The Fine Line Between Security and Usability 195
SkiifGeek writes to ask, "Where should vendors be required to draw the line when supporting deprecated file formats and technology? In a recent case independent security researcher cocoruder found a critical bug with the JET engine, via the .mdb (Access) file format, he reported it to Microsoft, but Microsoft's response came as a surprise to him — it appears that Microsoft is not inclined to fix a critical arbitrary code execution vulnerability with a data technology that is at the heart of a large number of essential business and hobby applications."
In my opinion (Score:4, Insightful)
Re:In my opinion (Score:5, Funny)
Explain Vista then.
Re: (Score:3, Funny)
Re:In my opinion (Score:4, Funny)
MS monopoly = Limited choice = Forced to use Win (Score:2)
... unless said alternatives don't exist. C.f. translation memory applications that can accurately and adequately handle Japanese text. The only one I'm aware of that runs on Linux, for example, is OmegaT [omegat.org], which still doesn't quite cover my needs.
And I'm far from alone, given what I've read here on /. and elsewhere about specific-needs software what can only be found on the Windows platform. Not a
Re: (Score:3, Insightful)
Whether Microsoft draws it at the right place is
Re: (Score:2)
That sounds good, though I'm trying to imagine quite how it would be done. One of the credos of security is "secure by default." In practice, this makes it very frustrating to get some things, like Cups remote printing, to work. Again and again, you find things intentionally "broken" and have to make an effort to get them to work. I'd rather allow somebody to run my printer out of paper than waste hours on it. (In p
Re:In my opinion (Score:5, Insightful)
1) Companies are only there to make a profit and don't have to care about things like environment, security,
2) Regulation is evil, let the companies do whatever they like and the market will sort it out.
Logical conclusion from 1) and 2) is that we're pretty much screwed and back to some kind of feudalism. And no, most people do not vote with their wallets and the Market will not sort it out magically (otherwise, CO2 emissions would already be on the way down and there wouldn't be all these environmental problems).
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And, anyway, actually the logical conclusion from 1) and 2) is that we should incentivize externalities via such measures as tradable pollution credits, thus making them directly bear on companies' bottom lines and encouraging a market-based solution, instead of imposing regulations by fiat.
Re: (Score:2)
Isn't that considered ligislating and taxing (two things which neocons and libertabians are opposed to)?
Don't get me wrong. I do agree that ultimately companies should pay the real (environmental, social,
Re: (Score:2)
Re: (Score:2)
No, it means we've ignored the problem (partially because less was known about it) for a long time and now there's no other choice but to face it. All the environmental issues you've mentioned are mostly on a local scale (less particle-based pollution in a city == cleaner air) and obvious. They are easier to deal with partly because a local change can make a differe
Re: (Score:2)
Oh yeah, I should be as worried about CO2 in the air as about heavy metals in the water supply.
Re: (Score:3, Insightful)
I don't believe it's a fundamental problem with capitalism itself. It's a problem with *unregulated* capitalism.
clueless morons who'd rather follow Big Corp's marketing dept. instead of educating themselves about the issues that affect them
Unfortunately, that won't be fixed unless the govt were to spend at least the same amount on advertisement as Big Corps to, which is highly unlikely (and possibly undesirable anyway)
Re: (Score:2)
I don't believe it's a fundamental problem with capitalism itself. It's a problem with *unregulated* capitalism.
Specifically, it's a well-known problem with free-market capitalism which has an informed consumer base as one of its axioms. Any logician will tell you you can prove anything if you start with false axioms[1].
Unfortunately, that won't be fixed unless the govt were to spend at least the same amount on advertisement as Big Corps to, which is highly unlikely (and possibly undesirable anyway). Otherwise, it's a lost battle.
Corporations are only allowed to advertise what, when and where the government permits. Advertising tobacco products was banned in the UK around a decade ago, and there are now moves to ban advertising unhealthy foods during children's television. Advertising prescription medicine to the general
But... (Score:2)
Re:In my opinion (Score:5, Insightful)
As correct as you are, there does not need to be a fine line between usability and security. There needs to be (and of course there will be) an ongoing evolution in software design to offer usability without compromising security. I reckon it won't be a long time before any software program that gets run in userspace (or any space) has to go out on bended knee requesting to do anything - forced to abide by a security policy by default which limits its access. I don't mean the old broad-brush users/groups/device permissions etc. model that is everywhere now, but stuff like "only allowed to read from this folder, only allowed to talk to this or that application, etc." with very low level behaviour controls.
I don't think this needs to result in a "the mouse pointer wants to move, confirm/deny" scenario, but that the software designers need to submit with their product a security policy within which their applicaton has to function. The user should be able to very easily browse this policy and see what the program expects to be able to do, and override things, such as "access the internet using HTTPS at port 3232 to server www.phonehome.net" or sloppy things like "read contents of /etc recursively" instead of "read contents of /etc/mostlyharmlesswidget/config".
I know things like this already exist and there is a limited implementation of it, but to me that just confirms the point that it is the obvious next step.
Re: (Score:2)
e.g.
https://bugs.launchpad.net/ubuntu/+bug/156693
Re:In my opinion (Score:5, Insightful)
This whole discussion is based on a faulty premise, that MS is leaving its Access users without a fix. They have a fix, and they've had it for some time: stop using MDB format and convert your databases to a data engine that isn't a POS. They've deprecated MDB and Jet Engine. That means they're telling their customers "Don't use that stuff any more, it's faulty." The fact that they continue to support customers who ignore the deprecation doesn't change that.
There is the little detail that Access itself is a POS. But that's designed in — not much they can do about that.
Re: (Score:2)
Re: (Score:2)
Microsoft is a company, there goal is profit. Not security, not saving the enviroment, not making linux geeks smile. They want money. As every company on earth does.
That is correct, but that doesn't make it right.
Jimmy is a paedophile, his goal is fucking six-year old girls. Not health, not being socially responsible, not making the priest happy. He wants sex. As every paedophile does.
Same simple truth, still doesn't make it ok, acceptable or justified.
Do you really disagree? (Score:2)
Oblig. Dilbert (Score:5, Funny)
http://dilbert.com/comics/dilbert/archive/dilbert-20071116.html [dilbert.com]
Re: (Score:2)
Yes, we take security seriously. And yes, we have fun doing it!
This is not news to me... (Score:5, Insightful)
They'd rather you re-wrote your app and used MSDE, or something with
Not a lot of money in supporting the db engine they give away.
And this is not the first time. Does no one remember they tried to Kill Jet in XP -and- Vista?
A pox on them all. I hope we re-write our app in mySQL.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Ah, youngsters these days, how soon they forget the dark times, the great OS wars, when geeks everywhere stood up for their right to use their OS of choice. Now all that is left is UNIX, and UNIX wannabes... even Windows bears the mark of the Beastie these days.
Re: (Score:2)
If more people share this attitude it will become "profitable" for Microsoft to fix this.
If not, well, you will have a secure app anyway, and MS can bugger off and die in a gutter somewhere, and all the dumb bastards that decided to rely on a free piece of software from a company with a horrible reputation for customer support and secure coding practices get what they deserve!
Re:This is not news to me... (Score:4, Insightful)
Except with the Internet and massive databases floating around, we are all interconnected. Jet DBs may not be massive, but that doesn't mean the company doesn't have access to other real databases. OK, so the stupid company gets owned. Now, if they have any info on me, that's in the criminal's hands, and good luck getting compensation even if the company admitted full responsibility. Their Internet connection can now be used to spam or DOS me. If they go out of business, think about all the employees who had nothing to do with the IT decisions (and those who opposed this particular one). They get to stand in the unemployment line. Vendors might get shafted on unpaid invoices.
Just because your system is secure doesn't mean you don't get affected by someone else's insecure system. And no, I don't know what the solution to that problem is.
why do people (Score:2)
Re:why do people (Score:4, Funny)
Microsoft Access is a demo. It's meant to seduce you into thinking that developing your own database applications is easy and fun, and that Access can address your organizational needs adequately. This puts you onto the path that will eventually lead to you buying MS SQL Server.
At least, that's been my experience!
Access leads to... (Score:5, Funny)
Re: (Score:2, Insightful)
Yes, you're funny, but SQL Server is a solid, well-done database. In terms of quality of product, I think it's the best thing that MS sells.
Re: (Score:3, Insightful)
Damning with faint praise.
Re: (Score:2)
Nah. Most people only used/use Access for smaller stuff. They came out with SQL server lite a while back. Free of charge and embeddable into
Re: (Score:3, Interesting)
Yeah it's true that Access is a gateway drug to SQL Server. But that IS a viable upgrade path for that little workgroup app that some PHP d
Re:why do people (Score:5, Informative)
I've scaled FMP out quite nicely, actually. I think the problem you're more likely running into is one where poor database design and implementation does not scale, regardless of the engine used. Since you mentioned school systems, here's some examples of particular design and implementation mistakes I've run into in that environment.
- Keeping all student records in one table, in perpetuity, so the engine has to slog through records from 10 years ago to find today's current students.
- Keeping all records, for all tasks, on one DB machine, in one set of tables, rather than using separate machines (why should the student attendance records *always* be on the same machine as the cafeteria menu, the janitorial schedule, the PTA newsletter, and the 2001 teacher vacation sign-up sheet?)
- The BigTable. Everybody who's worked in cleaning up poor DB design knows this one, the freaking huge table that stores *everything*. As text fields, of course. With no relational links.
These simple design gotchas can be made with *any* db engine, and are often made by inexperienced designers. Easy and fun is setting up the basics, and when it gets slow, paying some geek (or finding a young volunteer who needs to pad their resume) to re-engineer the system.Of course, there are an awful lot of inexperienced db admins out there, who have only worked with scaling one or two kinds of db engines, and thus lack the history of "scaling" back when 30Hz and 64Mb of RAM was the maximum per desktop (and thus lack the tao of partitioning zen), or are used to using their "clustering tools" (and thus lack the tao of systems connections zen), or any other number of failings which prevent them from understanding how to actually scale something really big.
If you're applying for a job as a DBA (or are the chief teacher/DBA for a school system), and you don't understand how DNS scales, well.... there ya go.
Re: (Score:2)
Keeping all student records in one table, in perpetuity, so the engine has to slog through records from 10 years ago to find today's current students.
I've not used FileMaker Pro, but this just sounds wrong. First, searching through a DB table should be a O(1) problem. If it's O(n) then you have some serious problems with your RDBMS. Unless what you are really saying is that your indexes no longer fit into memory so you need to start swapping.
Secondly, you seem to be advocating splitting records between two tables. It seems like the correct solution to this problem is to instruct the RDBMS to partition the table. Splitting it into two tables breaks
Re: (Score:3, Insightful)
Re:why do people (Score:5, Insightful)
Re:why do people (Score:5, Insightful)
Re: (Score:3, Funny)
Re: (Score:2)
Access is not a database, it's a RAD tool for data-drive apps.
IIRC, Its an single user ISAM database with a separate index. Microsoft tacked on (wrapped) C++/C/VB5/VB6 tools to make it RAD. FoxPro was better (X-Base) at the time IMHO. At the same time I used the Mix C-DATA ISAM database because it worked under OS/2, Unix, DOS, and windows (Truly cross-platform).
Enjoy,
Re: (Score:3, Insightful)
There, fixed that for ya....
Re: (Score:3, Insightful)
If Jet was adequate, you may be better off using SQLite.
Re: (Score:3, Insightful)
If JET is adequate for your needs, SQLite is likely to be much better. If you are using SQL Server then you would be better off considering PostgreSQL as a migration path than MySQL.
Re: (Score:3, Interesting)
When I worked at Microsoft, I remported what I felt was a serious security flaw. Despite the fact that the exploit I remorted resulted in one of
Re: (Score:2)
All of the alternatives to Jet and Access are also free (at least in the same sense that Jet and MDB is free).
SQL Server 2005 Express is free
MSDE (SQL Server 2000 desktop) is free
all the drivers to interact between the two are free
Many people choose to purchase Visual Studio (or an MSDN subscription), but its not at all necessary. There are other IDEs.
Re: (Score:2)
Is SQL 2005 Express so free that you don't even have to install it?
How about MSDE?
We are riding on the coattails of Windows 2000/XP/Vista, to be sure, but the alternatives require our users to also install some DB engine,and our users are unsophisticated to the extreme. Leaving Access opens us up to the entire world of DB engines.
We also need to encrypt data now. This limits things a b
do users care? (Score:4, Informative)
Re:do users care? (Score:4, Insightful)
Today that fantasy has mostly dispersed. Most companies know that if they don't develop an application internally they are at someone else's mercy. There are fewer failures of larger software publishers but even the larger ones sometimes abandon some application leaving the users in a bad spot. But having the source for a 150,000 line (or more!) application doesn't mean a company could compile it, much less fix a serious bug. In general it would take someone a long time to get familiar enough with something like this to be able to work on it with any degree of confidence. Especially a company with a mission-critical application needing a bug fixed - it would take months, often paying a consultant $150+ an hour.
The "new" strategy seems to be:
Mostly, this is a lot smarter than the late 80s strategy.
Re: (Score:2)
Until a potentially disasterous bug was found in a system critical piece of software. People don't always have enough vision to see the worth in something like this. Bravo for trying!
Because it's not mainstream (Score:2, Informative)
Re: (Score:2)
Not to mention MS Access files being used by some electronic voting Cos.
MS Exchange (Score:2)
Re: (Score:3, Informative)
Exchange uses a database technology known as ESE that was at a time known internally as 'Jet Blue'. Although its got the word Jet in it, it is not the same as the 'Jet' engine that Access uses.
Read more [wikipedia.org] at Wikipedia. Particular note the difference between ESE and Jet Red [wikipedia.org].
voting (Score:5, Informative)
Umm, isn't that the format used in the most popular voting machines to store all our votes?
Re: (Score:2)
Yes. And?
This doesnt matter (Score:4, Insightful)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:3, Informative)
It used something that originated as DAE, and whose team and query engine was merged for a brief period with Jet Red (what Access uses).
But the ESE (sometimes called Jet Blue, even though it has almost nothing to do with the Jet that Access uses) used by Exchange and Active Directory is not that Jet you're talking about.
2 minutes of search on wikipedia for 'jet blue' or ese will clear this all up for you. In particular, read the History section and the 'c
Patching one hole in a pegboard (Score:5, Insightful)
Why not just start running installs you find from "somewhere?"
Access and mdb are insecure as it is when you start running untrusted files; should we expect all of those to go away at the expence of neutering the key selling point: stupid easy to do anything with?
Re: (Score:2)
Why not just start running installs you find from "somewhere?
You would be surprised how many Windows admins (and some *NIX admins as well) will think nothing of running scripts and apps from very dubious sources on highly valuable mission critical servers. I have witnessed any number of messes caused by somebody running scripts they got from a link in some forum thread without bothering to get an idea of exactly what it was the thing did or even simply checking if the thing was compatible with the system version they were running them selves. David Hannum was right.
Security News Flash (Score:3, Insightful)
This is the clear case for OSS (Score:2)
JET is a depreciated platform and is no longer being actively devel
Re: (Score:2)
They would then be pretty likely to share it because there is no reason not to do so.
Individuals, yes, probably. Organizations? Maybe, maybe not. In my experience, when someone at a company fixes a bug in 'upstream' software, they keep it to themselves[1]. It cost the company money to find and fix that bug, so they figure something like: why should we give that time (money) to our competitors for free?
Not saying I agree or disagree with this attitude... it's just how it is.
[1] Well, except for fixes to GPLed code.
Re: (Score:2)
Re: (Score:2)
Yet another shameless self-promotion (Score:2)
Perhaps it wouldn't solve everything, but IMHO not directly linking the submitter's name to a non-slashdot URL would greatly limit the article spam on here. And, of course, not letting someone use slashdot to blatantly toot his own horn would limit the practice further.
Re: (Score:2)
Not a big deal... (Score:5, Informative)
Security != Inconvenience (Score:2)
Secure software doesn't have holes. User-friendly software is intuitive and does what it should.
No reason the two can't happily co-exist.
Re: (Score:2)
If the product is defective, they must fix it (Score:2)
It gets very interesting when the problem starts to cause other people problems under "innocent third party" laws. The only draw back is that it too nearly 30 years for these laws (and an act of congress) to take out the lawn darts so I don't think this has any of the legal team at Microsoft losing sleep.
Re: (Score:2)
2. I can't believe you are seriously upset about lawn darts.
a. Children can still purchase all manner of dangerous toys to include paintball guns, pellet guns, and the good ol bow n arrow. b. If a 12yr old can legally operate a shotgun I fail to see how a lawn dart ban is anything other than a waste of my tax dollars. c. If you are too stupid to o
It's not just small businesses (Score:4, Insightful)
Re: (Score:3, Insightful)
"allowing for arbitrary code execution once the victim interacts with a malicious JET-dependent file (such as an Access file)."
It is crazy. Like saying you downloaded a malicious
mandatory open-source unless supported (Score:2)
My proposal is that, at least for security-sensitive products, closed-source software vendors must be forced by law to release their products as open-source after X years from the moment they stop properly handling user complaints. So, if you release a product used in sensitive installations and you stop supporting it after 3 years, you should be expected to open-source it as to allow the user community to maintain it.
This should solve abandonware, which is a very serious problem in security-sensitive so
Re: (Score:2)
Copyright is already too crazy, with infinity+ years (in google speak), which needs to be stopped.
Re: (Score:2)
Drawing the line (Score:4, Funny)
---------------------
Microsoft
Was that so hard?
Re: (Score:2)
Win 2000 was strong on security.
XP can be made strong, but weak on default security.
Vista?? If you can make it run on what hardware you have, let me know
JET is the DB used for Active Directory (Score:2)
Color me unsurprised, really (I don't know why they don't use SQL Server anyway, but whatever the reason, they don't yet).
an mdb file is already an executable (Score:3, Insightful)
Access/JET/.mdb are enabling software (Score:2, Insightful)
Sure, you can sit in your geek tower and laugh at the dolts that use Access every day to solve thousands of data management issues. A secretary can be trained to use Access to manage moderately complex data (the numbers on all the new telephones, people interviewed for specific positions and letters sent relative to those position
Enabling the ignorant (Score:3, Insightful)
It has also caused real-world problems.
I have seen *way* more improperly-coded applications in Access and Excel than in any other language or programming system. Why is that? Because people are designing "databases" with no fundamental understanding of data management. People code spreadsheets with no real idea of how to identify and correct bugs. They *only* advantage the user has it knowledge of the data. (Which *is* a good thing, granted.)
Further, an access databas
Re: (Score:2)
All sales are final, ever heard of it? Perfectly acceptable and legal. If you don't do due diligence before you buy the responsibility is yours. It just so happens providing support is USUALLY in the best interests of both parties. Hence why manufacturors offer limited warrenties for certain durations. Fixing 10 year old code is a net negative for the manufacturor: not doing so does not loose them enough sales to offset the cost.
Re: (Score:3, Insightful)
Re: (Score:2)
It's more like a toolbox - and there are some tools in there that you look at and think "what on earth would anyone want one of those for?", and some tools which it's easy to misuse, resulting in damaging the thing you're working on.
Re: (Score:2)
Re: (Score:2, Insightful)
Sounds absolutely great. I wish every business person was as smart, since open source is obviously better in every way than closed source.
End of sarcasm. Yeah, open source is pretty cool, I like it, etc. Does open source guarantee everything wonderful, does open source guarantee a business with a profit? No, it doesn't. Open source is not the answer to everything.
And even open source organizations will stop support for decrepit applications. If you insist on using a 10 year old Linux kernel and d
Re: (Score:2)
Open source may not guarantee you profit in your core business, but it does gua
Re: (Score:3, Insightful)
If you insist on using a 10 year old Linux kernel and demanding that some quirky bug in it be fixed, I'm not sure how much support you'd get :)
The amount of support you get generally depends on how much you are willing to pay for it. This cost will go up as the product becomes less mainstream. The upper limit (when you are the only organisation using it) is employing a team of people to become familiar with the code and fix bugs. This is likely to cost a couple of hundred thousand dollars a year, but if you are running a multimillion dollar business on some in-house software that depends on something external, then it may be worth it. It's mo
Re: (Score:2)
(Me, I've fixed PS2 keyboard support on some obscure MIPS subarchitecture, and ported the MPPE driver to Linux 2.4 [think I was actually the first person to do that, though it's someone else's port that made it upstream], and did a little tooling around the input core, and fixed a DSDT bug that was causing the PCI bus on some Hitachi prototype hardware to be initialized wrong... but the
Re:I always go with OpenBSD. (Score:5, Interesting)