Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Raises Security Game, Notes Shortcomings Elsewhere

Posted by CowboyNeal on from the redwood-roundup dept.

LMCBoy writes "Steve Ballmer recently told an industry conference that Microsoft software is more secure than Linux. PJ at Groklaw has a nice, thorough analysis of this dubious claim. She points out that not only are there vastly more Microsoft exploits reported, but that the exploits tend to be much more severe, involving remote administrator access." In related news, mhesseltine writes "According to an article from the Washington Post, in an unusually ironic twist, Microsoft has started talking smack about their own products, instead of those of their competitors. Bill Gates said of Office 'it's too hard to find things in e-mail' and described some features of Word as 'clunky.'"

19 of 490 comments (clear)

  1. Early versions... by exi7 · · Score: 2, Interesting

    Don't cream in your pants just yet... Gates actually "described early versions of the Word text-processing program as "clunky."

  2. Well... by Sir+Haxalot · · Score: 2, Interesting

    I've had to download 5 updates in the last 3 days, so it must be getting safer, but one assumes if you're constantly downloading security patches there's got to be something insecure about it...

    --
    I have over 70 freaks, do you?
  3. anyone else tired? by EZmagz · · Score: 2, Interesting
    Seriously, is anyone else tired of hearing MS trying to pass the buck when it comes to their products? I've just about stopped listening to all of these self-promoting bullshit campaigns. Honestly, is this getting tiring to anyone else?

    One of the biggest issues is that rarely do these claims stack up comparable products. I was just reading the claim by Balmer saying Win2K is more secure (i.e., less patches) than RedHat 6.2, IIRC. Compare the kinds of vulnerabilities Balmer was referring to: in MS, there were a ton of holes that were rooted into the OS, making the whole system vulnerable (in general). In RH, many of the patches were for apps and tools that aren't installed automatically. Sure, your SSL-secured dildo-plus-IM app might have a hole in it, but it's probably not installed by default. Compare that to everyone's favorite RPC hole, or IE hole, found in EVERY version of Windows 2000.

    Fuck it, not worth my time. I'm not a anti-MS zealot by any means, but it's time to /ignore what some of the annoying corporate PR trolls are screaming. If you want to get my attention, get an independent 3rd party (no, Gartner DOESN'T count) to show me some results and back them up with meaningful data.

    --

    "Hell hath no fury like a woman scorned for SEGA. ..."

  4. Email too clunky Bill? Is that the bst you can do? by spidergoat2 · · Score: 1, Interesting

    Now, if only he would admit that Microsoft is making too much money. Or perhaps Bill could say that MS has been unfair to consumers. THAT would be newsworthy.

  5. Re:Sure Windows is more secure than Linux... by Anonymous Coward · · Score: 2, Interesting

    You asked for it so, Linux is more secure than Windows. There's a huge difference between not securing a system and having a system riddled with exploits. From what I found it looks like you're refering to APPLICATION exploits, not LINUX exploits. I don't expect a Windows Zealot like you to understand that though.

  6. Re:Sure Windows is more secure than Linux... by caluml · · Score: 4, Interesting

    Install Windows 2000 Advanced Server, and enable Terminal Services. Then post the IP address along with Administrator login, and password, and let Slashdot at it.
    Scared? ssh root@selinux.dev.gentoo.org with password gentoo then.

    --
    Get your own free personal location tracker
  7. Re:Lipservice for Investors by DarkBlackFox · · Score: 2, Interesting

    I can guarantee you that the average NASDAQ broker knows more about technology than you do.

    Actually, a few clients at my computer repair store are NASDAQ brokers, and I can assure you that's not the case. One of them actually wanted to get rid of Windows XP in favor of Windows ME because they thought XP was incompatible with a linksys router.

  8. Re:More Slashdot bias by greenhide · · Score: 4, Interesting

    Do we really need another bash-Microsoft article obsessively dissecting one sentence Bill Gates made at some promotional speech or interview or whatever?

    Um, it was the Washington Post reporting on the "sentence" (although it was probably more on the orders of a paragraph or two), not Slashdot. We're not dissecting the sentence here. It's pretty clear that MS is going to have to make the sale based on overhyping the features of the new version and badmouthing the old. This sort of thing happens in companies all the time -- Clorox bleach had a big promo for powdered Bleach by badmouthing liquid bleach, their #1 product.

    Just like a site focusing on Green Party politics would be crazy not talking about news concerning the Bush administration, it's important to talk about Microsoft here because for the forseeable future it will be that 800-lb gorilla that affects everything else in the tech industry.

    If you really want to complain about excessive coverage, it seems like Apple has gotten more than its fair share of articles in the past week, too. Gee, maybe that's because there are a lot of newsworthy events going on with that company.

    Things are happening with both Microsoft and Apple this week; big news items ( horrible security exploits patched followed by big talk from Balmer, iTunes for Windows, a Mac-based cluster possibly making #4 or #5 of the top 500 supercomputers). Maybe some things are happening on the Linux front; maybe not. But Linux is based around a community of nerds, not on a corporation with a snazzy PR department.

    In a sense, this is exactly what makes Linux an ideal server platform: it's not "features" focused, and it's more into substance than style. It's also why it's less likely to break into the home desktop market any time soon (although it stands a chance in large-volume corporation and school environments).

    --
    Karma: Chevy Kavalierma.
  9. Re:More Slashdot bias by Vicegrip · · Score: 3, Interesting

    It's hard not to laugh at the bully when he complains about being picked on.

    Anyways, I'm ready to keep bashing Microsoft until they get their bloody act toghether and no amount of whimpering will change my mind.

    Open source is about calling things the way they are: saying as loud as possible when something important sucks and need to be re-written. In Linux, thats what happens: when it sucks badly, it gets re-written. This is a concept most corporations often have a hard time digesting because it's too expensive for them.

    --
    Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
  10. Re:Pah by fugue · · Score: 2, Interesting

    "What kind of person are you?"
    "Engineer!"
    "Left-dominant!"
    "Hindu!"
    "C affeinated!"
    "CowboyNeal!"
    "Windows 95!"

    More or less the same hardware, different software. Your answer depends on what factors you consider relevant. The hardware all behaves more or less the same modulo how fast things run; the software is far more interesting!

    --
    "The biggest problem with communication is the illusion that it has taken place."
  11. Re:More Slashdot bias by Bull999999 · · Score: 2, Interesting

    Here's the number of updates for various Windows according to the MS SUS (Software Update Services) server.

    Name Number of Updates
    IE 5.0X 295
    IE 5.5X 268
    IE 6.X 567
    Windows 2000 1476
    Windows 2003 250

    SUS server software is a free download from MS for non-domain controller Windows 2000/2003 server OS. If you don't believe my figures, download it and see for yourself.

    --
    1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
  12. Re:More Slashdot bias by dpalley · · Score: 2, Interesting

    Actually, Windows 2003 Server only has 13 updates (including IE 6 updates for 2003 Server).

    What you're seeing is the count of all updates for all versions for a given product (i.e. Server, Advanced Server, Datacenter, etc).

    Same is true for the other numbers.

    Dan

  13. Talking to Jack by twitter · · Score: 2, Interesting
    While Steve Baller is trying to outlaw the GPL, Bill Gates is doing the same for Competion in general. After that they will work on a bill to outlaw free speech.

    It's really that stupid. You can't kill the GPL without gutting copyright law. The GPL is a license that is much less restrictive than ordinary copyright. Ordinary copyright forbids copy without the permision of the owner. The GPL has conditions of copy so that permision does not have to be asked. The strength of the GPL is based on the strength of copyright. You can't kill one without the other.

    --

    Friends don't help friends install M$ junk.

  14. Re:Where to stick email by RoadkillBunny · · Score: 1, Interesting

    It's not like we read that email

    That's not true! I send them a email a year ago and got a reply last month. Sure, it took me several minutes to figure out what it is.

    It's also true that average Linux users don't send main usually with bugs. They use bug-buddy or bugzilla or whatever it is called AND they get a answer to the report in 24 hours. Let's see Microsoft match that, but wait, their mail server is down about 23 hours a day. CHEERS --RoadkillBunny

    --
    Cheers,
    RoadkillBunny
  15. Re:Note the comparison to RH6! by MagFox · · Score: 2, Interesting

    To be fair, Win2000 was 3 years ago too.

  16. Re:Sure Windows is more secure than Linux... by bafu · · Score: 2, Interesting

    i guess part of the reason for that is that programms like outlook are very tightly integrated into windows, so when an exploit for those is found, it often leads to the whole system being compromised.

    True enough, and you reminded me of one of the vulnerabilities I saw during one of my regular visits to Windows Update (emphasis added):

    October 2003, Cumulative Patch for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB828750)
    Download size: 1.8 MB
    Security issues identified in Microsoft Internet Explorer (IE) could allow an attacker to compromise systems with IE installed (even if IE is not used as the Web browser). For example, an attacker could run programs on a computer used to view the attacker's Web site. [ ... ]
  17. Microsoft is on the way out, Linux is in. by Ridgelift · · Score: 2, Interesting

    "With each version of Office it gets harder for Microsoft to move customers up," said Michael A. Silver, vice president and research director at the research and advisory firm Gartner Inc.

    Therein lies the devil, ladies and gentlemen. Microsoft had the victory, but has no other business model than to sell Windows and Office (all other products fail to generate enough revenue to sustain the company). They have failed to move people over to a continuing license model, and with Linux slowly moving across the landscape like a juggernaut, Linux and products like Open Office will be "good enough" for Joe User and Ma & Pa Small Business. If Microsoft cannot come up with other solid revenues other than Windows and Office, they will lose.

    Torvalds was right: "We want to take over the world but we don't have to do it by tomorrow - its OK to do it by next week, or even next month"

    --
    Ruby on Rails Screencast
  18. Re:Pah by gfxguy · · Score: 3, Interesting

    It may be funny, but I wasn't kidding. He's been asking me about linux for years, and as his small office grew from one machine to two, then three and four, he found out the hard way that Windows was never built to "share", that it's always just been one kludge on top of another to print to a remote printer, share files, and share applications.

    That last one is the real sticking point. A good server with several clients is the ideal solution for a place like his (think thin). The way he's got it now, because of his slow growth into it, he's got to install the software on all the machines, the data is spread out all over the place, all the drives have different names on different machines (like I said - he grew into it without planning ahead, so you can blame that on him, but to name drives differently now would break everything).

    When I told him about the ideal thin client solution, he thought that was an amazing concept. What's more amazing is how long the concept has been around and not implemented without kludgy hacks in Windows.

    I could blather on and on about it, but it's not worth it. The software company doesn't care about Linux, and I've reminded him he's got other software that won't work in Linux. However, I believe he'd make the effort to switch if his primary accounting software was available in Linux - and if he could keep around the old versions (he's got to keep records for a certain number of years), maybe by using WINE or something.

    --
    Stupid sexy Flanders.
  19. Re:More Slashdot bias by Eskarel · · Score: 2, Interesting
    No offense intended, but Linux isn't about substance over style so much as it's about programmers who don't like designing GUI's and don't have anyone to force them to.

    I like OSS as much as the next guy(well so long as the next guy isn't a slashdotter), but even KDE, which is IMHO the most attractive piece of OSS I've ever seen, has some clunky aspects to it's GUI.

    Some would of course argue that a good GUI isn't the same thing as a good program, but those people aren't going to see office workers or home users using their product any time soon. Ever been to a cube farm? You think the kind of people who decorate their office to the point of madness are going to put up with staring at something unecessarily ugly all day if they don't have to?