Microsoft Says Vista Most Secure OS Ever

darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."

Microsoft + Stupid Claims = ...

[hejog]

The most secure OS ever? No one will take them seriously seeing as a) Its Microsoft, b) Its a ridiculous claim, c) The OS has been delayed and delayed and delayed, had tons of stuff removed, and d) THE OS ISNT EVEN OUT YET! Microsoft loves making such bold ridiculous statements. Maybe Vista is the most secure Windows platform ever (even that'd be impressive, NT was fairly solid...) but at least wait till launch for christs sake! Vista is slowly turning into the biggest joke in the Computing Industry, if they continue at this rate they'll even beat Windows ME..! PS- are the comments detail bar along the top of your screen (even when you scroll down), and the muliple story categories new? Swear I never noticed those before...

Re:Microsoft + Stupid Claims = ...

[TripMaster+Monkey]

Of course it's the most secure OS ever. No one can compromise an OS that hasn't even been released yet.

Re:Microsoft + Stupid Claims = ...

[alx5000]

Proposed story tag: biteme

Re:Microsoft + Stupid Claims = ...

[Aladrin]

Actually, 'release' isn't a magical point where an OS becomes hackable. There's PLENTY of beta copies of vista out there if hackers wanted to play with it.

They haven't told us about any exploits they've found, but some crackers hold their exploit until the day of release and use it on retail, instead of beta. This allows them a '0-day release' that would be impossible otherwise for something with this much 'security'.

Re:Microsoft + Stupid Claims = ...

[justsomebody]

Are you sure about that ? this IS Microsoft after all ;). If anyone can compromise an OS surely it's them.

Compromise? Yeah, they can. Simply by releasing it.

Re:Microsoft + Stupid Claims = ...

[Dested]

Microsoft + Stupid Claims = Profit?? In a related story, Bob Muglia was seen in Tuscon today teaching a class on social engineering.

Re:Microsoft + Stupid Claims = ...

[justsomebody]

Nah, no trouble here. Just look at their equation.

1. They made PR claims about .NET being made to be crossplatform. But in reality their implementation is not even Winplatform.
2. Based on 1. only Windows exist.
3. MS was bitching about computer without OS, meaning Linux and others in their eyes are not OS
4. Based on 4. Windows is the only OS
5. So this will be most secure Windows ever.
6. In MS eyes 2. and 4. equals to most secure OS ever.

Re:Microsoft + Stupid Claims = ...

'Funny' mods don't count towards karma, stupid. Look it up.

Re:Microsoft + Stupid Claims = ...

[foamrotreturns]

Hm, while we're talking about beta/not released, etc, let's make a "maiden voyage" comparison with a very relevant quote:
"...when the New York office of the White Star Line was informed that Titanic was in trouble, White Star Line Vice President P.A.S. Franklin announced 'We place absolute confidence in the Titanic. We believe the boat is unsinkable.'"
Source: http://www.historyonthenet.com/Titanic/unsinkable. htm

Re:Microsoft + Stupid Claims = ...

[dulcemrb]

HaahahahHahahahahahahahahahhaahahah! (Dies from laughter)

Re:Microsoft + Stupid Claims = ...

[jcidiotashram]

i installed vista beta version over the weekend. it was the first time i had hiccups while installing windows(with debian installs everytime it happens). so the first problem was, i was told to reserve 15 GB for OS and if i had 20 GB, i will be fine. so i partitioned by hard disk 20 + 85, and guess what it complained not enough space and without any warning installed in the 85 GB partition. i ain't no fool to give 85 GB to windows. then i increased the size to 35 GB and reinstalled it. the moral of the story, still a Microsoft product won't listen to the user second the system is so paranoid of any action. first i wanted to install the video card, network card, i get all these warning message that some application is trying to access a device(esp i logged in as administrator). the only way around i found was, log in as a normal user, and open the application as the administrator(it is in the menu), then it will install. the moral of the story, when they talk about security, they mean the paranoia of a secure system.

Re:Microsoft + Stupid Claims = ...

You want a secure OS?
  We already have it!
  Its called Live CD Linux
Its a Read only OS..
you customize it as you want it,
I dare you to hack it virus it
Lets say your successful, Big deal !
the OS resides only in RAM
  .
So I reset my machine and all of the malware spyware Viruses and other crap are all Gone
Now thats what I call secure
Can Vista do that ?
Many people use their computer only for web surfing and email, if they dont use a live CD Linux thats foolish
Its great for these people.
  If they make a mistake, reboot machine all fixed
My grandmother can fix it she's 98 !!
Reboot Johhny?
Yes reboot grandma
Can Vista do that ?

Re:Microsoft + Stupid Claims = ...

Thats what I'm doing... - not sure if I should report it before beta is over - probably won't, unless they're offering something for it...

Re:Microsoft + Stupid Claims = ...

what is it?

Re:Microsoft + Stupid Claims = ...

[Pozican]

Of course it's the most secure OS ever. There is no inertial reference frame.

Re:Microsoft + Stupid Claims = ...

[Foofoobar]

And oddly enough, exploits were already found that affect XP as well as VISTA. But since Vista isn't even out yet, they don't have to patch anything.

Honestly, I think Vista is their Titanic and they just solidified this feeling by claiming that it's 'unsinkable'

Ahoy! Iceberg ahead...

Re:Microsoft + Stupid Claims = ...

look at windows server 2003 compared to the redhat equivalent, MS has almost half the amount of exploits that redhat has, Vista is based on 2003 + a huge security overhall, this claim is completly valid.

Re:Microsoft + Stupid Claims = ...

[AzsxQuii]

Reminds me of the 5 nines of reliability when the 2000 flavors of windows were released (99.999% Reliable). I am surprised that none at the MS shop has learned from that lesson. Considering how many breaches 2000 has had.

Re:Microsoft + Stupid Claims = ...

[cp.tar]

If they're not paying you for it, don't.

If you're supposed to pay for the OS, they're supposed to pay for the bug reports. Plain and simple.

Re:Microsoft + Stupid Claims = ...

[cp.tar]

Hmmm... Windows Titanic.

Vista + Titanic == Vistanic.

Or Titsta.

Re:Microsoft + Stupid Claims = ...

[cp.tar]

WTF?

Fifteen gigabytes for an OS?

Now just let me tag this article as 'yeahright'

It is only secure because it's not going anywhere near my computer.

Re:Microsoft + Stupid Claims = ...

[macdaddy357]

Of course it is secure. Hackers can't break into vaporware.

Re:Microsoft + Stupid Claims = ...

[betterunixthanunix]

They are just stalling for time. Nobody would even think about Vista if Microsoft said, "Well, we aren't really doing anything, just wasting time, and you will just have to wait to get you copy."

My theory? This is about marketing. Vista's resource requirements are so extreme that before releasing it, they need to make sure that people actually have computers capable of running it. Any reasonable excuse for a delay is considered fine -- it is similar to the tactic that they used with XP (remember, the brief delay while "security problems" were addressed?). I recently purchased a new laptop marked as "Vista ready" (and immediately installed Mandriva 10.4). People tend to upgrade their computers every three years, so by waiting until most people have upgraded, Microsoft can reach a broader audience (assuming, of course, that the Vista install process is simple enough -- a rather significant assumption).

Re:Microsoft + Stupid Claims = ...

[Aqua+OS+X]

Nah, it the most secure because of it's endless piles of dialog box warnings and dialog box warnings for other dialog box warnings.

Re:Microsoft + Stupid Claims = ...

4. Based on 4. Windows is the only OS

Aaaaaah, recursive definition!!!!

Re:Microsoft + Stupid Claims = ...

[justsomebody]

Damn, this is called Stack Overflow

Re:Microsoft + Stupid Claims = ...

Actually, it will be the most INsecure for precisely that reason. Vista will teach users to mindlessly click "Ok", "Yes", "Sure" on any pop-up box, by being bombarded by those, to get rid of those interruptions and be back to what they wanted to actually do with their computer. Like there are not enough of such users right now...

Re:Microsoft + Stupid Claims = ...

[Eideewt]

That's the beauty of Web 2.0! Don't you see? Now you can be part of the new community-driven Internet by adding social tags to suit your whims! Tags with rounded corners! And gradients! If I use another exclamation point I will asplode! Uh oh....

Re:Microsoft + Stupid Claims = ...

[KarmaMB84]

so they won't fix it for you and others in a patch? that is the dumbest thing I've ever heard of ;o

Re:Microsoft + Stupid Claims = ...

[x2A]

Suppose it depends on whether you want that exploit in the default distribution of Windows or not... the version that millions of people will be running because they can't get the patches without upgrading... the version that spambots especially like.

(this may not be relevant to the hole you've found, but I'm sure a point can be extrapolated from it ;-)

Re:Microsoft + Stupid Claims = ...

[Squigley]

> No one can compromise an OS that hasn't even been released yet.

hence why HURD is still more secure.

Re:Microsoft + Stupid Claims = ...

[DA-MAN]

so they won't fix it for you and others in a patch? that is the dumbest thing I've ever heard of ;o

This assumes at least three things!

1) That he uses Windows (for other than just for h4x0r1ng)
2) That he doesn't have the skillset to create his own patch (ala WMF Third party patch)
3) That he wants this hole closed on systems he could later target (aka Greyhat/Whitehat)

Re:Microsoft + Stupid Claims = ...

[cp.tar]

You have paid for the software.

You have paid, then, for a certain level of quality, right?

If commercial, proprietary software is so much better, why do people who pay for it still habe to be beta testers?

Don't you find this backwards? You paying them money to be able to beta test their software?

When was the last time you read Tom Sawyer?
By submitting bug reports, you're just paying them to be able to paint their fence for them.

With FOSS, submitting bug reports to developers is the least you can do.
With proprietary software, it's a hidden labour tax.

If users stopped behaving like beta testers, maybe once in a while they'd publish finished software.
I do know it's hard to relate to the concept, nowadays, but try to imagine... or recall...

until

It's secure, until they publish it.

Re:until

[coolgeek]

Heh, they said the same thing about Windows NT, touting the C2 certification the received.

MS Airforce Attacks OpenBSD Leader, Servers

[Saint+Aardvark]

CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).

de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.

Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.

Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."

Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."

Re:MS Airforce Attacks OpenBSD Leader, Servers

[Em+Adespoton]

Nonono... you've got it backwards:

Boston (NAP) MS SVP Bob Muglia was last seen standing at the entrance to Vista, shouting, "We have successfully secured the OS against the infidel! This OS is more secure than any other OS out there!" Meanwhile, the OS is disintegrating around him from the barrage of attacks from the coalition forces.

Re:MS Airforce Attacks OpenBSD Leader, Servers

That would be "Baghdad Bob" Muglia. Also, he was promoted to Information Minister.

Re:MS Airforce Attacks OpenBSD Leader, Servers

fyi: MSFT is NASDAQ listed - not NYSE listed. so it should be (Nasdaq: MSFT)

Re:MS Airforce Attacks OpenBSD Leader, Servers

[minus_273]

WTF?

Re:MS Airforce Attacks OpenBSD Leader, Servers

[ChrisGilliard]

Microsoft's axis of evil: OpenBSD, Linux, Mac OSx.

Re:MS Airforce Attacks OpenBSD Leader, Servers

[jd]

I'd find that funny if it weren't for the fact that I could see it happening. It's Microsoft's best hope of not being laughed off the face of the planet. (It would also explain the two redacted "black" USAF projects from a UK MoD report that was recently declassified...)

Re:MS Airforce Attacks OpenBSD Leader, Servers

[denebian+devil]

Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."

Because we now know that OpenBSD is our *real* last best hope in our fight against the Go'a'uld. And would keep the damn gate computers from crashing every time Anubis decides to bombard them with his evil death rays (read: Microsoft-infecting trojans).

Re:MS Airforce Attacks OpenBSD Leader, Servers

de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.

Don't laugh. Theo lives in Calgary, Alberta, and the oil sand deposits reserves around there are the about the second largest reserves in the world (after Saudi Arabia). Something like 50% of all US energy (oil, gas, etc.) comes from Canada.

(Hello NSA. Can you hear me now?)

Re:MS Airforce Attacks OpenBSD Leader, Servers

[wtansill]

CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).

Good God man! Don't give them ideas!!!

Re:MS Airforce Attacks OpenBSD Leader, Servers

[sciencecneisc]

Thanks. Amusing. :)

Re:MS Airforce Attacks OpenBSD Leader, Servers

[donaldGuy]

That was pretty much the best comment I've seen in 6 months

Re:MS Airforce Attacks OpenBSD Leader, Servers

[Saint+Aardvark]

Thanks!

Maybe true today, but

[SIGALRM]

Vista is the most secure operating system in the industry

Of course it is... virtually no one is using it yet. While Vista is obscure, it follows that there will be little exploitive effort.

As always, future history is yet to be written--although it tends to reflect and repeat the past.

Re:Maybe true today, but

[adamlazz]

Thats what we all thought when XP came out... Well, at least I did! I guess I was wrong!

Re:Maybe true today, but

[LordEd]

While Vista is obscure, it follows that there will be little exploitive effort.

Like Linux?

Re:Maybe true today, but

[EraserMouseMan]

So you mean just like the Mac OS?

Re:Maybe true today, but

[houghi]

While Vista is obscure, it follows that there will be little exploitive effort.

I knew it. Security through obscurity works!!

Re:Maybe true today, but

[G+Morgan]

There are already as many Vista exploits out there as there are Linux yes. Vista has a critical flaw already despite having a much smaller market share than Linux.

Re:Maybe true today, but

[jellomizer]

Or the latest patch stops it from booting. You can make an OS Real secure by preventing it from booting up.

Re:Maybe true today, but

[pestilence669]

Way to go Microsoft. Even if Vista is the most secure O/S on the planet, with a declaration like that... I can imagine that every security researcher, script kiddie, and hacker alike will want to prove them wrong.

Re:Maybe true today, but

[Gunny101]

Just because vulnerabilities arn't known, doesn't mean they do not exist. So, in the end it is not secure. Also, you can't compare Windows to the security of the mainframe or legacy systems that utilize mandatory access controls.

Re:Maybe true today, but

Probably this has been already said in a previous reply, but I couldn't help myself saying this...

*ahem*

*clears throat*

DIDN'T MICROSOFT SAY EXACTLY THE SAME THING ABOUT WINDOWS XP???

can't break what you can't see!!

[netsavior]

I think PhantomOS is more secure. No virus in the world can infect an OS that does not exist.

Re:can't break what you can't see!!

[syntaxglitch]

That leaves Vista a very close second then, doesn't it? ;)

The Slashdot Criteria

[eldavojohn]

From the Slashdot FAQ:

Slashdot gets hundreds of submissions every day. Every day our authors go through these submissions, and try to select the most interesting, timely, and relevant ones to post to the homepage.

Or, as in this case, any story with a headline that will start an instant flame war.

Re:The Slashdot Criteria

[Scrameustache]

story with a headline that will start an instant flame war.

More pageviews means more money.
And it worked on both of us!

Although, I suspect that the editors just want to read the +5 funnies ;-)

Re:The Slashdot Criteria

[Trillan]

And? It would get boring around here if the editors didn't troll us from time to time. :)

Re:The Slashdot Criteria

> "I was a victim of a series of accidents, as are we all."

You know, that really is a clumsy use of English...or is it a translation from Japanese or something?

Re:The Slashdot Criteria

[Aqua_boy17]

I didn't see it in the FAQ, but it also should not be timely:

"Bob Muglia opened up TechEd 2006 in Boston Sunday evening..."

Re:The Slashdot Criteria

"I was a victim of a series of accidents, as are we all."

You know, that really is a clumsy use of English...or is it a translation from Japanese or something?

What manner is the sentence that appears in my quote clumsy in? It's English of a premium variety.

Kurt Vonnegut Jr. wrote it, why not? Do you find English to be an easily understood language? Perhaps the variety of English that my parents taught me would better suit you here?

Re:The Slashdot Criteria

[Infonaut]

Or, as in this case, any story with a headline that will start an instant flame war.

Hey, it works for Dvorak. Why shouldn't it work for Slashdot? ;-)

Re:The Slashdot Criteria

It's archaic, which is common for fantasy and sci-fi books, TV shows, and movies.

Re:The Slashdot Criteria

[NanoGator]

"Or, as in this case, any story with a headline that will start an instant flame war."

I'm surprised they didn't wait until Friday evening to post this. Woulda gotten more hits!

Re:The Slashdot Criteria

[sa1lnr]

I have always thought that you needed two sides to have a war. ;)

OK MS, put a naked Vista box on the Internet

[hirschma]

Make a bold claim, do a bold presentation.

Re:OK MS, put a naked Vista box on the Internet

[malraid]

Hey ... any body with a public IP and box to spare is up to this? I would be a nice way to kill this little PR stunt.

*laughs*

[Effugas]

Bit of a clarification...they mean this sort of Black Hat.

I'll believe it when I see it

[Iphtashu+Fitz]

Given Microsofts track record, and the fact that they've made similar claims with other releases of Windows, I'll wait to see if they speak the truth. Only after Vista has been widely deployed and all the worlds hackers have had plenty of time to bang on it will I believe what Microsoft has to say.

Re:I'll believe it when I see it

[sgt+scrub]

I'm with you. I still wont use it. But at least, I'll wait until it is out before I'll develop an opinion as to how hard it is to break into it.

Meanwhile...

[Tweekster]

Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.

Re:Meanwhile...

[Effugas]

Wrong black hat, though yeah, that could have been phrased better.

Re:Meanwhile...

[Creepy]

if you don't trust their black hats, try it yourself
download the beta
install
hack

I did notice that part of their security was deprecating the C API and creating a "secure" one with the same names but _ first (at least VC 2005 now gripes about the C API). Not sure what the difference is, but I've heard the new API does checking on the buffers for over/underflow.

my biggest grudge against Microsoft, however, is their shoddy OGL support and floating DirectX API. DX7-8 cool new features and faster, but you have to relearn the API. DX8-9 - cool new features and faster, but you have to relearn the API. DX9-10 cool new ... aw screw it. I tried to keep a codebase of compatible OGL/DirectX code for 2 years before going all OGL.

Re:Meanwhile...

[HuckleCom]

So true. Which would you rather do, report all of the issues, or report 'superficial' issues and keep the REAL ones to yourself. Then, when vista is in full swing - have fun with all the corporate networks you want! It will pay more than MS!

Re:Meanwhile...

[Joebert]

Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.

Microsoft put a few gaping holes in there to skew the judgement of "simple", thus getting the reports they wanted.

apt Homer quote

The word unblowuppable is thrown around a lot these days...

It's true...

[Nutmegan]

Vista is amazingly secure. I've been trying to crack a Windows Vista machine all morning, and I can't even find one. Nothing like those operating systems that people are actually using.

Microsoft

[denisbergeron]

said that for every version of Windows, and it's right if you considere two premises :
1) The OS is not used by anyone when the "most secure" sentence was released.
2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).

Depends on the definition.

[jcr]

If the "industry" he's referring to is "the MIcrosoft operating systems industry"...

-jcr

Re:Depends on the definition.

[kfg]

I am more curious about their definition of "secure."

Secure against whom?

KFG

Re:Depends on the definition.

[jcr]

Secure against whom?

The user, probably. ;-)

-jcr

Re:Depends on the definition.

[Tatsh]

Definitely AGAINST the user, but nothing can stop the user from being stupid.

Re:Depends on the definition.

[kfg]

Do not overlook the point that my question also implies there may be entities whom their defintion of "secure" does not cover.

KFG

Well, I suppose in the end, it *is* secure...

[soren42]

So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security": *insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*

*launches Internet Exploiter*
"You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
*clicks "Yes"*
"Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess your computer up! Are you absolutely sure you want to connect to the internet?"
*clicks "Yes"*
"Oooooh, sorry - you don't have sufficient privileges to connect to the internet. Contact your Administrator or type your Administrator password now."
*types password*
*connects to internet*
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*clicks "Yes."
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*kicks computer*
*installs Linux/BSD or buys Mac*
VERY secure, indeed.

Re:Well, I suppose in the end, it *is* secure...

This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.

Re:Well, I suppose in the end, it *is* secure...

[Hinhule]

I think that is just a big cover for the fact that they have not been able to complete TCP/IP support.

Re:Well, I suppose in the end, it *is* secure...

[Jairun]

That's pretty much what it's like hehe :)

Re:Well, I suppose in the end, it *is* secure...

[soren42]

This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.

Yeah - I was going to go boot it up and copy the actual text in the ultra-annoying, constant stream of "As a user, you're too stupid to understand security. We need to ask you every question in existance about every OS function to ensure to completely understand the risks... and to point out exactly how secure of an OS you're really using."-popup boxes. But, I decided it wasn't worth all that effort, when the hyperbole was funnier and effective.

But, you are entirely correct - there is more than a small grain of truth in this joke!

Re:Well, I suppose in the end, it *is* secure...

[chill]

Did you ever play Infocom's Hitchhiker's Guide to the Galaxy?

C:>Quit
Are you sure you want to quit? Y
Are you really sure you want to quit? Y
Are you really, really sure you want to quit? Y
Are you really, really, really sure you want to quit? Y

ad infinitum

Re:Well, I suppose in the end, it *is* secure...

For the general public....hand holding is what you have to do...

As funny as this is...its pretty true.

Re:Well, I suppose in the end, it *is* secure...

[Zaplocked]

While I agree the amount of popups vista brings up is laughable, one wonders what you were doing wrong to fail at installing flash - I just went to macromedia's site and click the install now button. After 6 or 7 annoying popups and 2 minutes, it was installed fine.

Re:Well, I suppose in the end, it *is* secure...

[ch-chuck]

C:>Quit

Looks like you were actually playing DOS 6.22.

Re:Well, I suppose in the end, it *is* secure...

[tgd]

Hehehe

The funniest part of that is most people here who aren't running Vista probably think you're joking or overexagerating.

*clicks submit*
*clicks ok*

Re:Well, I suppose in the end, it *is* secure...

[fermion]

So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security":

*insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*

When autorun is turn off for all removable media, and can only be turned on with an administrator password, and there is no override for "special DRM encoded media", then I will believe that MS is concerned about security. Until then, they are doing the minimum neccesary to meet a current PR, while making sure that control of MS Windows stays out of the hand of the end user, and in the hands of MS and it's partner advertisers.

Hackers?

In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."

And I bet the penetratees are the Windows Vista beta "testers".

Cool, MS doesn't even need to pay for them :) .

Re:Hackers?

[Em+Adespoton]

??? I thought the whole idea behind "black hat" vs. "white hat" was the relationship between the "hacker" and the victim. White hat hackers do their stuff with permission and with people's best interests at heart. Black hat hackers do things for their own interests, at the expense of the victims.

Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile, they're digging around inside (being careful to erase traces of their visit), getting extremely familiar with an OS that hasn't even been released yet. 0-day exploits indeed....

Re:Hackers?

[StarvingSE]

Its called media speak. Black-hat hackers sounds like a group of evil-doers who are now turned to the light side and are helping MS secure their OS, but they are still bad boys.

White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.

People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"

OMFG LOLrz

[GillBates0]

And Windows 3.1 was the BESTEST OS EVAR!!!11!

And MS-Bob was the BESTEST GUI EVER!!11

ms sez so...

[subgrappler]

how secure it is, is yet to be seen... but sad as it is... many suits will believe it just because MS say is it.

We shall see.

[elgee]

I will keep an open mind on this, but I will assert that I think that it was foolish for Microsoft to say that. I bet the hackers will see that as a challenge that they WILL overcome.

Acronyms

[linvir]

I noticed in this article that they're treading on our acronyms.

SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?

RMS - Rights Management Something
This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor, or is a complete prick. I really doubt that this was accidental.

It's superficial, but I think both examples are very symbolic.

Re:Acronyms

[Wellington+Grey]

I think both examples are very symbolic.

You must be an english major, looking for symbolism among the coincidences. Do you know how small the search space for three letter acronyms is? 26*26*26 = 17,576. That's pretty damn small when you compare it to the size of the english language (about 300,000) so there's going to be some overlap on RMS. Besides, if it wasn't RMS, you would have found some other 'meaningful' acronym.

-Grey

Re:Acronyms

Microsoft says the 256-bit AES encryption technology only causes a single-digit slowdown when communicating with the disk, and the majority of users would never notice it was running.

So instead of reading/writing 2^20 bytes per second it is 1^20 bytes now *ducks*

Re:Acronyms

[Tim+C]

Treading on "our" acronyms?

I'm sorry, but rms has meant "root-mean-square" to me for about 15 years, or roughly 8 years longer than I've known about GNU or Linux, and it's meant that to mathematicians for a lot, lot longer than that.

Since when does anyone "own" an acronym? Talk about overly touchy...

Re:Acronyms

[TheSenori]

If RMS only meant the Royal Meteorological Society, it wouldn't matter; there would be no reason at all to suspect any design. But with RMS being so prominent, especially to the type of people we're talking about here, there's a very good chance that at least some of them would notice.

Re:Acronyms

[linvir]

You must be a Slashdotter, trying to pigeonhole someone you disagree with off into a group you feel superior too.

Re:Acronyms

Do the people in Iraq who plant IEDs have IED? And do the IEDs have IED? Do they belong to the IED?

I say to hell with acronyms altogether. Is it a disk operating system or a denial of service?

(MRC="bandying", glad you got the MRC generator working again!)

Re:Acronyms

[poot_rootbeer]

SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare.

What is Simple DirectMedia Layer?

But then again, they knew that SDL was in use. Why not show a bit of cooperation?

There are only 26^3 possible TLA's in capital Latin alphabet namespace. I think it's safe to say that they're ALL already in use.

Re:Acronyms

[settantta]

I'm sorry, but rms has meant "root-mean-square" to me for about 15 years, or roughly 8 years longer than I've known about GNU or Linux

That's what it's meant to me for 39 years (and I'm not a mathematician either). considering that I've only been aware of Stallman's existence for around 4 years....

Re:Acronyms

It's also stood for Royal Mail Ship for quite some time...I'm not sure how long, but suffice it to say that James Cameron made a little film about the RMS Titanic.

I'm guessing Stallman wasn't around to see those newspaper headlines.

Re:Acronyms

[colinrichardday]

Is it a disk operating system or a denial of service?

In the case of MS-DOS, both.

Re:Acronyms

[marcosdumay]

You know, RMS didn't spent his entire life fighting "root-square means".

And we can be sure that the person who proposed this acronym (the one you use) didn't spent endless hours thinking on how to make RMS sound stupid.

Re:Acronyms

[WeAreAllDoomed]

I noticed in this article that they're treading on our acronyms.

i've noticed this for awhile too.

Re:Acronyms

[Cro+Magnon]

Is it a disk operating system or a denial of service?

Yes!

Re:Acronyms

[dbIII]

RMS - This one is amazing, because it's basically DRM named after Richard Stallman.

Or perhaps "Root Mean Square" or perhaps it bears no relation to either and the person looking for a three letter acyronym had neither heard of Richard Stallman or had completed an adequate high school mathematics education.

Re:Acronyms

[andersbergh]

Add this to the list: LUA - Least User Access

Hold The Font Page!

[NickFortune]

In other news, Kellogs say Corn Flakes "taste nice". Film at eleven.

Re:Hold The Font Page!

[treeves]

Of course MS said this. Duh! What are they supposed to say?
"We hope it's more secure than XP, but we'll just have to wait and see."?

Re:Hold The Font Page!

[maxwell+demon]

Well, they could just have said: "It's the most secure Windows operating system." Which might even be true.

Re:Hold The Font Page!

[Onan]

I seem to recall that Dave Barry had a good line that would extend well to this case:

'...Windows XP, which according to everybody is the "most reliable Windows
ever." To me, this is like saying that asparagus is "the most articulate
vegetable ever."'

Re:Hold The Font Page!

[Flyboy+Connor]

And don't forget: Pope says Catholicism is the religion most likely to get you into heaven.

Re:Hold The Font Page!

[biglig2]

You may sneer, but you gotta remember that the only unique selling point that has any chance of making it into Vista is that Vista is, and I quote, "slightly less fucked than XP". The marketing people have to work with what they have.

Re:Hold The Font Page!

[swv3752]

But Frosted Flakes taste "Greeaattt!"

Microsoft claims on Vista...

[TWX]

...sound like a challenge to me... Let's count the kinds of attacks that have existed in the past: Bad daemon/service design allowing for root control through the service itself remotely Bad daemon/service permissions allowing a buffer overflow to give one service-level command access Bad port use allowing for access to stuff that should be off by default Bad user permissions control requiring everyone who actually want to do something to have local admin access Bad MS software design giving software designed to look at public (read: anything) access to the service or kernel level Bad implementation of MS software allowing for public, untrusted content to arbitrarily install stuff on the PC (see also: the Balmer Story) Sounds like we have a lot of possible places to start, and I'm not even someone used to breaking into Microsoft systems. There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users...

Re:Microsoft claims on Vista...

[jabelson]

"There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users..."

You don't blame THAT on the OS do you?

Re:Microsoft claims on Vista...

[TWX]

Actually, to a small extent I do. If the OS allows the user too much power over the OS itself then the whole machine goes down. I used HP X-terminals when I was in college, and they were never down. The HPUX server in each respective cluster just ran and ran and ran, even though users could compile their own code, install their own applications, print, and mount preconfigured remote filesystems.

I tried a fork-bomb once, didn't do much besides disconnect my controlling terminal. People had enough room to put whatever browser they wanted (Netscape was modern at the time), and I had programs for IRC, instant messaging, and the like. The only thing that I really couldn't do was play audio, since these terminals weren't equipped with sound chipsets. Had they been, it would have been possible to set X up to forward sound to the machines just as well as video.

So, as long as Microsoft continues to take shortcuts in order to do things rather than go through the right channels then I will continue to blame them for a certain amount of social engineering allowing people to get users to do things that will compromise the whole machine rather than just the user's personal data.

Most secure in what configuration?

[TheViewFromTheGround]

Any operating system that is capable of the tasks contemporary computer users want that system to do (being connected to the Internet as the prime example) is one that can be configured to be exploited.

Second, it is empirically accurate to state that no one has complete, a priori knowledge of bugs in a reasonably complex piece of software, some of which could lead to exploit conditions.

Third, is it even theoretically possible to have a priori knowledge of such bugs given a system of sufficient complexity?

How does that compare

How does hiring a dozen black hat hackers compare to having thousands of professionals seeking errors at large?

The power of the public is cooperation. Someone finds a small bit and _shares_ it with others. A dozen guys in a microsoft office (pun) have none of this power.

Not finding a hole is no proof of being airtight anyway.

vajk

Re:How does that compare

[Joebert]

Not finding a hole is no proof of being airtight anyway.

But a sufficated mouse is.

Re:How does that compare

[mattyrobinson69]

An example of that - I found a bug in IE, where a css stylesheet would cause IE to crash, i posted this stylesheet to somebody on slashdot who asked about it - i dont know what became of that, but this was found by chance, not by me being a black hat (the person i showed the stylesheet to may have found a way to exploit it, i dont know).

This doesn't work.

[JamesF1]

Microsoft claim that this is the most secure OS to date... but they also claim that it's incredibly stable. I don't get how that works.

If you want security, use Windows 95... A crashed computer is incredibly secure - far more secure than Vista.

Re:This doesn't work.

[B3ryllium]

By your logic, Windows Millennium Edition is actually more secure than all other versions of Windows.

Combined.

Re:This doesn't work.

[UMNbandgeek]

"If you want security, use Windows 95... A crashed computer is incredibly secure - far more secure than Vista."

If you want a really secure OS, I recommend Windows ME.

Re:This doesn't work.

[maxwell+demon]

A crashed computer is also incredibly stable. It usually will not crash again until the next reboot.

Re:This doesn't work.

[91degrees]

True. The other aspect is that since its networking is so minimal, it's pretty secure until you actually add some extra software to connect to the internet...

of course it secure ...

Of course it's secure. How can someone hack into it if its so complex that even the guys and gals who are writing can't understand it. That's safe -- kind of like putting you money in a safe to which no one knows the combination (and on which the combination is not a factory default Mr Feynman).

This is laughable

[Starker_Kull]

You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc. To preemptively announce that "Vista [is] the most secure OS in the industry" before it is even released makes me think Microsoft is still high on itself.

Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.

Re:This is laughable

[east+coast]

You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc.

While I am not defending Vista I would like to think that MS has enough forethought to submit their new OS to attacks of various natures. I doubt any large software house lets a product go to market without submitting it to the rough and tumbles of a simulated user environment.

In the end I also think that Windows (W2K and XP that is) is fairly safe and stable while you pay attention to common sense security. Joe Sixpack is probably more of a Windows security problem than any virus out there.

Re:This is laughable

[Starker_Kull]

While I am not defending Vista I would like to think that MS has enough forethought to submit their new OS to attacks of various natures. I doubt any large software house lets a product go to market without submitting it to the rough and tumbles of a simulated user environment.

I'm sure you are right. And if they were to say, "We have subjected Vista to more security checks and tests than any previous OS", I would probably accept that as fact. They do list many features that MIGHT enhance security. But all the security testing in the world does NOT demonstrate that a system is secure, because the system has to live in the real world, not the testing facility. And a wise company would know that, and rather than brag about something which is yet to be proven, might demonstrate that they understand that security is not a finish you apply like a coat of paint, but an enduring process (with apologies to Bruce Schneier) that they are committed to, rather than, "Here's the most secure OS in the world! Done! Finished! Buy it, and you will be secure!"

Anyone can design a system that they themselves can not crack. It's the other cracks they haven't thought of that count, and it remains to be seen how many there are.

I should mention that I agree that Joe Sixpack is the main threat to security - but allowing for this should be part of the design. Watching the multiplying security windows popping up confirming every little change to the files, even the aliases on a Vista desktop, makes me think that making USABLE security is still a New Thing at Microsoft.

Thank you for the polite thoughts, though.

Re:This is laughable

[DeadChobi]

Oh, wow. So they're going to top Vista off with being MORE ANNOYING than Windows XP? You mean I'm actually going to have to be prompted every time I want to do something? There'd better be a way to turn this off or I'm never going to buy a copy of Vista.

It's bad enough to be prompted every 15 minutes for a restart after I've installed updates, EVEN IF I AM IN THE MIDDLE OF SOMETHING. Yes, Windows will pull me out of full-screen just to tell me that it has finished installing updates. To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy. Piss people off enough so that they never use your OS.

That kind of treat-you-like-you're-stupid shit is what makes me dread installing updates. I dont give a shit that I need to restart to install updates. Windows has waited for weeks for me to restart, and I dont need the constant nagging while it's waiting. Let me know when Vista has had its obligatory "dont treat me like I'm a mindless twat computer user" update. Then I'll get it.

Re:This is laughable

This is more of an opinion rather than fact. This is more than likely, and I'm willing to put money on this, in regards to production environments rather than home usage. To say that this is "Most Secure OS Ever" is simply laughable. There is always room for error and there is no way they're going to protect against all the maliciousness on the internet. While they may think they're secure, this has not been tested and is jumping the gun more than anything. Most of their new security features are already caught at the kernel level in linux distributions which exhibit the use of Selinux, and more notably, grsecurity. To say that many blackhats are pentesting the operating system is a joke in it of itself. Granted, if these WHITEHATS were to find a bug and report them, there are a number of bugs that would still go unfound which would present a problem later. There is already Vista 0day floating around for beta releases, it's only a matter of time before we see Vista 0day for full releases. While I think it's about time Microsoft took security in check, they're in essence shooting themselves in the foot when a bug is found and their credibility as a vendor comes under fire (once again) when more vulnerabilities and exploits are released.

Re:This is laughable

[drinkypoo]

There'd better be a way to turn this off or I'm never going to buy a copy of Vista.

I'm sure that if you run as Administrator, you won't be prompted all the time... :)

Re:This is laughable

Just in case you didn't know, shutting down the Automatic Updates service will stop the nags. The service will start again the next time you boot. Not ideal, but it's how I work around the problem...

Re:This is laughable

[bob65]

To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy.

Maybe it is a brilliant strategy. Maybe they've realized that the biggest problem with Windows XP is not that the OS is insecure and unreliable, it's that the users are insecure and unreliable. So what to do? Fix the users. Make them more secure. Train them to be the ideal users that they want.

Re:This is laughable

[alan.briolat]

Welcome to Windows! You're not in control, you're just the passenger!

Bwaaa ha ha ha ha!!

[mpapet]

Seriously though, I've resigned myself to saying that Windows does the job for many people. But a secure desktop OS it is not. It's not designed like that. In steadily fewer cases, it isn't even the best tool for the job.

Microsoft will repeat the security message in the media until most people believe it. Meanwhile I'll still have plenty of work babysitting their products and buying security software to use on top of their "secure" software.

Uh oh

[BigCheese]

You know that's one of those statements that will come back and bite them in the ass.

It's like handing software to QA and saying "I've got all the bugs out this time."

In other news...

* Steve Jobs says OSX has the best UI ever.
* Reggie Fils-Aime says Nintendo DS is the most advanced handheld ever.
* GM says the Chevy Tahoe is the safest truck ever.
* My mom says last mother's day was the best ever.

Conclusion? People like to blow their horn and advertise what they have.

Re:In other news...

[maxwell+demon]

Not to mention that what you are currently reading is the best comment ever made on Slashdot :-)

Re:In other news...

[Foobar+of+Borg]

* Steve Jobs says OSX has the best UI ever.
* Reggie Fils-Aime says Nintendo DS is the most advanced handheld ever.
* GM says the Chevy Tahoe is the safest truck ever.
* My mom says last mother's day was the best ever.

* Pat Robertson says he can leg press 2000 pounds.

Re:In other news...

[Javaman59]

Not to mention that what you are currently reading is the best comment ever made on Slashdot :-)

But it is, but it is!!!!! Not only that, it's the best comment ever made. Period. Your comment will live on long after Vista. And, it was released (long) before Vista. :-)

Pass the linctus

[ettlz]

Cough! OpenBSD Coughhhhhhh!

Sorry about that. Did someone say Microsoft thinks they've got "t3h m0st s3cur3 05 ev4r lollll!!!!1111" or something?!

Re:Pass the linctus

[Mister+Whirly]

Except I read on Slashdot that BSD is dead.... Oh and something about Natalie Protman + hot grits...

Black hat?

[gcnaddict]

Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s

Could someone explain the difference between the two so I can make sure I didnt screw up?

Re:Black hat?

[Anarke_Incarnate]

Not if you want to sell copies of WINDOWS DEFENDER!

Now that the blackhats have had a look at the source code, we had better pony up the money to buy that service or else....

Re:Black hat?

[linvir]

And how impressive would that sound? In reality they have several "white hats" working for them in the form of regular security people, I presume. But if you say you got an ex-bankrobber in to check out your security, it sounds a lot more impressive than just saying "we think we've done a pretty good job", even if the bankrobber is in a worse position to evaluate the security.

Re:Black hat?

[hal9000(jr)]

Could someone explain the difference between the two so I can make sure I didn't screw up?

Sure, white hat hackers do it for glory and money. Black hat hackers do it for money and glory.

Oh balls!

Re:Black hat?

[supabeast!]

"Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s"

Typically, yes. But if you're Microsoft, trying to do everything you can to deal with a horrible reputation regarding the security of your software, it makes a hell of a lot of sense to go nuts and hire every crazy black-hat hacker willing to pen-test the OS for you. Remember, plenty of black-hats are just in it for the money, and for them, it probably makes a hell of a lot of sense to take a big pile of cash from Microsoft than it does to keep running bot networks selling v1@garr@.

Re:Black hat?

[maxwell+demon]

Imagine you are a black hat hacker, and are asked to evaluate the security. Wouldn't you be very tempted to keep silent about a few security problems you found, in order to exploit them later?
What would you think if an airport employed terrorists as security personnel because they know better what to look for?

Re:Black hat?

[DragonWriter]

Typically, yes. But if you're Microsoft, trying to do everything you can to deal with a horrible reputation regarding the security of your software, it makes a hell of a lot of sense to go nuts and hire every crazy black-hat hacker willing to pen-test the OS for you. Remember, plenty of black-hats are just in it for the money, and for them, it probably makes a hell of a lot of sense to take a big pile of cash from Microsoft than it does to keep running bot networks selling v1@garr@.

Wouldn't make even more sense, if money was your only concern and morality no issue, to take a big pile of cash from Microsoft, hold back the real vulnerabilities found, and then use that information to make money running bot networks (or selling the information to people who do?)

Re:Black hat?

[jsse]

When a white hat got a month's contract. He looked at the technical specifications of the product, search for all possible exploits that would affect it. Tested the product with all possible exploits found in a controlled environment and deliver a detailed report with recommendations at the end of the month.

A black hat also got a month's contract for the same duty. He ran the rootkit and found all the exploits on day one. Then he used the corporate network for gaming and DDOS for the rest of the days. At the end of the month, show them the exploits and tell them their product is fucked.

Re:Black hat?

[Kadin2048]

I was thinking the exact same thing. I sure hope they're paying their "black hats" more than the market value of an undisclosed, 0-day Windows exploit, because that's basically the alternative mode of disclosure, should one of those guys really notice something.

Or do they really think that their "black hats" will abide by their NDA's when they're talking to some Russian guy in an IRC channel somewhere?

Re:Black hat?

[MrAnnoyanceToYou]

Yes.

Yes it would.

Making this particular claim a:) a fundamental logic error made by the biggest manufacturer of software in the world, or b) a completely unbased and silly statement based upon marketing.

Funny thing is, this is the first time I've ever hoped for a Microsoft statement to be FUD.

Re:Black hat?

[KiloByte]

Speaking of Microsoft, I guess you made a typo. The word you need is asshats.

Re:Black hat?

[tsajeff]

Depends on how large the bonus for reporting findings before the release... I am sure they are paid well to start with.

Re:Black hat?

[biglig2]

Extraordinary, it's almost as if this piece was written by some twit in marketing, and not by the Microsoft Security Team....

Re:Black hat?

[Effugas]

Yeah, it's a big ol' mess. They knew some of us were speakers at the Black Hat Briefings, so they called us Black Hat Hackers...because we're at Black Hat...yeah.

--Dan

Re:Black hat?

[StikyPad]

What would you think if an airport employed terrorists as security personnel because they know better what to look for?

I'd think "I wish I thought of that first..."

Re:Black hat?

[crashelite]

watch what u say... u might get MS or the FCC after you or the NSA or any of them acronyms

Re:Black hat?

[supabeast!]

"Wouldn't make even more sense, if money was your only concern and morality no issue, to take a big pile of cash from Microsoft, hold back the real vulnerabilities found, and then use that information to make money running bot networks (or selling the information to people who do?)"

Probably. But Black Hats have long been some of the best people at finding bugs and they're going to get prerelease copies of the OS through legal or illegal means regardless. So Microsoft really has nothing to lose aside from whatever is paid to the black hats - and to Microsoft, that kind of money is a trifling thing.

Re:Black hat?

IMHO that would be awesome.

Damn formatting...

[TWX]

The message should have looked like:

...sound like a challenge to me...

Let's count the kinds of attacks that have existed in the past:

Bad daemon/service design allowing for root control through the service itself remotely
Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
Bad port use allowing for access to stuff that should be off by default
Bad user permissions control requiring everyone who actually want to do something to have local admin access
Bad MS software design giving software designed to look at public (read: anything) access to the service or kernel level
Bad implementation of MS software allowing for public, untrusted content to arbitrarily install stuff on the PC (see also: the Balmer Story)

Sounds like we have a lot of possible places to start, and I'm not even someone used to breaking into Microsoft systems. There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users...

Vista most secure ever.

[neo]

If you've looked at any statistics you can see that no one has ever cracked into a Vista Server. Ever. It's amazing. In fact, and the numbers don't lie here, there has never been a public patch for security reasons.

Simply amazing.

It's GREAT!

said, Tony the Tiger.

Similar Headlines

[Billosaur]

* White Star Lines Pronounces Titanic "Unsinkable"

* Hindenburg Safest Way To Fly

* Ford Pinto Named Safest Car For 1973

Re:Similar Headlines

I don't know, the Pinto just doesn't convey the sheer girth of Vista.

Well of course

[tbone1]

If no one can break into it, it must be secure! Forget security through obscurity, this is security through non-existence. Brilliant!

very old news -- XP was the most secure

I seem to recall similar statements made in 2001 about new and improved user-oriented operating system XP. XP was supposed to be the most secure O/S ever and M$ made lots of statements about it being very secure, best ever, very hard to hack, etc.

http://www.macobserver.com/article/2001/12/21.5.sh tml

It was so secure that a guide had to be published, Windows XP: Surviving the first day:

http://seclists.org/lists/security-basics/2003/Nov /0555.html

Secure for me!

[gunnk]

After I installed the Vista beta I can no longer access my hard drive. Linux fdisk, Partition Magic: nothing will let me back in (can't even repartition!).

Can't get much more secure than that...

Seriously, though, the drive really is unreadable. Don't know if Vista managed to kill it (how?!?!) or if it's just a strange coincidence.

Re:Secure for me!

[ElleyKitten]

After I installed the Vista beta I can no longer access my hard drive. Linux fdisk, Partition Magic: nothing will let me back in (can't even repartition!). Can't get much more secure than that... Seriously, though, the drive really is unreadable. Don't know if Vista managed to kill it (how?!?!) or if it's just a strange coincidence.

According to the article:

On the hardware level, Microsoft has implemented BitLocker full disk encryption. Using a TPM chip located on the motherboard or USB stick, BitLocker literally encrypts data while it is being written to the disk. If a laptop were stolen, the hard drive would be inaccessible without a recovery key.

Maybe it encrypted your drive from anything else accessing it?

Re:Secure for me!

[gunnk]

If it was encryption I would think Partition Magic and fdisk would just see it as a corrupt partition. I would expect I could still delete the partition even if I couldn't read it. It may simply be a coincidence...

Re:Secure for me!

[mattyrobinson69]

As a guess, it converted it to a 'dynamic disk', which i believe causes this to happen. look for your hardware manufacturers low level format utility

Yeah, yeah, yeah

[HansKloss]

It's getting boring. I heard the same argument last time when they released Win XP, and before for Win 98.
Would you stop already. Always the best and revolutionary like never before.
Life will show that nothing really changed, except Microsoft coffins getting bigger

Re:Yeah, yeah, yeah

[Reason58]

Life will show that nothing really changed, except Microsoft coffins getting bigger

They'll need those big coffins to fit their enormous coffers.

Re:Yeah, yeah, yeah

[tuxedobob]

I'd like to think he typed what he meant.

Re:Yeah, yeah, yeah

[Reason58]

Diging their own grave, or digging it deeper perhaps, but a bigger coffin? Microsoft is taking in too many calories and not working out enough, so it needs to have a larger coffin?

Yes until...

the first virus gets unleashed named "Hasta la vista!"

Which just goes to prove...

[BearRanger]

That not even Microsoft's air force can shoot straight.

The University of Alberta is in Edmonton.

Re:Which just goes to prove...

ROTFLMAO

Re:Which just goes to prove...

Sheesh -- way to go! Here I was thinking that de Raadt and the OpenBSD project probably survived because Microsoft was using MSN Virtual Earth instead of Google Earth. Now you've let them in on the secret location: Calgary!

Even though Calgary is a much longer distance from Redmond, it probably still isn't out of range of Microsoft's long-range bombers or ICBMs.

Re:Which just goes to prove...

[colinrichardday]

According to that map (zoom out a bit), Calgary is closer to Seattle than Edmonton is, and Redmond is just outside of Seattle.

Hmmm...

what's this in the article about MS using acronyms such as RMS and SDL? Could this be part of the extend and conquer strategy? Next thing you know they will use LIB, KDE, RHL, PHP, LAMP or OSS as part of their system naming scheme. No, really.

Employed black hat hackers???

[someone1234]

Admitting employment of black hats is admitting a crime. Or, if they did a legal work, they are not black hats. Or, the article is messed up.

No they are speaking the truth

[SmallFurryCreature]

It was their most secure OS ever, right up to the point that WMF bug was exploited and Vista was found to be just as vulnerable as every other windows version.

Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.

Re:No they are speaking the truth

[Helldesk+Hound]

> It was their most secure OS ever, right up to the point that WMF bug
> was exploited and Vista was found to be just as vulnerable as every
> other windows version.

One would expect this to be the case - given that MS Windows Vista (WinNT6.0) is built from the same code tree as WinNT4.x, WinNT5.0, AND WinNT5.1 .

Microsoft also made the same bold claim about the initial release of WinNT4.1 (XP) only for it to be proven to be utterly false less than a week after it was released.

Re:No they are speaking the truth

However annoying the feature is, LUA would stop the WMF vulnerability from allowing Office from making any system-wide changes. The new protection mode in IE would prevent the WMF vulnerability from allowing any changes on your system except for clearing your IE history, deleting your temporary internet folder, seeing what cookies you had but not what was in any of your secure cookies, or (mostly likely) crash IE.

Is it still a vulnerability? For sure. Is the possible damage done by the vulnerability substantially reduced. Absolutely.

Re:No they are speaking the truth

Didn't oracle try this and was quickly put in their place?

Black hat?? Come on guys.

[TheDarkener]

"...the company has employed black hat hackers...

By definition, if you employ hackers to test an operating system, they are NOT "black hat" hackers - they are, at best, "grey hat" hackers.

Definition from Wikipedia:

Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction.

Re:Black hat?? Come on guys.

Actually, the article almost certainly got it right.

The way Microsoft treats employees and contractors (especially offshore ones), I wouldn't doubt that these are actually black-hat guys who are just getting early access for their cracks/trojans and viruses.

I can imagine their spam-farm-managers grinning all the way to the bank while saying

"why no, Bill, we didn't find any holes that we'd like to report to you - in fact, it's such a beautiful system why don't you release now and stop looking into security - BTW, mind if we hang on to our notes?".

Re:Black hat?? Come on guys.

[Effugas]

No, it's this annoying misunderstanding. A couple of us speak at Black Hat, so clearly we're "Black Hat Hackers".

*sighs*

Re:Black hat?? Come on guys.

they are, at best, "grey hat" hackers

Well shit, not everyone can be the best.

At least they didn't say it's "Unbreakable"

[imaginaryelf]

Their marketing dept is hedging its bets.

"penetration"

[MetalliQaZ]

Black hats have been "penetrating" the "back door" of microsoft since the beginning. Nothing new here.

-d

Open BSD users everywhere...

[Chas]

Falling Out Laughing

Re:Open BSD users everywhere...

[Winterblink]

"Falling out laughing"?? Are all you BSD users *that* overweight? :)

Re:Open BSD users everywhere...

96% of OpenBSD users are attractive females that are unattainable for 91.3% of Slashdot "Anonymous Cowards," and 97.3% of Slashdot registered users.

Re:Open BSD users everywhere...

[scatteredbomb]

HAHAH!! Oh man, that really made me crack up.

Yeah

[Conspiracy_Of_Doves]

It's so secure that even the owner of the computer can't control it.

Re:Yeah

[amliebsch]

Do you know anybody running unsigned code on the 360? Unhackable...so far...

funny...

[brain1]

That's exactly the statement they made about XP. And we see how far that went...

not even the most secure MS OS

[syrinx]

I doubt Vista is even the most secure MS OS... there is no way you could haxx0r my MS-DOS 5.0 box!

I declare the Vega class starship the fastest ever

[Weaselmancer]

And it's not shipping yet either.

Employ in what sense?

[buckhead_buddy]

One of the big arguments against use of illegal drugs is that it financially supports an immoral, illegal, and corrupt system. Even though you may use your stash at home and in a manner that doesn't hurt anyone else, your money goes to the drug dealers, crime lords, and liberal democrats ... err... god-forsaken hedonists that are corrupting the very soul of this country.

Is Microsoft saying that they actually handed over money, got sentences reduced, or somehow offered compensation to the black hat hackers that they've been so anxious to bring down in the past? Isn't this in itself immoral?

Re:Employ in what sense?

[Fefe]

Actually, under a "national security protection" program by the Pentagon, us black hat hackers traded two years worth of prison against half a year of Vista code review.

In retrospect it was not so good a deal.

Re:Employ in what sense?

[ChrisPaget]

Well, after a quick show of hands in the office two of us "black hat hackers" were prepared to admit to having sentences reduced. I suspect they may be high on Pixy Stix though, so you shouldn't necessarily believe that...

Yeah

[Drakin020]

...Just like XBOX360 was unhackable.....sure

Just FYI

[sammysheep]

"In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."

I think "black hat" would not be quite the term to describe this sort of activity. The term "white hat" is usually used for hired hacks: http://en.wikipedia.org/wiki/White_Hat.

Re:Just FYI

[HTH+NE1]

I think "black hat" would not be quite the term to describe this sort of activity. The term "white hat" is usually used for hired hacks

Further, why "penetration test team" or "pen test team"? The latter sounds like they work in an animation studio. If Microsoft is hiring them and still calls them "black hat hackers", why not go all the way and make it clear to everyone what they think of them by calling them a more widely known and inflammatory term, such as "rape gang"?

Nothing new

[Tony]

Remember "DNS?" Digital Nervous System?

That's okay. Nobody else does, either.

My OS is just as Secure ...

[twitter]

... and you will be able to run it in five minutes.

Five minutes pass.

GOTO LINE 1.

Re:My OS is just as Secure ...

OH LOLOLOLOLOLOLOL!!!!!!!!!!!!!one!!!!!!!1!!!!!!!!!!! !!!!!!111!!!!!!!!!

Fucktard.

trs-80 is more secure, I think

[TheGratefulNet]

since if you run tcp/ip on an old trash-80, for example, no hacker would even wait on the line long enough for the first response packet to come back. he'd time-out LONG before the z80a could respond.

there you go - security by lack of clock speed. (has that ever been done before?)

"most secure os ever". pffft! anyone who would believe this deserves to run --(xp++)

Re:trs-80 is more secure, I think

[spun]

It's been done.

Re:trs-80 is more secure, I think

[TheGratefulNet]

nice find! who'd have thought...

just look at those ping times. wow.

and what if you added some kind of access-list or ipfilter to the ip stack? ping times would then have to be measured in minutes intead of seconds.

Re:trs-80 is more secure, I think

[spun]

What you really need to make a rig like that shine is a 300 baud accoustic coupled modem. Running over tin cans and string. I bet it could work. Nothing could be more old-skool than surfing the web on a TRS-80 with a 300 baud accoustic coupled modem running TCP/IP over a cans-and-string network! Dude, that would be such a babe magnet.

Re:trs-80 is more secure, I think

[chthon]

An updated version of the Z80

And thus the security trap is sprung!

[bigpat]

The OSS community has been calling out all the security vulnerabilities of Windows for quite some time and people now pretty much take it as fact... I wonder if Microsoft's new solution to security will just be a DRM'd closed platform where everything has to be signed by Microsoft in order to run. That would be security, if everything made to run under microsoft had to be approved by microsoft. Wouldn't quite be a computer anymore. But all you wonderful IT geeks out there having been pushing a locked down computer for years as a way to make computers secure... I think this is just going to come back and bite you now. Instead of your company's IT department dictating what you can and cannot put on your computer, it will be Microsoft.

most secure because

[gerrysteele]

Because no hacker can affoard a computer powerfull enough to power it.

So, in other words...

[RoffleTheWaffle]

"This is the most secure operating system in the world! Let's go test it to see if it's secure!"

Meanwhile...

"I'll pay you guys one-hundred dollars each if you pretend to be script kiddies."

"Two-hundred."

"Deal."

No OS is secure enough

[SimpleBinary]

No matter how secure they make Vista or any OS there will always be those users/hackers who have too much free time their hands and want to make life miserable for the rest of us. The real problem lays with the users who incorrectly store lucrative information without securing their actual computer network.

Or maybe it's just a bug

[bigtrike]

Did someone break the network driver again?

And...

[FrankieBoy]

Global Warming is a myth,
Carrot Top is funny,
Cigerettes don't cause cancer,
Irac had weapons of mass destruction,
George Bush is listening to your phone calls to make you safe.

No NT 4 and Windows2k are the most secure OS's

[Billly+Gates]

... ever made. After all Microsoft said so both in 1996 and 1999.

So until holes appear in either platform I think we can trust Microsoft when they say something is secure. After all I never heard of a single security hole in WindowsXP or IIS or any server product from MS. Have you?

In Similar News...

[mugnyte]

3D Realms declared today that "Duke Nuken Forever" is The Best Game Ever! With an incredible non-linear storyline, incredible learning AI across games, outrageous low-lag multiplay, both 1stP and ortho views - and runs on a standard gaming machine! Published with a complete set of of level-making tools and start-of-the-art texture and atmosphere effects, Duke Nuken Forever is set to be the most played game ever.

3D Realms gave a presentation of the all the features that will help Duke keep the number one spot in the market. It also outlined the TV channel, movies series and theme park spun from the elements of the game.

Check it out!

Re:In Similar News...

[G+Morgan]

Taking the piss out of DNF is no fun. The delay has been because they are waiting for the GNU/HURD port.

Re:In Similar News...

[mugnyte]

  I'm not I follow ("taking the piss out"). But surely you jest about such port - itself a chimera.

Re:In Similar News...

[G+Morgan]

Taking the piss means making fun of it and indeed the delay is due to a HURD port, or maybe not.

Re:In Similar News...

[dyslexicbunny]

3D Realms declared today that "Duke Nuken Forever"

Did 3D Realms change the name so people wouldn't realize it released? How kind of them to let us keep making our jokes.

Re:In Similar News...

[dyslexicbunny]

Sorry to double post but I couldn't help myself. After posting, the ad at the top was for "Banish your belly."

Trying to tell us something /.?

Learn from XP

[Drakin020]

Well they probably take all the holes they are learning from XP and patch it on Vista. XP is more secure than any of the other windows OS's. What they do is just patch what has allready been patched from older OS's and anything new that pops up such as the MSN bug. They know to put that fix in vista aswell. Now alot of people will say "Oh this OS is more secure" but what you have to think is how many people care to even try and exploit that OS. Say you take Windows 3.1 Right now if you ran that there is a very small chance someone will discover a new exploit and post it on slashdot or something. People who find these exploits and holes only care about what people use today. Which is kind of why linux doesnt have as many issues with security as windows. The majority of businesses use Windows Server environements. As linux MAC's or whatever else begins to grow more and more people will be interesting in finding holes. But as for now I think Microsoft is just taking the issue that are arising with XP and just making notes for Vista. Makes sense why they think it is the most Secure OS, but that doesnt mean it wont have its problems.

Half Truths

[HermMunster]

Vista has little to offer other than what they are touting. Vista is most secure in the world. Microsoft has little to offer other than what they are touting.

If you are lucky enough to have seen vista in action you know it is nothing more than XP SP3 with a newer looking interface and a rather annoying prompt for every action security feature.

Microsoft is in the habit of telling half truths. Why would be believe this is any more true. If it is only half true then we are looking at a lie because it certainly can't be 2 times as good as any other OS that's secure.

Highly unlikely that BSD or even the linux community will agree that Microsoft's new interface for XP is anything more than just that.

Microsoft + Stupid Claims = ...

[Fuzzball963]

Are you sure about that ? this IS Microsoft after all ;). If anyone can compromise an OS surely it's them.

In other news.....

...... Microsoft has anounced that 3 eploits have been found and are currently in the wild.
Even though the Windows Vista OS has not been released yes hackers found ways to break the OS security.

We interviewed one of the hackers and he had this to say.
Hacker: OMGWTFBBQ!!!!!!!!!!!!1111one M1cr0suxx is t3h sh1tz0rz!!!!! W3 h@xx0rr3d d3mz!! WTFPWN3D!!!

And there you have it.

Bwar har hardy har.

I don't know what's funnier, your message or the "Insightful" moderation.

The captcha for this message is "diapers", how appropriate. :-P

Re:Bwar har hardy har.

[Nutmegan]

I can hardly remember the original message now that you've blinded me with your wit. I'd better write that diaper thing down. If only I could give mod points to an anonymous coward. :)

Re:This is known as "the big lie"

[ScentCone]

1 .Iraq has WMD.

Let's see... that would be the lie that Saddam's own weapons people were telling him. Or weren't you paying attention to those details? Certainly the intel agencies across the globe thought they were still there. You know, the ones that we saw giant piles of on multiple inspections, and which his regime refused to explain away, in terms of where they all went (not counting the truck caravans going into Syria, of course).

2. Saddam was responsible for 9/11.

The only people spouting that one are the people trying to say it often enough to make people believe that the US government actually said that... the better to make political points against the same. In other words, you are the one saying that, so that you can point out how not true it is. In the meantime, the people actually dealing with the problem went to Afghanistan, where the people who did it were actually being sheltered. Of course, the Taliban and A-Q did have regular contact with Saddam's intel people, but that was just on matters of routine cash, weapons, and operating territory. But getting rid of him was every bit as important as denying Taliban shelter to A-Q. Especially since he had things like "annex neighboring countries" and "lob SCUDs at Israel" on his regular to-do list. Oh, and publicly making large payments to the families of terrorist bombers, gassing whole villages, bulldozing mass graves, that sort of thing. You do actually comprehend this stuff, right? I mean, you're just pretending you don't know it, to score shallow rhetorical points, right?

3. Profit! (for big business, at least)

And which large companies, employing hundreds of thousands of people and providing services that small businesses cannot provide, would you like to see operating at a loss? How would you replace them when they fail? Would you have small mom-and-pop antibiotic manufacturers? Neighborhood hybrid car factories run by families with 10 employees? Motherboards made by hand with soldering irons? Aircraft made by the great grandchildren of the Wright brothers in the same bicycle shop? Natural gas pumped and transported a few gallons at a time in backpacks? Oh... you're the type that would rather the government did all of that. Well, just come out and say it, then. That's so much more straight forward than hoping that people will see your BS is just a callow, sarcastic charade.

Mod the entire article as +5 Funny and move on...

[alexfromspace]

Mod the entire article as +5 Funny and move on...

Exactly...

[Nick+Driver]

No one can compromise an OS that hasn't even been released yet.

Exactly... just like this one.

It is

[JustNiz]

The retail version of Vista is the most secure OS ever.
MS just left off the "Because no one is using it yet".

Pen what?

[adam.dorsey]

In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team.

So, if they go through fourteen teams, will the next one be the Pen15 team?

it'll be very secure...

if it's never delivered and can't actually be installed

Triumph quote

[iceborer]

Windows Vista is the most secure operating system in the industry

For me to poop on.

Pales in comparison

[Guysmiley777]

Oh yeah? MY OS requires blood and tissue samples as well as an FBI background check to log on and the user can do one of two things: log off or reboot. No network (or God forbid internet) access, no access to install or run programs or peripherals. Nothing. But boy is it secure! Yep, nobody is EVER going to hack into it.

Only time will tell!

[s31523]

Anyone can make claims, but the proof will be in the pudding. I look forward to the first /. article on "first Vista security patch announced" and the corresponding flame war over that. All I think M$ has done is put a big ass target on their precious new OS. Nice job guys!

My thoughts

[MImeKillEr]

*cough*bullshit*cough*

I Agree!

[SFSouthpaw]

I'm using the Beta (thinking of giving up *NIX), and I have to say security has defi
### MASTER MEGA-MILLION LOTTERY###
######### THERE WAS A COMPUTER BALLOT WHICH QUALIFIED YOU AS ONE OF THE WINNER OF THE SUM OF ########
######### US$ 2,000,000,00 (TWO MILLION, UNITED STATES DOLLAR) FOR MORE ENQUIRIES AND INFORMATION PLEASE CONTACT: #########

Microsoft says...

[Bullseye_blam]

>>>>>>>>>>>> VISTA >>>>>>>> HACK ME NOW

+++
no carrier.

Microsoft Says

[observer7]

just like simon says . i gave that game up in my childhood ...

OMGWTFBBQ

[Dachannien]

On the Intarweb, such grandiose claims of superiority over one's foes are usually spelled "EVAR".

is this legal?

[carlosGames]

the company has employed black hat hackers for what is called a penetration,

in my country this is called prostitution and is not legal

What would you expect

[aitan]

Yeah, I hoped Steve Ballmer to come out and say:

Look, this Vista thing is good, but it still hasn't reached the security, stability or performance levels of any of our previous versions, but please: Buy it, I need that money desperately or my wife will leave me.

What about the...

[Gattman01]

...only to system to repel all viruses released before December 25, 2005: Altimit?

Things you can't say in notepad...

If you're a Windows user, open Notepad and type in this phrase, without the quote marks and with no carriage return: "Bush hid the facts". Now save it and open it again. The subversive text is probably gone, replaced by a line of white boxes, or Chinese characters if you have the font.

It's not the massive right-wing conspiracy it might seem, though. The folks at WinCustomize.com discovered an odd bug in Notepad that's triggered by a text file consisting of a four-letter word, two three-letter words, and a five letter word. Some text does it -- "this app can break" is their example -- some doesn't.

If Microsoft can't keep strange bugs out of Windows' simplest application, we'd better get used to the monthly security patch cycle throughout Vista's lifetime.

Mmmmm...

[Anita+Coney]

Didn't Microsoft also call the original Xbox unhackable?!

Vista already had malware written for it

No one can compromise an OS that hasn't even been released yet.

Really?
http://news.com.com/First+potential+virus+risk+for +Windows+Vista+found/2100-7349_3-5819428.html

But then, Microsoft did the same claim about their Windows XP, touting it to be the most secure version of Windows, and even rolling such funny ads as this one, promoting XP:
http://www.dolphinwave.org/Media/Local/msbanner_12 .gif

And then there was MS Blast, probably the most devastating blast against Windows at those times...

Now they claim it to be not just the most secure Windows, but the most secure OS! Imagine the magniture of the next upcoming hit it will take...

They're right, you know...

[sottitron]

By not releasing it, they have managed to make the most secure OS in the world, but just wait until its in the wild!

Keyword is "was"

[CyberSlugGump]

FTA: ...Windows Vista was the most secure operating system in the industry. (emphasis mine)

I have to wonder why the article didn't use the present tense "is" or future tense "will be" considering that Vista is still in beta! So what IS the most secure OS?

--
I laughed until I stopped.

What about MVS / zOS?

[belrick]

I *think* the mainframe OSes do an one interesting thing, that is making the user that has superuser rights with respect to granting access to resources (under RACF) different from the user that would be otherwise equivalent with UNIX's root and such that the root equivalent can't change access control and is general excluded from accessing data.

My first thought is that of course the root-equivalent could bypass the security system but I think one would have to do the equivalent of writing and loading a kernel module plus user space tools to do so. Thus it provides a reasonably high barrier compared with the lack of barrier between a UNIX root user and the system's (and user's) data.

The verb used is "was," which is past tense

Muglia claims that "Vista was the most secure operating system in the industry" [emphasis added]. Notice that Muglia uses the past tense, "was." Depending on the time period he had in mind, I find nothing wrong with his statement. Before Vista was released to the public, it may well have been the most secure operating system in the industry. However, to claim that it remains so at this time is utter folly.

In other news:

[dmitrygr]

Zastava corporation announces that yugo is the best car ever, USA annonces that USA is the freest country ever, And the Devil announces that hell is the coldest place ever

Remember the XP Launch?

[ackthpt]

Vista is the most secure operating system in the industry

Of course it is... virtually no one is using it yet. While Vista is obscure, it follows that there will be little exploitive effort. As always, future history is yet to be written--although it tends to reflect and repeat the past.

Seems I've heard this song and dance before, just before a multi-year parade of vulnerabilities and exploits which would have made the Fall of the Roman empire look like an upended tea cup.

Hell, they're all going to be billionaires all over again and end users will muddle through as always.

Lucky Sisyphus, the rock didn't come with Windows.

So...

[Firehed]

I guess that means that Vista won't be able to connect to the internet. Eliminate the source, eliminate the problem, right?

Tommy Boy

[ruiner13]

"I can take a shit in a box and slap a guarantee on it, and all that means is you have a guaranteed piece of shit."

For some reason, MS saying that makes me think of that line...

(Sorry if I butchered it a bit).

Can They Do That??

[xCROSSFIREx]

can they really compose a sentance that contains the words "Windows, AND SECURE" without the secure being introduced with a "not"?
they probably started to write "microsoft says vista is most secure os ever"...then lightening crashed all around them

It's true

[Seiruu]

An OS that crashes every 10 seocnds cannot be hacked, after all.

MS antivirus, spyware protection to go unsold

[DanTheLewis]

[/BS]

vista security

[theeddie55]

So far it's certainly secure, it's so secure that i couldn't even get the beta version to start, hopefully the final release will be a little less secure than that.

Vista most secure in the industry

[UnknowingFool]

That begs the question: Which industry is Bob talking about? If it is Windows OS, then the answer is yes. If it is OS that run on x86, then most of us are skeptical given that is what MS has said about NT, XP, 2003, etc. They are getting better in terms of security but they are not the most secure.

Marketing for the arrival of the software Messiah

There must be a reason for desire to upgrade from XP to Vista. As far as I know Vista does not have ANY feature in the corporate or home user environment, which sends the urge to line up at computer stores on the release day to catch a copy.
The only "real argument" for upgrading is this "most secure OS in the entire universe" marketing slogan. The public is sick and tired of all the security flaws, consumers are "ready", they have been waiting for the software Messiah to arrive.

Secure?

[Necrotica]

By "secure" they must mean "annoying." I'm running Vista beta 2 right now and I'm running into all sorts of security-related issues. Like warning popups when applications run, local admins not being able to delete things, local admins not even being able to do an "ipconfig /release" in order to get a new IP address via DHCP. Seriously, Vista is going to drive people freaking nuts!!

But I would never, ever, ever utter the words Vista, OpenBSD, and security in the same sentence in a positive tone.

Windows IS Secure!

[Hercules+Peanut]

Slashdot users do not give Microsoft the credit it deserves. I've been using MS Windows for years and have frequently found myslef locked out of the desktop and unable to do anything.

My current employer's IT department has set up our computers (running XP Pro) such that we are incapable, no matter how hard we try, of playing DVDs, using the command line or even sending attachments via email. Now THAT is security. In fact, our systems are so secure it almost feels like I'm using my old AtariST. Well, I could download binaries via dial-up with my Atari and I can't even use dial-up with my PC. Computer Security has taken care of that little hole.

The fact is that our Computer Security has removed more features from Windows than most computers had just a few years ago all in the name of security and no matter how determined, I just can't restore it.

Come to think of it, the only thing more secure than Windows is using nothing at all and sometimes, when a new virus comes out, we do. They have even put little locks on the cases to keep us out of the case so we can't replace the HD (or steal the 128Meg of RAM out of our $400 Dells)

So come on slashdotters, give MS credit where credit is due. I have no doubt whatsoever that the New Windows Vista will have the ability for admins to lock the desktop user out of every single feature and function it offers and, in the end, isn't that what security is all about?

Re:Windows IS Secure!

[Hymer]

Try ERD commander from Winternals... You will be able to reset the Admin password and then remove the policy...
You probably will be fired shortly after.

Re:Windows IS Secure!

[jawtheshark]

Actually, it just means you have competent admins. It says nothing about the OS. You can equally do this with Linux, *BSD, Solaris, OS/2 and any other modern operating system.

I Call Bullshit

[Greyfox]

MVS TSO is probably the most secure operating system ever.

Did they mean secure desktop OS? OSX is probably more secure. If you want to stretch a bit and include workstation-based unices, I worked with Data General to audit the security of their C standard library and assorted UNIX utilies (They had to document all that for DOD B2 certification) and I'm willing to bet that even Solaris and Linux are at least as secure as Vista if not more so.

Maybe they meant the most secure OS ever from Microsoft. That I'd be willing to believe, although DOS 5.0 was pretty good as long as you didn't share your disks out to all your friends...

Re:I Call Bullshit

[grahammm]

What about Honeywell's Multics and ICL's VME/B? These were designed with security in mind.

Re:I Call Bullshit

Get with the program!
MVS has been renamed twice since it was MVS
MVS--->OS/390--->z/OS

We're currently installing z/OS v1.7

That headline is a great joke.. i give it +5 funny

[plasmacutter]

if vista is their "most secure os ever", it must be the same way mcdonalds food is "the healthiest it's been, ever"

Re:This is known as "the big lie"

Dick Cheney repeatedly asserted that Saddam was connected to 9/11, and clearly implied that invading Iraq was legitimate retaliation for the attacks of 9/11.

YEAH, RIGHT!!

[obnoxiousbastard]

HaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHa aHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaHaaH aaHaa

Oh stop it, you're killing me you silly bastard!

The only way to secure a microsoft OS is to set the damned thing on fire and hope it doesn't get hacked before it burns up.

Vista..Microsoft...most secure OS ever...

That's F-ing rich!

This is a gag right!???

Obviously...

[Massif]

...any operating system that makes you confirm deletion of an icon on your desktop 3 times MUST be secure!

We've taken out all network capabilities!

[Seiruu]

Take THAT you silly hackers!

Keyword...

[NIN1385]

The keyword here is "Was". It WAS the most secure OS ever in an alternate dimension in a land far far away.

Familiar somehow

[finkployd]

Let's see, I believe that claim was made about NT, 2000, XP, XPsp2, and Server 2003, which in fairness was the first OS they even really tried to make secure. It was also made about the XBox in terms of "unhackability" (which may not be a word, but should be).

So why would even the most hard core MS fanboy believe them this time? They have clearly shown a long running pattern of being unable to understand what "secure" means, but I bet there are people out there going "good, MS says this is secure, now all those alternative OS weenies can shut up".

Reminds of COPS where you see the woman with the black eye crying "But he loves me, he won't do it again" as the police take away her drunken, shirtless boyfriend.

Finkployd

Re:Familiar somehow

[ErikTheRed]

I've been looking for the quote and been unable to find it... I could have sworn that somewhere along the lines Steve Ballmer stated something along the lines of "Windows 2000 would never need a service pack"... replies from anyone with a better memory than mine would be appreciated. It's not quite "640K should be enough for anyone" but it's close...

Most secure OS in the industry?

[octaene]

What industry, the Toy industry? For the love of God, spare me.

Re:Most secure OS in the industry?

[Hymer]

In MS world "the industry" referes to the MS Windows world...

In other new..

[rjshields]

...Apple claims the G5 is the fastest personal computer ever, Gates claims 640k should be enough for anyone. This claim should be filed neatly in /dev/null

they beat OpenBSD

[Tom]

Well, they do beat OpenBSD - Vista has zero remote root exploits in the default install so far. Don't let anyone tell you that that's because it hasn't been released yet, ok?

Seriously though...

...how long before before the first exploit after GA? I think XP was the first release after the formation of the Microsoft Committee on Security Excellence (or whatever that added layer of buracracy was) where Gates hired some IT/IP security guy and they made security job one or some such. Wonder where that guy is now.

black hats?

[Odin_Tiger]

Ok. Who are the black hats, are they any good, and how stupid is MS? Either these are actually white hats and MS is trying to look cool, or else they just hired a bunch of people who would love nothing more than to break Vista and -not- tell MS about it.

Did he just say that?

[eh2o]

Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry.

BWHAHAHAHAHAHA HAHA AH HAHA A
WHAHAHAHABWAHA HAHAHA HAHAHAHHAHHAHAHAH!

*snort*

Yeah. That Bob guy is a pretty funny.

Most of our computers won't run Vista well

[WillAffleckUW]

One has to wonder how many people won't even bother to upgrade to Vista in the first place.

For example, in every review I've read, it appears you need more than 1 GB of RAM, preferably more than 2 GB or more, and a top of the line video card with more than 128 graphics memory.

Additionaly, for reasonable performance with your normal multi-application usage, you have to have better than 4 GHz or a dual core CPU.

This pretty much rules out most laptops I've seen around, and a lot of home PCs.

I can't see paying more than $2000 (more like $4000) for a new PC (or $5000 for a laptop) as well as an additional $2000 for replacement applications, just because Microsoft wants us to pay them more money.

Unless I'm wrong on these counts, I'm going to stick with WinXP for my home laptop and work PC, and consider switching to Linux soon.

You forgot two...

[jd]

7. ???

8. Profit!!! (To the tune of a few hundred billion)

... for certain values of "the industry"

[wowbagger]

This is a trivially true statement, for certain values of "the industry".

That is: "the industry" := "Microsoft Operating Systems". .....

Oh, you actually thought "the industry" might mean something else? Silly human.

Yeah right

[agentdunken]

Total bull crap. Microsoft has said that about EVERY single OS they have made. They said that about XP and look what it turned into..

O rly?

[jofi]

Secure code doesn't stop insecure users, and then those insecure users saying your software is insecure. They totally missed the point.

How to tell Windows Vista is more secure

[WillAffleckUW]

Clippy has a black hat and six shooters now ...

Clippy: I see you're trying to type a memo, would you like me to help?
User: No.
Clippy: Is it ok if I delete the memo, since you mistyped a word?
User: No.
Clippy: I'm just going to shut off the Internet, it might send some viruses in the future if someone doesn't like you - ok?
User: No.
Clippy: Oops. You just typed a word in Arabic! You might be a terrorist! I'm going to send a copy of your memo to the NSA right now!
User: tries to turn off Clippy
Clippy: Well, that did it! Noone turns off Clippy, especially a terrorist! I'm going to shutdown this computer!
User: turns off computer, installs BSD or Linux

Microsoft Secure? yea right...

[acurism]

Microsoft secure, now that is funny... Why do you think most ports on MS are open, So MS can see what you are up to. I don't think that is going to change

Re:This is known as "the big lie"

[ScentCone]

Dick Cheney repeatedly asserted that Saddam was connected to 9/11, and clearly implied that invading Iraq was legitimate retaliation for the attacks of 9/11.

Nope, sorry. He repeatedly pointed out that there were indications of a connection between Al Queda and Saddam's intelligence apparatus (being shown more and more each day to be exactly true), and very reasonably pointed out the need for a more stable, democratic middle east in the wake of 9/11. "Retaliation" is your choice of words. His description was simply that it was important/essential. Which, of course, it was and still is.

Microsoft Bob

MS SVP Bob Muglia...

So, that's the infamous "Microsoft Bob" everybody keeps talking about!

Hard to take it seriuosly when

[Anomalyst]

The first sentence has both MICROSOFT and BOB in it.

I think you missed some lines...

>So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of >that "security":

> *insert CD*
> "You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
> *clicks yes*

> *launches Internet Exploiter*
> "You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
> *clicks "Yes"*
> "Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess >your computer up! Are you absolutely sure you want to connect to the internet?"
> *clicks "Yes"*

A Virus once bit my sister ...

    No realli! She was Karving her initials on the Virus
    with the sharpened end of an interspace tøøthbrush given
    her by Svenge - her brother-in-law - an Oslo dentist and
    star of many Norwegian møvies: "The Høt Hands of an Oslo
    Dentist", "Fillings of Passion", "The Huge Mølars of Horst
    Nordfink".

-- All apologies to Monty Python

The proof of the pudding ...

[Macka]

... is in the eating. First they have to demonstrate they can match the rest of their OS competitors. For that the number of viruses Vista proves to be vulnerable to have to drop to near Zero. Then they have to match or best the rest in terms of the number of security vulnerabilities from non-admin locally logged in accounts. They won't eliminate them completely, that's virtually impossible. But they can be measured on this too.

Frankly MS have a mountain to climb, and I'll bet that a year from now (assuming it actually ships in that time frame) Bob Muglia will be too embarrassed by that claim to show his face.

That's because it nags you

[arrgster]

to the point where you don't even want to turn on the computer.

"This is a fictional example of where things are going"

User: click to open word

Vista: are you sure you want to do that

user: click yes

Vista: are you absolutely sure you want to open this program

user: click yes mumble mumble

Vista: Warning this program has the capability of running macro viruses

user: click ok, like I didn't know that

Vista: do you want to see this warning again

user: click no

Vista: Are you sure

user: click yes, ggrrrr

Vista: Word opens

Vista: There is a new security update for this software would you like to install it now

user: what the, Click no

Vista: are you sure this is very unsafe!

user: oh for the love of Pete where's my pen and paper!!

Microsoft: Yet another user saved from themselves!

Trusted Solaris

[RedOregon]

What... no one's going to mention TSOL? Sure it's a royal PITA to administer, but it doesn't get much more secure...

SE Linux

[nakedbonzai]

Great, time for the NSA to switch from Security-Enhanced Linux to Windows Vista.
What could possibly go wrong?

Cowpies - Large Longhorn type

[jo42]

> The most secure OS ever?

(cough)Bull(hork)Shit(cough).

Re:BOOT CD's

[SirCodeAlot]

ummm of course you do this with VIsta.. And You could do it with XP as well...big deal

What a joke...

[Fallen+Kell]

Has MS's PR/relations department EVER heard of Trusted Solaris? I guess not if they are making claims such as this one.

Re:What a joke...

[froglover]

Microsoft's got Solaris running in the lab. Microsoft simply chose to LIE boldly, knowing that the gullibility of mankind ensures that Microsoft will make many extra billions of dollars from such a lie.

The unofficial Microsoft motto: "A lie a day keeps the competitors at bay."

bummer of a birth mark...

[slashname3]

Microsoft just painted a huge bullseye on Vista. If the hackers were not interested in spending time finding exploits they will now. Waving red flags and yelling watch this are things you should not do unless you know for sure the bull is in the other corral or that you are an expert at the stunt you are about to try and pull. Microsoft is in the same corral with the hackers and they are not experts on OSes based on past performance.

From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."

Re:bummer of a birth mark...

Many an ancient lord's last words had been, "You can't kill me because I've got magic aaargh."

-- Terry Pratchett, Interesting Times

Re:bummer of a birth mark...

[pilkul]

It really doesn't matter. Vista is going to become the #1 operating system in a few years, so it's going to be a target regardless of whether Microsoft blusters about it or not. Your argument is probably why Apple doesn't make much of its good security record, but it doesn't apply for Microsoft.

Re:BOOT CD's

No You don't underastand Live CD
XP and W2K cannot do what live CD can do
They cannot set up an internet/network connection automatically at bootime,
Live CD can

It is very different
When you learn more, you will ne one of those using irt

Try booting a XP or W2K CD wit No hard disk, Thats right I dont even need a hard disk
I see you may be a convert very soon

what industry?

[tehwebguy]

"in the industry"

we are probably talking about the "microsoft windows industry"

user control

[gmerideth]

It's secure alright. It prevents users from re-arranging their start menu. Now that's secure! I'm not aware of any malware that rearranges the start menu as a feature but Vista will prevent that too.

Want to delete that icon on your desktop? Yeap, you'll need administrative permissions for that as well. But you ask...it's my desktop, why do I need the administrator? One would figure that even running in "low" user mode would take into some kind of consideration that you don't need to be a damm admin to remove icons from your desktop.

And I am ****dying**** to see what happens when we use our RSA keys in Vista. There *is no* administrator password that is fixed. Does Microsoft envision a system that will have users asking me for permission where I have to whip out my key and give new passwords every minute?

Not quite accurate...

[leoxx]

That part in the middle should read:

Canadian Prime Minister Stephen Harper has sent a letter of thanks to US President George W Bush, citing this action as another example of US moral leadership.

Re:Not quite accurate...

[operagost]

As usual, Slashdotters blame GWB for the actions of corporations.

It's secure alright.

[shelterpaw]

Secure from people being able to use it productively.

Vista as webserver

[manon]

Extract from the Vista manual on security:

"Please grant all your website visitors access to the server room.
Point Internet Explorer to the following address: http://127.0.0.1/ .
Microsoft can not be held responsible for security breaches by physical access to the server."

Re:BOOT CD's

[SirCodeAlot]

Yes they can, learn before you speak I know of what you speak and understand you. Now lets see you play most games on that fancy (scratch that useless) OS residing in RAM...I can....of course for that part I would need a hard drive, since I know of no game that will do this.

the beta is very secure at least

[atarione]

in so much that i can hardly get IE7 to run without locking up... in fact i'm typing this on firefox right now cause IE7 has hung... and I can not get it to end task..

You got to love Microsoft

[TheSkepticalOptimist]

How can you hate a company like that. I mean, first of all, they can do now wrong, despite offering the worlds worst OS for security in the last decade, they still have 95% marketshare.

Then they say they have the worlds most secure OS even before it enters its release candidate stage.

Lets face it, Apple and Linux is pretty boring compared to Microsoft.

Anyways, I am sure this will blow up in Microsoft's face sooner rather then later as someone finds some simple exploit in Vista that will make this statement false. I do home Microsoft got their act together and actually came up with a MORE secure version of Windows, but to say the MOST secure is laughable.

In the meantime, despite the fact that there have been may beta and CTP releases in the last year, is there any Vista exploits out their yet? I mean, I can't see the hacker community waiting for a gold release of Vista before they start their follies. I haven't read of any security holes found in Vista yet, of course, Beta 2 just was released to the public a few weeks ago. Is there any truth to this statement! I am holding my breath waiting for the answer because it seems a pretty safe thing to do.

Re:You got to love Microsoft

[HermanAB]

Most secure, for very small values of most... ;)

Oracle

[jaweekes]

And Oracle was unbreakable! http://news.com.com/2061-10789_3-5808928.html

Just out of curiosity...

[behindspace]

how "secure" will it be once it's available to the general public?

In other news....

[Jules+Mercuri]

3DRealms says Duke Nukem Forever Most Fun Game Ever.

Muglia Ain't Too Bright...

okay, mugs just drew the line in the sand and claimed hackers that have been beating him silly since windows first existed don't have the talent...

nice challenge mugs.

you get what you get...

i'm betting you don't like the beating too much... just like yu didn't like the last beating too much... or the current beating too much...

Vista is so secure ...

[cylcyl]

That no one can use it. Ever.

Duh... Isn't this common sense?

[ShyGuy91284]

First we have XP. Major security problems. So Microsoft has patched the hell out of it and released a lot of security tools to help users. Enter Vista. A brand new OS noone has really had much of a chance to exploit and punch through and find security flaws. Add onto this the justifyable paranoia Microsoft got over XP's security, which helped the development of Vista being more secure and tools that will be part of Vista. I would be more worried if they didn't say this. Even the simplest reasonable encryption in the world was "secure" at one point in time. Once Vista gets out there, it will have plenty of problems (probably not as many as XP since they are prepared, but they will exist). The real question is will Vista or OS X (or OS XI?) have more security problems this coming generation? We'll have to wait and see.....

sure, I'm buying it...

Windows Vista is the first operating system from Microsoft to be built from the ground up using the SDL development model.

This quickly brought me to the conclusion that simply because it is the first such OS from Microsoft, that it must be the most secure OS ever!

Consumers are being plagued with spam, phishing attacks and spyware, while the corporate world fends off data and identity theft.

Being that this statement is in regards to computers running the current release of Windows, this too reassures me of Vista's far superior security

...the company has employed black hat hackers for what is called a penetration, or pen, test team.

Every time I use the term "penetration testing" at work, at least one person has to giggle. That makes me feel more comfortable with Vista. Besides, what could a black-hat hacker (who, by definition, is no-more) with a serious grudge against M$ possibly do to put my personal information at risk?

The company is working closely with developers to add custom "shims" that will ensure their programs are compatible with User Account Control.

There's no way "shims" is synonymous for working around these added security settings, and could possibly be considered a back-door. This is in no way a "hole" in the warm, fuzzy blanket that is Vista.

Microsoft already has compatibility improvements planned through Windows Vista Service Pack 1

Let's not re-interpret this as the "Windows Vista Cannot Be Delayed Anymore Pack".

When will they make a movie about this?

Son of The Inconvenient Truth... I anticipate Al Gore portraying a president armed to the teeth and forced to fight his way out of his own cabinet.

Coincidence?

[RoadWarriorX]

Just as I was looking at my RSS feeds, I see this story and this.

Aw crap, milk just squirted out of my nose. *snork* *snork*

Spelling!

They misspelled "evar"

Bowser?

[blueZ3]

Is that you?

Vapor is often uncrackable

[wardk]

hard to break into something that actually doesn't exist.

It's true!!!

[JFMulder]

Apparently they have removed support for network cards and wireless.

Obligatory...

[kripkenstein]

To paraphrase CBG:

Worst. OS. Ever.

Couldn't be!

[the_back_sasser]

Microsoft BOB had built-in protection. That machine was so hard to hack that hackers didn't even bother to buy it!

It's True!

[ch-chuck]

I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed. Imagine an OS so secure it would rather self destructs than allow an intruder. Now that's a secure OS, yes indeed.

Tip: You must update to latest cvs of rdesktop, something about key size.

Re:It's True!

[tjwhaynes]

I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed.

If this is true (I don't have a machine infected^W with Vista to test it against) that's an instant denial-of-service attack for you. Better still, there may be a way to get a shell on the Vista server under the priviledges of the user that started the RDP session ... So much for checking all interfaces parsing through incoming data to check for overflows or bad handling.

Cheers,
Toby Haynes

Poor design decision:

[Roger+Wilcox]

Why on earth did Micro$oft ever decide to remind anyone about anything every 15 minutes anyway? A standard "Would you like to restart now?" type message box should be more than adequate an opportunity for the user to decide weather or not something is important enough for immediate action. Anything more can be nothing BUT annoying!

Like a car commercial

"Best in industry" reminds me of the line all the car commercials use. "It has the best horsepower in its class"... then they conveniently make up a class that only includes cars with less horsepower. Obviously Microsoft is just making up their own industry.

Sounds vaguely familiar

Perhaps the reason for all the delays is that they are waiting for everyone to forget that they made the same claims about XP.

Current Windows IS actually crap?!

[jivo]

"Windows NT 3.0 will be the most secure OS ever!"
- Anything beats Winows 95. This baby comes with military grade security and all!

"Windows NT 4.0 will be the most secure OS ever!"
- NT 3.0 was obviously redicules...

"Windows XP will be the most secure OS ever!"
- I thought so: Windows NT 40 was actually crap!

"Windows Vista is the moste secure OS ever!"
- now hold it... This is getting boring!

How about simply admitting that the Windows you're using is crap, right our of the box! It's not that Microsoft doesn't know: they're just a bit slow to admit it!

Re:Current Windows IS actually crap?!

[demon]

Too bad there was no NT 3.0... :)

not even MS's most secure

[poot_rootbeer]

I think even MicroSoft BASIC was a more secure operating environment than Windows Vista is going to be. I mean, that shiz ran straight from a ROM chip, son. How you gonna hack that?

Re:This is known as "the big lie"

[colinrichardday]

He repeatedly pointed out that there were indications of a connection between Al Queda and Saddam's intelligence apparatus (being shown more and more each day to be exactly true), and very reasonably pointed out the need for a more stable, democratic middle east in the wake of 9/11.

Will either our need or our troops produce a stable, democratic Middle East?

Re:BOOT CD's

of course for that part I would need a hard drive, since I know of no game that will do this.

Of course you would not need a hard drive for that, you can play a lot of games off a live CD, too:
http://www.tuxmachines.org/node/6136

I used it, tried demos of Doom-3, Quake-4, UT2004, America's Army, Cube... Runs great. No HD - just boot a DVD and play. Oh, and you also have a full-blown working desktop with OpenOffice at your fingertips. All from a bootable DVD.

Whoever is spouting this BS should be fired

[melted]

Microsoft, proficient at shooting themselves in the foot. When Vista comes out and people write another 10000 viruses for it, this claim will backfire in a big way and further hurt Microsoft reputation (or what remains of it).

Re:This is known as "the big lie"

[ScentCone]

Will either our need or our troops produce a stable, democratic Middle East?

Yes.

Uhhh.....

[menace3society]

What's that? VMS? I'm sorry, I can't hear you over the roar of an operating system under which whole classes of common exploits are programatically impossible.

Not what the testing agencies say ....

[mikefocke]

The most secure OS ever was SCOMP, validated A1 by NSA under the TCSEC criteria.
Next was STOP repeatedly validated B3 and EAL5 Augmented under TCSEC and Common Criteria.
No form of Windows even came close.

So will Microsoft submit Vista to an independent security analysis by industry standards? They will have get a Common Criteria "rating" to sell it to the US Government and other governments. At what level will they submit (you declare how high you are attempting to achieve when you begin the process)?

The proof of their confidence in "most secure" will be to see what level they try to achieve.

Bet they don't go above EAL4, probably lower.

Obligatory Schneier quote

[Schraegstrichpunkt]

Computer security is often advertised in the abstract: "This system is secure." A product vendor might say: "This product makes your network secure." Or: "We secure e-commerce." Inevitably, these claims are naïve and simplistic. They look at the security of the product, rather than the security of the system. The first questions to ask are: "Secure from whom?" and "Secure against what?"

They're real questions. Imagine a vendor selling a secure operating system. Is it secure against a hand grenade dropped on top of the CPU? Against someone who positions a video camera directly behind the keyboard and screen? Against someone who infiltrates the company?

A broad claim that an operating system is "the most secure ever" is completely devoid of meaning.

Best pickup line ever

"I'm a penetration tester for Micro$oft."

securing computers is really, really easy

[swschrad]

surprised MS has not taken the obvious steps.

1) turn the machine off

2) lock it in a safe.

3) destroy the code to open the safe.

4) fill safe with concrete.

any machine that is powered and accessible through a user device can be compromised.

Way too funny

[necro2607]

"Vista Most Secure OS Ever"? LOL

Come on, I just totally choked on my drink laughing at that... If I wanted to be laughing and disrupting my coworkers I'd be browsing bash.org! ;)

The proof of the pudding is in the eating

[I'm+Don+Giovanni]

"The proof of the pudding is in the eating", so we'll see if Microsoft's claims hold true when the OS is released. But even if it's not "the most secure OS" (if Microsoft really claimed that), they're making progress (which can only be denied by the most biased anti-M$ fanboy lol).

Of course, given the choice, most slashdotters would prefer that Vista be insecure so they have something to bitch about. They lost the stability ammo (although they do continue to talk of BSOD, which are as rare as kernel panics these days), and they desperately don't want to lose the stability ammo. For if the stability ammo goes away (or is sufficiently diminished), all they have left is price.

Re:Microsoft + Stupid Claims = PROFITS!

[Lord+Prox]

I think everyone here has got the wrong idea. When MS referes to "more secure" They are refering to their market position and their rights being secured away from the end user.




Got Debt?

They've said the same thing since '95.

[All_One_Mind]

Haven't they said that about each version. Windows 95, 98, ME, 2000, XP, Server 2003 etc. It's a PR move directed towards the masses. Obviously they have a public image problem when security exploits in Windows makes CNN every month or less. Statements such as this shouldn't be directed towards the IT crowd, because we know better. I run FreeBSD and know how to exploit each major version of Windows, and I'm sure most of you do too. The bottom line is that they've focused on security a lot for Vista, so of course they're going to be blowing their own horn in an effort to alleviate their PR problems, and to illustrate a reason why the general consumer even needs Vista in the first place.

DOS

[cp.tar]

Is it a disk operating system or a denial of service?

Is there a difference?

hmmm

[watsondk]

interesting quote from the article

"Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry."

note the use of "was", hmmm is this butt covering, or are they admiting that vista "was" the most secure OS, if so well if that was the past, whats the current most secure OS ....

MISSION ACCOMPLISHED!

[cashman73]

I don't know about you, but based on the latest Breaking News , I think Bill Gates has just declared victory and moved on,... CNN
MSNBC

its so secure...

[HiddenCamper]

Vista is so secure i cant get it to install itself on my computer.

Penetration?

[Godji]

In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team.

Why, the only one who's getting penetrated in the end will be the user...

Besides, shouldn't those be RedHat hackers there? I know, that joke was dumb.

Personal experience

[mmdurrant]

Having used Vista personally, I can say that it is definitely the most secure OS offering from Microsoft thus far, aside from DOS. However, this security is obtained by a complete sacrifice of usability. I was greeted by ~12 different security prompts attempting to install WinAmp from a network share, even before I was greeted by the install interface. While I did feel secure (and a little paranoid), I was not impressed as I trust that WinAmp obtained from their site isn't going to hose my PC, install spyware/adware/etc.

My $0.02, half of that being a penny for your thoughts.

Dont release

Clever Stratagy, If they dont release it then it can't be hacked. Genius!

Comparison?

[kc0re]

In comparison to what? XP? Jesus.

For sure

[fragmer]

Windows Vista is so secure that it takes 7 steps and 5 confirmation dialogs to delete a desktop shortcut. Now that's what I call a streamlined interface.

Con-fuse-ed?

So its the most secure OS ever because a couple of podunk script kiddies said so? Hey I used podunk in a sentance.

Most secure? Guess for whom!

[RokcetScientist]

For no. 1, of course . . .

Microsoft just may need a reality check

[kbolino]

OpenBSD has held that title for the past twelve years. Windows lags far, far behind. If Vista can beat OpenBSD's record (a tough task, to say the least), then they can crown it champion--not before it's even released.

Not a chance...

[rdean400]

In a world where z/OS, i5/OS, and OpenBSD exist, Vista cannot be considered the most secure OS ever.

Re:Microsoft + Stupid Claims = PROFITS!

[vandon]

They are refering to their market position and their rights being secured away from the end user.

If you read TFA, you'll see the phrase 'the most secure operating system in the industry' is similar to what auto makers use. Ford or Toyota never says 'Our car is the best'. They say 'The Toyota Newsupercar is best in its class', which of course means the class is limited to all vehicles that are the same year, color, size, weight, manufacturer, and model as the Toyota Newsupercar.
The 'in the industry' is most likely limited to large companies that had 2005 quarterly gross profits of over $8 billion and have a product called Windows. The "industry" is further limited to all home products with the names Vista or WindowsME.

As you can see, Vista is indeed the most secure OS in the industry.*

Not Even Safest Windows...

i read about the safest windows software while visiting up in seattle. the seattle times (bill, did you read it?), had an article about a guy who was so disgusted with winxps gaping hole approach to lacak-a-security that he unplugged his computer form hhis internet connection and stopped his internet service.

after reinstalling his box, i'd say his system is safer than vista... should it ever make it to store shelves.

windows is safe... just learn this guy's lesson - get off the net.

after all, you might learn about alternatives to windows... on that bad, bad, bad internet thingy...

Sorry, I forgot...

[jivo]

...what they called the first version, to make it sound like it wasn't their first try... :-D

Microsoft Says Vista...

[aquowf]

Microsoft Says Vista Will Come Out

Which industry?

[silicon+not+in+the+v]

"Vista is the most secure operating system in the industry."

Of course, it's industry is unreleased operating systems

Re:Which industry?

[kchrist]

I don't know, I'd expect some stiff competition from Hurd!

I think i already see that

[infimo]

They say the same about windows 2000, did they?

It's true!

[MarcoPon]

It's so very true.
Especially while it's not on sale!!

Microsoft Developers work around the clock...

[v3xt0r]

hence why Windows' days are numbered.

Just curious..

[Presidential]

In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team.

Umm, uh, where could my friend like, uh, sign up? Hypothetically that is.

I'm starting to agree....

[vrochette]

Let's talk about features. There is plenty of material on MSDN that show Vista may well be surpassing Linux or Mac in securing the user experience. OK it's not quite there yet and the debugging process will take months after consumer release.

Just take the neatest feature: virtual folders. I like the idea of having completely sealed user directories and program files. Think about it, it's a very clever trick, forcing programs--that today easily write all over system folders--into special virtual directories identified by uid. Now finally we can implement tighter security policy without impacting functionality.

Also a plus: IE 7. Now runs as limited user. Wow. Finally!

And then you have the new hardware features that appeal to me as sysadmin: mandatory driver signing (Microsoft started this with 64-bit drivers because of the small installed base) and SMART technology. SMART enables Windows to see when devices, hard-disks, etc, exceed fault tolerance factors. Not exactly new technology, I grant you that, but definitely a winner for business desktop users.

Vince

-----
"Live as if you were to die tomorrow. Learn as if you were to live forever" ---Gandhi.

First thing to do...

Open mmc and set the user account control to "do not prompt".
This will save your clicking finger.

Most secure

Until its released.

Yawn...

Most secure ever?

[Nybble's+Byte]

So that explains why Gates is stepping down!

M$ v. DOJ ver. 2.0.1?

[cnerd2025]

Uh-oh... Alberto Gonzales is not going to be happy with this newly-dubbed "penetration" testing. I can understand why: Dubya will probably sit and giggle in the Oval Office; Cheney will excercise his second-amendment "rights"; Rumsfeld will say, "I don't know where... I don't know when... There will be penetration..."; and Condie Rice will say, "I was the Provost at Stanford University; I will not be disrespected with that lewd and raucus tone!" Ballmer will come out and say, "hey, we're calling them 'pens' for short. It's better than LInux Malicious Penetration testers, or limps, whom we have also hired. explative!" The only thing better would be Sean Connery on Celebrity Jeopardy with the category "The Pen is Mightier".

Read Carefully

[Stephen+Samuel]

Microsoft is calling Vista the most secure OS In the industry. Given that Microsoft considers themselves to be an industry unto themselves, all they really have to to do to hold onto that laurel is be better than Vista.

OK. Time to go after that new MSN worm...

Re:Microsoft + Stupid Claims = PROFITS!

[orangesquid]

*sigh* If industry meant all OSs ever... trusted irix, trusted solaris, prime, vms, multics, nsa linux, stratus vos.... the list goes on

Microsoft Tribbles

[monkeyGrease]

> ... Microsoft already has compatibility improvements planned through Windows Vista Service Pack 1.

Reminds me of tribbles. Born pregnant.

This just in....

[kahanamoku]

The Titanic is unsinkable!!

heh

[smash]

was the most secure O/S

Well, any O/S is secure when locked up in a development lab with no attack vector from the world at large.

I'll let the next 3 years decide what's most secure in reality thanks ;)

In other news ....

[Zero__Kelvin]

Insurance company claims to have the best rates, and potential suitor claims to have a huge dick!

Patched 5 months ago.

[quux4]

Hello? Even in Vista, WMF was patched 5 months ago.

If you wanna argue points like this, try to stay current. Using past/patched flaws is just a waste of time. Unless FUD is your goal.

Re:Patched 5 months ago.

[macserv]

Oh, sorry! In that case, it's all good. I'm sure there was just the one security hole in Vista, and now it's patched. Microsoft, please continue the securbole.

Ya like that? See what I did there? I combined security and hyperbole. It's mine, don't wear it out.

Re:Patched 5 months ago.

[quux4]

Riiight. Because no other OS has ever patched a flaw.

BLACK hat hackers!!???? Really???

[Zero__Kelvin]

FTA:

In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team.

ROTFL. If they are indeed employing black hat hackers then they will be screwed, as they will not notify the company of found vulnerabilities so that they can take advantage of them later. Presumably they hired white hat hackers or grey hat hackers, but you have to wonder how truly knowledgable Microsoft could possibly be about security if they don't know the difference.

They usually say, "the most secure Windows" ever

[Locutus]

if they guy really did say "the most secure OS in the industry", they he's going WAY out on limb. And that limb is already falling at terminal velocity.

Anyways, WTF do people think any Microsoft marketing drone is going to say anything resembling the truth? They've never done it in the past from what I've seen/heard. There's gotta be some serious brainwashing going on inside the building at One Microsoft Way. They stuff they try to tell the public is outrageous these days.

LoB

Recruits wanted!!!

[illuminatedwax]

I got this Microsoft bulletin in the mail:

URGENT:
Recruits wanted for the 15th Brigade of Penetration Black Hat Experts (Pen 15)! Do you have what it takes to penetrate the network? Is your staying power for penetrating networks all night long unmatched? Then join the Pen 15 club today! You'll get your chance to test your skills out on a farm of over 500 fertile Windows Vista boxes, all of which have never been penetrated before! And don't think you won't be getting any help: our trained technicians (as well as our legal and acquisitions staff) are experts in penetration! Every member of the Pen 15 club will get a commemerative arm band or a special "temporary" forehead tattoo! The hacker who penetrates the most boxes will even receive a grand prize from Microsoft: a Pen 15 fanny pack! So, send in those resumes and get penetratin'!

Should I join???

Re:Recruits wanted!!!

[chawly]

Yes of course !

Most secure device EVER

[lars_boegild_thomsen]

I've got a shoebox that is the most secure device for storing large amount of money ever devised. Just place your money in the box AND put the box inside a bank vault and it will NOT get stolen - PERIOD!

Sigh - they claim it's secure because it's got a DEVICE that can SCAN for virus and spyware. If it was that bloody secure it wouldn't need no device to do that.

Nice Security

[OverflowingBitBucket]

if you don't trust their black hats, try it yourself
download the beta [microsoft.com]
install
hack

Well, my hat's off to Microsoft this time on the security of their new operating system. Twenty minutes of clicking links, filling in personal information,adding cookie exceptions across three sites, one user agreement, clearing all cookies out five times to get past site jams, two separate confirmation emails, one passport signup, entering my email address no less than twelve times and I can't even find one download link to this sucker. What is this? Their new plan to make black hats kill themselves with boredom before they can even get the OS?

Of course it's secure

[Lost+Penguin]

If it does not run, it can't be exploited!

We have given up on the last two vaporware released alphas my work was given "to create drivers"
You can't get it to run on any hardware we found.

So yes, Vista is very "secure"; as in an non-running system is safe!

Hacking with a pen?

[FatherBusa]

. . . the company has employed black hat hackers for what is called a penetration, or pen, test team.

Black Hat: "Sir, we've tried everything, and the system seems to be 100% pen proof."

Gates: "Even the disk drives?"

Black Hat: "Yes, sir, we tried putting a pen into one of those, but it won't fit. One of our guys almost knocked a pci card out with a pen, but we don't think he was using a Microsoft Pen (tm)."

Gates: "Good work, men."

Welcome to Slashdot

[Frightening]

I would like to take this opportunity to welcome the newer members, who like myself are wondering if this is just another day on the great blog.

For reference, process is as follows:

1)MS does, says, or releases something shitty
2)Above becomes news
3)Slashdotters kick MS ass back into the 1980's, when school dropouts didn't make OS's
4)*Sigh*

Re:Welcome to Slashdot

[chawly]

Liked Your post - still laughing. But you gotta admit that they could just stop releasing shit. Their VP's could stop releasing gas too.

Misquoted

[ErnieD]

I happened to watch the webcast of the keynote today before seeing this article, and the article is being a bit liberal with what was said.

What he said was that Vista is the most secure *Windows* OS ever, and *possibly* the most secure OS in the industry. I added the emphasis, but "possibly" hardly qualifies as a "bold declaration" to me.

Making bold claims gets people in trouble...

[NimbleSquirrel]

Didn't they say that the Titanic was an unsinkable ship? We all know what happened there.

It is possible that it will be pretty secure if we ever see it, but to claim it will be the most secure OS is a bit of a stretch. For a start, making claims like that just begs every Black Hat out there to have a go when it it finally released. Odds are that its 'security' won't last then.

Based on my experience with MS 'security', Windows Vista will do as much as possible to lock out the end user, to protect them from themselves.

Pen Test != Penetration Test

[sudog]

A "pen test" is where you wander in to a business and offer random employees a pen or pencil if they give you their username and password.

Cripes..

How Can This Be The Case?

[Enderandrew]

99% of the worlds viruses and spyware programs run exclusively on Windows. Windows Vista will still execute, and is still vulnerable to these programs. Other Operating Systems are not. This IMMEDIATELY disqualifies any OS that runs Windows 2k/XP apps from being the most secure OS.

ActiveX is still a big part of Vista and IE.

And in early reports on Longhorn they talked about a big part of the new Windows API to allow for a full Windows app to run remotely over a server without even needing to be installed on the PC in the first place. First off, this technology already existed before and was multiplatform. It was called Java. While I haven't heard much about this since the Longhorn days, this really, really scares me.

Windows Defender will stop a program from being installed without your knowledge, but if code can be executed without being installed, how do you protect yourself?

Heard the same thing ...

[zbaron]

... before Windows XP was released. The line "Windows XP is the most secure operating system ever" quietly became "Windows XP is the most secure Windows operating system ever". We'll see how long it lasts this time.

Windows is the most secure OS

[Craig+Maloney]

Sure, Windows is the most secure OS(1) out there, just as it's also the most cross-platform(2) OS(1) out there.

(1) When compared with other Windows versions.
(2) When used with other versions of Windows.

Complexity and Security. Mutually Exclusive?

[sloth+jr]

(aside: honestly, must we report everything a vendor says about their own product? When would that NOT be just spin and hype?)

Yesterday, we read a blog from a Microsoftie indicating the problems Vista developers are facing:
a) aversion to truth
b) too many cooks (2000 developers, I believe was mentioned)
c) impossible for one developer to comprehend Vista as a single entity
d) 50 layers of dependencies (including circular dependencies).
e) code approaching 50 million LOC

Now, I suppose with the slow pace and unit testing going on in MS development, MAYBE you've got 2000 developers who are writing secure code. Seems highly unlikely, though, given MS' past performance and daunting challenges.

sloth jr

RMS.. for Rights management.

[cant_get_a_good_nick]

Something tells me Stallman will not like these initals used for a DRM scheme....

Microsoft

[Chas]

Now with SSSSSSSSSSSSSSMILEX!

Re:Acronyms - IP?

[alexo]

> Since when does anyone "own" an acronym?

Since when does anyone "own" an idea?