacking in XP and Vista --- no true

> >> > maintenance operating system according to Chris Quirke

That's certainly not true as at 2008, if you define maintenance OS

as an OS (that runs arbitrary apps) that can access and manage a

HD installation without running any code from it.

DOS can't work safely over 137G, nor is it effective on NTFS - so that

kills it for Vista, and for anything > 137G.

The best mOS I've used so far, has been Bart, which builds a bootable

CDR environment based on the XP/2003 family (SP2 and later) code

base. This can handle NTFS and Win2000/XP/2003 (not Vista) registry

hives, so that registry-aware tools can act on these hives as if they were

active. It also supports the best range of tools, in my experience, and

can work in 64M RAM. Limitations: Can see USB storage only at boot

time, not on the fly no firewall hard to patch beyond SP baselines, and

can't "see" many modern S-ATA hard drive interfaces.

WinPE 2.0 is now available to the public, is based on Vista, and is in

many ways a promising mOS. Compared to Bart, it has better USB

support, allows boot CDR to be ejected and replaced, has built-in

firewall, but requires 512M RAM and fails to run many of the tools

that work in Bart. I find it harder to integrate tools into WinPE than

Bart, and there's no ability to transparently map the HD installation's

registry hives into place for registry-aware tools.

Linux can now natively read NTFS, so qualifies as a mOS too... but

there's no ability to access the HD installation's registry, either in a

transparent manner, or as a crude binding of hives via a Regedit (which

breaks expected registry paths, thus not transparent).

So right now, formally accessing XP and Vista isn't really the problem

that limits post-infection malware management. A bigger limitation is

the quality of the scanners that one can bring to bear via these mOSs.

I find the best mOS-supported solution right now, is XP + Bart. Next

best would be Vista and 9x, both suffering from the inability to run

registry-aware tools against the inactive HD registry hives. Ironically,

I now manage infected 9x PCs by scanning their HDs from Bart :-)

> >> > "Steve Riley [MSFT]" wrote:

> >> >

> >> >> A standalone computer certainly is secure, and keeps its users safe.

> >> >> For such a computer will never receive or transmit unwanted software

USB can be a problem, if the OS is stupid enough to clicklessly

autorun code off such storage. That may be more likely in the

newer OSs, which don't have a good track record there.

> >> >> The value of a networked system increases as the square

> >> >> of the number of elements in that system.

I don't find that case too compelling :-)

: >> >> Chris's distinction between the Internet and "a network"

: >> >> (presumably private, for Chris doesn't specify) isn't useful

I'd say it's essential, and not "getting" this is a critical safety failure.

Yes, by "network" I do mean "private network", with LANs and

secured WAN (e.g. VPN) in mind. In these network contexts,

membership is limited to trusted entities the whole thrust of

pro-IT is maintaining those limits, managing identities, and

what these identities are trusted to do.

In contrast, the Internet is a world of strangers. It's meaningless

to prove a particular identity if the user knows nothing about that

identity (and thus has no basis to assess trustworthiness). Only

once you prove an identity that is known, can one think in terms

of networking, rather than generic Internet access.

Yes, it's possible to expose business networks to the Internet,

and to manage user identities and permissions on large networks.

However, it may be a highly-skilled full-time job to do so, and that

too will escalate with the number of systems on the network.

So the value equation that works so well for corporations, works

far less well for end users. That didn't matter to big business in

the old days, but now that end user systems collectively wield

significant bandwidth and computational power, it matters more.

> >> >> Chris's argument that per-user security "creates artificial

> >> >> scopes" doesn't reflect reality. On the contrary, _stronger_

> >> >> per-user (and per-machine) identity and authentication

> >> >> are critical for allowing the network effect to flourish.

That was a statement, not an argument - IOW, the fact that per-user

scopes are artificial, does not mean they are not worthwhile. It should

perhaps inform as to how reliable they can be expected to be, though.

My point was that the objection that "the difference between data and

code is artificial and blurred" will equally apply to the difference between

user identities, user accounts and login sessions. Both may be seen

as artificial and leaky, but IMO both are worthwhile concepts to design

in and to attempt to enforce.

This has been done fairly intensively for user identity management in

the world of pro-IT, where it is highly relevant. I would argue that we

should do the same for data/code separation and risk management,

particularly in consumerland, where it is more relevant than identity.

How many consumerland infections were caused by identity failures?

How many were caused by the correct user identity triggering code

that did things the user would not have wanted to happen?

> >> >> When we reach the point where all communications

> >> >> are in the context of validated identities, carried

> >> >> in transactions with integrity and confidentiality

> >> >> protection, between endpoints that mutually

> >> >> authenticate their identities and their configurations,

> >> >> then who cares whether the underlying network is

> >> >> trusted or not?

The point of failure there is not so much the network (though DNS

vulnerabilities may be relevant there) but in the assumption that an

authenticated system acts only within the intentions of the supposed

user of that system. You may really be talking to my PC, but what

it's doing may not represent my will it may be acting under the direct

control of some other entity, or I (or the system) may have been

spoofed into initiating something I did not want.

"Steve Riley [MSFT]" wrote:

> Dan, how in the world have you conflated remote assistance with file

> systems? They have zero relationship.

>

> Besides, the presence of a remote assistance capability does not at all

> indicate that the underlying operating system is inherently less secure --

> just like the absence of such ability does not indicate that the underlying

> operating system is inherently more secure. The remote assistance feature:

>

> * is disabled by default

> * requires you to enable it before any connections are permitted

> * requires you to invite someone else to connect

> * encrypts the communications path with 128-bit RC4

> * allows you to disconnect the session at will

>

> Using your terminology, these steps provide sufficient "internal safety."

> There is no way that someone from anywhere in Microsoft (not just India) can

> or would connect to your computer without your knowledge and consent.

>

> Linking back to file systems -- you do understand, of course, that your

> FAT-formatted C: drive is accessible to any remote assistance session. Say

> you have Windows 98 on that drive. A malicious remote assistance user could

> easily replace those files and -- if you weren't watching -- you'd have no

> idea until you next booted it. Compare this Windows Vista: if someone

> replaced parts of the non-booted operating system, then next time it's

> booted, Windows integrity protection and system file protection alerts you

> to this the system either refuses to boot or reverts to its original state

> (depending on what was maliciously overwritten). Again, Vista's "internal

> safety" is vastly improved over that of any previous version of Windows.

>

> I don't know what else I can say to help you understand.

>

> --

> Steve Riley

> > http://www.aumha.org/win4/a/resource.php

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:2EB67198-4ACB-4437-A17C-3CA42D5C342C@microsoft.com...

> > 1. True

> >

> > 2. That is true but XP and even Vista are totally focused on external

> > security. Can Microsoft remotely work on a Microsoft Windows 98 Second

> > Edition computer via India like Microsoft can work on a Windows XP

> > Professional computer? Microsoft has done remote access work on the XP

> > side

> > of my dual-boot computer which is in NTFS. My computer has a Western

> > Digital

> > Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP

> > Professional.

> >

> > 3. I have tried out Ubuntu Linux within a Windows environment within XP

> > Professional. I have run Windows Virtual PC 2007 within Windows XP

> > Professional. It is great but it does not fully meet my needs as a

> > consumer.

> > Consumers want to play games. My friend Chris from camp is going to build

> > a

> > 98 Second Edition computer with my old motherboard. He wants to play old

> > dos

> > games that he enjoys. The nice thing about 98 Second Edition is that you

> > can

> > exit to MS-DOS mode. This allows gamers to play games. It is all in the

> > Microsoft articles about compatibility.

> >

> >

> > http://support.microsoft.com/?kbid=146418

> >

> > ---------------------------------------------------------------------------------

> >

> > "Steve Riley [MSFT]" wrote:

> >

> >> You are asserting that one single vulnerability allows "military and top

> >> secrets to be leaked" and thus requires the use of some other operating

> >> system. You simply cannot make this assertion, for two reasons.

> >>

> >> 1. NO ONE KNOWS whether your suggested operating system has the same

> >> vulnerability.

> >>

> >> 2. ALL software has vulnerabilities, many of which allow attackers to

> >> take

> >> control of a system. Establishing good security practices (patch when we

> >> release, install only the services you need, apply the principle of least

> >> privilege to data, and so on) is MORE important than the particular piece

> >> of

> >> technology you've chosen to deploy. And the older the software is, the

> >> more

> >> difficult it is to manage and the more likely it is to get attacked --

> >> because older software was not written to be centrally-managed (no group

> >> policy and no machine identity in 9x, for instance) and was not written

> >> with

> >> resiliency in mind.

> >>

> >> And this talk of "internal safety" regarding 9x is really nonsensical.

> >> Vista

> >> and even XP+SP3 are FAR more difficult to attack than 9x was. We at

> >> Microsoft have the benefit of about 10 years of historical data from

> >> Watson

> >> reports (online crash analysis, Windows error reporting). We can divine a

> >> lot of information about attacks from this data. Whereas in the past most

> >> attacks were targeted at the operating system, this is no longer true.

> >> The

> >> majority of crashes we see now come from third-party software installed

> >> on

> >> the box. And in this case, crashes are good: various features in the

> >> operating system (DEP, ASLR, SRP, and more) have detected that something

> >> malicious is happening, and stop it before the attack succeeds. You could

> >> never do that with an OS as simple as 9x.

> >>

> >> --

> >> Steve Riley

> >> >> http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf

> >>

> >> "Dan" <Dan@discussions.microsoft.com> wrote in message

> >> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...

> >> > I see your point Steve but US-Cert maintains that all NT source code is

> >> > vulnerable thus my point being valid about having 98 Second Edition

> >> > machines

> >> > within a network for internal safety reasons and potentially to act as

> >> > gateways. How can we allow our military and top secrets to be leaked.

> >> > Please see the United States Computer Readiness Team at the Department

> >> > of

> >> > Homeland Security and so you can see how I am getting at the true value

> >> > of

> >> > a

> >> > source code that is flexible enough to offer external security,

> >> > internal

> >> > safety, and more. Thus we have a source code matrix as presented

> >> > below.

> >> > I

> >> > am not skilled enough to write the code for this yet but I bet

> >> > Microsoft

> >> > and

> >> > others are.

> >> >

> >> > --------------------------------------------------------------------------

> >> >

> >> > NT= New Technology --- outer defense network

> >> >

> >> > 9x = Internal Safety --- based upon DOS as maintenance operating

> >> > system --

> >> > lacking in XP and Vista --- no true maintenance operating system

> >> > according

> >> > to

> >> > Chris Quirke, MVP --- Vista is indeed great on security issues but

> >> > still

> >> > lacks in compatibility as the FAA has mentioned only using Windows 2000

> >> > (which I like as well --- totally old-school reminds me of Windows 98

> >> > Second

> >> > Edition) as well XP machines (which are good but too vulnerable in this

> >> > day

> >> > and age due to the large surface area created by too many services and

> >> > not

> >> > having strong enough default settings within Internet Explorer --

> >> > another

> >> > reason to separate the browser from Windows like the Justice Department

> >> > mentioned rightly in the 1998 case although Apple should be

> >> > investigated

> >> > now

> >> > for the practice of tying Quick time with Itunes and I feel this

> >> > practice

> >> > of

> >> > tying software must be banned for safety and security reasons in the

> >> > future.)

> >> >

> >> > Unix/Linux/Mozilla/etc. --- third party programs and open source

> >> > technologies mingling as one with closed proprietary software which is

> >> > protected by IP. Thank you for continuing this discussion.

> >> >

> >> > -------------------------------------------from us

> >> > cert------------------------

> >> >

> >> > Vulnerability Note VU#800113

> >> > Multiple DNS implementations vulnerable to cache poisoning

> >> > Overview

> >> > Deficiencies in the DNS protocol and common DNS implementations

> >> > facilitate

> >> > DNS cache poisoning attacks.

> >> >

> >> > http://www.kb.cert.org/vuls/id/800113

> >> >

> >> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x

> >> > vulnerable)

> >> >

> >> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

> >> >

> >> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether

> >> > vulnerable)

> >> >

> >> > I am sure you know see that 3 dans --- 2 on that website and myself

> >> > another

> >> > Dan have helped bring this issue to light about how critical it is ---

> >> > kind

> >> > of boggles the mind doesn't it ---- good reason to bring 98 Second

> >> > Edition

> >> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft

> >> > is

> >> > the only one that has the resources to do this and the whole world now

> >> > needs

> >> > your help -- Thank You for seeing the Light of our current situation

> >> > within

> >> > the Defense Network.

> >> >

> >> > ----------------------------------------------------------------------------

> >> >

> >> > "Steve Riley [MSFT]" wrote:

> >> >

> >> >> A standalone telephone certainly is secure, and keeps its users safe.

> >> >> For

> >> >> such a phone will never receive or transmit unwanted conversations,

> >> >> and

> >> >> the

> >> >> users of such phones will never be bothered with advertisements,

> >> >> thoughts

> >> >> that challenge their perceptions, or interesting and surprising

> >> >> opportunities.

> >> >>

> >> >> A standalone computer certainly is secure, and keeps its users safe.

> >> >> For

> >> >> such a computer will never receive or transmit unwanted software, and

> >> >> the

> >> >> users of such computers will never be bothered with advertisements,

> >> >> thoughts

> >> >> that challenge their perceptions, or interesting and surprising

> >> >> opportunities.

> >> >>

> >> >> No risk = no reward.

> >> >>

> >> >> The value of a networked system increases as the square of the number

> >> >> of

> >> >> elements in that system. A single system has a value of 1^2=1 a

> >> >> two-element

> >> >> network has a value of 2^2=4 a three element network has a value of

> >> >> 3^2=9

> >> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7

> >> >> May

> >> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)

> >> >>

> >> >> Chris's distinction between the Internet and "a network" (presumably

> >> >> private, for Chris doesn't specify) isn't useful today. The network

> >> >> effect

> >> >> is clearly evident on the Internet I'd argue that in a private

> >> >> network,

> >> >> the

> >> >> network effect is diminished. Why else would we all be rushing

> >> >> headlong

> >> >> into

> >> >> the eventual recognition that private corpnets truly belong on the

> >> >> Internet,

> >> >> and that continuing to make the distinction means a loss of real

> >> >> business

> >> >> value? (Scott Charney, "Creating a more trusted Internet,"

> >> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"

> >> >> http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

> >> >>

> >> >> I quote our own materials here as evidence of the demand from

> >> >> forward-thinking customers that the industry envision new practices

> >> >> and

> >> >> develop new technologies that allow for the full realization of the

> >> >> network

> >> >> effect. Chris's argument that per-user security "creates artificial

> >> >> scopes"

> >> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and

> >> >> per-machine) identity and authentication are critical for allowing the

> >> >> network effect to flourish. Indeed, the lack of strong identity and

> >> >> authentication has been a hindrance, and that's why you see

> >> >> technologies

> >> >> like smart cards and TPM chips becoming more common. When we reach the

> >> >> point

> >> >> where all communications are in the context of validated identities,

> >> >> carried

> >> >> in transactions with integrity and confidentiality protection, between

> >> >> endpoints that mutually authenticate their identities and their

> >> >> configurations, then who cares whether the underlying network is

> >> >> trusted

> >> >> or

> >> >> not?

> >> >>

> >> >> --

> >> >> Steve Riley

> >> >> steve.riley@microsoft.com

> >> >> http://blogs.technet.com/steriley

> >> >> http://www.protectyourwindowsnetwork.com

> >> >>

> >>

July 24, 2008

Steve, this is getting deep. Please can I request a secure channel to

continue this discussion in private. Thank you and have a great day.

"Steve Riley [MSFT]" wrote:

> Thanks for reading.

>

> 1. More detail, please. Which ones do you have in mind that we haven't

> implemented?

>

> 2. There is no "internal safety" in the 9x code. If you connect a 9x

> computer to the Internet, it will get attacked. There are plenty of ways to

> boot a computer with an alternate operating system if you need to perform

> some kind of maintenance. (Note that as more and more people move to volume

> and drive encryption, there will be additional steps, especially around key

> archiving and recovery passwords.)

>

> 3. This is a typical recommendation for root certificate servers -- they are

> the sources of authority for identity and they don't need to be online, so

> keeping them disconnected and physically secure is sage advice. (And note

> that you can't really ever "prove" that someone isn't a spy -- you can't

> prove a negative.)

>

> 4. Most organizations achieve huge support cost savings by _standardizing_

> on hardware. Per-machine custom twiddles add unnecessary complexity, which

> increases the likelihood making configuration mistakes, which attackers will

> then exploit. (The TPM chip, a hardware device that can store encryption

> keys among other things, provides a useful machine identity.)

>

> 5. Can't argue with that.

>

> 6. You're talking about honeypots and honeynets. They're interesting for

> learning about attacker behavior and motivations, but they aren't security

> devices.

>

> 7. I'm not sure why you insist that the current version of Windows is the

> same as NT. Over time we have rewritten much of the code. One example is the

> IP stack in Vista/2008 -- it's all new.

>

> --

> Steve Riley

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:A415E3B7-1750-44E6-8BDE-707D90A5EDB0@microsoft.com...

> > I looked over your blog and like your points Steve. You certainly have a

> > great grasp of the security aspect of protecting computers. Now here is

> > my

> > view:

> >

> > 1. Please implement all of your security protocols

> >

> > 2. Use Windows 98 Second Edition Machines as a safety internal protocol

> > as

> > Chris Quirke, MVP suggests how the internal safety of 9x is awesome and

> > makes

> > remote hacking difficult thus when someone does manage to hack a network

> > they

> > cannot overcome the internal safety of the 9x operating system that has

> > the

> > maintenance operating system of DOS that Chris Quirke, MVP maintains is

> > sorely lacking in Vista.

> > Consider the possibility of having one 98 Second Edition machine as a

> > Gateway to the Network.

> >

> > 3. Maintain certain machines as off-line only in locked and secure rooms

> > with minimal access and information only given on an as needed basis as is

> > done in the military and at defense companies like Raytheon after full

> > background checks and after enough time has passed that you can prove the

> > person is not a spy.

> >

> > 4. Implement the proper configuration and customize hardware options of

> > all

> > machines so if a certain machine that is released in the market has been

> > compromised the security and safety of your network is not at risk.

> >

> > 5. Inform US-Cert (Department of Homeland Security in the States) of any

> > attempted and seriously probing of your network.

> >

> > 6. Ideally have special catching machines to attract high level hackers to

> > them for highly valued informaion via the proper protocol of bait and

> > catch.

> >

> > 7. Have Fun and See How Many Hackers you can Catch and Remember this is

> > Truly all a Game of being able to one up the hackers --- ideally Microsoft

> > will soon have a 3rd source code that can finally put 9x and NT to rest

> > and

> > have the best of safety and security within one source code but I wonder

> > if

> > this is even possible but certainly Microsoft does need a new source code.

> >

> > Thanks Again for all of your Advice and Your Great Blog and Feel Free to

> > Let

> > Me Know My Shortcomings in the Debate --- I really appreciate your

> > Feedback

>

July 25, 2008

My corporate email address is in every post I make here, feel free to use

it.

However, I don't know what else I can write to you that I haven't already

mentioned.

--

Steve Riley

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:4020486F-6A10-4F1E-ACA4-F2E5D7FF78E5@microsoft.com...

> Steve, this is getting deep. Please can I request a secure channel to

> continue this discussion in private. Thank you and have a great day.

>

> "Steve Riley [MSFT]" wrote:

>

>> Thanks for reading.

>>

>> 1. More detail, please. Which ones do you have in mind that we haven't

>> implemented?

>>

>> 2. There is no "internal safety" in the 9x code. If you connect a 9x

>> computer to the Internet, it will get attacked. There are plenty of ways

>> to

>> boot a computer with an alternate operating system if you need to perform

>> some kind of maintenance. (Note that as more and more people move to

>> volume

>> and drive encryption, there will be additional steps, especially around

>> key

>> archiving and recovery passwords.)

>>

>> 3. This is a typical recommendation for root certificate servers -- they

>> are

>> the sources of authority for identity and they don't need to be online,

>> so

>> keeping them disconnected and physically secure is sage advice. (And note

>> that you can't really ever "prove" that someone isn't a spy -- you can't

>> prove a negative.)

>>

>> 4. Most organizations achieve huge support cost savings by

>> _standardizing_

>> on hardware. Per-machine custom twiddles add unnecessary complexity,

>> which

>> increases the likelihood making configuration mistakes, which attackers

>> will

>> then exploit. (The TPM chip, a hardware device that can store encryption

>> keys among other things, provides a useful machine identity.)

>>

>> 5. Can't argue with that.

>>

>> 6. You're talking about honeypots and honeynets. They're interesting for

>> learning about attacker behavior and motivations, but they aren't

>> security

>> devices.

>>

>> 7. I'm not sure why you insist that the current version of Windows is the

>> same as NT. Over time we have rewritten much of the code. One example is

>> the

>> IP stack in Vista/2008 -- it's all new.

>>

>> --

>> Steve Riley

>>

>> "Dan" <Dan@discussions.microsoft.com> wrote in message

>> news:A415E3B7-1750-44E6-8BDE-707D90A5EDB0@microsoft.com...

>> > I looked over your blog and like your points Steve. You certainly have

>> > a

>> > great grasp of the security aspect of protecting computers. Now here

>> > is

>> > my

>> > view:

>> >

>> > 1. Please implement all of your security protocols

>> >

>> > 2. Use Windows 98 Second Edition Machines as a safety internal

>> > protocol

>> > as

>> > Chris Quirke, MVP suggests how the internal safety of 9x is awesome and

>> > makes

>> > remote hacking difficult thus when someone does manage to hack a

>> > network

>> > they

>> > cannot overcome the internal safety of the 9x operating system that has

>> > the

>> > maintenance operating system of DOS that Chris Quirke, MVP maintains is

>> > sorely lacking in Vista.

>> > Consider the possibility of having one 98 Second Edition machine as a

>> > Gateway to the Network.

>> >

>> > 3. Maintain certain machines as off-line only in locked and secure

>> > rooms

>> > with minimal access and information only given on an as needed basis as

>> > is

>> > done in the military and at defense companies like Raytheon after full

>> > background checks and after enough time has passed that you can prove

>> > the

>> > person is not a spy.

>> >

>> > 4. Implement the proper configuration and customize hardware options

>> > of

>> > all

>> > machines so if a certain machine that is released in the market has

>> > been

>> > compromised the security and safety of your network is not at risk.

>> >

>> > 5. Inform US-Cert (Department of Homeland Security in the States) of

>> > any

>> > attempted and seriously probing of your network.

>> >

>> > 6. Ideally have special catching machines to attract high level hackers

>> > to

>> > them for highly valued informaion via the proper protocol of bait and

>> > catch.

>> >

>> > 7. Have Fun and See How Many Hackers you can Catch and Remember this

>> > is

>> > Truly all a Game of being able to one up the hackers --- ideally

>> > Microsoft

>> > will soon have a 3rd source code that can finally put 9x and NT to rest

>> > and

>> > have the best of safety and security within one source code but I

>> > wonder

>> > if

>> > this is even possible but certainly Microsoft does need a new source

>> > code.

>> >

>> > Thanks Again for all of your Advice and Your Great Blog and Feel Free

>> > to

>> > Let

>> > Me Know My Shortcomings in the Debate --- I really appreciate your

>> > Feedback

>>

July 25, 2008

Thanks Steve. I really appreciate your interest in the security and safety

of Microsoft products. Perhaps, I will email you on Friday.

"Steve Riley [MSFT]" wrote:

> My corporate email address is in every post I make here, feel free to use

> it.

>

> However, I don't know what else I can write to you that I haven't already

> mentioned.

>

> --

> Steve Riley

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:4020486F-6A10-4F1E-ACA4-F2E5D7FF78E5@microsoft.com...

> > Steve, this is getting deep. Please can I request a secure channel to

> > continue this discussion in private. Thank you and have a great day.

> >

> > "Steve Riley [MSFT]" wrote:

> >

> >> Thanks for reading.

> >>

> >> 1. More detail, please. Which ones do you have in mind that we haven't

> >> implemented?

> >>

> >> 2. There is no "internal safety" in the 9x code. If you connect a 9x

> >> computer to the Internet, it will get attacked. There are plenty of ways

> >> to

> >> boot a computer with an alternate operating system if you need to perform

> >> some kind of maintenance. (Note that as more and more people move to

> >> volume

> >> and drive encryption, there will be additional steps, especially around

> >> key

> >> archiving and recovery passwords.)

> >>

> >> 3. This is a typical recommendation for root certificate servers -- they

> >> are

> >> the sources of authority for identity and they don't need to be online,

> >> so

> >> keeping them disconnected and physically secure is sage advice. (And note

> >> that you can't really ever "prove" that someone isn't a spy -- you can't

> >> prove a negative.)

> >>

> >> 4. Most organizations achieve huge support cost savings by

> >> _standardizing_

> >> on hardware. Per-machine custom twiddles add unnecessary complexity,

> >> which

> >> increases the likelihood making configuration mistakes, which attackers

> >> will

> >> then exploit. (The TPM chip, a hardware device that can store encryption

> >> keys among other things, provides a useful machine identity.)

> >>

> >> 5. Can't argue with that.

> >>

> >> 6. You're talking about honeypots and honeynets. They're interesting for

> >> learning about attacker behavior and motivations, but they aren't

> >> security

> >> devices.

> >>

> >> 7. I'm not sure why you insist that the current version of Windows is the

> >> same as NT. Over time we have rewritten much of the code. One example is

> >> the

> >> IP stack in Vista/2008 -- it's all new.

> >>

> >> --

> >> Steve Riley