OpenBSD Journal

Microsoft security program manager... is an OpenBSD fan?

Contributed by grey on from the they say Windows 2003 is "Secure by Default" too dept.

Thanks to an anonymous pointer to this mention of OpenBSD's influence in the least likely of places:

Microsoft security program manager is OpenBSD fan:;1563959173;fp;16;fpid;0

Actually, for those who have kept track, this shouldn't be too surprising as Microsoft has been known to borrow ideas and even code from OpenBSD in the past as mentioned previously on deadly here and here.

(Comments are closed)

  1. By gabriel ( on

    nice marketing for them. this reachs a mind of a point hairy boss and he thinks "i've heard of openBSD at /. It's real secure.. but it's one of those hard to administer (you have to...type, you know) kinda of computers. Now, if MS compares it's securities to this thing, then i will continue to buy MS and have all the security, plus a mouse driven interface! WOW! those guys at MS rocks! screw linux and those arcaic bsd thingies." and you propagate this...

    1. By danimal ( on

      and you ramble and rant. w00000!

      1. By dq ( on

        i saw this guy speak at the microsoft security summit this year. he was rather engaging. there, he mentioned openbsd while talking about disabling unnecessary services under windoze. just my $.02...

  2. By Anonymous Coward ( on

    I also saw him speak at a Microsoft Security Conference--- he used OpenBSD several times as an example of "the Open Source Security Poster Child", then went on to state why Windows does it better, and why you shouldn't waste your time with it. It would have been easy for him to say "This is the way that OpenBSD does it (e.g. secure by default), and we think that this is a good thing. We're looking a implementing some of these changes in our systems, and think that industry as a whole should do the same". Instead, I heard the usual Microsoft market-speak, which to my mind, hurt his credibility. The whole thing left a bad taste in my mouth.

    1. By krh ( on

      Given that he works for Microsoft, you're unlikely to hear him admit to a Microsoft product being inferior to an open-source product under any circumstances—it might cost him his job. That he mentioned OpenBSD at all I think of as a big compliment.

      1. By Anonymous Coward ( on

        At his talk during a MS sec conference in DC last April, he used the argument that there are three factors in selecting a system to use; namely, ease-of-use, cost, and security. His example as it related to oBSD was (in paraphrase) 'if you want low cost and security, use Open BSD, but that isn't easy to use'; and, i would venture for the unfamiliar end-user, he's most certainly right. For some of us, that isn't quite so true. He did give oBSD air-time and gave it a moment of "securist thing out there" sort of talk (for a brief moment). His argument on ease-of-use seems to have fallen into two categories: too difficult to admin, and administrators will not secure it properly; too difficult for end-users, and they will look for some way around the security (in which case, perhaps it isn't really secured? This seems to be a flaw in the second branch of the argument).

        He was by far the most lively and most interesting speaker at that conference that I saw and he had plenty of "war-stories". He is certainly worth seeing. As to the question of his dependability for 'pure' truth, unbiased towards his employer, of course not. Would you expect him to bite the hand that feeds him? He was not, however, spewing blatant advertising as has been accused. As could be expected of a professional, his advertising was present but rather subdued; he had the occaisional moment -- like that given to oBSD -- for awarding points to 'the competition'.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]