Slashdot Mirror


MS Security Chief: Windows Never Exploited Until Patch Available

BenBenBen writes "The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: 'We have never had vulnerabilities exploited before the patch was known', and '[he] could only think of one instance when a vulnerability was exploited before a patch was available'. Erm..."

13 of 1,040 comments (clear)

  1. What could their motivation be.. by dynamo · · Score: 0, Redundant

    Direct quote from the end of the article
    ---------
    "Almost all attacks against our software are against the legacy systems," he said.

    "If you want more secure software, upgrade."

  2. Re:Oh really? by ChaoticChaos · · Score: -1, Redundant

    ROFLMAO!!!!!!!

  3. If not true, this should be easy disproved... by Anonymous Coward · · Score: -1, Redundant

    by contradiction.

  4. Re:Piffle by ZorinLynx · · Score: -1, Redundant

    BIG difference here. You have to pay *MONEY* for Windows upgrades, whereas upgrading a linux box is entirely free.

    Since Microsoft forces people to pay money to upgrade in order to close security holes, this is what makes them morally questionable.

  5. Re:Piffle by IWorkForMorons · · Score: -1, Redundant

    How many people using Linux are forced to pay for upgrading?

  6. Re:Piffle by Xpilot · · Score: 0, Redundant

    If Linux 2.2.XX had security holes they would say upgrade.

    Bzzzt! Wrong answer. Linux 2.2.xx and even 2.0.xx is still being actively maintained for bugfixes :p

    --
    "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
  7. Re:Oh really? by ChaoticChaos · · Score: 0, Redundant

    Yet another way to look at this is that Microsoft's future direction for security is to not improve the software but to stop issuing patches? LOL!

    ChaoticChaos
    "Some days you just can't ask for a better present than this!"

  8. Dunno about 2.0.x by phorm · · Score: -1, Redundant

    But it seems 2.2 is still being maintained. There was a slashdot article on it just recently:

    2.2 is not dead

    Part of the upgrades include security fixes. So yes... even with later versions of the kernel out, the old versions still get fixed up as need be.

    And BTW, WHO is using a 2.0.x kernel? Not anyone I know.

  9. Re:Oh really? by hoggoth · · Score: 0, Redundant

    > The implication there is that only Microsoft finds exploits.

    I hate to be an instigator... but that sounds like a ch4113ng3 to me...

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  10. Secure Software? by skooba · · Score: 0, Redundant

    "If you want more secure software...", dump Windoze.

  11. Only in Microsoft... by loteck · · Score: 0, Redundant
    are cause and effect reversed. And, of course...

    in Soviet Russia.

  12. Re:Oh really? by abradsn · · Score: 0, Redundant

    Exactly right.

  13. Re:Oh really? by Anonymous Coward · · Score: -1, Redundant

    When do you want to go today?