MS Security Chief: Windows Never Exploited Until Patch Available
BenBenBen writes "The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: 'We have never had vulnerabilities exploited before the patch was known', and '[he] could only think of one instance when a vulnerability was exploited before a patch was available'. Erm..."
"The Earth is flat."
:-)
"The Sky is green."
"Earth is the center of the universe."
Other ridiculous statements that have also been proven false.
So, let me get this straight, Windows will become more secure if Microsoft stops issuing patches?
Sakes alive, the Microsoft spin machine has been well oiled this morning!
ChaoticChaos
"If Windows wasn't vulnerable until the patch was released, why was the patch released in the first place???"
He said tools were available that compared patched and unpatched versions of Windows to help vandals and criminals work out what was different.
"The guys who write the tools would not consider themselves to be criminals by any measure," he said, "but the tools are also being picked up by people with criminal intent."
I guess that explains why Windows doesn't include a "diff" function...
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
In related news, the Mayo Clinic has announced that if we eliminated cancer treatments, we would eliminate cancer.
I watched C-beams glitter in the dark near the Tannhauser gate.
So, instead of poor programming it's incompetent management?
Sticks and Stones may break my bones, but copyright will always protect me.
I love how people with vested interests are called 'experts'
thhhhhhhhhtttt *choke* *gag* "ahhhhhhh" So as I was saying, hackers haven't found any of these flaws and exploited them before they were patched. Man, this is some strong crack, I almost believe what I said, myself"
And how do these fine experts actually know there aren't, at this moment, flaws being exploited left and right? Ah, they're experts, of course!
A feeling of having made the same mistake before: Deja Foobar
Microsoft to stop patching systems altogether to improve security. Also announces that War is Peace, Freedom is slavery etc etc etc
... we seem to have skipped directly to April 1st...
This ranks right up there w/ the Information Minister... Looks like the corporate world is just as bad about propaganda as the gov'ts of the world.
This guy is way out there
that with geniouses like this working for them, Microsoft has the most secure OS in the world.
Previous Quote: 'could only think of one instance when a vulnerability was exploited before a patch was available' Revised Quote: 'I can not think of even one instance when a vulnerability was exploited before windows was available'
Since when did Microsoft hire the Iraqi Information Minister?
You may mock, but I doubt any exploit has been written without using the Shift & Return keys.
"It's a myth that hackers find the holes," said Nigel Beighton, who runs a research project for security firm Symantec that attempts to predict which vulnerabilities will be exploited next.
... falling ...
wow, credibility meter falling
"Bullshit" doesn't begin to do justice of the level of falsehood present here. We're talking about taking the very essence of falsity, distilling it over the flames of ignorance, condensing it within intestinal walls of monumentally bovine intellectual apathy and sponsoring a college kegger with the elixir-excremento obtained therefrom.
All the really technical people at Microsoft are all too juiced up from the free soda that they get readily available from the free soda machines posted at every 50 paces. Not to mention they also get free snacks, too.
Ridiculous. Why would they want to force upgrades to Windows ME?
I wonder if he's moonlighting for tobacco companies on the side as well.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
"Almost all attacks against our software are against the legacy systems," he said.
So is that what they're calling WindowsXP now?
"The infidels packets are slaughtering themselves at the ports to our OS"
"There are no exploits against windows, they are all lies from the so called Open Source community"
"We removed the Windows Update site to better serve our loyal followers."
-- Slashdot, making the Left look conservative since 1997.
Yeah...I hate paying for those damn Linux upgrades.
I don't try to be right, I just try to make people think
He went on to prove that black was white and was run over at the next zebra crossing..
-Hmm...I got a G+ invite, better remember to remove the request from my sig...-
Has Microsoft become so jaded that they have turned to the dark art of trolling?
I sure hope so. I wonder how much MS will pay for:
a) First posts
b) "In Soviet Russia" jokes
c) "I for one welcome X overlords" jokes
Goatse & Tubgirl redirects must be worth a bundle!
Since when did McBride get a job a Microsoft..
1600 Pensylvania Avenue
Washington, D.C.
I work from home, but you can find out my vacation schedule by watching the news.
Hope to see you soon.
32 bit extensions to a 16 bit OS, built for an 8 Bit CPU by a two bit company.
Defining the Microsoft Legacy.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
He's not missing a thing!
I did exactly what he claims and I have a very secure system. I upgraded to Linux.
Or a very old quote:
"The box said Windows 95 or better, so I bought a Macintosh"
...I never did this.
Ever.
No, really... I didn't.
Mr Aucsmith went on to prove that 1=2, that black is white, and promptly got himself killed on the next zebra crossing...
Those people are Amateurs.
The latest kernel is 2.0.40, as everyone should know.
[/sillyness]
Fellowship 9/11
"Almost all attacks against our software are against the legacy systems ..."
...
Am I the only one who remembers a few exploits that 95/8 were immune to because of innovations in new OSs? I mean, just a little thing like MS.Blaster. Probably didn't make the news
Xbox reviews.. We think they're funny.
Microsoft admits there they are the cause of all those security holes! By recklessly releases these patches, they are creating exploits!
I think I'll sue now that I have proof!
'Cuz if I said anymore then it wouldn't be as secure ...
...
...
...
...
...
I shouldn't have said that
I shouldn't have said that I shouldn't have said that
I'm talking too much
I shouldn't say that
I'll just be quiet now
I promise (doh)
Thoughts on tech, Software Engineering, and stuff
What he actually said was:
"We have never had vulnerabilities exploited before Apachi was available."
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
Due to user error, the words "to NetBSD" were omitted from the end of the article.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
Alright, who gave Microsoft the SCO koolaid?
Brielle
In related stories, it has been revealed that firemen cause fires, policeman cause crime, and the good folks at Symantec have written all the viruses.
Film at 11:00 (just after the anchorman tells us about all of the muggings he committed).
Don't blame Durga. I voted for Centauri.
--30--
The same company that has an exploit written for an OS that is yet to be released ??
"Where do you want to go yesterday?" Thanks, that made me spit coffee on my screen... but it needed cleaning anyway.
Could the mean that Microsoft as a Business exists moving in time backward. This explains Microsoft quick profits and good business decisions back in the 80's and over now in the 2000's a younger and less experience Microsoft is making more mistakes. and having a little more competition to deal with.
I don't know about you but I confused myself.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.
The thing about things we don't know is we often don't know we don't know them.
Think of the great headlines.
Microsoft believes Windows security only works due to the obscurity
Microsoft source code released
Vote for new mod!!! Score:-2,Imbecile
I'm guessing that one instance of exploitation would be the initial windows purchase. That's when you bend over and Billy comes over to plant his worm in your "security hole."
It could be true!
After all, I've never had a cavity until I went to the dentist!
Fnord.
The last statement in the article: "If you want more secure software, upgrade." pretty much sums up Microsoft's position.
Does anyone remember Bill G's statement a few years ago... "Nobody upgrades their software to fix bugs, that's the stupidest thing I've heard of. People buy new software to get new features."
I guess not getting 0wnd must be considered a "feature".
Redmond, WA 98052
Kinda sucks that people are always home, but that's okay, they usually aren't doing anything important.
-Rob
Marriage doesn't have to suck!
Not worth as much as Windows which usually costs about a couple hundred dollars...every couple years. Add on Office and all the other software you want. And then you can relax knowing that you avoided that crappy free software and instead have spent your hard earned money for programs that are written by the best people that take the to time to make sure it's the best possible software in the world and worth every penny. And just to show you how hard they're working, release patches all the time to make it even better than before. The same patches which they claim are the doorways to allow anyone on the Internet to trash your computer. But of course it's not their fault their programs have gaping security holes, or that they are apparently claiming they're helping people manipulate those holes. It's your fault because you haven't given them enough money to fix these problems that you paid for and need to pay for an upgrade which will solve these problems and have exciting new ones.
I don't try to be right, I just try to make people think
Is this Microsoft's way of saying they're not gonna patch Windows vulnerabilities any more?
"If you want more secure software, upgrade."
OK, I'll take you up on this. Starting today, release no more patches for XP and 2003 Server (or IE or IIS or OE or MS-SQL or any other component.) We should see no new exploits from this day forward. We'll give it a year. If an explot is found, I get your house and car. If no exploits are found, you get mine. Deal?
PS: If you release another patch, I win. Any "feature upgrades" must be thoroughly examined by a 3rd party to make sure you aren't sneaking any patches in. I promise I will not actively look for exploits myself.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
SteveB.
Wouldn't believe it if I hadn't seen it firsthand.
Mail? Put "slashdot" in the subject to pass the spam filters.
Someone let G. W. Bush know we found the Iraqi Minister of Information.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
**"Only Microsoft finds exploits"**
Or is it the other way around ?
say [pun]"Only Microsoft exploits exploits"[/pun]...
I think the other way around would read "Only exploits find Microsoft."
Seems more probable that way...
"I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
Except it would take something like six hours to compile on what he has. I guess this is where cross-compiling would be helpful ;)
In related news the government has fired all accountants in an effort to end budget deficits. "What we don't know can't hurt us."
old joke... insert so I bought a Mac.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Who is it that finds all the exploits and reports them to Microsoft in the first place? It sure as hell isn't Microsoft employees!
:w
If they were giving X shares of Microsoft stock for every vulnerability found, you can bet MS Employees would be finding a lot of holes!
MS can't expect the crackers to laugh for too long. Maybe this guy has a whole stand-up routine planned to keep the crackers too busy laughing to write exploits.
You haven't RTFA, have you? The quote in the Slashdot summary is a little bit out of context, but is a perfectly valid statement of a well known historical fact nonetheless. Please read it carefully:
The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: "We have never had vulnerabilities exploited before the patch was known," and "[he] could only think of one instance when a vulnerability was exploited before a patch was available."
Does he say anywhere that the patch is a specific diff patching this particular vulnerability? No. Of course not. It would be ridiculous.
Now, if I recall correctly, Larry Wall made the patch available in 1984 and I honestly cannot remember any Windows vulnerability whatsoever before that time.
Please, people, just because it was Microsoft Security Chief, doesn't mean that what he said must not be true!
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
A shame about that, but thankfully, there are things like Y Windows, which would be next to impossible to create without the existence of the Open Source train of thought in the first place.
What if you don't like the next version of MS' EULA?
1. suck it up and patch
2. refuse and be owned by the next RPC buffer overflow worm
Whee.
I just spewed coffee all over my desk! To quote the article...
"Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts."
Ok, all you lazy good-fer-nothing lazy script kiddies -- get out your disassemblers and get to work! Service pack 2 is just around the corner and guaranteed to keep you busy for weeks! Brush up on VB scripting.
Whee-hoo!
Doesn't this sound an awful lot like:
"The Linux infidels are commiting suicide and throwing their dead bodies on the walls of Redmond..."
"If I put my hands over my eyes, the evil booger-hackers can't see me...."
"I think everyone is an agnostic but just doesn't know" - Frazz
I think the other way around would read "Only exploits find Microsoft."
Maybe in Soviet Russia, perhaps?
What?
Someone mod this guy up.
At work we're switching from Sucky Coding Operation over to XP systems next month. Security, updates, yadda yadda. It'll still be an improvement, but I'm wondering just how much BS we're going to have to deal with this year. Here goes....I'm going to lay in a big supply of aspirin (preventative) and beer (pallalatitive).
Oh, and Corporate was originally going to linux systems, but changed their minds almost exactly one year ago. I wonder why? Thanks, SCO, you assholes. Don't be surprised if your gravestone is covered with spittle 24/7, Darl.
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
9% of the updates on XP don't require a restart, they just tell you it won't take effect until the next restart.
Um, that means you have to restart to have an updated system...
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
I wonder how the 'vulnerabilities' get discovered then? An infinite amount of monkeys on an infinite number of keyboards? Perhaps microsoft employs a grad student to snif out these things.... yes - that's got to be it. Or perhaps while spewing out code, the IDE automatically highlights vulnerabilities in Red to 'remind' the programmers that there is something to fix (which they never get around to doing). Perplexing isn't it?
Nobody smoked until nicotine patches were released
Nobody washed dishes before washing-up detergent was invented
Nobody had a crap before bog roll was invented
Nobody got pregnant or caught diseases until condoms were invented.
Help! I'm trapped in a parallel universe where the laws of logic are being inverted!
My hyperlinks aren't worth the paper they're printed on.
In Soviet Russia, Microsoft exploits you!
Oh wait...
...never works. That's like a bank saying "No one ever robbed our bank until we fixed that big gaping hole in the side of the vault that was exposed to the outer wall of the building."
It is all your fault then, Mirosoft!
I did not believe that, I thought it is those
nasty Linux hackers, but now you admit it yourself!
I demand that you stop relasing these patches so our OS is more secure! If you don't we will go into
class action suit against you.