Biometrics
Dan
because I was able to log in using my finger with a band-aid attached and
this definitely makes me question the security and safety of biometric
technology at least as far as laptops go. I imagine there probably is lots
of articles on this already but I wanted the opinions of this newsgroup.
Thanks in advance for the replies.
Milo
For finger print technology it has to match a significant or set numbers of
marker points in your fingers to accept to validate you... Mind if we ask
what notebook are you using and including its model. ( for a test )
"Dan" <D...@discussions.microsoft.com> wrote in message
news:711C6B3D-E988-4C54...@microsoft.com...
Dan
proper channels for safety and security reasons. Have a nice day.
~BD~
I think Milo works for Microsoft!
What harm can giving up the make and model of your laptop do?
Dave
"Dan" <D...@discussions.microsoft.com> wrote in message
news:F987783D-FB49-49AE...@microsoft.com...
Dan
Thanks for your feedback anyway, BD.
~BD~
"Dan" <D...@discussions.microsoft.com> wrote in message
news:4F9FC3F4-2D95-4BC7...@microsoft.com...
Dan
scanners where you just swipe your finger so it must have already had the
image of my fingerprint on the scanner. It sounds like someone would need to
clean the fingerprint scanner each time and it does indeed seem very easy to
fool. So much for the security of Biometrics at least cheap Biometric devices
"Juergen Nieveler" wrote:
> If this was one of those fingerprint readers where you simply put your
> finger on (as opposed to those where you rub your finger along the
> contact plate in a swipe motion), chances are that the camera inside
> picked up the latent fingerprint that was still on the glass - this is
> a common vulnerability of those cheap camera-based readers. All they do
> is notice "Oh, something is pushing on the glass, and I recognise the
> pattern" - if the person who last used it had greasy fingers, the
> fingerprint would still be on the glass, so putting something on the
> glass that doesn't have OTHER fingerprints will force the camera to use
> the weak fingerprint image still visible to it...
>
> The swipe-type readers are safer in that there can't be an image left
> on the reader... but many of them still can be fooled by a fake
> fingerprint made by taking the fingerprint off something somebody
> touched (lots of how-to's available for that...).
>
> Juergen Nieveler
> --
> A feature is a bug with seniority.
>
Dan
computing today is the industry is not fully backing tougher security and
safety protocols. An example of this is the American Express website which
will only allow me to input a password that is less than optimal according to
Microsoft's password checker. Microsoft is doing their part in many ways but
the rest of the industry must catch up.
http://www.microsoft.com/protect/yourself/password/checker.mspx
It is critical in this day and age to have alternatives to just the main
Windows operating system that includes Internet Explorer. I am very pleased
with Microsoft and their technologies so I will continue to use them
frequently. However, as a power user, I am very pleased that users have
alternatives such as Mozilla Firefox as an option and it does indeed remain
for use with Windows 98 Second Edition at least until December 2008 because
that is when Mozilla Firefox 2.x support is scheduled to end.
http://en.wikipedia.org/wiki/Mozilla_Firefox
This is most unfortunate in my view since the 9x source code has definite
advantages over the NT business line of source code. 9x computers were meant
as stand-a-lone machines and thus are great for consumers who do not need or
want the ability to have others tinker with their machines. The many
services provided in XP allow for their to many greater points of access to a
fully patched XP machine than a fully patched 98 Second Edition machine using
Mozilla Firefox compared to Internet Explorer since Internet Explorer patches
for Windows 98 Second Edition ended July 11, 2006. The NT source code is at
risk as can be seen by the postings of US-Cert which is the computer
readiness team and part of the Department of Homeland Security.
http://www.us-cert.gov/cas/bulletins/SB08-196.html
Microsoft -- windows-nt
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, XP SP2 and
SP3, and Server 2003 SP1 and SP2 allows remote attackers to conduct cache
poisoning attacks via unknown vectors, aka "DNS Cache Poisoning
Vulnerability," a different vulnerability than CVE-2008-1447.
unknown
2008-07-08
9.4 CVE-2008-1454 MS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
I know a fair amount about computer security and safety and helped beta test
Windows Vista Ultimate 32 bit edition for Microsoft as a volunteer. I got
the DVD with the ISO image from a friend named Jeff who was a systems
engineer and also testing Vista for Microsoft and then got approval from
Microsoft to test it and inputed the given product key that Microsoft gave me
for the evaluation version. The problem is that Microsoft has only one line
of code and that makes it that much easier for hackers to target many
machines and take them over.
With Windows 98 Second Edition, a single machine might have been compromised
but not the whole network. I have had problems with a workplace that I
recently worked at that stupidly switched to all XP machines and did not
leave any 98 Second Edition machines in place and that included my own
Windows 98 Second Edition machine there. That was a huge mistake that I
don't think the business will repeat. With the 98SE machine, I knew and I
was right that my machine would be very unlikely to be hacked compared to the
compromised machines of the NT (XP Professional) in this case. The incident
happened in the summer of 2007. I will give you more details via secure
email if you like.
I have read in a book about Microsoft that early system engineers complained
that NT did not have a true maintenance operating system like DOS. Chris
Quirke, MVP. has a good article about the safety and security concerns.
Windows 9x is safe at its core compared to Windows NT line which includes
2000, XP and Vista of course. There was also a rumor a while back that parts
of the NT source code were leaked over the Internet compared to the 9x source
code which was never leaked over the Internet, AFAIK.
(Note: Chris Quirke's 9x website talks about the 9x compared to NT security
and safety discussion)
There is also Unix/Linux technologies and I have played around a little bit
with Ubuntu Linux but I am in no way proficient with it and have only read a
small portion of a big book about Ubuntu Linux.
Finally, my question to you is that I know about the economics and how
costly it would be for Microsoft to continue the 9x line or even overall it
to make it usable in today's environment but wouldn't the economic cost be
worth the great reward. I have friends of mine at summer camp who are
planning mainly on building 98 Second Edition machines just for the ability
to play older games and secondly because these friends feel as I do about how
it is harder to hack into a 9x machine with the proper safeguards applied
such as a wired router that has the wireless broadcast signal turned off so
as not to attract unwanted or uneeded attention from hackers.
If Microsoft will not develop the 9x source code then at least sell it to
the United States Military so that the Defense Department can more fully
protect their military infrastructure from external threats and even better
from potential internal threats from their network of computers from a
potential spy. The possibilities for 9x are endless and so please I ask you
as a professional to have Microsoft sell 9x kernel unless Microsoft is
willing which I think would be a smart business move to invest money in the
another Windows 9x that would not subtract features such as easy access to
DOS and ideally the ability to play old classic games like Windows Millennium
(ME) did.
I am a gamer who is a Generation X'er who got his start on an IBM PCjr
playing King's Quest 1 on a 5.25 inch floppy disk that was made by Sierra On
Line and had 16 colors and the speaker on the machine supported 3 sounds at
once which was cool. The game had 128 kilobytes on one disk and how is that
for compression despite the obvious limitations compared to today's games. I
still have this machine in storage and it still works! The interesting thing
is that a poster to Game Informer which I read posted about how he was 17 and
liked older classic games and his friends made fun of him for it and his
first name was Daniel too. <grin>
I also enjoy reading PC World, 2600 which is a hacker magazine (I must keep
up to prevent hackers from compromising all of us), and other computer and
network books. I took several computer classes in college and who knows I
may go back and get another undergraduate degree but this time in computer
science. I know that a dream will allow a little guy like me change the
world despite all the challenges life has thrown at me. Please feel free to
contact me by email or I can contact you by email. My email address is with
Microsoft and on their records. I can also give you an srx number on a
recent case with Microsoft if you need to confirm my identity. Thanks again
for all you do, Steve and Go Microsoft!
"Steve Riley [MSFT]" wrote:
> Biometrics can never replace passwords, because they aren't secrets.
>
> It's me, and here's my proof: why identity and authentication must remain
> distinct
> http://technet.microsoft.com/en-us/library/cc512578(TechNet.10).aspx
>
>
> --
> Steve Riley
> steve...@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <D...@discussions.microsoft.com> wrote in message
> news:774EE7CB-CA2B-4E7B...@microsoft.com...
Daniel Petri <MVP>
and entire OS is far more secure than today's "Windows NT" - i.e. Vista?
--
Sincerely,
Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il
"Dan" <D...@discussions.microsoft.com> wrote in message
news:175E7266-E50E-40A2...@microsoft.com...
Steve Riley [MSFT]
The Windows 3.1/9x code was designed and written in an entirely different
age -- one in which TCP/IP was not the standard networking protocol, one in
which indeed networks were rare, and one in which everyone (we and our
customers) assumed that only good guys used computers.
The world no longer lives in that age. If you take any kind of system
(operating system, engineering system, whatever) and place it in an
environment that is wildly different than the original assumptions, that
system will fail catastrophically. There is simply no way we can retrofit
that very old code to function correctly in today's world of intentional
attacks.
I'm not exactly sure how you can make the statement that "a 9x machine with
the proper safeguards such as a wired router that has wireless broadcast
signal turned off" is more secure than XP or Vista. Firstly, an XP or Vista
box behind such a router would be equally "safe" from attack. Secondly,
disabling SSID broadcast in reality does not accord you any security -- see
my article here:
http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
You quote a specific vulnerability below, about DNS, and you then make the
argument that this is a reason the military should be using 9x instead of
XP/Vista. How does that follow? How do you know that 9x doesn't have the
same vulnerability? No one can know, because we don't test 9x anymore. It's
simply too old.
And you mention our password checker. Actually, I think its recommendations
aren't strong enough, and I'm working with the folks who own that feature to
improve its strength.
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:175E7266-E50E-40A2...@microsoft.com...
Dan
"Daniel Petri <MVP>" wrote:
> So, to make a long story short, you claim the the "Windows 9X" source code
> and entire OS is far more secure than today's "Windows NT" - i.e. Vista?
>
> --
> Sincerely,
>
> Daniel Petri
> MVP, Senior IT consultant, trainer
> www.petri.co.il
The NT source code has much more security. The external security of Windows
Vista is especially good. The internal safety and core of 9x is safer than
the core of NT being based upon MS-DOS which is the maintenance operating
system of 98 Second Edition. What maintenance operating system does Vista
have? Please see Chris Quirke, MVP website.
http://cquirke.spaces.live.com/blog/cns!C7DAB1E724AB8C23!336.entry
I am talking about the debate that Chris Quirke, MVP talks about the safety
and security comparison. The best example I can give is to think of a major
fortress with great fortifications that is extremely hard to break through.
This major fortress represents the Windows NT source code and is especially
good right now in Windows Vista Service Pack 1 which I am using right now and
writing this post from Windows Vista Service Pack 1. Heck, I would not have
been a volunteer tester for Windows Vista on security if I did not like
Microsoft products and did not feel Windows NT was secure. For mobile
technology such as laptops I would highly suggest Windows Vista over any
other Windows when a person is traveling. However, with the proper
safeguards Windows 98 Second Edition can be made fairly secure if a user is
connected by a wired router to the Internet with anti-spyware programs such
as Spybot Search and Destroy and SpywareBlaster and using a currently
supported browser in 98 SE such as Mozilla Firefox which is currently
supported 98SE at least until December 2008 with Mozilla Firefox 2.
The problem here is that the Windows NT source code that includes Windows
2000, Windows XP and Windows Vista is meant to be managed by the IT
Professional and not by individual users. This is usually great in an office
environment that needs to limit the user's rights and grant usually the
majority of users a standard account and a few limited users an administrator
account. However, for home users such as when I am at home and not at work,
I like Windows 98 Second Edition because I enjoy playing older DOS games and
using older DOS programs that will not run in XP or Vista. In addition, if
someone does manage to break through all the external security of XP (not
sure about Vista since it is so new and indeed more secure than XP) then the
hacker(s) can wreck havoc on the network. This is what happened at my old
workplace when I went away on vacation during the summer and the higher-ups
decided it was time to get rid of Windows 98 Second Edition for good and only
have Windows XP Professional computers at my workplace.
Apparently, during the summer someone hacked the network and whether it was
an inside job (which I now suspect) or an outside job the individual(s) knew
their stuff really well. They undid all my work that took me a full year to
implement and bring the workplace from really bad computer problems to a well
functioning network and undid it in a matter of 3 months while I was gone.
If you have not figured it out yet, it was indeed a school that according to
the main computer network administrator Stephanie she said that former
individual(s) had left the school prior and destroyed the computer network
because these individual(s) were mad at the school and took their vengeance
on the computer network since they did not want to physically hurt the
children but it certainly hurt the children's ability to learn which really
makes me annoyed. Perhaps these individual(s) still had some prior access
that had not been revoked and were able to wreck havoc on the network during
the summer and it seems like they may have had to get on site and what better
opportunity while the main computer guy was out of the city.
However, if the few Windows 98 Second Edition machines had not been phased
out that summer then I would have been able to lean back upon those machines
since they were not accessible via the general school network and indeed did
not rely upon remote access which can be problematic when turned on as it was
with Windows XP Professional and with the Public School Network. I am
deliberately being vague about the specifics because this may end up being a
legal issue. In addition, Chris Quirke, MVP talks about the problem that
Windows Vista has because it lacks a true maintenance operating system like
MS-DOS in 98 Second Edition which had easy access to MS-DOS and good
backwards compatibility which Windows ME lacked. Windows ME looked good and
worked okay and did have better general USB support than 98SE but it really
was a joke and crippled operating system in my opinion since it lacked so
much and broke so easily. Finally, this proves the importance of the 9x
source code for the safety such as using one 98 Second Edition computer for
backup of the workplace that only one trusted individual who has been with
the company for many years is allowed to access. I have heard from my friend
John about how some businesses in New York State have used a 98 Second
Edition machine in the past as a gateway to the computer network which sounds
like a really smart idea. Windows 98 Second Edition also allowed consumers
who want to play old games to play the older games and individuals like
myself to work in a true text based interface and do away with the
limitations of a GUI interface. Just my two cents for what it is worth.
Dan
"Juergen Nieveler" wrote:
> Dan <D...@discussions.microsoft.com> wrote:
>
> > Bingo! You solved the issue and yes it is one of those cheap
> > fingerprint scanners where you just swipe your finger so it must have
> > already had the image of my fingerprint on the scanner. It sounds
> > like someone would need to clean the fingerprint scanner each time and
> > it does indeed seem very easy to fool. So much for the security of
> > Biometrics at least cheap Biometric devices
>
> There's a reason why Microsoft warns not to use their fingerprint
> reader for any security-sensitive stuff, it won't allow you to log on
> to a domain, for example...
>
> Juergen Nieveler
> --
> Line noise provided by German Telekom!
>
Daniel Petri <MVP>
concepts Dan. Sitting behind my desk and reading your post about how your
school network was hacked all I can think of is that someone should have
done a better job in protecting their network. How can you even begin to
compare the strength of a properly-configured (I emphasize
"propery-configured"!!!) Windows XP/Vista machine with ANY Windows 9X
machine, when related to security??? Saying that 9X is better just because
someone hacked into a poorly-protected and wrongfully-configured network is
like claiming that a VW Beatle is far better than a modern car because
modern cars use computers to control almost any aspect of their engine and
behavior, therefore if someone hacks into that computer, all modern cars
will stop working. Right. Let's all just use MS-DOS because you "like to
play DOS games"... Sorry. Posting long answers doesn't qualify them as
correct.
--
Sincerely,
Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il
"Dan" <D...@discussions.microsoft.com> wrote in message
news:B7ECB637-506D-4DF7...@microsoft.com...
Dan
source code is now so old and not really useful then would Microsoft be
willing to sell it. I can think of some buyers who would be willing to pay
good money for the 9x source code and since it is no longer useful to
Microsoft because it is so old then why not just get rid of it and be done
with this now useless technology.
The NT source code was leaked:
http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.mspx
Paul Adare - MVP
> Thank you for your feedback, Steve. I was wondering since the Windows 9x
> source code is now so old and not really useful then would Microsoft be
> willing to sell it. I can think of some buyers who would be willing to pay
> good money for the 9x source code and since it is no longer useful to
> Microsoft because it is so old then why not just get rid of it and be done
> with this now useless technology.
Intellectual Property is not all about bits and lines of source code. You
also need to consider the algorithms that are being used. Just because
Windows 9x is no longer being sold or maintained does not mean that there
is no IP in the source code that Microsoft needs to protect.
>
>
> The NT source code was leaked:
>
> http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.mspx
This is pretty much a non-sequitur. Just because some source code was
leaked, it doesn't follow that Microsoft should sell off old source code.
While Chris Quirke is an MVP that does not mean that his whole "maintenance
OS" concept is endorsed by Microsoft, nor does it mean that it is endorsed
by the security community at large.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
No program done by an undergrad will work after she graduates.
Dan
9x uses. Thus, my point that Windows 9x is not without value in the modern
computing environment.
I still use Windows 98 Second Edition and go online with it with Mozilla
Firefox 2.0.x. The only big problem I have with Windows 98 Second Edition
now is that it has some trouble keeping up with the hardware on my machine.
My desktop is a custom built one and is maintained by me and my friend Jeff
who is a systems engineer. Windows 98 Second Edition is in Fat32 and on one
hard drive. I have Windows XP Professional on the other hard drive in NTFS.
I use a Toshiba Laptop that has Windows Vista Home Premium Service Pack 1
because I do see the value of Vista's Security especially when travelling.
It currently has an OEM version on it but I plan to go with a full retail
version when my warranty with Toshiba expires which is fairly soon.
The rationale behind a custom built machine is that it is mine and I get to
choose the hardware parts I want on my machine and if a vulnerability is
targetted for a particular macine then no worries because mine is custom
built. In addition, by having clean installs of Windows 98 Second Edition
and XP Professional then you can have a clean start and not deal with all the
craplets that come with buying a PC outright. Sure, I can use an emulator
for games to run in XP Professional which is indeed nice but XP to me does
not have the same feel as the machine being fully mine like 98 Second Edition
has.
Windows XP and Vista are great for the modern workplace where a main IT
techie must maintain the whole computer network and carefully harden security
protocol and limit the amount of administrators in the network to limit the
potential damage to the network. However, if I was running a business I
would certainly have at least one computer with Windows 98 Second Edition
that was not connected up with the rest of the domain to help ensure that if
the network was hacked then at least all the important protocols and
procedures were backed up on this computer.
Ideally, this 98 Second Edition computer would be offline for safety reasons
but you could have another 98SE machine or 2 on-line that were there purely
for backup reasons if the whole network went down then at least you could
still have access to the Internet via your 98SE machines and even have those
networked seperately if you liked.
My rationale for another 9x or if that is not possible then an entirely new
Windows source code is that NT is dated as well and never fully had what it
should at the beginning of its life. At least Windows 9x had DOS as a
maintenance operating system, according to Chris Quirke, MVP. The Windows NT
(New Technology) kernel was joked as being Not There by early Microsoft
Systems Engineers because it was not there by lacking a maintenance operating
system.
Finally, by Microsoft having 2 lines of source code which was indeed
expensive and time-consuming for Microsoft to support iis that t at least it
gave the consumer a fighting chance. The reason is that most hackers much
prefer to go after the higher financial rewards of big companies such as
banks and so did not bother with the little people who just connected with
their home PC via dial-up on a Windows 9x machine.
As many people can see now even dial-up users are being targetted more
frequently because hackers are trying to get anyone who is not properly safe
and secure in the pc world. Sure Windows 98 Second Edition is not secure
but it is safe because it has less services then XP Professional and if
anyone tries an experiment of putting 2 computers with 98 SE and XP
Professional on-line and leave them with the defaults attached which computer
will be compromised first. If you guessed the XP Professional computer then
you are correct. This can be proven in a test environment. Of course the
98SE password is a joke that users can easily get around but it is safe as
Chris Quirke, MVP maintains and I fully agree with his analysis on this
because he is a really smart guy. The 98 SE machine was and is mainly meant
for the home consumer who does not need many accounts and is not nearly as
concerned with security as the company with Windows XP is and of course
should be.
The home user wants the computer to play games and function well in getting
some work done perhaps by using Office which users can actually still use
Windows Office XP on a 98 machine. I have done it and it works and the
Office XP Professional side still is being maintained by security updates
from Microsoft. I apologize for the long posts but it is my way of getting
my point across and sure I see that I may have to examine parts of my logic
that are flawed but I also encourage you professionals out there to have an
open ended mind towards the safety and security debate. Thank you all so
much for your feedback! It is critical to have competition in the
marketplace because it allows consumers such as myself to have free choice
when I choose to use Mozilla Firefox instead of Internet Explorer for many
instances but the Active X technology of IE is useful on certain websites
especially when you want to auto-update and you have to install and load the
Active X module. Thus you can see that I am not anti-Microsoft and I love
and enjoy using their products as well as trying out and testing other
products such as Mozilla Firefox, Apple computers and Ubuntu Linux on my
Windows PC.
Dan
great grasp of the security aspect of protecting computers. Now here is my
view:
1. Please implement all of your security protocols
2. Use Windows 98 Second Edition Machines as a safety internal protocol as
Chris Quirke, MVP suggests how the internal safety of 9x is awesome and makes
remote hacking difficult thus when someone does manage to hack a network they
cannot overcome the internal safety of the 9x operating system that has the
maintenance operating system of DOS that Chris Quirke, MVP maintains is
sorely lacking in Vista.
Consider the possibility of having one 98 Second Edition machine as a
Gateway to the Network.
3. Maintain certain machines as off-line only in locked and secure rooms
with minimal access and information only given on an as needed basis as is
done in the military and at defense companies like Raytheon after full
background checks and after enough time has passed that you can prove the
person is not a spy.
4. Implement the proper configuration and customize hardware options of all
machines so if a certain machine that is released in the market has been
compromised the security and safety of your network is not at risk.
5. Inform US-Cert (Department of Homeland Security in the States) of any
attempted and seriously probing of your network.
6. Ideally have special catching machines to attract high level hackers to
them for highly valued informaion via the proper protocol of bait and catch.
7. Have Fun and See How Many Hackers you can Catch and Remember this is
Truly all a Game of being able to one up the hackers --- ideally Microsoft
will soon have a 3rd source code that can finally put 9x and NT to rest and
have the best of safety and security within one source code but I wonder if
this is even possible but certainly Microsoft does need a new source code.
Thanks Again for all of your Advice and Your Great Blog and Feel Free to Let
Me Know My Shortcomings in the Debate --- I really appreciate your Feedback
"Steve Riley [MSFT]" wrote:
> Biometrics can never replace passwords, because they aren't secrets.
>
> It's me, and here's my proof: why identity and authentication must remain
> distinct
> http://technet.microsoft.com/en-us/library/cc512578(TechNet.10).aspx
>
>
> --
> Steve Riley
> steve...@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <D...@discussions.microsoft.com> wrote in message
> news:774EE7CB-CA2B-4E7B...@microsoft.com...
Steve Riley [MSFT]
1. More detail, please. Which ones do you have in mind that we haven't
implemented?
2. There is no "internal safety" in the 9x code. If you connect a 9x
computer to the Internet, it will get attacked. There are plenty of ways to
boot a computer with an alternate operating system if you need to perform
some kind of maintenance. (Note that as more and more people move to volume
and drive encryption, there will be additional steps, especially around key
archiving and recovery passwords.)
3. This is a typical recommendation for root certificate servers -- they are
the sources of authority for identity and they don't need to be online, so
keeping them disconnected and physically secure is sage advice. (And note
that you can't really ever "prove" that someone isn't a spy -- you can't
prove a negative.)
4. Most organizations achieve huge support cost savings by _standardizing_
on hardware. Per-machine custom twiddles add unnecessary complexity, which
increases the likelihood making configuration mistakes, which attackers will
then exploit. (The TPM chip, a hardware device that can store encryption
keys among other things, provides a useful machine identity.)
5. Can't argue with that.
6. You're talking about honeypots and honeynets. They're interesting for
learning about attacker behavior and motivations, but they aren't security
devices.
7. I'm not sure why you insist that the current version of Windows is the
same as NT. Over time we have rewritten much of the code. One example is the
IP stack in Vista/2008 -- it's all new.
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:A415E3B7-1750-44E6...@microsoft.com...
Dan
has been helped in this newsgroup. I just like the idea of having a totally
brand new code which I wonder if it will happen after Windows 7. I am
referring to this article in particular.
http://iht.com/articles/2008/06/29/technology/digi20.php
Root Kit
<D...@discussions.microsoft.com> wrote:
>I just like the idea of having a totally brand new code which I wonder if it will
>happen after Windows 7. I am referring to this article in particular.
>
>http://iht.com/articles/2008/06/29/technology/digi20.php
Brand new code is seldom very stable and mostly buggy. And what would
be the reason for throwing away years of development just for the sake
of starting from scratch?
The article's comparison to Mac OS X is a bit far fetched, since Mac
OS X builds on an "old" Unix code base. Not that this is a bad idea at
all, but talking about "brand new code" in this context may be a
little .......
Dan
The multi-leveled security approach must include external security with NT
as well as internal safety of 9x. I have maintained this approach for a
while (since at least 2001) and have not seen compelling enough evidence to
make me change my views despite reading numerous technet articles at
Microsoft, taking computer courses in college, working with PC's since about
1984 when my Dad, Ivan taught me BASIC programming on an IBM PCjr which I
still own and it still runs. I feel that being a gamer as well has helped
expand my mind to see further aspects of the debate and not be too focused on
one side.
For example, Mozilla Firefox supports 256 bit AES encryption with Windows 98
Second Edition but Internet Explorer is so unfocused on security and safety
that it only allows a maximum of 128 bit cipher strength unless users except
Vista which has a great security aspect but still needs work on the
compatibility side as I mentioned the strange issue with my IPOD Mini and not
working with Vista one day and the next day working when I went to the Apple
Store and the music played on Itunes and I felt like a fool although I think
the tech. believed me although that does not matter to much. In addition,
the convenience of ActiveX technology within IE is great for auto-updates but
presents another front for hackers to compromise systems as well as the
remote access within XP as well as not tightening up IE default (stupid and
weak) security settings. I think Microsoft's mistake was in 1998 when they
decided to tie Internet Explorer as an integral part of the Windows operating
system. As I said before, Microsoft is not alone in this because Apple ties
Itunes with Quicktime and if you remove Quicktime then you get an error
message and cannot run Itunes. The whole issue of tying products as one is
stupid and makes computer users much less safe and secure because then the
computer user has to deal with security issues in both products when they may
use only one such as me only using Itunes and not caring about Quicktime but
having to update and maintain it as one. Anyway, I broke my word about not
continuing this debate until Annie's computer issue is fixed and so I am
sorry about that but I tend to be impulsive sometimes.
"Paul Adare - MVP" wrote:
Dan
mantra especially regarding Robear, MVP who you were mean to and I have not
forgotten that but I have not plunked anyone yet. You do have a valid point
and thus the need for incorporating the NT, 9x, and potentially Unix/Linux
and/or a new code within one.
I certainly do not have the expertise to accomplish this task but it is at
least food for thought even if it is not possible while I write this feedback
on the 98 Second Edition side of my computer on a Fat32 drive compared to the
NTFS drive with Windows XP Professional on it. I still want to play around
more with Ubuntu Linux but do not have enough time because of work and life.
I had to remove 2 ram sticks and put in a 512 megabyte Sdram module to
replace the 2 gigabytes of ram that are not supported in 98 Second Edition
even despite my attempts at it with the memory management article.
http://www.winsupportcenter.org/win4/a/memmgmt.php
Root Kit
<D...@discussions.microsoft.com> wrote:
>Thank you for your feedback, b_nice but remember to try and follow your
>mantra especially regarding Robear, MVP who you were mean to
Am I misinterpreting something, or are you actually asking me to be
mean to you?
>and I have not forgotten that
Your memory situation is of no relevance to the topic discussed.
>but I have not plunked anyone yet.
I assume you mean "plonked".
Even if you did, I wouldn't loose one minute of sleep over it. What
makes you believe I'd care? Just stick to the topic.
Dan
Dan
Root Kit
Dan
his inability to view this post. From Chris Quirke posted via Windows Live
Mail (aka Hotmail)
-------------------------------------------------------------------------------
I can't find the thread, but you could paste from this reply if you like...
In summary; because 9x was designed as a stand-alone rather than
network client OS, it is indeed potentially safer than NT. But the code
base is too outdated to deal with modern hardware, and what makes it
safer as a stand-alone OS, also makes it less secure as a network OS.
As pro-IT folks will point out; 9x has no effective per-user security, as
NT on NTFS can provide. Server-centric networks need this security
to work, to manage users (rather than PCs) and to create artificial
scopes in a pervasively networked environment.
The underlying technologies of this security could be more useful for
consumers, if freed from the user-centric mindset that pervades pro-IT.
If you were to align these technologies according to code, and to
maintain scopes between data vs. code, local vs. remote, etc. then
they could play a meaningful role in keeping stand-alone consumer
PCs safe from web and malware attack.
But as long as the design is based on user accounts and logon,
with the ASSumption that all code running during the user's session
represents the will and intentions of the user who logged in, we aren't
going to get anywhere. As long as all code within even the most
limited of user accounts giving all code the right to see, change and
destroy user data, this system won't protect user's interests.
As long as the Internet is treated as a big network, safety failures
will abound. The core difference between Internet and networking
is that the former requires interaction between untrusted parties;
that is in fact the standard interaction in that environment.
It's not helpful to prove a stranger has a particular name, if you have
no template of expectations for that proven identity. Only when a
proven identity can be matched with such expectations, do you
shift into networking between trusted entities.
Instead, you need to limit the potential impact of interactions - and
that boils down to the distinction between data that is safe to view
or edit, vs. code that is dangerous to run.
Pro-IT could not tolerate the inability to scope between users, via
NT's user rights security. As Internet consumers, we need a similar
ability to scope between data safety and code risk.
Both scopes are artificial; just as there's no hard line between users,
so it is argued there is no hard line between data and code. However,
just as pro-IT strives to create an artificial line between users, so we
should strive to create and maintain a line between data and code.
------------------------------------------------------------------------------
Dan
Steve Riley [MSFT]
such a phone will never receive or transmit unwanted conversations, and the
users of such phones will never be bothered with advertisements, thoughts
that challenge their perceptions, or interesting and surprising
opportunities.
A standalone computer certainly is secure, and keeps its users safe. For
such a computer will never receive or transmit unwanted software, and the
users of such computers will never be bothered with advertisements, thoughts
that challenge their perceptions, or interesting and surprising
opportunities.
No risk = no reward.
The value of a networked system increases as the square of the number of
elements in that system. A single system has a value of 1^2=1; a two-element
network has a value of 2^2=4; a three element network has a value of 3^2=9;
and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May
2007: http://www.forbes.com/forbes/2007/0507/052.html.)
Chris's distinction between the Internet and "a network" (presumably
private, for Chris doesn't specify) isn't useful today. The network effect
is clearly evident on the Internet; I'd argue that in a private network, the
network effect is diminished. Why else would we all be rushing headlong into
the eventual recognition that private corpnets truly belong on the Internet,
and that continuing to make the distinction means a loss of real business
value? (Scott Charney, "Creating a more trusted Internet,"
http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf;
Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
I quote our own materials here as evidence of the demand from
forward-thinking customers that the industry envision new practices and
develop new technologies that allow for the full realization of the network
effect. Chris's argument that per-user security "creates artificial scopes"
doesn't reflect reality. On the contrary, _stronger_ per-user (and
per-machine) identity and authentication are critical for allowing the
network effect to flourish. Indeed, the lack of strong identity and
authentication has been a hindrance, and that's why you see technologies
like smart cards and TPM chips becoming more common. When we reach the point
where all communications are in the context of validated identities, carried
in transactions with integrity and confidentiality protection, between
endpoints that mutually authenticate their identities and their
configurations, then who cares whether the underlying network is trusted or
not?
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:64852B3D-D174-4D66...@microsoft.com...
Dan
vulnerable thus my point being valid about having 98 Second Edition machines
within a network for internal safety reasons and potentially to act as
gateways. How can we allow our military and top secrets to be leaked.
Please see the United States Computer Readiness Team at the Department of
Homeland Security and so you can see how I am getting at the true value of a
source code that is flexible enough to offer external security, internal
safety, and more. Thus we have a source code matrix as presented below. I
am not skilled enough to write the code for this yet but I bet Microsoft and
others are.
--------------------------------------------------------------------------
NT= New Technology --- outer defense network
9x = Internal Safety --- based upon DOS as maintenance operating system --
lacking in XP and Vista --- no true maintenance operating system according to
Chris Quirke, MVP --- Vista is indeed great on security issues but still
lacks in compatibility as the FAA has mentioned only using Windows 2000
(which I like as well --- totally old-school reminds me of Windows 98 Second
Edition) as well XP machines (which are good but too vulnerable in this day
and age due to the large surface area created by too many services and not
having strong enough default settings within Internet Explorer -- another
reason to separate the browser from Windows like the Justice Department
mentioned rightly in the 1998 case although Apple should be investigated now
for the practice of tying Quick time with Itunes and I feel this practice of
tying software must be banned for safety and security reasons in the future.)
Unix/Linux/Mozilla/etc. --- third party programs and open source
technologies mingling as one with closed proprietary software which is
protected by IP. Thank you for continuing this discussion.
-------------------------------------------from us
cert------------------------
Vulnerability Note VU#800113
Multiple DNS implementations vulnerable to cache poisoning
Overview
Deficiencies in the DNS protocol and common DNS implementations facilitate
DNS cache poisoning attacks.
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
vulnerable)
http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)
http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether vulnerable)
I am sure you know see that 3 dans --- 2 on that website and myself another
Dan have helped bring this issue to light about how critical it is --- kind
of boggles the mind doesn't it ---- good reason to bring 98 Second Edition
and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is
the only one that has the resources to do this and the whole world now needs
your help -- Thank You for seeing the Light of our current situation within
the Defense Network.
----------------------------------------------------------------------------
Steve Riley [MSFT]
secrets to be leaked" and thus requires the use of some other operating
system. You simply cannot make this assertion, for two reasons.
1. NO ONE KNOWS whether your suggested operating system has the same
vulnerability.
2. ALL software has vulnerabilities, many of which allow attackers to take
control of a system. Establishing good security practices (patch when we
release, install only the services you need, apply the principle of least
privilege to data, and so on) is MORE important than the particular piece of
technology you've chosen to deploy. And the older the software is, the more
difficult it is to manage and the more likely it is to get attacked --
because older software was not written to be centrally-managed (no group
policy and no machine identity in 9x, for instance) and was not written with
resiliency in mind.
And this talk of "internal safety" regarding 9x is really nonsensical. Vista
and even XP+SP3 are FAR more difficult to attack than 9x was. We at
Microsoft have the benefit of about 10 years of historical data from Watson
reports (online crash analysis, Windows error reporting). We can divine a
lot of information about attacks from this data. Whereas in the past most
attacks were targeted at the operating system, this is no longer true. The
majority of crashes we see now come from third-party software installed on
the box. And in this case, crashes are good: various features in the
operating system (DEP, ASLR, SRP, and more) have detected that something
malicious is happening, and stop it before the attack succeeds. You could
never do that with an OS as simple as 9x.
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:1D0AF19C-B164-450F...@microsoft.com...
Dan
2. That is true but XP and even Vista are totally focused on external
security. Can Microsoft remotely work on a Microsoft Windows 98 Second
Edition computer via India like Microsoft can work on a Windows XP
Professional computer? Microsoft has done remote access work on the XP side
of my dual-boot computer which is in NTFS. My computer has a Western Digital
Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
Professional.
3. I have tried out Ubuntu Linux within a Windows environment within XP
Professional. I have run Windows Virtual PC 2007 within Windows XP
Professional. It is great but it does not fully meet my needs as a consumer.
Consumers want to play games. My friend Chris from camp is going to build a
98 Second Edition computer with my old motherboard. He wants to play old dos
games that he enjoys. The nice thing about 98 Second Edition is that you can
exit to MS-DOS mode. This allows gamers to play games. It is all in the
Microsoft articles about compatibility.
http://www.aumha.org/win4/a/resource.php
http://support.microsoft.com/?kbid=146418
---------------------------------------------------------------------------------
Paul Adare - MVP
> 2. That is true but XP and even Vista are totally focused on external
> security. Can Microsoft remotely work on a Microsoft Windows 98 Second
> Edition computer via India like Microsoft can work on a Windows XP
> Professional computer? Microsoft has done remote access work on the XP side
> of my dual-boot computer which is in NTFS. My computer has a Western Digital
> Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
> Professional.
You really need to stop parroting Chris Quirke. As a single source for your
arguments he leaves a lot to be desired.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
This system will self-destruct in five minutes.
Dan
less than 5 minutes. <grin --- just kidding and giving you a hard time> I
have realized that I cannot take life very seriously and must laugh at myself
from time to time.
"Paul Adare - MVP" wrote:
Steve Riley [MSFT]
systems? They have zero relationship.
Besides, the presence of a remote assistance capability does not at all
indicate that the underlying operating system is inherently less secure --
just like the absence of such ability does not indicate that the underlying
operating system is inherently more secure. The remote assistance feature:
* is disabled by default
* requires you to enable it before any connections are permitted
* requires you to invite someone else to connect
* encrypts the communications path with 128-bit RC4
* allows you to disconnect the session at will
Using your terminology, these steps provide sufficient "internal safety."
There is no way that someone from anywhere in Microsoft (not just India) can
or would connect to your computer without your knowledge and consent.
Linking back to file systems -- you do understand, of course, that your
FAT-formatted C: drive is accessible to any remote assistance session. Say
you have Windows 98 on that drive. A malicious remote assistance user could
easily replace those files and -- if you weren't watching -- you'd have no
idea until you next booted it. Compare this Windows Vista: if someone
replaced parts of the non-booted operating system, then next time it's
booted, Windows integrity protection and system file protection alerts you
to this; the system either refuses to boot or reverts to its original state
(depending on what was maliciously overwritten). Again, Vista's "internal
safety" is vastly improved over that of any previous version of Windows.
I don't know what else I can say to help you understand.
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:2EB67198-4ACB-4437...@microsoft.com...
Root Kit
<steve...@microsoft.com> wrote:
>Dan, how in the world have you conflated remote assistance with file
>systems?
Dan, the novel writer, can conflate anything.
>They have zero relationship.
Please don't confuse Dan with facts.
Dan
to some of this stuff. He has trouble viewing this newsgroup.
Chris Quirke, MVP replies:
At 10:56 23/7/2008, you wrote:
>It would be nice if you could post to the microsoft.public.security
>newsgroup where this heated debate is going on in biometrics.
Newsgroups are tricky for me right now :-/
> > "Steve Riley [MSFT]" wrote:
> >> 1. NO ONE KNOWS whether your suggested operating system
> >> has the same vulnerability.
Or different problems with similar impact. Consider the years of "safe" RPC
in NT up until the patch, and the mass exploits shortly thereafter...
for all we
know, folks may have been quietly exploiting that vulnerability for years.
> >> 2. ALL software has vulnerabilities, many of which allow attackers to
> >> take control of a system. Establishing good security practices (patch
> >> when we release, install only the services you need, apply the principle
> >> of least privilege to data, and so on) is MORE important than the
> >> particular piece of technology you've chosen to deploy.
Yup - and I'd love to apply the principle of ripping out risk surfaces
that I don't need, but that's hard when they are welded into the OS.
I take Steve's point that a supported and patched code base is more
likely to get defects discovered and fixed, but as a stand-alone user,
I'd feel safer on an OS designed as such, not as a network client -
especially when these networking surfaces are exposed to the Internet.
> >> And the older the software is, the more difficult it is to manage
True
> >> and the more likely it is to get attacked --
Possibly false, if the older OS has shrunk its market share and is
different enough to avoid being cross-exploited by attacks made on
newer and more popular OSs. IOW, much of Win9x's present
safety (in terms of less often being attacked) may be similar to that
for MacOS and Linuxen; it's now a minority OS.
> >> because older software was not written to be centrally-managed
> >> (no group policy and no machine identity in 9x, for instance)
That's relevant to managed, network-centric IT, but that's not where
we live. That mindset is part of our problem, because in our world,
there is NO remote entity who should control our PCs under any
circumstances. The presence of such facilities is needed so pro-IT
can manage network clients, but it's all risk and no benefit to us.
> >> and was not written with resiliency in mind.
The design briefs were different, so we don't expect 9x to be as
stable as NT. It wasn't too bad, in my experience over the years.
> >> Whereas in the past most attacks were targeted at the
> >> operating system, this is no longer true. The majority of
> >> crashes we see now come from third-party software installed
> >> on the box. And in this case, crashes are good:
IKWYM - "Error messages are your friends"...
> >> various features in the operating system (DEP, ASLR, SRP,
> >> and more) have detected that something malicious is
> >> happening, and stop it before the attack succeeds. You
> >> could never do that with an OS as simple as 9x.
There are several factors that come in here, not just how easy it is
to attack a system. Opportunity, i.e. are exploitable surfaces
exposed? How easy or difficult is it for the user to find the malware
files, or their integration points? Can the user get "air superiority"
over the malware, e.g. by tackling it without running it first? IOW,
concerns go beyond infectability or attackability, and on to the ability
to non-destructively get the system back from an infected state.
> >> > 9x = Internal Safety --- based upon DOS as maintenance
> >> > operating system -- lacking in XP and Vista --- no true
> >> > maintenance operating system according to Chris Quirke
That's certainly not true as at 2008, if you define maintenance OS
as an OS (that runs arbitrary apps) that can access and manage a
HD installation without running any code from it.
DOS can't work safely over 137G, nor is it effective on NTFS - so that
kills it for Vista, and for anything > 137G.
The best mOS I've used so far, has been Bart, which builds a bootable
CDR environment based on the XP/2003 family (SP2 and later) code
base. This can handle NTFS and Win2000/XP/2003 (not Vista) registry
hives, so that registry-aware tools can act on these hives as if they were
active. It also supports the best range of tools, in my experience, and
can work in 64M RAM. Limitations: Can see USB storage only at boot
time, not on the fly; no firewall; hard to patch beyond SP baselines, and
can't "see" many modern S-ATA hard drive interfaces.
WinPE 2.0 is now available to the public, is based on Vista, and is in
many ways a promising mOS. Compared to Bart, it has better USB
support, allows boot CDR to be ejected and replaced, has built-in
firewall, but requires 512M RAM and fails to run many of the tools
that work in Bart. I find it harder to integrate tools into WinPE than
Bart, and there's no ability to transparently map the HD installation's
registry hives into place for registry-aware tools.
Linux can now natively read NTFS, so qualifies as a mOS too... but
there's no ability to access the HD installation's registry, either in a
transparent manner, or as a crude binding of hives via a Regedit (which
breaks expected registry paths, thus not transparent).
So right now, formally accessing XP and Vista isn't really the problem
that limits post-infection malware management. A bigger limitation is
the quality of the scanners that one can bring to bear via these mOSs.
I find the best mOS-supported solution right now, is XP + Bart. Next
best would be Vista and 9x, both suffering from the inability to run
registry-aware tools against the inactive HD registry hives. Ironically,
I now manage infected 9x PCs by scanning their HDs from Bart :-)
> >> > "Steve Riley [MSFT]" wrote:
> >> >
> >> >> A standalone computer certainly is secure, and keeps its users safe.
> >> >> For such a computer will never receive or transmit unwanted software
USB can be a problem, if the OS is stupid enough to clicklessly
autorun code off such storage. That may be more likely in the
newer OSs, which don't have a good track record there.
> >> >> The value of a networked system increases as the square
> >> >> of the number of elements in that system.
I don't find that case too compelling :-)
: >> >> Chris's distinction between the Internet and "a network"
: >> >> (presumably private, for Chris doesn't specify) isn't useful
I'd say it's essential, and not "getting" this is a critical safety failure.
Yes, by "network" I do mean "private network", with LANs and
secured WAN (e.g. VPN) in mind. In these network contexts,
membership is limited to trusted entities; the whole thrust of
pro-IT is maintaining those limits, managing identities, and
what these identities are trusted to do.
In contrast, the Internet is a world of strangers. It's meaningless
to prove a particular identity if the user knows nothing about that
identity (and thus has no basis to assess trustworthiness). Only
once you prove an identity that is known, can one think in terms
of networking, rather than generic Internet access.
Yes, it's possible to expose business networks to the Internet,
and to manage user identities and permissions on large networks.
However, it may be a highly-skilled full-time job to do so, and that
too will escalate with the number of systems on the network.
So the value equation that works so well for corporations, works
far less well for end users. That didn't matter to big business in
the old days, but now that end user systems collectively wield
significant bandwidth and computational power, it matters more.
> >> >> Chris's argument that per-user security "creates artificial
> >> >> scopes" doesn't reflect reality. On the contrary, _stronger_
> >> >> per-user (and per-machine) identity and authentication
> >> >> are critical for allowing the network effect to flourish.
That was a statement, not an argument - IOW, the fact that per-user
scopes are artificial, does not mean they are not worthwhile. It should
perhaps inform as to how reliable they can be expected to be, though.
My point was that the objection that "the difference between data and
code is artificial and blurred" will equally apply to the difference between
user identities, user accounts and login sessions. Both may be seen
as artificial and leaky, but IMO both are worthwhile concepts to design
in and to attempt to enforce.
This has been done fairly intensively for user identity management in
the world of pro-IT, where it is highly relevant. I would argue that we
should do the same for data/code separation and risk management,
particularly in consumerland, where it is more relevant than identity.
How many consumerland infections were caused by identity failures?
How many were caused by the correct user identity triggering code
that did things the user would not have wanted to happen?
> >> >> When we reach the point where all communications
> >> >> are in the context of validated identities, carried
> >> >> in transactions with integrity and confidentiality
> >> >> protection, between endpoints that mutually
> >> >> authenticate their identities and their configurations,
> >> >> then who cares whether the underlying network is
> >> >> trusted or not?
The point of failure there is not so much the network (though DNS
vulnerabilities may be relevant there) but in the assumption that an
authenticated system acts only within the intentions of the supposed
user of that system. You may really be talking to my PC, but what
it's doing may not represent my will; it may be acting under the direct
control of some other entity, or I (or the system) may have been
spoofed into initiating something I did not want.
Dan
continue this discussion in private. Thank you and have a great day.
Steve Riley [MSFT]
it.
However, I don't know what else I can write to you that I haven't already
mentioned.
--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <D...@discussions.microsoft.com> wrote in message
news:4020486F-6A10-4F1E...@microsoft.com...
Dan
of Microsoft products. Perhaps, I will email you on Friday.
Root Kit
<D...@discussions.microsoft.com> wrote:
>Thanks Steve. I really appreciate your interest in the security and safety
>of Microsoft products. Perhaps, I will email you on Friday.
So, for some odd reason, the rest of us are no longer allowed to
follow the discussion. Not that I feel I'm going to lose anything, but
it's wrong in principle.