Slashdot Mirror
Microsoft: We Make Hackers Obsolete
bahamat writes "This article explains how Microsoft was forced to yank a magazine ad by the Advertising Standards Authority. In the ad MS claims that they'll make the hacker extinct. The tagline reads "Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out. Which means that your data couldn't really be safer, even if you kept it in a safe. Which is great news for the survival of your company. But tragic news for hackers." Does MS really think that people are too stupid to remember what happened less than 2 months ago? My favorite quote from the article is "Clarke described Microsoft's claim as "laughable". "
This is almost too stupid to be true. The majority of the world would disagree with this, even my MOM! :)
I think their ad exec provided a self portrait with that Dodo.
I'll take the safe any day1
I can't believe they would even consider pulling a stunt like that.
Sadly, many people would believe it, if for no other reason than total ignorance.
It seems reasonable that, Oracle already having garnered the attention the press for its "Unbreakable" slogan, that Microsoft try it, too. (I'll let you argue amongst yourselves whether this is in keeping with Microsoft's traditional business practices.)
Precendent's been set. But the correct response from the geek public has been to attempt to poke holes in an(y) absolutist claim, as is its obligation.
Seeing as you dont need a hacker to break it then technicaly they could make hackers obsolete. Of course the growth in crackers is and will be astonomical.
:)
If there serious in selling internet portales then a free site certificate thats certified by recocnised organisation might be a step in the right direction but the only hacker/craker proof NT system I've seen had a blue screen and was locked down solid as a box switched off
Stallan once said if you stated a lie long enough it would become true.
...."Windows is reliable...Unix is reliable...Windows is scalable...Unix is scalable...Windows cost less then a $1000 dollars...???" ?
I remember how NT4 was supposed to be the unix killer. Anyone remember the microsoft ad on the internet which went something like this
At the same time Bill Gates did a show called scalability day. In the demonstration with Microsoft Transaction server they showed NT doing million of simulated hits for banking apps. Bill said if NT can do this with only pc hardware just imagine what it can do with 32 processor systems.
What a joke. We all know that NT4 sucked bigtime and it was no solaris as Microsoft claimed.
Same is true with this. Many companies like Motorolla and TI believed the lie and replaced all there unix systems with NT ones only to downgrade back to unix. NT just could not handle it and Microsoft transaction server was not the magical bullet Microsoft made it out to be.
Its like the story of the boy who called wolf.
http://saveie6.com/
*Ignorant Person reads ad saying Microsoft products are hacker-proof and security bug free*
Ignorant Person: "This is what I have been waiting for!"
*Ignorant Person runs to the nearest Wal-Mart and buys a copy of Windows 2000 Server.*
*Ignorant Person tries to install it over his previous server OS, Windows 95 original release.*
*Ignorant Person is satisfied once Windows 2000 Server is installed and IIS is running*
*Ignorant Person's web site is hacked, Code Red I-IV finds a new home, and Nimda exploits every unpatched bug and then some. Not to mention the original Melissa virus from the W95 days*
Ignorant Person: "Ah shit"
..but can anybody out there make that claim? I doubt it. If you know enough to keep everybody out, you pretty much know enough to keep everybody out no matter what OS you're on. Windows' big problem (I'm referring only to NT/2K/XP, not 9x or ME. I wouldn't defend that line for nothing.) is its poor choice of defaults. Lock it down and it isn't half bad. I had an IIS server running for nearly 2 years without a single incident. The big thing I did (here's a free tip for you IIS users out there) was I installed 'URLScan' which applied a filter to all URS before parsing. This not only prevented people from trying to use buffer-overflow techniques to break in, but it also let me prevent very specific things from being run. Damn cool, but it really should come with IIS. Like I said, poor defaults.
A Linux box, by default, is hardly more secure. Within a couple of weeks of building an Apache Server with the latest Redhat, it got rooted. Yay. You still have to patch it up, lock it down, and monitor it. I know the tools are there to make it more secure, but the problem is that you have to get to know it. I'm new to the Linux world, and as such I was more vulnerable to malicious attack than I was with IIS because I was unfamiliar with it.
So I'm curious, who actually can make that claim? Nobody immediately springs to mind.
"Derp de derp."
Microsoft is good at making both their old software, and old hardware obsolete, along with hacking. .net on Windows 98, or read some CDs in a file system compatible with Win 98 but not NT 4+, then I'd say they are pretty darn good at making all sorts of things obsolete. .net, all the while them spouting about how it would make .dll hell disapear, make software for any Microsoft operating system including obscure ones like Windows CE Tablet, and not once did they mention that it wouldn't run on Windows 98.
When you can't read a file from the next version of MS Works in the previous one, or use MS
I was at a MS presentation of
Saskboy's blog is good. 9 out of 10 dentists agree.
Oh for fuck's sake, get off the stupid "hacker/cracker" semantics bullshit already. You KNOW what they mean.
Is it really surprising that Microsoft don't know what the term "hacker" really means? Just take a look at one or two of their products.
... I guess
sticking with it since then has just been sheer cussedness. ...and not offering a multi-button mouse with a scroll wheel as an option with Macs is just sheer brain-deadness.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
I'm not saying the jargon file is official, what I'm saying is that the term hacker was first coined by hackers, not marketing morons, and it's original meaning should be honored.
btw.. next time u mention something about a dictionary company, SPELL the name right.
Merriam-Webster
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
Hi! Maybe I didn't read the article carefully enough, but I was wondering anyone had a higher-dpi image of the ad! I want to put it up in our office next to my Slackware box - I love the image of the Hacker! It's hilarious!
No, the ad is misleading. It may be technically true, but it is still misleading in that it heavily implies something which is not true. Under ASA standards it only needs to be deliberately misleading to be chucked out, it doesn't have to be an outright lie. This is a good thing.
It is quite obviously possible to mislead people without needing to specifically tell an actual lie, but in the ASA's view, it is not about whether or not a company is technically lying, but about whether or not they are deceiving people. This makes perfect sense to me; deception is wrong regardless of whether or not a lie was required to do it.
No, not really. Most firms are honest. Some firms exadurate, like Apple's famous "bicycle for your brain" hyperbole describing the Apple II or Oracle's "Unbreakable" advert. Microsoft, however is so dishonest that really large, generally clueless organizations notice:
When you get to the point where the postman. bankers and marketing droids notice you suck and lie about it, man, it's over.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Actually, advertising regulations for mutual funds are super strict ( but then again, so are all the laws regulating mutual funds... but I digress). The SEC will fine you (well, your fund) big time if its advertisments violate regulations (clearly mentioning that any famous poeple in the ad are paid, guiding people to the prospectus, warning of risks, etc.)
also- the NASD regulates its member's advertising as well.
DISCLAIMER: I am not a securities lawyer, I'm married to a soon-to-be securities lawyer. All my knowledge comes from a paper she wrote for her Market Regulations class. If its any consolation, she got an "A".
In the future, I would want to not be isolated from my friends in the Space Station.
The GUI was designed to only need one button. Ctrl-click has the same function as the right mouse button. You can always buy a two-button mouse with Mac software that lets you assign all sorts of key/click combinations, but at least the core GUI doesn't require that.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
"Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out." This statement has a factual basis.
But you are mistaken and Microsoft knows it. Silly fanboy, grow a memory.
What do you call a consultant who recomends M$ for security of private information? A baldfaced liar.
Friends don't help friends install M$ junk.
Microsoft must be really, really stupid to think that anybody is going to fall for that. The reliability of their software is a joke across the industry that EVERYBODY knows about.
Being an advocate of alternative software, I talk to a lot of people about Microsoft before I even mention that I advocate other stuff. I have never heard someone say that Microsoft's stuff is reliable. As a matter of fact, even the most naive computer users have stated plainly that Microsoft causes all kinds of trouble for them. It is a widely known fact.
So why would Microsoft make a stupid claim like this? My feeling is that they have a serious break in communication between their marketing department, which probably uses blueberry candy-apple Macs to make glossy, lickable presentations, and all other departments, which use UNIX for all of their operations because they know how much Windows sucks (because they made it) and refuse to use it.
'ta
Sure can! Real/32 can also. There are plenty that can. MS isn't one of them.
My other Beowulf cluster is... er...
as long as there is consumer products, there will be someone exploiting them, It goes back to my old quote :: No matter how secure you think your box is someone can and will take it down...
For The Best Jazz/Hip-hop fusion > COlD DUCK
Safes have ratings or classes, D,CB and A.
Now given a 'Tinnie' 4 draw filing cabinet is a 'D' , MS should show a similar 'Unrated' 'safe'. Wrapped in string bow tie, with do not open is not my idea of a 'safe'.
Corrupted corporate data.
Besides, with MS you have to BUY a virus checker, so it also fails to keep viruses out.
The funny thing here is that independent verification isn't required unless everyone already knows the claim is a lie. Also worth noting is that a company with 1/1000th the cash that M$ has could get independent verification for anything they wanted (we've all seen the court cases where the sleazy side has their expert witnesses). Heck, even M$ bought some expert witnesses for their antitrust trial. But even M$ couldn't find anyone who was able to claim M$ software is secure with a straight face.
I'm an American. I love this country and the freedoms that we used to have.
From the article:
Laubscher says despite the decision, Microsoft fully maintains that its software is able to fulfil the task of keeping hackers and viruses out, making the customers' data safer than if kept in a safe.
I try to be open minded, but when you walk around with your foot hovering in front of your mouth, eventually, someone is going to push it in. This is worse that walking around with a "kick me" sign on your back, because they did it on purpose.
The claims they made are so over the top, its obvious their marketing dept. has lost all contact with the real world. No one with a pulse is stupid enough to believe it just because they said its true. This is insulting to their existing customers, who know better.
Tequila: It's not just for breakfast anymore!
Unix is a complete joke as far as security.
I don't know what you mean by "Unix", but I'm assuming it includes all POSIX-compatable operating systems (including GNU/Linux, *BSD, etc). In that case, maybe you should look at OpenBSD. It's about as Unix as they come, being BSD-derived and all. Yet it is also one of the most secure general-purpose operating systems out there. In the past 7+ years, OpenBSD has had one remote root hole in the default install (the OpenSSH off-by-one hole, I believe) and a handfull of priviledge escalation holes and the like. Compare this to Solaris or Red Hat Linux, and you'll see that not all Unixes are the same.
a.) It's ancient so most of the flaws are finally worked out.
I agree here, but I think that the point deserves more elaboration. Many of the flaws in Windows and Windows-related products like IIS stem from fundamental design problems, the kind that only massive time and energy spent reworking can fix. For example, the fact that any NetBIOS-enabled Windows machine will send you its password hashes upon request (by getting the machine to retrieve a remote file:// url) has been acknowledged by Microsoft as a pretty much unfixable design flaw. Similarly, the IIS URL parsing mechanism is overly complex, leading to holes like the Unicode ../../ problems. With Unix, most of the fundamental design issues have been worked out or worked around. True, there are still a few fundamental problems; the inflexible permissions system and the fact that many things run as root just to get one specific priviledge (ping, daemons, etc) come to mind. But most of the flaws in Unix programs come from buffer overflows, format string vulnerabilities, unchecked perl open() calls, and the like: little, isolated errors that are easy to make and almost as easy to fix.
b.) Nobody _gives a shit_ about Unix so there aren't a lot of hackers out there targetting it.
This point blatantly contradicts the others. If Unix is so unimportant, why (according to point a) have there been so many flaws found and fixed? Besides that, have you looked at how many companies are into Linux these days? I think that Red Hat, IBM, and HP (just to name a few) would disagree with your statement that "Nobody _gives a shit_ about Unix". With the release of Mac OS X, Unix is now also a popular desktop OS with a significant market share. As for "hackers" (I'll assume you meant crackers) targeting Unix, take a look at any security-related mailing list and you'll see that many Unix-related flaws are researched and found, and often exploited. Crackers and script kiddies do care about Unix (it accounts for over half of all webservers*, for example), and this is why so much effort has gone into and will continue to go into securing Unix.
*Netcraft says that 64.19% of sites run Apache, but does not mention the OS distribution. Since most Apache installs are on Unix systems, and since there are also some non-Apache Unix webservers, I figured that saying 50% was more than reasonable.
This message may appeal to naive purchasers, but does not address real-world threats. Most corporate fraud is committed by insiders. Microsoft is proposing an overly simplistic threat model: the villains are outside the wall. In reality, villains inside the wall account for greater damage.
The term 'cracker' was first coined by hackers, too, just not the current ones who insist that a cracker is someone who 'cracks' security. A cracker was someone who 'cracks' personal computer games and removes or NOPs over the copy protection. Famous 'cracked' games always had a 'cracked by' comment on the splash screen.
However, at that point in time, the 'crackers' were playing around with color displays on cheap PCs and Apple IIs and Amigas. 'Hackers' were staring at green screen dumb terminals. The people who now 'own' the 'Jargon file' are the latter.
sticking with it since then has just been sheer cussedness. ...and not offering a multi-button mouse with a scroll wheel as an option with Macs is just sheer brain-deadness.
What's worse is their laptops... If you want a multi-button pointing device, you've got to connect it externally. Yuck. It's a shame too cause I would really consider getting an iBook if it had an intergrated trackball or an eraser head mouse with at least 2 buttons. As it stands, a single button touchpad is a dealbreaker.
I guess we're getting kinda OT here, but as far as deceptive advertising goes, aren't Apple's switch ads just as bad? What if you're more productive with a 3-button scroll trackball? Is Apple's "different" way really better? Do they have statistics proving applications on OS X are really more stable than those on Windows XP? Let's face it, advertising is subjective - that's why it's advertising.
If the Mac switchers have reached personal computing nirvana, the beer drinkers are all buff and having a great day with attractive females at the beach, the car is doing things that you can't legally do on public roads or Microsoft software is depicted as secure, guess what - it's an advertisment. Could you imagine what ads would be like if they depicted reality?
Scene: Int. my house, night.
Me: "I'm thirsty."
Cut-to wide shot of me walking out of the computer room and follow me walking to the fridge.
Close up of me opening a can of Sprite(tm).
Me: "Ahh... Can of fizzy liquid goodness."
Cut back to wide shot of me walking back into the computer room. Fade out and show a graphic:
"Sprite. Because you're too lazy to restock on something with caffine."
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Seriously, though, Windows documentation is copious, but it is very thin on actual information. I think most people just manage to run Windows because they have a nerd friend they can come to for help.
Well, there are several reasons for that:
Just shows how low the media whores in this country. No objection to printing that in Time magazine. An African country can see the absurdity of these ads and force retractions, but not here.
It IS hacker proof - we don't have access to the source, how are we supposed to hack on the code?
That's actually a fairly profound insight.
Despite what the popular media will try to tell you, REAL hackers are the whitehats, people like Linus Torvalds or Richard Stallman. In that case, windows quite literally IS hacker proof... only MS's internal team has access to the source code, so only they can hack on it.
What they probably were trying to say is that it's cracker proof, and that would have been the painfully obvious and blatant lie that everybody here is making it out to be.
Tell a big enough lie and people will believe you.
The race isn't always to the swift... but that's the way to bet!
The reason hackers are obsolete is now you don't need to skill of a hacker to break Windows, any old Joe can do it now (and you don't even need to try hard!)
Actually, having to hit CTRL+ALT+DELETE is a surprisingly good security measure. Without it, any user can run a program that looks like the login screen, record the password you enter, say "Incorrect Password", and then log the user out, giving you the real login-screen.
Unfortunately, there is nothing like it in the Unix world. Any user can fake a text or graphical log-in screen. Fortunately, to make sure the XDM screen is legit, you can hit CTRL+ALT+BACKSPACE, but that is not REQUIRED, and doesn't help at a text login anyhow.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Okaaaayy.. I just finally got to read the actual text of the ad. (First time I tried the sever gave me a vb/asp error message. ;) ) I misinterpreted the Slashdot snippet as saying that Microsoft's ad was future-tense "going to make", which technically couldn't be called fraud unless they gave a definitive timeline or product. Serves me right for thinking "Even Microsoft couldn't be that blatantly fraudulent".
I was wrong--it is blatant fraud. Its caption states: 'Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out. Which means that your data couldn't really be safer, even if you kept it in a safe. Which is great news for the survival of your company. But tragic news for hackers.
Nothing future-tense, or even realistic about that!
Unless by "tragic" they mean a "tragic comedy of errors, which causes the hacker to double over laughing and results in severe stomach cramps."
The MS marketing people are their own worst enemies.
-Sara
In the correct sense of the word "hackers", they are absolutely right. Microsoft aims to make thier apps so "easy to use" that they eliminate the need (and the ability) to hack things. Their goal is to sell to average desktop users and average business owners, so that they can do things without having to hack and tweak with things. This is the reason Microsoft is so successful.
Unfortunately this "dumming down" produces many security holes, runtime errors, and eliminates the freedom we enjoy with Unix/Linux/BSD. This business model also moves software away from the 31337 h4x0r$ like us, and makes it nice and shiny and "easy."
This is fine, and useful, however the problems are: Many MS programs are notoriously bug ridden (IE, IIS, Exchange, Windows, etc.)
In thier quest for global domination, the code is top secret, and the programs loose much of their hackability. It is a good analogy to say it is "like a car with its hood welded shut."
Sorry if I duped anyone.
P33(,
Arthur K.
Patent: from Latin patere, to be open