Slashdot Mirror
Microsoft Says Vista Most Secure OS Ever
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).
de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.
Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.
Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."
Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."
Carousel is a lie!
As always, future history is yet to be written--although it tends to reflect and repeat the past.
Sigs cause cancer.
I think PhantomOS is more secure. No virus in the world can infect an OS that does not exist.
My work here is dung.
Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.
The phrase "more better" is acceptable English. suck it grammar Nazis
Of course it's the most secure OS ever. No one can compromise an OS that hasn't even been released yet.
____
~ |rip/\/\aster /\/\onkey
said that for every version of Windows, and it's right if you considere two premises :
1) The OS is not used by anyone when the "most secure" sentence was released.
2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).
Ceci n'est pas une Signature !
If the "industry" he's referring to is "the MIcrosoft operating systems industry"...
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security": *insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*
*launches Internet Exploiter*
"You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
*clicks "Yes"*
"Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess your computer up! Are you absolutely sure you want to connect to the internet?"
*clicks "Yes"*
"Oooooh, sorry - you don't have sufficient privileges to connect to the internet. Contact your Administrator or type your Administrator password now."
*types password*
*connects to internet*
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*clicks "Yes."
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*kicks computer*
*installs Linux/BSD or buys Mac*
VERY secure, indeed.
"Adventure? Excitement? A Jedi craves not these things."
I noticed in this article that they're treading on our acronyms.
SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?
RMS - Rights Management Something
This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor, or is a complete prick. I really doubt that this was accidental.
It's superficial, but I think both examples are very symbolic.
In other news, Kellogs say Corn Flakes "taste nice". Film at eleven.
Don't let THEM immanentize the Eschaton!
Microsoft claim that this is the most secure OS to date... but they also claim that it's incredibly stable. I don't get how that works.
If you want security, use Windows 95... A crashed computer is incredibly secure - far more secure than Vista.
You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc. To preemptively announce that "Vista [is] the most secure OS in the industry" before it is even released makes me think Microsoft is still high on itself.
Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.
Sorry about that. Did someone say Microsoft thinks they've got "t3h m0st s3cur3 05 ev4r lollll!!!!1111" or something?!
Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s
Could someone explain the difference between the two so I can make sure I didnt screw up?
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
The message should have looked like:
...sound like a challenge to me...
Let's count the kinds of attacks that have existed in the past:
Bad daemon/service design allowing for root control through the service itself remotely
Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
Bad port use allowing for access to stuff that should be off by default
Bad user permissions control requiring everyone who actually want to do something to have local admin access
Bad MS software design giving software designed to look at public (read: anything) access to the service or kernel level
Bad implementation of MS software allowing for public, untrusted content to arbitrarily install stuff on the PC (see also: the Balmer Story)
Sounds like we have a lot of possible places to start, and I'm not even someone used to breaking into Microsoft systems. There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users...
Do not look into laser with remaining eye.
* White Star Lines Pronounces Titanic "Unsinkable"
* Hindenburg Safest Way To Fly
* Ford Pinto Named Safest Car For 1973
GetOuttaMySpace - The Anti-Social Network
It's getting boring. I heard the same argument last time when they released Win XP, and before for Win 98.
Would you stop already. Always the best and revolutionary like never before.
Life will show that nothing really changed, except Microsoft coffins getting bigger
That not even Microsoft's air force can shoot straight.
The University of Alberta is in Edmonton.
Admitting employment of black hats is admitting a crime. Or, if they did a legal work, they are not black hats. Or, the article is messed up.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"...the company has employed black hat hackers...
By definition, if you employ hackers to test an operating system, they are NOT "black hat" hackers - they are, at best, "grey hat" hackers.
Definition from Wikipedia:
Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction.
It is pitch black. You are likely to be eaten by a grue.
Falling Out Laughing
Chas - The one, the only.
THANK GOD!!!
And it's not shipping yet either.
Weaselmancer
rediculous.
Remember "DNS?" Digital Nervous System?
That's okay. Nobody else does, either.
Microsoft is to software what Budweiser is to beer.
... and you will be able to run it in five minutes.
Five minutes pass.
GOTO LINE 1.
Friends don't help friends install M$ junk.
Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile, they're digging around inside (being careful to erase traces of their visit), getting extremely familiar with an OS that hasn't even been released yet. 0-day exploits indeed....
No matter how secure they make Vista or any OS there will always be those users/hackers who have too much free time their hands and want to make life miserable for the rest of us. The real problem lays with the users who incorrectly store lucrative information without securing their actual computer network.
...am I supposed to put something here?
Actually, 'release' isn't a magical point where an OS becomes hackable. There's PLENTY of beta copies of vista out there if hackers wanted to play with it.
They haven't told us about any exploits they've found, but some crackers hold their exploit until the day of release and use it on retail, instead of beta. This allows them a '0-day release' that would be impossible otherwise for something with this much 'security'.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
... ever made. After all Microsoft said so both in 1996 and 1999.
So until holes appear in either platform I think we can trust Microsoft when they say something is secure. After all I never heard of a single security hole in WindowsXP or IIS or any server product from MS. Have you?
http://saveie6.com/
3D Realms declared today that "Duke Nuken Forever" is The Best Game Ever! With an incredible non-linear storyline, incredible learning AI across games, outrageous low-lag multiplay, both 1stP and ortho views - and runs on a standard gaming machine! Published with a complete set of of level-making tools and start-of-the-art texture and atmosphere effects, Duke Nuken Forever is set to be the most played game ever.
3D Realms gave a presentation of the all the features that will help Duke keep the number one spot in the market. It also outlined the TV channel, movies series and theme park spun from the elements of the game.
Check it out!
Are you sure about that ? this IS Microsoft after all ;). If anyone can compromise an OS surely it's them.
"The boy is dangerous, they all sense it, why can't you?"
Mod the entire article as +5 Funny and move on...
No one can compromise an OS that hasn't even been released yet.
Exactly... just like this one.
Nah, no trouble here. Just look at their equation.
.NET being made to be crossplatform. But in reality their implementation is not even Winplatform.
1. They made PR claims about
2. Based on 1. only Windows exist.
3. MS was bitching about computer without OS, meaning Linux and others in their eyes are not OS
4. Based on 4. Windows is the only OS
5. So this will be most secure Windows ever.
6. In MS eyes 2. and 4. equals to most secure OS ever.
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
Not to mention that what you are currently reading is the best comment ever made on Slashdot :-)
The Tao of math: The numbers you can count are not the real numbers.
Its called media speak. Black-hat hackers sounds like a group of evil-doers who are now turned to the light side and are helping MS secure their OS, but they are still bad boys.
White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.
People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"
I got nothin'
For some reason, MS saying that makes me think of that line...
(Sorry if I butchered it a bit).
today is spelling optional day.
By "secure" they must mean "annoying." I'm running Vista beta 2 right now and I'm running into all sorts of security-related issues. Like warning popups when applications run, local admins not being able to delete things, local admins not even being able to do an "ipconfig /release" in order to get a new IP address via DHCP. Seriously, Vista is going to drive people freaking nuts!!
But I would never, ever, ever utter the words Vista, OpenBSD, and security in the same sentence in a positive tone.
Hm, while we're talking about beta/not released, etc, let's make a "maiden voyage" comparison with a very relevant quote:. htm
"...when the New York office of the White Star Line was informed that Titanic was in trouble, White Star Line Vice President P.A.S. Franklin announced 'We place absolute confidence in the Titanic. We believe the boat is unsinkable.'"
Source: http://www.historyonthenet.com/Titanic/unsinkable
to the point where you don't even want to turn on the computer.
"This is a fictional example of where things are going"
User: click to open word
Vista: are you sure you want to do that
user: click yes
Vista: are you absolutely sure you want to open this program
user: click yes mumble mumble
Vista: Warning this program has the capability of running macro viruses
user: click ok, like I didn't know that
Vista: do you want to see this warning again
user: click no
Vista: Are you sure
user: click yes, ggrrrr
Vista: Word opens
Vista: There is a new security update for this software would you like to install it now
user: what the, Click no
Vista: are you sure this is very unsafe!
user: oh for the love of Pete where's my pen and paper!!
Microsoft: Yet another user saved from themselves!
What... no one's going to mention TSOL? Sure it's a royal PITA to administer, but it doesn't get much more secure...
Skivvy Niner? Email me!
HEY! Look left just ONE MORE TIME!
Microsoft just painted a huge bullseye on Vista. If the hackers were not interested in spending time finding exploits they will now. Waving red flags and yelling watch this are things you should not do unless you know for sure the bull is in the other corral or that you are an expert at the stunt you are about to try and pull. Microsoft is in the same corral with the hackers and they are not experts on OSes based on past performance.
From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."
Of course it's the most secure OS ever. There is no inertial reference frame.
And oddly enough, exploits were already found that affect XP as well as VISTA. But since Vista isn't even out yet, they don't have to patch anything.
Honestly, I think Vista is their Titanic and they just solidified this feeling by claiming that it's 'unsinkable'
Ahoy! Iceberg ahead...
This is my sig. There are many like it but this one is mine.
I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed. Imagine an OS so secure it would rather self destructs than allow an intruder. Now that's a secure OS, yes indeed.
Tip: You must update to latest cvs of rdesktop, something about key size.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Try ERD commander from Winternals... You will be able to reset the Admin password and then remove the policy...
You probably will be fired shortly after.
If you read TFA, you'll see the phrase 'the most secure operating system in the industry' is similar to what auto makers use. Ford or Toyota never says 'Our car is the best'. They say 'The Toyota Newsupercar is best in its class', which of course means the class is limited to all vehicles that are the same year, color, size, weight, manufacturer, and model as the Toyota Newsupercar.
The 'in the industry' is most likely limited to large companies that had 2005 quarterly gross profits of over $8 billion and have a product called Windows. The "industry" is further limited to all home products with the names Vista or WindowsME.
As you can see, Vista is indeed the most secure OS in the industry.*