:: wikimiki.org ::

Computer Insecurity

Computer insecurity

Many current computer systems have a very poor level of computer security. This computer insecurity article describes the current battlefield of computer security exploits and defenses. Please see the computer security article for an alternative approach, based on security engineering principles.

Security and systems design

Most current real-world computer security efforts focus on external threats, and generally treat the computer system itself as a trusted system. Some knowledgeable observers consider this to be a disastrous mistake, and point out that this distinction is the cause of much of the insecurity of current computer systems - once an attacker has subverted one part of a system without fine-grained security, he or she usually has access to most or all of the features of that system. Because computer systems are very complex, and cannot be guaranteed to be free of defects, this security stance tends to produce insecure systems. The 'trusted systems' approach has been predominant in the design of many Microsoft software products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use' over security. Microsoft claims that this is the result of consumer choice. Since Microsoft products currently dominate the desktop and home computing markets, this has led to unfortunate effects. However, the problems described here derive from the security stance taken by software and hardware vendors generally, rather than the failing of a single vendor. Microsoft is not out of line in this respect, just far more prominent with respect to its consumer marketshare and its mistakes are more pervasive.

Financial cost

Severe financial damage has been caused by computer security breaches, but estimating reliable costs is quite difficult. Figures in the billions of dollars have been quoted in relation to the damage caused by malware such as computer worms like the Code Red worm, but such estimates may be exaggerated. However, other losses, such as those caused by the compromise of credit card information, can be more easily determined, and they have been substantial, as measured by millions of indidual victims of identity theft each year in each of several nations, and the severe hardship imposed on each victim, that can wipe out all of their finances, prevent them from getting a job, plus be treated as if they were the criminal. Volumes of victims of phishing and other scams may not be known. Except for difficulty in removing spyware most malware incidents mean a few days of hell for the computer owner and users, followed by living without that which could not be removed, and perhaps buying software whose proof of purchase was stored on the computer whose data has now been lost in the recovery process. So for each victim of computer damage, the individual cost can run from a few hundred dollars to a few thousand, and several days of their time.

Reasons

There are many similarities (yet many fundamental differences) between computer and physical security. Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers or crackers. Some are teenage thrill-seekers or vandals (the kind often responsible for defacing web sites); similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. An example of the latter is Markus Hess who spied for the KGB and was ultimately caught because of the efforts of Clifford Stoll, who wrote an amusing and accurate book, The Cuckoo's Egg about his experiences. For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home PC are very different for those of banks' Internet banking system, and different again for a classified military network. Other computer security writers suggest that, since an attacker using a network need know nothing about you or what you have on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all possible attacks is the only plausible action to take.

Vulnerabilities

To understand something about techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. These threats can typically be classified into a number of categories:

Code exploits

Software flaws, especially buffer overflows, are often exploited to gain control of a computer, or to cause it to operate in an unexpected manner. Many development methodologies rely on testing to ensure the quality of any code released; this process often fails to discover extremely unusual potential exploits. The code exploits often come in the form of Trojan horses, for example non-executable media files which are disguised to function in the application.

Eavesdropping

Any data that is transmitted over a network is at some risk of being intercepted, or even modified by a malicious person. Even machines that operate as a closed system (ie, with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware, such as TEMPEST. The FBI's proposed Carnivore program, was intended to act as a system of eavesdropping protocols built into the systems of internet service providers.

Social engineering and human error

A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system admin and asking for passwords.

Denial of service attacks

Denial of service attacks differ slightly from those listed above, in that they are not primarily a means to gain unauthorized access or control of a system. They are instead designed to overload the capabilities of a machine or network, and thereby render it unusable. This type of attack is, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only of small pieces of code.

Indirect attacks

Attacks in which one or more of the attack types above are launched from a third party computer which has been taken over remotely. The term usually used is "zombie computer". By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker.

Backdoors

Methods of bypassing normal authentication or giving remote access to a computer to somebody who knows about the backdoor, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing "legitimate" program, or executable file.

Direct access attacks

Back Orifice Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup devices, e.g CD-ROM or DVD-ROM, or onto portable media such as keydrives, digital cameras or digital audio players. See also: :Category:Cryptographic attacks

Reducing vulnerabilities

Computer code is regarded by some as just a form of mathematics. It is theoretically possible to prove the correctness of computer programs (within very limited circumstances) though the likelihood of actually achieving this in large-scale practical systems is regarded as unlikely in the extreme by most with practical experience in the industry -- see Bruce Schneier et al. It's also possible to protect messages in transit (ie, communications) by means of cryptography. One method of encryption —the one-time pad —has been proven to be unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information. Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent. In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined cracker to read, copy, alter or destroy data in well secured computers. You can reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

Security measures

A state of computer "security" is the conceptual ideal, attained by the use of the three processes: #Prevention, #Detection, and #Response.
- User account access controls and cryptography can protect systems files and data, respectively.
- Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) block the normal packet types, preventing some kinds of attacks.
- Intrusion Detection Systems (IDS's) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
- "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the system is favored. Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure. We could liken a firewall to the building of a good fence around your warehouse. Firewalls are common amongst machines that are permanently connected to the Internet (though not universal, as demonstrated by the large numbers of machines "cracked" by worms like the Code Red worm which would have been protected by a properly-configured firewall). However, relatively few organisations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place.

Difficulty with response

Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult for a variety of reasons:
- Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, and other anonymising procedures which make backtracing difficult and are often located in yet another jurisdiction. If they successfully breach security, they are often able to delete logs to cover their tracks.
- The sheer number of attempted attacks is so large that organisations cannot spend time pursuing each attacker (a typical home user with a permanent (eg, cable modem) connection will be attacked at least several times per day, so more attractive targets could be presumed to see many more).
- Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in pursuing attackers. There are also budgetary constraints. It has been argued that the high cost of technology, such as DNA testing, and improved forensics mean less money for other kinds of law enforcement, so the overall rate of criminals not getting dealt with goes up as the cost of the technology increases.

References

- Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6
- Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN 0-471-25311-1
- Cyrus Peikari, Anton Chuvakin: Security Warrior, ISBN 0-596-00545-8
- Jack Koziol, David Litchfield: The Shellcoder's Handbook: Discovering and Exploiting Security Holes, ISBN 0-7645-4468-3
- Clifford Stoll: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, an informal -- and easily approachable by the non-specialist -- account of a real incident (and pattern) of computer insecurity, ISBN 0-7434-1146-3

External links

- [http://secdocs.net/manual/lp-sec/ Participating With Safety], a guide to electronic security threats from the viewpoint of civil liberties organisations. Licensed under the GFDL.
- Article "[http://www.acsac.org/2001/papers/110.pdf Why Information Security is Hard - An Economic Perspective]" by Ross Anderson
- [http://www.securemac.com/ Macintosh Security]
- [http://www.yourwindow.to/information-security/ The Information Security Glossary]
- [http://www.sans.org/top20/ The SANS Top 20 Internet Security Vulnerabilities]
- [http://citeseer.ist.psu.edu/cis?q=computer+insecurity Citations from CiteSeer]
- [http://secunia.com/advisories/ Secunia's list of known security vulnerabilities in most modern software] Category:Cryptography Category:Computer security

Computer system

A computer system consists of a set of hardware and software which processes data in a meaningful way. The personal computer or PC exemplifies a relatively simple computer system. The Internet exemplifies a relatively complex computer system. A computer is a machine that processes data by giving information, and it performs certain operations on the given data and presents the results back. Even the simplest computer classifies as a computer system, because at least two components (hardware and software) have to work together. But the real meaning of "computer system" comes with interconnection. Many computer systems can interconnect, that is, join to become a bigger system. Interconnecting computer systems can prove difficult due to incompatibilities, sometimes between differing hardware and sometimes between different software suites. Designers of individual different computer systems do not necessarily aim to interconnect their product with any other system. But systems administrators can often configure even disparate computers to communicate using a set of rules and constraints known as protocols; these precisely define the "outside view" of the system. This outside view effectively defines the way one system connects with another. If two systems define the same "outside view", they can interconnect and become a larger computer system. This "outside view" usually comes in the form of a standard, that is, a document explaining all of the rules a device or a program must follow. International bodies such as the IETF or IEEE normally set up or endorse such standards. If an individual system obeys all of the rules, systems designers say it "complies with" the standard.

Exploit (computer science)

An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A 'local exploit' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus be used in combination with social engineering methods. Exploits can also be classified by the type of vulnerability they attack. See buffer overflow, integer overflow, memory corruption, format string attacks, race condition, cross-site scripting, cross-site request forgery and SQL injection bugs. Another classification is by the action against vulnerable system: unauthorised data access, code execution, denial of service. Many exploits are designed to provide root-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root. Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers do not publish their exploits but keep them private to themselves or other malicious hackers. Such exploits are referred to as 'zero day exploits' and to obtain access to such exploits is the primary desire of unskilled malicious attackers, the so called script kiddies.

External links

- [http://www.securitydocs.com/Exploits SecurityDocs] - A great resource for researching exploits
- [http://www.frsirt.com/exploits Exploits] - World Wide Exploits and 0day Exploits Database by the FrSIRT
- [http://www.metasploit.com/projects/Framework/ Metasploit Framework]
- [http://medialab.freaknet.org/~alpt/tutorial/papers.html Advanced Exploit Tutorials]
- [http://www.packetstormsecurity.org Proof of concept exploit downloads]
- [http://www.securityfocus.com/ Home of the Bugtraq computer security mailing list]
- [http://www.securityforest.com/wiki/index.php/Category:ExploitTree ExploitTree] from [http://www.securityforest.com/ SecurityForest]
- [http://www.security.nnov.ru/exploits/ Exploits archive] from [http://www.security.nnov.ru/ Security.NNOV] Category:Security exploits

Security engineering

Security engineering is the field of engineering dealing with the security and integrity of real-world systems. Security systems engineering has existed as an informal field for centuries, in the fields of locksmithing and security printing. Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems than before, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters. For this reason, as well as physics, chemistry and mathematics, it involves aspects of social science, psychology and economics. Some of the techniques used, such as fault tree analysis, are derived from safety engineering. Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.

Sub-fields of security engineering

- computer security
- physical security
- information security

Insecurity

Insecurity is either danger, i.e., lack of objective security (in a physical situation or a computer system), or an emotion of general unease or nervousness without obvious cause or purpose (see also anxiety). A person who is insecure lacks confidence in their own value and capability. This is not to be confused with being humble, which involves recognising one's failings but still maintaining a healthy dose of self-confidence. Insecurity is not an objective evaluation of one's ability but an emotional interpretation, as two people with the same capabilities may have entirely different levels of insecurity. Insecurity may cause shyness and social withdrawal, or alternatively it may encourage compensatory behaviours such as arrogance, aggression, or bullying, a principle enshrined in the phrase "all bullies are cowards" (this saying is in fact fallacious, as some bullies are not cowards, see psychopath). Many people suffer a period of insecurity during puberty, which gives rise to a lot of the stereotypical behaviours of adolescents. Insecurity has many effects in a person's life. It nearly always causes some degree of isolation as a typically insecure person withdraws themselves to some extent. The greater the insecurity, the higher the degree of isolation. Insecurity is often rooted in a person during their childhood years. Like offense and bitterness, it grows in layer fashion, often becoming an immobilising force that sets a limiting factor in the person's life. Insecurity robs by degrees - the degree it is entrenched is the degree of power it has in the person's life. Although difficult, insecurity can be overcome. It takes time and patience and a willingness to believe each person is of great value.

Defect

Defect can refer to:
- in biology, the failure of an organism to develop properly (see congenital disorder).
- in manufacturing, the failure of a product to conform to specification.
- in materials science, a crystallographic defect is a structural imperfection in a eugfcrystal.
- in software engineering, the non-conformance of software to its requirements. A bug, defect, error, are all examples of failures.
- to abandon allegiance to one's country and go to another.
- in geometry, the amount by which the sum of the angles at a vertex of a polyhedron falls short of a complete circle. If the sum of the angles exceeds a full circle, then the defect is negative. See defect (geometry).
- in politics and/or a military context, the verb to defect refers to switching sides (see defector).

Microsoft

Microsoft Corporation (, ) is the world's largest software company, with 2005 global annual sales of 40 billion US dollars and more than 55,000 employees in 85 countries and regions. The company's headquarters are in Redmond, Washington, USA. Microsoft develops, manufactures, licenses, and supports a wide range of software products for computing devices. Its most popular products are the Microsoft Windows operating system and the Microsoft Office suite of productivity software, each of which has achieved near ubiquity in the desktop computer market. Microsoft has footholds in other markets, with assets such as the MSNBC cable television network, the MSN Internet portal, and the Microsoft Encarta computer encyclopedia. The company also markets home entertainment products, such as the Xbox and WebTV. "Micro-Soft" (short for microcomputer software) was founded in Albuquerque, New Mexico in 1975 by Bill Gates and Paul Allen, to develop and sell BASIC interpreters for the Altair 8800. After the market saw a flood of IBM PC clones in the mid-1980s, Microsoft used its new position, which it gained in part due to a contract from IBM, to dominate the home computer operating system market with its MS-DOS operating system. The company later released an initial public offering (IPO) in the stock market, which netted several of its employees millions of dollars due to the ensuing rise of the stock price. The price of the stock continued its rise steadily into the early 2000s. In Microsoft Windows, the company was selling what would become the most widely used operating system in the world, which was originally an add-on for their DOS operating system; Microsoft continued to push into multiple markets, such as computer hardware and television. In addition, Microsoft has historically given customer support over Usenet newsgroups and the World Wide Web, and awards Microsoft MVP status to volunteers who are deemed helpful in assisting the company's customers. With what is generally described as a developer-centric business culture, Microsoft has become widely known for some of its internal codes of conduct for its employees. One example is the "eat your own dogfood" mantra, which describes the practice of using pre-release products inside the company to test them in an environment geared towards the real world. Microsoft has also become notorious for its business practices—the U.S. Justice Department, among others, has sued Microsoft for antitrust violations and software bundling. In addition, Microsoft has been criticized for the security of its software. Despite this, Microsoft has won several awards, such as the "1993 Most Innovative Company Operating in the U.S." by Fortune Magazine. The company is on the Fortune 500 list of companies as of 2005. Microsoft opened its first research center outside the US at the Cambridge Science Park, UK. It currently has research centers around the world.

[http://en.wikipedia.org/w/index.php?title=Microsoft&action=edit§ion=header edit this section]

History

:See also: History of Microsoft Windows. First conceived in 1975 by Bill Gates and Paul Allen, Microsoft has evolved through several stages throughout its history. By 1985, the company was selling the Microsoft Windows operating system and MS-DOS, and had collaborated with IBM to produce OS/2 Warp. By 1992, Microsoft had released an IPO in the stock market and discontinued OS/2 development to focus directly on Windows. By 1995, Windows was the most widely used graphical operating system in the world, and with the introduction of Windows 95, the company became a more consumer-driven company. Microsoft would proceed to enter other business markets, such as publishing and video games, would be sued more than once by the U.S. Justice Department and other governments and companies, and would continue to dominate the operating system market.

1975–84: the founding of Micro-soft

video game.
Top row: Steve Wood (left), Bob Wallace, Jim Lane. Middle row: Bob O'Rear, Bob Greenberg, Marc McDonald, Gordon Letwin. Bottom row: Bill Gates, Andrea Lewis, Marla Wood, Paul Allen.]] Days after reading the January 1 1975, issue of Popular Electronics that demonstrated the Altair 8800, Bill Gates called the creators of the new microcomputer, MITS (Micro Instrumentation and Telemetry Systems), to inform them that he and others had developed a version of the programming language BASIC for the platform. Allen flew to MITS to unveil the new BASIC system. Allen had never handled an Altair, since Gates had carried out all of the product development; however, the demonstration was successful and resulted in a deal with MITS to buy the rights to Allen's and Gates' BASIC for the Altair platform. Having identified a valuable opportunity, Gates left Harvard University to pursue the market and eventually founded "Micro-soft" in Albuquerque, New Mexico. The name Microsoft, without the hyphen, was first used in a letter from Gates to Allen on November 29, 1975, and in November 26, 1976 the name became a registered trademark. The company's first international office was founded on November 1, 1978, in Japan, entitled "ASCII Microsoft". On January 1, 1979, the company moved from Albuquerque to a new home in Bellevue, Washington. Steve Ballmer joined the company on June 11, 1980, and would later succeed Bill Gates as CEO. The company restructured on June 25 1981, to become an incorporated business in its home state of Washington (with a further change of its name to "Microsoft, Inc."). As part of the restructuring, Bill Gates became president of the company and Chairman of the Board, and Paul Allen became Executive Vice President. Microsoft's first operating system was Xenix, released in 1980 and later sold to Santa Cruz Operation. However, the source of the real success for the company was the DOS operating system. On August 12, 1981, after negotiations with Digital Research failed, IBM awarded a contract to Microsoft to provide a version of the CP/M operating system, which was set to be used in the upcoming IBM Personal Computer (PC). However, Microsoft did not have an operating system at the time, so it purchased a CP/M clone called QDOS (Quick and Dirty Operating System) from Tim Paterson of Seattle Computer Products for $50,000, which Microsoft renamed to PC-DOS. Due to potential copyright infringement problems with CP/M, IBM marketed both CP/M and PC-DOS for $250 and $40, respectively, with PC-DOS eventually becoming the standard because of its lower price. Around 1983, in collaboration with numerous companies, Microsoft created a home computer system, MSX, which contained its own version of the DOS operating system, entitled MSX-DOS; this became relatively popular in Japan and Europe. Later, after Compaq successfully cloned the IBM BIOS, the market saw a flood of IBM PC clones. Microsoft was quick to use its position to dominate the home computer operating system market. Microsoft began licensing its operating system for use on non-IBM PC clones, and called this version of the operating system MS-DOS (short for Microsoft Disk Operating System). By marketing MS-DOS aggressively to manufacturers of IBM-PC clones, Microsoft rose from a small player to one of the major software vendors in the home computer industry. Starting on May 2, 1983, with the "Microsoft Mouse", Microsoft entered markets such as computer hardware. This expansion included Microsoft Press, a book publishing division, on November 10 the same year, which debuted with two titles: "Exploring the IBM PC Home Computer" by Peter Norton, and "The Apple Macintosh Book" by Cary Lu.

1985–91: the rise and fall of OS/2

Cary Lu The Republic of Ireland became home to Microsoft's first international production facility in 1985, and on November 20 Microsoft released its first retail version of Microsoft Windows, originally a graphical extension for its MS-DOS operating system. In August, Microsoft and IBM partnered in the development of a different operating system called OS/2. OS/2 was marketed in connection with a new hardware design proprietary to IBM, the PS/2. Shortly afterwards on February 16, 1986, Microsoft relocated to Redmond, Washington. Around one month later, on March 13, the company went public with an IPO, raising $61 million at $21.00 per share. By the end of the trading day, the price had risen to $28.00. In 1987, Microsoft eventually released their first version of OS/2 to OEMs. Continuing its trend of rebranding products from other companies, Microsoft announced SQL Server on January 13, 1988, a relational database management system for companies that was based on technology licensed from Sybase. In 1989, Microsoft announced at Comdex that the 1991 release of Windows 3.0 would be the last version of Windows. Over the next few years, Microsoft continued to issue statements indicating that OS/2 was the future of computing. On May 16, 1991, Bill Gates announced to Microsoft employees that the OS/2 partnership was over, and that Microsoft would henceforth focus its platform efforts on Windows and the Windows NT kernel. Some people, especially developers who had ignored Windows and committed most of their resources to OS/2, were taken by surprise, and accused Microsoft of deception. The Windows changeover was frequently referred to in the industry as "the head-fake". In the ensuing years, the popularity of OS/2 declined, and Windows quickly became the favored PC platform. 1991 also marked the founding of Microsoft Research, an organization in Microsoft for researching computer science subjects, and Microsoft Visual Basic, a popular development product for companies and individuals.

1992–95: domination of the corporate market

Microsoft Visual Basic During the transition from MS-DOS to Windows, the success of Microsoft's product Microsoft Office allowed the company to gain ground on application-software competitors, such as WordPerfect and Lotus 1-2-3. Some allege that Microsoft used its inside knowledge of the DOS and Windows kernels and of undocumented Application Programming Interface features to make Office perform better than its competitors, but internal sources at Microsoft later revealed that the Office team did not have access to the Windows source code at the time, and relied on reverse engineering. Eventually, Microsoft Office became the dominant business suite, with a market share far exceeding that of its competitors. In March 1992, Microsoft released Windows 3.1 along with its first promotional campaign on TV; the software sold over three million copies in its first two months on the market. In October, Windows for Workgroups 3.1 was released with integrated networking capabilities such as peer-to-peer file and printing sharing. In November, Microsoft released the first version of their popular database software Microsoft Access. By 1993, Windows had become the most widely used GUI operating system in the world. Fortune Magazine named Microsoft as the "1993 Most Innovative Company Operating in the U.S.". The year also marked the end of a five-year legal case brought by Apple, dubbed Apple Computer, Inc. v. Microsoft Corp., in which the ruling was in Microsoft's favor. That same year, Microsoft released Windows for Workgroups 3.11, a new version of the consumer line of Windows, and Windows NT 3.1, a server-based operating system with a similar user interface to consumer versions of the operating system, but with an entirely different kernel. As part of its strategy to broaden its business, Microsoft released Microsoft Encarta in 1994, the first encyclopedia designed to run on a computer. Microsoft also created the Microsoft Plus product support program for its customers, a service that offered cost savings on Microsoft products. The name of that program was later used for several expansion packs for Windows. The company changed its slogan to "Where do you want to go today?" in that year, as part of an attempt to appeal to nontechnical audiences in a US$ 100 million advertising campaign, which some critics regarded as uninspired. Dreamworks SKG and Microsoft formed a new company, Dreamworks Interactive, to produce interactive and multimedia entertainment properties in 1995. In March, Microsoft released Microsoft Bob, a Windows 3.1 program manager replacement, which is widely considered Microsoft's most unsuccessful product; its unpopularity became the source of many jokes. Up until 1995, Microsoft was a business-oriented company. However, in August 1995, it released a new version of its flagship software, Microsoft Windows 95, with a completely new user interface, including a novel start button; more than a million copies of Microsoft Windows 95 were sold in the first four days after its release. The new version of Windows was the start of a major transition towards a consumer-oriented company. In September, the Chinese government chose Windows to be the operating system of choice in that country, and entered into an agreement with the Company to standardize a Chinese version of the operating system. Microsoft also released the Microsoft Sidewinder 3D Pro joystick in an attempt to further expand its profile in the computer hardware market.

1995–99: foray into the Internet and other venues

computer hardware In the mid-90s, Microsoft began to expand its product line into computer networking and the World Wide Web. On August 24, 1995, it launched a major online service, MSN (Microsoft Network), as a direct competitor to AOL. MSN became an umbrella service for Microsoft's online services, using Microsoft Passport as a universal login system for all of its websites. The company continued to branch out into new markets in 1996, starting with a joint venture with NBC to create a new 24/7 cable news station, MSNBC. The station was launched on July 16 to compete with similar news outlets—in particular, CNN; in the same year, Microsoft launched Slate, an online magazine edited by Michael Kinsley, which offered political and social commentary along with the cartoon Doonesbury. In an attempt to extend its reach in the consumer market, the Company acquired WebTV, which enabled consumers to access the Internet from their televisions. Microsoft entered the palm computing market in November with Windows CE 1.0, a new built-from-scratch version of their flagship operating system, specifically designed to run on low-memory, low-performance machines, such as handhelds and other palm-sized computers. 1996 saw the release of Windows NT 4.0, which brought the Windows 95 GUI and Windows NT kernel together. While Microsoft largely failed to participate in the rise of the Internet in the early 1990s, some of the key technologies in which the company had invested to enter the Internet market started to pay off by the mid-90s. One of the most prominent of these was ActiveX, an application programming interface built on the Microsoft Component Object Model (COM); this enabled Microsoft and others to embed controls in many programming languages, including the company's own scripting languages, such as JScript and VBScript. ActiveX included frameworks for documents and server solutions. The company also released the Microsoft SQL Server 6.5, which had built-in support for internet applications. Later in 1997, Microsoft Office 97 as well as Internet Explorer 4.0 were released, marking the beginning of the takeover of the browser market from rival Netscape, and by agreement with Apple, Internet Explorer was bundled with the Apple Macintosh operating system as well as Windows. Windows CE 2.0, the handheld version of Windows, was released this year, which included a host of bug fixes and new features designed to make it more appealing to corporate customers. In October, the Justice Department filed a motion in the Federal District Court in which they stated that Microsoft had violated an agreement signed in 1994, and asked the court to stop the bundling of Internet Explorer with Windows. In 1998, Microsoft released an update to the consumer version of Windows, Windows 98. Windows 98 came with Internet Explorer 4.0 SP1 (which had Windows Desktop Update bundled), and included new features from Windows 95 OSR 2.x including the FAT32 file system, and new features specifically for Windows 98, such as support for multiple displays. Microsoft also launched its Indian headquarters that year, which would eventually become the company's second largest after its U.S. headquarters. Steve Ballmer was appointed president of Microsoft, and Bill Gates remained as Chair and CEO. Later in 1999, Microsoft Office 2000 was released, along with Internet Explorer 5.0.

2000–05: legal issues, XP, and .NET

Internet Explorer 5.0. The largest Microsoft campus outside the United States.]] On May 18, 1998, the U.S. Department of Justice and 20 U.S. states filed charges against Microsoft, stating that Microsoft illegally abused its monopoly power in its sales of Windows, in United States v. Microsoft. However, it was not until April 3, 2000 that a ruling was made that Microsoft had to be split into two companies. However, in June 2001, part of that ruling was overturned by a federal appeals court, and in September the Justice Department decided to seek a settlement with Microsoft instead of trying to split it up. While the trial was underway, on February 17, 2000 Microsoft released Windows 2000, which some consider a significant improvement over previous versions. It provided a similar OS stability to that of its Unix counterparts. Unlike previous consumer-level operating systems, Windows 2000 was built on the Windows NT kernel, rather than the DOS kernel as previous consumer versions of Windows had been. Windows 2000 also provided a DOS emulator that could run most old DOS applications from previous versions of Windows. During the trial, Bill Gates stepped down as CEO and Steve Ballmer became the new CEO, with Bill Gates remaining chairman and Chief Software Architect. In the same year, Microsoft released a new version of the consumer version of their flagship product, Windows Me, (Millennium Edition). Widely regarded as one of the most unstable operating systems Microsoft had ever produced, its main features were enhanced multimedia capabilities, such as an automated video editor. In June, the company released a new version of its hand-held operating system, Windows CE 3.0. The main change was the new programming APIs of the software. Previous versions of Windows CE supported only a small subset of the WinAPI, the main development library for windows, and with Version 3 of Windows CE, the operating system now supported nearly all of the core functionality of the WinAPI. In 2001, Microsoft released Windows XP, which brought the consumer and business lines of Windows together, combining the kernel of Windows 2000 with features of its consumer line of Windows, and enhancing the DOS emulation capabilities of the OS. Among the new features was an entirely new interface. However, it included the controversial Microsoft Product Activation, a part of that software that required people to register with Microsoft before using the product for the first time, and if they did not the product would cease to function. This would become a hallmark of the Company's other products, including Microsoft Office. Microsoft Product Activation In 2003, Microsoft launched the .NET initiative, along with new versions of some of its development products, such as Microsoft Visual Studio. The initiative has been an entirely new development API for Windows programming, and includes a new programming language, C#. Windows Server 2003 was launched, featuring enhanced administration capabilities, such as new user interfaces to server tools. In 2004, the Company released Windows XP Media Center Edition 2005, a version of Windows XP specifically designed for multimedia capabilities, and Windows XP Starter Edition, a version of Windows XP with a smaller feature set designed for entry-level consumers. In March 2004, the European Union brought legal action against Microsoft for antitrust violations. Eventually Microsoft was fined $613 million, ordered to divulge certain protocols to competitors, and to produce a version of Windows that did not include the Windows Media Player. Microsoft announced a new version of its MSN search service later in 2005, designed to compete with Google.

Product divisions

Microsoft sells a wide range of products, many of them developed internally, such as Microsoft BASIC and Microsoft Word. Others were acquired and rebranded by Microsoft:
- Microsoft Project, a project management package;
- Visio, a charting package;
- FoxPro, a database;
- Links, a golf game;
- Visual SourceSafe, a developer's tool;
- DoubleSpace, a compression tool;
- Virtual PC, software to emulate different version of Windows, which was acquired from Connectix; and
- MS-DOS itself, the basis for the company's success. Many of these products have undergone continual development by the Company. Internet Explorer is based on code licensed from Spyglass, Inc.; the initial development of the software was performed outside Redmond in Spyglass headquarters. In April 2002, Microsoft reorganized into seven core business groups—'each an independent financial entity—to delegate all responsibility and more closely track the performance of each unit. On September 20th, 2005, Microsoft announced a rationalization of its original seven business groups to three core divisions: the Windows Client, MSN and Server and Tool groups were merged into the Microsoft Platform Products & Services Division; the Information Worker and Microsoft Business Solutions groups were merged into the Microsoft Business Division; and the Mobile and Embedded Devices and Home and Entertainment groups were merged into the Microsoft Entertainment and Devices Division.

Microsoft Platform Products & Services Division

2005 This division produces Microsoft's flagship product, the Windows operating system. It has been produced in many versions, including Windows 3.1, Windows 95, Windows 98, Windows 2000, Windows XP and Windows Server 2003. Almost all IBM compatible personal computers designed for the consumer come with Windows preinstalled. The next planned version of Windows is Windows Vista (code-named Windows Longhorn). The online service MSN, the cable television station MSNBC, and the Microsoft online magazine Slate are all part of this division. Slate was later acquired by The Washington Post on December 21, 2004. At the end of 1997, Microsoft acquired Hotmail, the first and most popular webmail service, which it rebranded as "MSN Hotmail". Later in 1999 Microsoft introduced MSN Messenger, an instant messaging client, to compete with the popular AOL Instant Messenger. Microsoft Visual Studio is the company's set of programming tools and compilers. The software product is GUI-oriented and links easily with the Windows APIs, but must be specially configured if used with non-Microsoft libraries. The current version is Visual Studio .NET 2003, named after the .NET initiative, a Microsoft marketing initiative covering a number of technologies. Microsoft's definition of .NET continues to evolve. As of 2004, .NET aims to ease the development of Microsoft Windows-based applications that use the Internet, by deploying a new Microsoft communications system, Indigo. This will address some issues previously introduced by Microsoft's DLL design, which made it difficult to manage, install multiple versions of complex software packages on the same system (see DLL-hell), and provide a more consistent development platform for all Windows applications (see Common Language Infrastructure. In addition, the Company established a set of certification programs to recognize individuals who have expertise in its software and solutions. Similar to offerings from Cisco, Sun Microsystems, Novell, IBM, and Oracle Corporation, these tests are designed to identify a minimal set of proficiencies in a specific role; this includes developers ("Microsoft Certified Solution Developer"), system/network analysts ("Microsoft Certified Systems Engineer"), trainers ("Microsoft Certified Trainers") and administrators ("Microsoft Certified Systems Administrator"). Microsoft offers a suite of server software, entitled Windows Server System. Windows Server 2003, an operating system for network servers, is the core of the Windows Server System line. Another server product, Systems Management Server, is a collection of tools providing remote-control abilities, patch management, software distribution, and a hardware/software inventory. Other server products include:
- SQL Server, a relational database management system;
- Exchange Server, for certain business-oriented e-mail features;
- Small Business Server, for messaging and other small business-oriented features; and
- BizTalk Server, for employee integration assistance and other functions.

Microsoft Business Division

BizTalk Server The Microsoft Business Division produces Microsoft Office, which is the company's line of office software. The software product includes:
- Word, a word processor;
- Access, a personal relational database application;
- Excel, a spreadsheet program;
- Outlook, Windows-only groupware, frequently used with the Exchange server;
- PowerPoint, presentation software; and Microsoft FrontPage, a WYSIWYG HTML editor. With the release of Office 2003, a number of other products were brought under the Office banner, including Microsoft Visio, Microsoft Project, Microsoft MapPoint, Microsoft InfoPath, Microsoft Publisher and Microsoft OneNote. The division focuses on developing financial and business management software for companies. These products include products formerly produced by the Business Solutions Group, which was created in April 2001 with the acquisition of Great Plains. Subsequently, Navision was acquired to provide a similar entry into the European market, resulting in the planned release of Microsoft Navision 4.0 during the week of 18 October, 2004. The group markets Axapta and Solomon, catering to similar markets, which is scheduled to be combined with the Navision and Great Plains lines into a common platform called Microsoft Dynamics.

Microsoft Entertainment and Devices Division

Microsoft Dynamics Microsoft has attempted to expand the Windows brand into many other markets, with products such as Windows CE for PDAs and its "Windows-powered" Smartphone products. Microsoft initially entered the mobile market through Windows CE for handheld devices, which today has developed into Windows Mobile 5. The focus of the operating system is on devices where the OS may not directly be visible to the end user, in particular, appliances and cars. The company produces MSN TV, formerly WebTV, a television-based Internet appliance. Microsoft used to sell a set-top Digital Video Recorder (DVR) called the UltimateTV, which allowed users to record up to 35 hours of television programming from a direct-to-home satellite television provider DirecTV. This was the main competition in the UK for bSKYb's SKY + service, owned by Rupert Murdoch. UltimateTV has since been discontinued, with DirecTV instead opting to market DVRs from TiVo Inc. The division includes consumer and Macintosh software, along with computer hardware and entertainment software. Microsoft sells computer games that run on Windows PCs, including titles such as Age of Empires and the Microsoft Flight Simulator series. It produces a line of reference works that include encyclopedias and atlases, under the name Encarta. Microsoft Zone hosts free premium and retail games where players can compete against each other and in tournaments. Microsoft entered the multi-billion-dollar game console market dominated by Sony and Nintendo in late 2001, with the release of the Xbox. As of 2005, the console ranks second to Sony's PlayStation 2 and ahead of Nintendo's GameCube in market share in the United States (although behind the two worldwide). The console shipped 22 million units compared with competitor PlayStation 2 at 90 million units, and the company took a 4 billion dollar loss due to the console . Microsoft develops and publishes its own video games for this console, with the help of its Microsoft Game Studios subsidiary, in addition to "third party" Xbox video-game publishers such as Electronic Arts and Activision, who pay a license fee to publish games for the system. The most recent version of the Xbox is the Xbox 360. Microsoft markets a number of computing-related hardware products, including mice, keyboards, joysticks, and gamepads, along with other game controllers, the production of which is outsourced in most cases. The division houses Microsoft's Macintosh Business Unit, the largest developer of Macintosh software outside Apple itself; it produces such software as Microsoft Office for the Mac (sometimes called "Macintosh Office"), which includes Entourage, a Macintosh-specific application not available in the Windows version of Microsoft Office.

Business culture

Entourage Microsoft has often been described as having a developer-centric business culture. A great deal of time and money is spent each year on recruiting young university-trained software developers who meet very exacting criteria, and on keeping them in the company. For example, while many software companies often place an entry-level software developer in a cubicle desk within a large office space filled with other cubicles, Microsoft assigns a private or semiprivate closed office to every developer or pair of developers. In addition, key decision makers at every level are either developers or former developers. In a sense, the software developers at Microsoft are considered the "stars" of the company in the same way that the sales staff at IBM are considered the "stars" of their company. This culture is reflected in their hiring process—the "Microsoft Interview" is notorious for off-the-wall questions such as "Why is a manhole cover round?" and is a process often mimicked in other organizations. Note that, although they were once ubiquitous, recently fewer interviewers have been using these types of questions. Within Microsoft the expression "eating our own dog food" is used to describe the policy of using the latest Microsoft products inside the company in an effort to test them in "real-world" situations. Only prerelease and beta versions of products are considered dog food. This is usually shortened to just "dog food" and is used as noun, verb, and adjective. For fun, Microsoft also hosts the Microsoft Puzzle Hunt, an annual puzzle hunt (a live puzzle game where teams compete to solve a series of puzzles) held at the Redmond campus. It is a spin-off of the MIT Mystery Hunt. In an ever changing world, Microsoft expects its employees to be comfortable with ambiguity. They may not, for example, know with any degree of certainty when a product will ship, what it will be called, or what features will be included. The business culture expects agile thinkers to rapidly adjust to dramatic changes. Microsoft also fosters a general attitude of long-term strategic wariness in its managers, who are expected to be ready for any challenge from the competition or the market. In this frame of mind, being the largest software company in the world is not seen as a form of safety or a guarantee of future success. For instance, future competitors could rise from other industries, or computer hardware companies could try to become less dependent on Microsoft, or consumers could decide not to upgrade their software as often. Microsoft requires its managers to maintain vigilance and sustain a dynamic expansion in new markets.

User culture

Technical reference for developers and articles for various Microsoft magazines such as Microsoft Systems Journal (or MSJ) is available through Microsoft's MSDN site, short for Microsoft Developer Network. MSDN also offers subscriptions for companies and individuals, and the more expensive subscriptions usually offer access to pre-release beta versions of Microsoft software. In recent years, Microsoft launched a community site for developers and users, entitled Channel9, which provides many modern features such as a wiki and an Internet forum. Most free technical support available through Microsoft is provided through online Usenet newsgroups (in the early days it was also provided on Compuserve). There are several of these newsgroups for nearly every product Microsoft provides, and often they are monitored by Microsoft employees. People who are helpful on the newsgroups can be elected by other peers or Microsoft employees for Microsoft Most Valuable Professional (MVP) status, which entitles people to a sort of special social status, in addition to possibilities for awards and other benefits.

Corporate affairs

Corporate structure

The company is run by its Board of Directors, which consists of ten people, made up of mostly company outsiders (as is customary for publicly traded companies). Current members of the board of directors of Microsoft are: Steve Ballmer, James Cash, Jr., Dina Dublon, Bill Gates, Raymond Gilmartin, Ann Korologos, David Marquardt, Charles Noski, Helmut Panke, and Jon Shirley. The ten board members are elected every year at the annual shareholders' meeting, and those who do not get a majority of votes must submit a resignation to the board, which will subsequently choose whether or not to accept the resignation. There are five committees within the board which have oversight over more specific matters. These committees include the Audit Committee, which handles accounting issues with the company including auditing and reporting; the Compensation Committee, which approves compensation for the CEO and other employees of the company; the Finance Committee, which handles financial matters such as proposing mergers and acquisitions; the Governance and Nominating Committee, which handles various corporate matters including nomination of the board; and the Antitrust Compliance Committee, which attempts to prevent company practices from violating antitrust laws. There are several other aspects to the corporate structure of Microsoft. For worldwide matters there is the Executive Team, made up of sixteen company officers across the globe, which is charged with various duties including making sure employees understand Microsoft's culture of business. The sixteen officers of the Executive Team include the Chairman and Chief Software Architect, the CEO, the General Counsel and Secretary, the CFO, senior and group vice presidents from the business units, the CEO of the Europe, the Middle East and Africa regions; and the heads of Worldwide Sales, Marketing and Services; Human Resources; and Corporate Marketing. In addition to the Executive Team there is also the Corporate Staff Council, which handles all major staff functions of the company, including approving corporate policies. The Corporate Staff Council is made up of employees from the Law and Corporate Affairs, Finance, Human Resources, Corporate Marketing, and Advanced Strategy and Policy groups at Microsoft. Other Executive Officers include the Presidents and Vice Presidents of the various product divisions, leaders of the marketing section, and the CTO, among others.

Stock

When the company debuted its IPO in March 12, 1986, the stock price was $22. By the close of the first trading day, the stock had closed at twenty-eight dollars, or 97c, compared with the time period after the company's first nine splits. The initial close and ensuing rise in subsequent years made several Microsoft employees millions. The stock price peaked in 1999 at around 119 dollars (60,928 dollars adjusting for splits). While the company has had nine stock splits, the first of which was in September 18, 1987, the company did not start offering a dividend until January 16, 2003. The dividend for the 2003 fiscal year was eight cents per share, followed by a dividend of sixteen cents per share the subsequent year. The company switched from quarterly to yearly dividends in 2005, for eight cents a share per quarter with a special one-time payout of three dollars per share for the second quarter of the fiscal year. Around 2002 the stock price began a slow descent that continued through 2005. The company had its ninth split on February 2, 2003, in what could have been an attempt to arouse interest in the stock, but the price continued to stagnate regardless. On the September 23, 2005, episode of CNBC's Mad Money, the host of the show, Jim Cramer, called Microsoft's stock "the most hated stock on Wall Street".

Diversity

Microsoft received a 86% rating in the 2004 Corporate Equality Index from the Human Rights Campaign relating to its policies concerning LGBT (lesbian, gay, bisexual and transsexual) employees. According to the Human Rights Campaign, this was in line with the industry standard . Through the work of the Gay and Lesbian Employees at Microsoft (GLEAM) group and Diversity, Microsoft added gender expression to its antidiscrimination policies in April 2005, and the Human Rights Campaign upgraded Microsoft's Corporate Equality Index rating to 100%, putting it among the most progressive companies in the world. Microsoft also received criticism from the Human Rights Campaign and many others in April 2005 for withdrawing support for Washington's H.B. 1515 bill that would extend the state's current antidiscrimination laws to people with alternate sexual orientations. However, under harsh criticism from both outside and inside the company's walls, Microsoft eventually supported the bill again in May 2005 . Even though it hires many domestic American workers, Microsoft generally goes up to the annual limit in hiring foreign workers with H1B visas. Bill Gates has criticized Congress for the cap on the H1B visas, which he claims makes it difficult to hire employees for the company. Proponents of the cap cite economic and security reasons for the current law. Microsoft was also named one of the 100 Best Companies for Working Mothers in 2004 by Working Mother magazine.

Logo

Working Mother In 1987, Microsoft adopted its current logo, the so-called "Pacman Logo" designed by Scott Baker. According to the March 1987 Computer Reseller News Magazine, "The new logo, in Helvetica italic typeface, has a slash between the o and s to emphasize the "soft" part of the name and convey motion and speed." Employees ran a campaign to save the old logo, which was green, in all uppercase, and featured a fanciful letter O nicknamed the blibbet, but it was nevertheless discarded.

Criticism

Working Mother Microsoft has been the focus of much controversy in the computer industry, especially since the 1980s; in particular, which some some think its business tactics as unfair and anticompetitive. Some describe Microsoft's business tactics as "embrace, extend and extinguish", in which Microsoft initially embraces and extends a competing standard or product, only to later extinguish it through such actions as writing their own incompatible version of the software or standard. Microsoft has also been called a "velvet sweatshop" in reference to the company working its employees to the point where it might be bad for their health. The first instance of the term in reference to Microsoft originated from a Seattle Times article in 1989, and later became used to describe the company by some of Microsoft's own employees. In rulings following antitrust litigation, U.S. courts ruled that Microsoft is an abusive monopoly, and the company endures legal attacks along these lines in many countries around the world; these are successful to varying degrees, but have not yet forced serious reform such as forcing a separation of the company. Some also accuse Microsoft of allowing the user interface of its products to become inconsistent and overly complicated, requiring interactive "wizards" to function as an extra layer between the user and the interface. The security of Microsoft products (such as Internet Explorer) is also questioned by some as being overly vulnerable to computer viruses and malicious attacks. In addition, proponents of free software are engaged with Microsoft in a debate over the Total cost of ownership (TCO) of its products, as some perceive Microsoft software as more expensive to purchase, use and maintain than competitors' software. A July, 2003 article in the New York Times, accused Microsoft founder, Bill Gates, of stealing ideas for the development of Windows from its competitor, Apple. Microsoft has also been criticized for its end user license agreements, which some believe are too restrictive. As detailed in this article, Microsoft has purchased the products of many other companies to market as its own. It has also duplicated the innovations of other companies (Apple in particular) in products which have in many cases gone on

Creeping featurism

Creeping featurism, or creeping featuritis, is a phrase used to describe software which over-emphasizes new features to the detriment of other design goals, such as simplicity, compactness, stability, or bug reduction. Creeping featurism is often accompanied by the mistaken belief that "one small feature" will add zero incremental cost to a project, where cost can be money, time, effort, or energy. A related term, feature creep, describes the tendency for a software project's completion to be delayed by the temptation to keep adding new features, without a specific goal. Creeping featurism is an example of an anti-pattern. This phrase is sometimes rendered as the spoonerism "feeping creaturism", which brings up the image of each new feature being a small creature which runs around going "feep, feep". The term "creature feep" also appears. Creeping featurism is usually associated with marketing, sales, or program managment roles. However, developers are not immune to letting features creep in to a software product; many people criticize Emacs as being a prime example of creeping featurism. Emacs proponents, however, tout Emacs' all-in-one nature as one of its primary benefits. Multi-paradigm languages such as C++ have also faced such criticism.

External links

- The Interaction-Design.org Encyclopedia entry on [http://www.interaction-design.org/encyclopedia/featuritis_and_creeping_featurism.html Creeping Featurism (Featuritis)]
- [http://c2.com/cgi/wiki?CreepingFeaturitis Creeping Featuritis article] from the [http://c2.com/cgi/wiki?WelcomeVisitors|Portland Pattern Repository's Wiki] Category:Anti-patterns

Ease of use

Ease of use refers to the property of a product or thing that a user can operate without having to overcome a steep learning curve. Things with high ease of use will be intuitive to the average user in the target market for the product. The term is often used as a goal during the design of a product, as well as being used for marketing purposes. Put simply, things with "high ease of use" are easy to use. However, some experts distinguish ease of use from ease of learning, especially when the design of a product involves a tradeoff between the two goals, or between ease of use and other goals such as security.

Security

:This page covers security in the sense of protection from hostile action. For the financial instrument called "security", see security (finance). ---- Security is being free from danger. The term can be used with reference to crime, accidents of all kinds, etc. Security is a vast topic including security of countries against terrorist attack, security of computers against hackers, home security against burglars and other intruders, financial security against economic collapse and many other related situations.

Defining the word security

The word "security" in general usage is synonymous with "safety," but as a technical term "security" means that something not only is secure but that it has been secured. For example, In telecommunication, the term security has the following meanings:
- A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
- With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.
- Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness. Sources: from Federal Standard 1037C and adapted from the Department of Defense Dictionary of Military and Associated Terms Another proposed alternative definition:
- When our expectations are met, we can say that quality has been met. When our expectations are met once and again, despite of errors, catastrophes and attacks which in principle could prevent our expectations to be met, we can say that security has been met. Security is not falsifiable (Popper). We can prove that there has been a security failure, but we can't prove that there hasn't. Security measures improve the likeliness of expectations to be met, and therefore improve security. With respect to classified matter there is an expectation of the classified matter to remain secret for as long as we wish. A control access system is the security measure that helps this expectation to be accomplished. The key problem in defining security is that it is an inherently fuzzy concept. If someone offers you a cigarette, should your bodyguard stop him? This is a method of making your death more likely, but, since you want to smoke the cigarette you would consider it bad to be deprived. If, on the other hand, the cigarette was poisoned, this would be a clear breach of security. Most security measures also involve compromise. If you want to be safe from poisoned cigarettes, you must also accept that you will lose access to free cigarettes from strangers. If you want to be even safer, you must stop smoking. Security has to be compared and contrasted with other related concepts: Safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of active malicious agents attempting to cause destruction. A simple and clear definition of effective security could be:
- a secure system is a system which does exactly what we want it to do and nothing that we don't want it to do even when someone else tries to make it behave differently.

Perceived security compared to real security

It is very often true that people's perception of security is not directly related to the actual security. For example, a fear of flying is much more common than a fear of driving; however, driving is generally a much more dangerous form of transport. Another side of this is a phenomenon called security theatre where ineffective security measures such as screening of airline passengers based on static databases are introduced with little real increase in security or even, according to the critics of one such measure - CAPPS - with an actual decrease in real security.

Categorising security

There is an immense literature on the analysis and categorisation of security. Part of the reason for this is that, in most security systems, it is the "weakest link in the chain" which is the most important. The situation is asymmetric since defender must cover all points of attack whilst the attacker must only identify one weak point and concentrate on that.

Types of security

- physical security
- information security
- computing security
- financial security
- human security

Security concepts

Certain concepts recur throughout different fields of security.
- risk - a risk is a possible event which could cause a loss
- threat - a threat is a method of triggering a risk event
- countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
- defense in depth - never rely on one single security measure alone
- assurance - assurance is the level of guarantee that a security system will behave as expected

Security standards

- TCSEC (Orange Book)
- Common Criteria
- [http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&ICS1=35 ISO 17799:2000 Code of practice for information security management]
- [http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40&ICS3= The newer ISO 17799:2005 Code of practice for information security management]

Consumer

:This article is about consumers in economics. For the article about consumers in biology, see Heterotroph. Consumers are individuals or households that consume goods and services generated within the economy. Since this includes just about everyone, the term is a political term as much as an economic term when it is used in everyday speech. Typically when businesspeople and economists talk of consumers they are talking about person as consumer, an aggregated commodity item with little individuality other than that expressed in the buy not buy decision. However there is a trend in marketing to individualize the concept. Instead of generating broad demographic profile and psychographic profiles of market segments, marketers are engaging in personalized marketing, permission marketing, and mass customization. A consumer is assumed to have a budget which can be spent on a range of goods and services available on the market. Under the assumption of rationality, the budget allocation is chosen according to the preference of the consumer, i.e. to maximize his or her utility function. In 'time series' models of consumer behaviour, the consumer may also invest a proportion of their budget in order to gain a greater budget in future periods. This investment choice may include either fixed rate interest or risk-bearing securities. In the context of mental health, consumer is also a term applied to describe a person living with mental illness. Concern over the best interests of consumers has spawned much activism, as well as incorporation of consumer education into the school curriculum. There are many non-profit publications available to assist in consumer education such as Consumer Reports or Choice Magazine. Within many selling companies consumer has come to be a derogatory term which means a purchaser of products who is not very intelligent. This is in contrast to the meaning of customer, which is defined as an intelligent purchaser who has power in the purchasing relationship between buyer and seller. Consumer could also be seen as an offensive term, implying that a person's only function is to buy a product (consume). Category: Economics Category: Marketing ja:消費者

Marketshare

Market share, in strategic management and marketing, is the percentage or proportion of the total available market or market segment that is being serviced by a company. It can be expressed as a company's sales revenue (from that market) divided by the total sales revenue available in that market. It can also be expressed as a company's unit sales volume (in a market) divided by the total volume of units sold in that market.

Objective

Increasing market share is one of the most common objectives used in business. The main advantage of using market share is that it abstracts from industry wide macroenvironmental variables such as the state of the economy, or changes in tax policy.

Other objectives

Other objectives include return on investment (ROI), return on assets (ROA), and target rate of profit.

Lists of related topics

- list of marketing topics
- list of management topics
- list of finance topics
- list of accounting topics
- list of economics topics category:Marketing category:Strategic management

Malware

Malware (a portmanteau of "malicious software") is a type of software designed to take over and/ or damage a computer user's operating system, without his or her knowledge or approval. Once installed, it is often very difficult to remove, and depending on the severity of the program installed, its handiwork can range in degree from the slightly annoying (such as unwanted pop up ads while a user is performing regular computing tasks on or offline), to irreparable damage requiring the reformatting of one's hard drive, since much of malware is poorly written. Examples of malware include viruses and trojan horses. Malware should not be confused with defective software, that is, software which is intended for a legitimate purpose but has errors or bugs.

Goals

Over the years, people have written malicious software for a number of different purposes. Many early infectious programs, including the Internet Worm and a number of MS-DOS vi

Computer insecurity

Security and systems design

Financial cost

Reasons

Vulnerabilities

Code exploits

Eavesdropping

Social engineering and human error

Denial of service attacks

Indirect attacks

Backdoors

Direct access attacks

Reducing vulnerabilities

Security measures

Difficulty with response

Further reading

See also

References

External links

Computer system

See also

Exploit (computer science)

See also

External links

Security engineering

Sub-fields of security engineering

See also

Further reading

Insecurity

See also

Defect

Microsoft

History

1975–84: the founding of Micro-soft

1985–91: the rise and fall of OS/2

1992–95: domination of the corporate market

1995–99: foray into the Internet and other venues

2000–05: legal issues, XP, and .NET

Product divisions

Microsoft Platform Products & Services Division

Microsoft Business Division

Microsoft Entertainment and Devices Division

Business culture

User culture

Corporate affairs

Corporate structure

Stock

Diversity

Logo

Criticism

Creeping featurism

See also

External links

Ease of use

See also

Security

Defining the word security

Perceived security compared to real security

Categorising security

Types of security

Security concepts

Security standards

See also

Consumer

Marketshare

Objective

Other objectives

See also

Lists of related topics

Malware

Goals