Slashdot Mirror


MS Security Chief: Windows Never Exploited Until Patch Available

BenBenBen writes "The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: 'We have never had vulnerabilities exploited before the patch was known', and '[he] could only think of one instance when a vulnerability was exploited before a patch was available'. Erm..."

117 of 1,040 comments (clear)

  1. Oh really? by ChaoticChaos · · Score: 5, Funny

    "The Earth is flat."
    "The Sky is green."
    "Earth is the center of the universe."

    Other ridiculous statements that have also been proven false.

    So, let me get this straight, Windows will become more secure if Microsoft stops issuing patches? :-)

    Sakes alive, the Microsoft spin machine has been well oiled this morning!

    ChaoticChaos
    "If Windows wasn't vulnerable until the patch was released, why was the patch released in the first place???"

    1. Re:Oh really? by smchris · · Score: 1, Funny


      Karl Rove moonlights?

    2. Re:Oh really? by dingbatdr · · Score: 5, Funny

      In other news, Microsoft announce that cause and effect are reversed when it comes to their software.

      "We think it is due to our patented time-traveling module," quips Steve Balmer.

      --
      The truth is an offense, but not a sin.------R. N. Marley
    3. Re:Oh really? by ChaoticChaos · · Score: 1, Funny

      Another way to look at this is that I should be able to remove every patch from my Windows PC and it would be totally secure? LOL!

    4. Re:Oh really? by FrostedWheat · · Score: 5, Funny

      "We think it is due to our patented time-traveling module," quips Steve Balmer.

      It's true! I was copying a file over the LAN the other day, and IE said it had -8342563246 seconds to go!

      Microsoft Time (C)(R)(TM)
      Where do you want to go yesterday?

    5. Re:Oh really? by hcetSJ · · Score: 5, Funny

      Next big thing in computers: the then-if statement! Available only on Microsoft products, certainly.

      --

      This side up.
    6. Re:Oh really? by MichaelKaiserProScri · · Score: 2, Funny

      They cut the quote short. It was really "If you want secure software updgrade to Linux "

      "It says it runs on Windows 98 or better and I'm running Linux and it won't work..."

      ;)

    7. Re:Oh really? by armb · · Score: 4, Funny

      > Other ridiculous statements that have also been proven false.

      Slashdot stories always accurately summarize the content of the linked story, and wouldn't ever misrepresent vulnerabilities are hardly ever exploited before patches are released as "is never vulnerable until a patch appears".

      --
      rant
    8. Re:Oh really? by Anonymous Coward · · Score: 4, Funny

      Don't you mean:

      When do you want to go today?

      Basically sums up my windows experiences over the past years

    9. Re:Oh really? by tmasssey · · Score: 5, Funny
      You mean like INTERCAL? How can you live without a COME FROM statement?

    10. Re:Oh really? by ssbljk · · Score: 5, Funny

      in the beginning there was Windows ... and it was secure ....

      then we downloaded damn patch :(

      --
      /ss
    11. Re:Oh really? by benya · · Score: 3, Funny

      Not necesseraly... Others might find explots, but do not actually exploit until a Microsoft patch is released.

    12. Re:Oh really? by mpe · · Score: 5, Funny

      Sakes alive, the Microsoft spin machine has been well oiled this morning!

      They must have had a delivery of snake oil :)

    13. Re:Oh really? by Short+Circuit · · Score: 5, Funny

      It's called sweeping it under the rug. Until, of course, someone trips over the raised rug or sees dust puff out when the rug is stepped on.

    14. Re:Oh really? by zelurxunil · · Score: 5, Funny

      Perhaps it can be reverse engineered...

      --

      What's another word for Thesaurus?
      -Steve Wright
    15. Re:Oh really? by jocknerd · · Score: 5, Funny

      Wouldn't Microsoft's Security Chief be a marketing guy? He obviously doesn't have anything to do with security.

    16. Re:Oh really? by Short+Circuit · · Score: 5, Funny

      One of the reasons I love Perl is that the following line of code works:

      open ( PERLYGATES ) or die "Trying";

    17. Re:Oh really? by Zixia · · Score: 5, Funny

      There has never been an expoit without a patch. Just the one.

      One! One exploit without a patch, and that other one against Internet Explorer.

      Okay, two exploits without a patch. Unless you count the many against Outlook Express.

      AMONGST THE EXPLOITS WITHOUT A PATCH ARE... Can we start the interview again?

    18. Re:Oh really? by PetiePooo · · Score: 4, Funny

      it was said by the Microsoft Security Chief.

      Oh, c'mon, guys. Can't you see that Mr. Aucsmith is just trolling the world?? Move along.. Nothing to see here. The best way to deal with trolls is to ignore thm. Responding only encourages their actions!

      BTW, I have a slashcode improvement request: I'd like the ability to moderate front page articles as "-1 Troll"

    19. Re:Oh really? by Anonymous Coward · · Score: 1, Funny

      The Iraqi's information ministers stikes BACK !

    20. Re:Oh really? by ktulu1115 · · Score: 1, Funny

      Actually I think it'd be more accurate similar to this:

      In the beginning there was UNIX. And it was good. And then Windows came along. And then all hell broke loose... ad infinitum, you get the idea. :)

      --
      # fuser -v /dev/attention | grep work
      #
    21. Re:Oh really? by Lobo_Louie · · Score: 5, Funny

      This reminds me of a Knowledge Base link I saw on M$'s website about 3-4 years ago. I'm paraphrasing here: Warning, your password must be 324,322,322 characters long and must not match any of your last 324,234,234 passwords. The URL made the rounds in couriels *. * excuse my french!

    22. Re:Oh really? by stanmann · · Score: 3, Funny

      The grandparent was partly mistaken... and slightly confused

      the universe if it is expanding at anything greater than .5c and many posit that it is... is in fact growing FTL...but not in every direction..but the net effect is FTL since .50..01+.50..01=1.0..02 so objects are reaching seperation velocities of C+ which is not to be confused with C++

      --
      Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
    23. Re:Oh really? by jrockway · · Score: 2, Funny

      > They must have had a delivery of snake oil :)

      I hope someone doesn't post a picture of it on their blog and get fired :)

      --
      My other car is first.
    24. Re:Oh really? by ejort79 · · Score: 3, Funny

      way, to use , use those, commas,

      --
      The Internet couldn't tell a good bit from a bad bit if it bit it on its naughty bits.
    25. Re:Oh really? by Gumshoe · · Score: 2, Funny
      "We think it is due to our patented time-traveling module," quips Steve Balmer.


      Well, that explains top-posting.
    26. Re:Oh really? by iminplaya · · Score: 4, Funny

      In other news, Microsoft announce that cause and effect are reversed when it comes to their software.

      This is how they can patent so much prior art.

      --
      What?
    27. Re:Oh really? by andrew_0812 · · Score: 5, Funny

      Not yet, it hasn't been patched...

    28. Re:Oh really? by Oyvind+Eik · · Score: 5, Funny

      [cheapo] haha, this screen appeared on my windows that said "time before shutdown: 60 seconds"
      [cheapo] so i turned the windows clock 2 years backwards and now it says "time before shutdown: 729 days" :D:D
      [cheapo] i just love windows :D

      [#227455]

      Windows has a great sense of humor. :-)

    29. Re:Oh really? by qcomp · · Score: 5, Funny
      No... I think what they are trying to say is that *after* a patch is released and a description of the exploit is given, mal-ware writers then run off and use this description to write mal-ware to take advantage of folks who haven't applied the provided patches.

      exactly, so MS shouldn't patch any holes in the first place, then no malware would be written and everyone would live happily ever after

    30. Re:Oh really? by OhHellWithIt · · Score: 3, Funny

      > My opinion is subject to change without warning. Maybe use "perl -w"?

      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
    31. Re:Oh really? by Anonymous Coward · · Score: 5, Funny

      .well patterns-thought my reflect t'don theY .language other any to used got never I !language programming first my was ITERCAL ?funny modded this was whY

    32. Re:Oh really? by cavebear42 · · Score: 2, Funny

      Nooooooooo one expects the Microsoft inquisition!!!!

    33. Re:Oh really? by radon28 · · Score: 2, Funny

      not as good as this one...

    34. Re:Oh really? by Anonymous Coward · · Score: 1, Funny

      Better yet, release fix to patch holes, and create new ones at the same time, that'll keep malware authors in a state of permanent confusion.

    35. Re:Oh really? by Mixel · · Score: 3, Funny

      Maybe Microsoft should adopt a new strategy and also release fake patches to fictional bugs that dont exist (in large, bandwidth-permitting numbers). This would confuse all the malware authors and solve the information exploitation problem!

    36. Re:Oh really? by mino · · Score: 5, Funny

      Running screamingly offtopic, but when it comes to all-time best KB article headlines, here's yer winner:

      Earth Rotates in Wrong Direction

    37. Re:Oh really? by Zork+the+Almighty · · Score: 2, Funny

      Microsoft has confirmed this to be a problem in Explorapedia, World of Nature, version 1.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

      How much research does this TAKE ?

      UPDATE: We've discovered something called the law of the excluded middle, but we're still investigating how it might apply to this situation."

      --

      In Soviet America the banks rob you!
    38. Re:Oh really? by yulek · · Score: 3, Funny

      i'm sorry, but that doesn't hold a handle to this kb headline

      --
      in this age of communication i'm just not getting through
  2. Criminal tools like "diff"? by RobertB-DC · · Score: 5, Funny

    He said tools were available that compared patched and unpatched versions of Windows to help vandals and criminals work out what was different.

    "The guys who write the tools would not consider themselves to be criminals by any measure," he said, "but the tools are also being picked up by people with criminal intent."


    I guess that explains why Windows doesn't include a "diff" function...

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    1. Re:Criminal tools like "diff"? by tomhudson · · Score: 3, Funny

      Great - I'm going to go to everyone's machine and replace the CompletionChar value with backspace and watch them go nuts!

    2. Re:Criminal tools like "diff"? by shotfeel · · Score: 2, Funny

      Quite the contrary. Criminals have been breaking into windows for centuries. Windows have been a security threat since man upgraded from the cave -either full of holes or easy to break (or both).

      I guess MS really did name their OS accurately.

  3. In other news... by daeley · · Score: 5, Funny

    In related news, the Mayo Clinic has announced that if we eliminated cancer treatments, we would eliminate cancer.

    --
    I watched C-beams glitter in the dark near the Tannhauser gate.
  4. So... by Niles_Stonne · · Score: 5, Funny


    So, instead of poor programming it's incompetent management?

    --
    Sticks and Stones may break my bones, but copyright will always protect me.
    1. Re:So... by Lumpy · · Score: 2, Funny

      So, instead of poor programming it's incompetent management?

      you must be new around here....

      welcome to america. where the most incompetent employee is promoted to the position where he/she will do the least amount of damage... Management.

      --
      Do not look at laser with remaining good eye.
  5. Must have a good source for that stuff... by ackthpt · · Score: 5, Funny
    Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.

    I love how people with vested interests are called 'experts'

    thhhhhhhhhtttt *choke* *gag* "ahhhhhhh" So as I was saying, hackers haven't found any of these flaws and exploited them before they were patched. Man, this is some strong crack, I almost believe what I said, myself"

    And how do these fine experts actually know there aren't, at this moment, flaws being exploited left and right? Ah, they're experts, of course!

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Must have a good source for that stuff... by BlackHawk · · Score: 2, Funny
      • I love how people with vested interests are called 'experts'

      A woman I used to work with said it best:

      Don't call me an "expert". "Ex" means a "has been", and a "spurt" is a drip under pressure.

      --

      Believe nothing, not even if I say it, if it violates your sense of reason -- Buddha

  6. This just in... by cybercuzco · · Score: 3, Funny

    Microsoft to stop patching systems altogether to improve security. Also announces that War is Peace, Freedom is slavery etc etc etc

    --

  7. What happened to the month of March? by andreMA · · Score: 4, Funny

    ... we seem to have skipped directly to April 1st...

  8. Iraq by LittleLebowskiUrbanA · · Score: 4, Funny

    This ranks right up there w/ the Information Minister... Looks like the corporate world is just as bad about propaganda as the gov'ts of the world.

  9. It's no wonder... by Sayten241 · · Score: 2, Funny

    that with geniouses like this working for them, Microsoft has the most secure OS in the world.

  10. Revised Quote by pumpknhd · · Score: 3, Funny

    Previous Quote: 'could only think of one instance when a vulnerability was exploited before a patch was available' Revised Quote: 'I can not think of even one instance when a vulnerability was exploited before windows was available'

  11. Since when.. by bishiraver · · Score: 4, Funny

    Since when did Microsoft hire the Iraqi Information Minister?

    1. Re:Since when.. by wintermute740 · · Score: 2, Funny

      "Since when did Microsoft hire the Iraqi Information Minister? "

      We finally see what "IP" Microsoft lisenced from SCO. I didn't know crack counted as IP, though ;)

  12. Don't trivialise their complicit condonment!! by adamofgreyskull · · Score: 1, Funny

    You may mock, but I doubt any exploit has been written without using the Shift & Return keys.

    1. Re:Don't trivialise their complicit condonment!! by weeboo0104 · · Score: 2, Funny

      You may mock, but I doubt any exploit has been written without using the Shift & Return keys.

      i FOUND ONE. mY KEYBOARD IS TYPING EVERYTHING IN OPPOSITE CASE. pRESSING SHIFT PRINTS A LOWER-CASE CHARECTER AND DOING NOTHING PRINTS UPPER CASE.

      caps-lock, wHAT'S THAT?

      Oh hells bells...

      --
      It is easier to build strong children than to repair broken men. -Frederick Douglass
  13. As they loose face before me... by La+Camiseta · · Score: 2, Funny

    "It's a myth that hackers find the holes," said Nigel Beighton, who runs a research project for security firm Symantec that attempts to predict which vulnerabilities will be exploited next.

    wow, credibility meter falling ... falling ...

  14. What the Fuck? What the Fucking Fuck Fuck? by Tackhead · · Score: 5, Funny
    > 'We have never had vulnerabilities exploited before the patch was known'

    "Bullshit" doesn't begin to do justice of the level of falsehood present here. We're talking about taking the very essence of falsity, distilling it over the flames of ignorance, condensing it within intestinal walls of monumentally bovine intellectual apathy and sponsoring a college kegger with the elixir-excremento obtained therefrom.

  15. Re:Security is in the eye of the beholder by kyoko21 · · Score: 2, Funny

    All the really technical people at Microsoft are all too juiced up from the free soda that they get readily available from the free soda machines posted at every 50 paces. Not to mention they also get free snacks, too.

  16. Re:Piffle by maiden_taiwan · · Score: 4, Funny
    >Sounds pretty close to an admission of deliberately leaving old OS's insecure to force upgrades to me...

    Ridiculous. Why would they want to force upgrades to Windows ME?

  17. Back at work, I see... by Hawthorne01 · · Score: 2, Funny
    It's good that ol' Bagdhad Bob, aka The Iraqi "Information" Minister, has landed on his feet and found a good position with Microsoft.

    I wonder if he's moonlighting for tobacco companies on the side as well.

    --
    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  18. XP = Legacy? by La+Camiseta · · Score: 5, Funny

    "Almost all attacks against our software are against the legacy systems," he said.

    So is that what they're calling WindowsXP now?

  19. Iraqi Information Minister working for MS? by ageoffri · · Score: 5, Funny
    Wow looks like Microsoft has hired the Former Iraqi Informaiton Minister.

    "The infidels packets are slaughtering themselves at the ports to our OS"

    "There are no exploits against windows, they are all lies from the so called Open Source community"

    "We removed the Windows Update site to better serve our loyal followers."

    --
    -- Slashdot, making the Left look conservative since 1997.
  20. Re:Piffle by Erratio · · Score: 5, Funny

    Yeah...I hate paying for those damn Linux upgrades.

    --
    I don't try to be right, I just try to make people think
  21. He went on by QuijiboIsAWord · · Score: 2, Funny

    He went on to prove that black was white and was run over at the next zebra crossing..

    --
    -Hmm...I got a G+ invite, better remember to remove the request from my sig...-
  22. Re:The dark arts? by Anonymous Coward · · Score: 2, Funny

    Has Microsoft become so jaded that they have turned to the dark art of trolling?

    I sure hope so. I wonder how much MS will pay for:

    a) First posts
    b) "In Soviet Russia" jokes
    c) "I for one welcome X overlords" jokes

    Goatse & Tubgirl redirects must be worth a bundle!

  23. Darl?? IS THAT YOU?? by Anonymous Coward · · Score: 1, Funny

    Since when did McBride get a job a Microsoft..

  24. Re:On the same logic by Anonymous Coward · · Score: 1, Funny

    1600 Pensylvania Avenue
    Washington, D.C.

    I work from home, but you can find out my vacation schedule by watching the news.

    Hope to see you soon.

  25. Legacy Systems by Archangel+Michael · · Score: 2, Funny

    32 bit extensions to a 16 bit OS, built for an 8 Bit CPU by a two bit company.

    Defining the Microsoft Legacy.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Legacy Systems by squibix · · Score: 2, Funny

      32 bit extensions to a 16 bit OS, built for an 8 Bit CPU by a two bit company...

      That can't stand one bit of competition.

  26. Re:Riiight... by Zerikai · · Score: 2, Funny

    He's not missing a thing!

    I did exactly what he claims and I have a very secure system. I upgraded to Linux.

    Or a very old quote:

    "The box said Windows 95 or better, so I bought a Macintosh"

  27. And despite photographic proof... by Bug-Y2K · · Score: 4, Funny

    ...I never did this.

    Ever.

    No, really... I didn't.

  28. Logic? by CaptainBaz · · Score: 4, Funny

    Mr Aucsmith went on to prove that 1=2, that black is white, and promptly got himself killed on the next zebra crossing...

  29. Re:Piffle by Bombcar · · Score: 5, Funny
    How many people do you know that are still running 2.0.34?


    Those people are Amateurs.

    The latest kernel is 2.0.40, as everyone should know.

    [/sillyness]
  30. Re:Piffle by rholliday · · Score: 5, Funny

    "Almost all attacks against our software are against the legacy systems ..."

    Am I the only one who remembers a few exploits that 95/8 were immune to because of innovations in new OSs? I mean, just a little thing like MS.Blaster. Probably didn't make the news ...

    --
    Xbox reviews.. We think they're funny.
  31. Microsoft admits it! by Anonymous Coward · · Score: 2, Funny

    Microsoft admits there they are the cause of all those security holes! By recklessly releases these patches, they are creating exploits!

    I think I'll sue now that I have proof!

  32. Re:Security through Obscurity by Merlin42 · · Score: 2, Funny

    'Cuz if I said anymore then it wouldn't be as secure ...

    I shouldn't have said that ...

    I shouldn't have said that I shouldn't have said that ...

    I'm talking too much ...

    I shouldn't say that ...

    I'll just be quiet now ...

    I promise (doh)

  33. He was missquoted... by ayjay29 · · Score: 2, Funny

    What he actually said was:

    "We have never had vulnerabilities exploited before Apachi was available."

    --
    Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
  34. Typographical error in article by iapetus · · Score: 1, Funny

    Due to user error, the words "to NetBSD" were omitted from the end of the article.

    --
    ++ Say to Elrond "Hello.".
    Elrond says "No.". Elrond gives you some lunch.
  35. Alright! by bruns · · Score: 2, Funny

    Alright, who gave Microsoft the SCO koolaid?

    --
    Brielle
  36. In related stories by AtariAmarok · · Score: 5, Funny

    In related stories, it has been revealed that firemen cause fires, policeman cause crime, and the good folks at Symantec have written all the viruses.

    Film at 11:00 (just after the anchorman tells us about all of the muggings he committed).

    --
    Don't blame Durga. I voted for Centauri.
  37. Flies Cause Garbage, says Microsoft Expert by bgeer · · Score: 3, Funny
    REDMOND (AP)-- Microsoft's Dewey Cheetum, head of the software giant's "City and Regional Advantage Program" (CRAP) Group, announced today a major breakthrough in his group's analysis of waste management processes. "The biggest problem with dealing with a municipal landfill is all the flies. They spread disease, cause nearby property values to drop, and are a nuisance." CRAP has long known that flies were a problem, but what Cheetum discovered recently made him totally rethink the problem. "We looked hard at our research data and realized that the flies were causing all the garbage" Cheetum said "It seems counterintuitive, but I mean think about it, you never see a lot of garbage without flies around it. It makes sense to me and I'm really smart, trust me." Cheetum dismissed the idea that his group might have made an error "Look bitch, I have a fucking PhD in computer science, don't get smart with me"

    --30--

  38. Isn't this.... by retinaburn · · Score: 4, Funny

    The same company that has an exploit written for an OS that is yet to be released ??

  39. Okay, now that was funny!!!!!!! by zibix · · Score: 3, Funny

    "Where do you want to go yesterday?" Thanks, that made me spit coffee on my screen... but it needed cleaning anyway.

  40. Could this mean... by jellomizer · · Score: 5, Funny

    Could the mean that Microsoft as a Business exists moving in time backward. This explains Microsoft quick profits and good business decisions back in the 80's and over now in the 2000's a younger and less experience Microsoft is making more mistakes. and having a little more competition to deal with.

    I don't know about you but I confused myself.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  41. Two Observations... by lynx_user_abroad · · Score: 3, Funny
    First: Microsoft must have knowledge about vulnerabilities which they are not releasing patches for. Unless the next monthly patch (or Service Pack) is the last one ever released, it means they chose not to release a patch they currently know about, or they didn't know about/didn't have a patch for the vulnerabilities which next month's Service Pack fixes.

    Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.

    --

    The thing about things we don't know is we often don't know we don't know them.

  42. Re:Assume for me... by strike2867 · · Score: 2, Funny

    Think of the great headlines.

    Microsoft believes Windows security only works due to the obscurity

    Microsoft source code released

    --

    Vote for new mod!!! Score:-2,Imbecile
  43. One Instance by Vampyre_Dark · · Score: 3, Funny

    I'm guessing that one instance of exploitation would be the initial windows purchase. That's when you bend over and Billy comes over to plant his worm in your "security hole."

  44. It could be true! by mazarin5 · · Score: 3, Funny

    It could be true!
    After all, I've never had a cavity until I went to the dentist!

    --
    Fnord.
  45. Re:Logic??? by jridley · · Score: 3, Funny

    The last statement in the article: "If you want more secure software, upgrade." pretty much sums up Microsoft's position.

    Does anyone remember Bill G's statement a few years ago... "Nobody upgrades their software to fix bugs, that's the stupidest thing I've heard of. People buy new software to get new features."

    I guess not getting 0wnd must be considered a "feature".

  46. Re:On the same logic by lpangelrob2 · · Score: 3, Funny
    One Microsoft Way
    Redmond, WA 98052

    Kinda sucks that people are always home, but that's okay, they usually aren't doing anything important.

  47. Re:Piffle by Erratio · · Score: 2, Funny

    Not worth as much as Windows which usually costs about a couple hundred dollars...every couple years. Add on Office and all the other software you want. And then you can relax knowing that you avoided that crappy free software and instead have spent your hard earned money for programs that are written by the best people that take the to time to make sure it's the best possible software in the world and worth every penny. And just to show you how hard they're working, release patches all the time to make it even better than before. The same patches which they claim are the doorways to allow anyone on the Internet to trash your computer. But of course it's not their fault their programs have gaping security holes, or that they are apparently claiming they're helping people manipulate those holes. It's your fault because you haven't given them enough money to fix these problems that you paid for and need to pay for an upgrade which will solve these problems and have exciting new ones.

    --
    I don't try to be right, I just try to make people think
  48. What'd he say?? by cyclist1200 · · Score: 2, Funny

    Is this Microsoft's way of saying they're not gonna patch Windows vulnerabilities any more?

  49. Put your money where your mouth is by sootman · · Score: 4, Funny

    "If you want more secure software, upgrade."

    OK, I'll take you up on this. Starting today, release no more patches for XP and 2003 Server (or IE or IIS or OE or MS-SQL or any other component.) We should see no new exploits from this day forward. We'll give it a year. If an explot is found, I get your house and car. If no exploits are found, you get mine. Deal?

    PS: If you release another patch, I win. Any "feature upgrades" must be thoroughly examined by a 3rd party to make sure you aren't sneaking any patches in. I promise I will not actively look for exploits myself.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  50. Re:Piffle by Mordac+the+Preventer · · Score: 4, Funny
    "If you want more secure software, upgrade."
    That quote goes for Linux as well as MS. How many people do you know that are still running 2.0.34
    Yeah, but you try finding a rootkit for my trusty server running kernel 0.99
    --
    SteveB.
  51. That would be... by 87C751 · · Score: 2, Funny
    "We think it is due to our patented time-traveling module," quips Steve Balmer.
    That would be a kernel module. See pp. 270-271 of Oney's WDM book, 2nd. ed.

    Wouldn't believe it if I hadn't seen it firsthand.

    --
    Mail? Put "slashdot" in the subject to pass the spam filters.
    1. Re:That would be... by SpaceLifeForm · · Score: 4, Funny
      WDM? Damn, I parsed that as WMD.

      Windows of Mass Destruction.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
  52. Iraqi misister of information by shawn(at)fsu · · Score: 4, Funny

    Someone let G. W. Bush know we found the Iraqi Minister of Information.

    --
    500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
  53. Re:only Microsoft finds exploits by Necrobruiser · · Score: 5, Funny

    **"Only Microsoft finds exploits"**

    Or is it the other way around ?

    say [pun]"Only Microsoft exploits exploits"[/pun]...


    I think the other way around would read "Only exploits find Microsoft."
    Seems more probable that way...

    --
    "I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
  54. Re:Piffle by TheLinuxSRC · · Score: 2, Funny

    Except it would take something like six hours to compile on what he has. I guess this is where cross-compiling would be helpful ;)

  55. Three Monkeys Accounting by Dark+Bard · · Score: 2, Funny

    In related news the government has fired all accountants in an effort to end budget deficits. "What we don't know can't hurt us."

  56. Re:only Microsoft finds exploits by stanmann · · Score: 2, Funny

    old joke... insert so I bought a Mac.

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
  57. Re:They don't get the point... by More+Trouble · · Score: 3, Funny

    Who is it that finds all the exploits and reports them to Microsoft in the first place? It sure as hell isn't Microsoft employees!

    If they were giving X shares of Microsoft stock for every vulnerability found, you can bet MS Employees would be finding a lot of holes!

    :w

  58. Microsoft: Security Through Hilarity... by Anonymous Coward · · Score: 2, Funny

    MS can't expect the crackers to laugh for too long. Maybe this guy has a whole stand-up routine planned to keep the crackers too busy laughing to write exploits.

  59. Yes, really. by Pan+T.+Hose · · Score: 2, Funny

    You haven't RTFA, have you? The quote in the Slashdot summary is a little bit out of context, but is a perfectly valid statement of a well known historical fact nonetheless. Please read it carefully:

    The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: "We have never had vulnerabilities exploited before the patch was known," and "[he] could only think of one instance when a vulnerability was exploited before a patch was available."

    Does he say anywhere that the patch is a specific diff patching this particular vulnerability? No. Of course not. It would be ridiculous.

    Now, if I recall correctly, Larry Wall made the patch available in 1984 and I honestly cannot remember any Windows vulnerability whatsoever before that time.

    Please, people, just because it was Microsoft Security Chief, doesn't mean that what he said must not be true!

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."
  60. XFree86 licence v2.0 by StupidKatz · · Score: 2, Funny

    A shame about that, but thankfully, there are things like Y Windows, which would be next to impossible to create without the existence of the Open Source train of thought in the first place.

    What if you don't like the next version of MS' EULA?
    1. suck it up and patch
    2. refuse and be owned by the next RPC buffer overflow worm

    Whee.

  61. Best laugh I've had all day! by brain1 · · Score: 2, Funny

    I just spewed coffee all over my desk! To quote the article...

    "Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts."

    Ok, all you lazy good-fer-nothing lazy script kiddies -- get out your disassemblers and get to work! Service pack 2 is just around the corner and guaranteed to keep you busy for weeks! Brush up on VB scripting.

    Whee-hoo!

  62. So thats where the Iraqi Information Minister went by Anonymous Coward · · Score: 1, Funny

    Doesn't this sound an awful lot like:

    "The Linux infidels are commiting suicide and throwing their dead bodies on the walls of Redmond..."

  63. Childsplay by Myrmi · · Score: 2, Funny

    "If I put my hands over my eyes, the evil booger-hackers can't see me...."

    --
    "I think everyone is an agnostic but just doesn't know" - Frazz
  64. Re:only Microsoft finds exploits by iminplaya · · Score: 4, Funny

    I think the other way around would read "Only exploits find Microsoft."

    Maybe in Soviet Russia, perhaps?

    --
    What?
  65. Re:Windows updates by shadowbearer · · Score: 2, Funny

    Someone mod this guy up.

    At work we're switching from Sucky Coding Operation over to XP systems next month. Security, updates, yadda yadda. It'll still be an improvement, but I'm wondering just how much BS we're going to have to deal with this year. Here goes....I'm going to lay in a big supply of aspirin (preventative) and beer (pallalatitive).

    Oh, and Corporate was originally going to linux systems, but changed their minds almost exactly one year ago. I wonder why? Thanks, SCO, you assholes. Don't be surprised if your gravestone is covered with spittle 24/7, Darl.

    SB

    --
    It's old. The more humans I meet, the more I like my cats. At least they are honest.
  66. Re:Piffle by shadowbearer · · Score: 3, Funny

    9% of the updates on XP don't require a restart, they just tell you it won't take effect until the next restart.

    Um, that means you have to restart to have an updated system...

    SB

    --
    It's old. The more humans I meet, the more I like my cats. At least they are honest.
  67. Hmm.... by Anonymous Coward · · Score: 1, Funny

    I wonder how the 'vulnerabilities' get discovered then? An infinite amount of monkeys on an infinite number of keyboards? Perhaps microsoft employs a grad student to snif out these things.... yes - that's got to be it. Or perhaps while spewing out code, the IDE automatically highlights vulnerabilities in Red to 'remind' the programmers that there is something to fix (which they never get around to doing). Perplexing isn't it?

  68. If thats true then by Tandoori+Haggis · · Score: 2, Funny

    Nobody smoked until nicotine patches were released

    Nobody washed dishes before washing-up detergent was invented

    Nobody had a crap before bog roll was invented

    Nobody got pregnant or caught diseases until condoms were invented.

    Help! I'm trapped in a parallel universe where the laws of logic are being inverted!

    --
    My hyperlinks aren't worth the paper they're printed on.
  69. Re:only Microsoft finds exploits by Anonymous Coward · · Score: 1, Funny

    In Soviet Russia, Microsoft exploits you!

    Oh wait...

  70. Security through obscurity... by Secahtah · · Score: 2, Funny

    ...never works. That's like a bank saying "No one ever robbed our bank until we fixed that big gaping hole in the side of the vault that was exposed to the outer wall of the building."

  71. So stop releasing these patches bastards! by Anonymous Coward · · Score: 1, Funny

    It is all your fault then, Mirosoft!
    I did not believe that, I thought it is those
    nasty Linux hackers, but now you admit it yourself!

    I demand that you stop relasing these patches so our OS is more secure! If you don't we will go into
    class action suit against you.