Re: Fwd: Trustworthy Computing

Anyone else get this?

I still don't get it...

Subject: Trustworthy Computing

Is there supposed to be a 'tm' or 'R' after 'Trustworthy Computing'? I'm sure it's a new MS Brand Name(tm)

and  fake email. At Microsoft we're combining passwords with "smart
cards" to  authenticate users. We're also working with others throughout

Nobody has ever used "smart cards" with passwords, just Microsoft, right?

the industry to  improve Internet protocols to stop email that could
propagate misleading  information or malicious code that falsely appears

Hmmm... My email client uses existing protocols and has no problem with false email or email viruses. Why does Microsoft feel they need to change the protocols? Most likely, they want to change the protocol so that only their clients and servers can use them (but Microsoft would never do something like that...).

email  viruses like the recent "Frethem" virus propagate only to systems
that have not  been updated - underscoring the importance of updating
them regularly.

And "frethem" was a crappy virus.

software. We estimated that the stand-down would take 30 days. It took
nearly  twice that long, and cost Microsoft more than $100 million.

How did they calculate that one? I bet they factored in the amount their stock price dropped due to security foobars.

tools and  methodologies that will make an order-of-magnitude
improvement in their work  from the standpoint of security and safety.

Hmmm... If they had 0 security before, an order of magnitude improvement would be 00 - goose eggs!

Internet  so that all systems are up to date. Windows Update and
Software Update  Services, discussed below, provide the infrastructure
for this.

That is, until someone hacks the Windows Update server. ;)

and  get systems back up and running in exactly the same state they were
in before  an incident, with minimal intervention.

Gee, does this mean I get to reboot some more?

- We have changed the way we design and develop software at all phases
of the  product development cycle. Our new processes should greatly
minimize errors in  software, and speed up the development process for
new products and services.

Great. They intend to obsolete their old software even faster!

to Windows 2000-based  servers and desktop computers running Windows
2000 Professional and Windows XP  Professional.

And there it is! Win9X, WinME, NT4, etc, users, you're fucked! This is Microsoft officially signing off on hundreds of thousands of users.

vulnerabilities on a variety of products, including newer versions of
Internet  Information Server, SQL Server and Office.

What about their existing versions of IIS, SQL Server and Office? These represent billions of dollars invested in software licenses by MS Customers (tm). I guess this initiative will generate billion$ more!

- In addition to providing customers with tools and resources to help
them  maximize the security of Windows 2000 Server environments, we are
committed to  shipping Windows .NET Server 2003 as "secure by default."

In Win2K, if you turned on 'C2 Level Security' in the network management, it disabled all network adapters. So when you install this .NET server you won't have network connectivity?

- The error-reporting features built into Office XP and Windows XP are
giving  us an enormous amount of feedback and a much clearer view of the
kinds of  problems customers have, and how we can raise the level of

And a clearer idea of how many reboots people are willing to put up with - along with their credit card numbers...

users'  system integrity, privacy and data security. This new
technology, which will be  included in a future version of Windows, will

Umm, is this another layer on top of the DOS/Win/NT/.NET pile? How big is Palladium.DLL?

enable applications and  application components to run in a protected
memory space that is highly  resistant to tampering and interference.

I thought Win 3.0 and great ran applications in Protected Memory Space. At least, that's what Microsoft said.

compare any P3P-compliant Web site's  privacy practices to that user's
privacy settings, and to decide whether to  accept cookies from that
site.

Ok. So I'll have to run a P3P server package on my web server to let people know I'm not going to rip them off? And how much does Microsoft charge for this?

Nope, I still don't get it!

-Eric
---------------------------------------------------------------
www.yogabus.com '74 Westy 'Portia'

Friday, July 19^th, 2002 danlyke@flutterby.com