Microsoft: We Make Hackers Obsolete

bahamat writes "This article explains how Microsoft was forced to yank a magazine ad by the Advertising Standards Authority. In the ad MS claims that they'll make the hacker extinct. The tagline reads "Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out. Which means that your data couldn't really be safer, even if you kept it in a safe. Which is great news for the survival of your company. But tragic news for hackers." Does MS really think that people are too stupid to remember what happened less than 2 months ago? My favorite quote from the article is "Clarke described Microsoft's claim as "laughable". "

Reminds of the NT4 hype 7 years ago

[Billly+Gates]

Stallan once said if you stated a lie long enough it would become true.

I remember how NT4 was supposed to be the unix killer. Anyone remember the microsoft ad on the internet which went something like this ...."Windows is reliable...Unix is reliable...Windows is scalable...Unix is scalable...Windows cost less then a $1000 dollars...???" ?

At the same time Bill Gates did a show called scalability day. In the demonstration with Microsoft Transaction server they showed NT doing million of simulated hits for banking apps. Bill said if NT can do this with only pc hardware just imagine what it can do with 32 processor systems.

What a joke. We all know that NT4 sucked bigtime and it was no solaris as Microsoft claimed.

Same is true with this. Many companies like Motorolla and TI believed the lie and replaced all there unix systems with NT ones only to downgrade back to unix. NT just could not handle it and Microsoft transaction server was not the magical bullet Microsoft made it out to be.

Its like the story of the boy who called wolf.

the sound of bursting bulkheads.

[Erris]

I can't believe it; someone LYING in an ADVERTISEMENT?! This threatens the integrity of the entire advertising field!

No, not really. Most firms are honest. Some firms exadurate, like Apple's famous "bicycle for your brain" hyperbole describing the Apple II or Oracle's "Unbreakable" advert. Microsoft, however is so dishonest that really large, generally clueless organizations notice:

1. The US Federal Government: Convicted them of monoply.
2. Wall Street: Moving to Linux and dumping the junk that gave them "Iloveyou", etc, and now,
3. The Advertising Standards Authority of SA (ASA): noticed that M$ was full of holes.

When you get to the point where the postman. bankers and marketing droids notice you suck and lie about it, man, it's over.

Re:A really poor track record - to nobody's surpri

[bobthemonkey13]

I'm pretty sure this is a troll due to the lack of support to the claims, but I'll respond anyway because the points are still valid:

Unix is a complete joke as far as security.

I don't know what you mean by "Unix", but I'm assuming it includes all POSIX-compatable operating systems (including GNU/Linux, *BSD, etc). In that case, maybe you should look at OpenBSD. It's about as Unix as they come, being BSD-derived and all. Yet it is also one of the most secure general-purpose operating systems out there. In the past 7+ years, OpenBSD has had one remote root hole in the default install (the OpenSSH off-by-one hole, I believe) and a handfull of priviledge escalation holes and the like. Compare this to Solaris or Red Hat Linux, and you'll see that not all Unixes are the same.

a.) It's ancient so most of the flaws are finally worked out.

I agree here, but I think that the point deserves more elaboration. Many of the flaws in Windows and Windows-related products like IIS stem from fundamental design problems, the kind that only massive time and energy spent reworking can fix. For example, the fact that any NetBIOS-enabled Windows machine will send you its password hashes upon request (by getting the machine to retrieve a remote file:// url) has been acknowledged by Microsoft as a pretty much unfixable design flaw. Similarly, the IIS URL parsing mechanism is overly complex, leading to holes like the Unicode ../../ problems. With Unix, most of the fundamental design issues have been worked out or worked around. True, there are still a few fundamental problems; the inflexible permissions system and the fact that many things run as root just to get one specific priviledge (ping, daemons, etc) come to mind. But most of the flaws in Unix programs come from buffer overflows, format string vulnerabilities, unchecked perl open() calls, and the like: little, isolated errors that are easy to make and almost as easy to fix.

b.) Nobody _gives a shit_ about Unix so there aren't a lot of hackers out there targetting it.

This point blatantly contradicts the others. If Unix is so unimportant, why (according to point a) have there been so many flaws found and fixed? Besides that, have you looked at how many companies are into Linux these days? I think that Red Hat, IBM, and HP (just to name a few) would disagree with your statement that "Nobody _gives a shit_ about Unix". With the release of Mac OS X, Unix is now also a popular desktop OS with a significant market share. As for "hackers" (I'll assume you meant crackers) targeting Unix, take a look at any security-related mailing list and you'll see that many Unix-related flaws are researched and found, and often exploited. Crackers and script kiddies do care about Unix (it accounts for over half of all webservers*, for example), and this is why so much effort has gone into and will continue to go into securing Unix.

*Netcraft says that 64.19% of sites run Apache, but does not mention the OS distribution. Since most Apache installs are on Unix systems, and since there are also some non-Apache Unix webservers, I figured that saying 50% was more than reasonable.

Incorrect threat model

[crucini]

Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out.

This message may appeal to naive purchasers, but does not address real-world threats. Most corporate fraud is committed by insiders. Microsoft is proposing an overly simplistic threat model: the villains are outside the wall. In reality, villains inside the wall account for greater damage.

South Africa banned the Ads but NOT in the US

[danmart]

Just shows how low the media whores in this country. No objection to printing that in Time magazine. An African country can see the absurdity of these ads and force retractions, but not here.

Re:I cant wait!

[neuroticia]

Okaaaayy.. I just finally got to read the actual text of the ad. (First time I tried the sever gave me a vb/asp error message. ;) ) I misinterpreted the Slashdot snippet as saying that Microsoft's ad was future-tense "going to make", which technically couldn't be called fraud unless they gave a definitive timeline or product. Serves me right for thinking "Even Microsoft couldn't be that blatantly fraudulent".

I was wrong--it is blatant fraud. Its caption states: 'Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out. Which means that your data couldn't really be safer, even if you kept it in a safe. Which is great news for the survival of your company. But tragic news for hackers.

Nothing future-tense, or even realistic about that!

Unless by "tragic" they mean a "tragic comedy of errors, which causes the hacker to double over laughing and results in severe stomach cramps."

The MS marketing people are their own worst enemies.

-Sara