Slashdot Mirror
Vista Post-SP2 Is the Safest OS On the Planet
pkluss noted Kevin Turner, COO of Microsoft making the proclamation that "Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
That this thread will consist only of positive remarks, and supportive statements towards Microsoft.
The greatest revenge in life is massive success.
He should have stopped here.
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
See any serious problems with this story?
Do I see any serious problems with this story? Uh, yeah, maybe one or two...
I'm not sure why this is news - MS says this about every OS release they put out...
April 1st was 2 weeks ago.
Caveat Utilitor
It's the safest and most secure OS on the planet today
Until tomorrow when all those pesky exploits come out
I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
So when the newest Windows viruses/worms come out on Vista SP2 and they don't infect either Linux or OS X is that just because the other two operating systems were just too insecure to receive them?
Even if it is, it's too late. Vista is already perceived as the new Windows ME. With Windows 7 coming up soon, I doubt there will be much sales increase for MS.
In the history of man there have been several cases of fatal hilarity(http://en.wikipedia.org/wiki/Fatal_Hilarity) and this article might inflict this seemingly comical effect on technically concious people.
Posting an article like this without thinking about the consequences might actually hurt and kill people. Please don't.
Knowledge is power. Knowledge shared is power lost.
It's also the most secure OS on the planet
Trusted Solaris would like to have a word with you.
Dewey, what part of this looks like authorities should be involved?
This is only because Microsoft believes that Linux was developed on Mars
The title needs to be in quotes, we wouldn't need to rtf summary.
Isn't every Microsoft OS release the safest and most reliable OS that they've ever built?
And didn't they spend a massive amount of capital marketing the security benefits and lower TCO of having Windows Server 2003-based servers as opposed to Linux-based servers?
I can't wait until the black hats get a hold of this one.
Waving red in front of the bull. Always a good idea.
Pity that it will be MicroSofts' customers, not MS that will suffer when the hackers, script kiddies and miscellaneous ne'er-do-wells inevitably trash the security for their latest offering.
~ a low user id is no indication I have a clue what I'm talking about.
Checks current date. No, not the 1st.
Checks date on the article. No, still not the 1st (though eight days different).
Well, somebody's a fool.
What did he compare to, System 7 and Linux kernel 1.0?
Did he mention that Vista post SP2, there is no network stack? Fwoppies FTW!
except for the fact that after I boot vista up on a 2GB machine, there's only a few hunded megs of RAM left. On XP, there's only a few hundred megs of ram USED after booting.
I immediately uninstalled it on a new PC after finding out what an unbelievable resource pig Vista is. Good lord.
XP is the most reliable and long lived OS they've ever made. Unfortunately XP32 cannot take advantage of 4GB+ of RAM, so its days are numbered.
--M
Hahahahahahahahahahahaha....
*deep breath*
Hahahahahahahahahahahaha....
*another deep breath*
Hahahahahahahahahahahaha....
No seriously.
The slowest (p)OS on the planet!
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-4.html
'The NX bit is very powerful.When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.'
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
This seems to be a pretty powerful statement, from someone who would stand a chance of knowing.
My only question is, where is Vista SP2? Last I checked, it was not yet released.
http://lkml.org/lkml/2005/8/20/95
Uh, how long would one of those Pwn-to-Own sessions take to break this new "safest OS on the planet?"
I though Microsoft would have learned its lesson by now. Maybe I'm just being too optimistic.
You are about to boot up your Windows Computer -- (C)ancel, (A)llow, (F)ail
Yep, most secure, indeed!
52 new zero-day exploits for Vista SP2 were posted to IRC channels all over the internets.
Is this a challenge?
Richard Stallman announced in a press conference today that Emacs is the safest operating system on the planet. According to Stallman Emacs is safer than Linux, Windows Vista, or Apple's Mac OS X.
... It was covered in a burst of lager from my nose and mouth as i read this:
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
He never stated which planet...
If at first you don't succeed, so much for skydiving.
"..It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today.... oh...uh.... i mean NOT including.. NOT including, sorry i misread that part, it actually says NOT including so.... can i start again please?"
Dear Mr. Turner:
Please provide some evidence to support your outrageous
claim.
Yours In Communism,
Kilgore Trout
Someone hack his PC and install the damned purple ape!
Laughing Rat Man.jpg
By "planet", he was referring to an old, old copy of the Weekly Planet (commonly called The Planet) that they had a Vista SP2 DVD sitting on top of.
By a technicality, this makes the statement true.
One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
Come on! Come down the tree, that I'll give you a banana.
*cough*bullshit
My web domain.
This may be true... but unfortunately, for Vista to be usable without driving a person crazy you must first disable the features that make it safe (ie. User Account Control). Luckily MS has fixed this annoyance to a fair degree with the UAC changes in Win7.
Oh well...
The safest MS "operating system" is probably DOS 6.2 on a stand-alone 286. Just don't share floppies with anyone!
that Microsoft was involved in would have to be OS/2.
No, he is probably right.
MacOS X isn't all that secure. Professional hackers have said that the implementation of ASLR/NX on Vista is far superior to Apples.
And as for Linux? Well, it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years. And then another high profile distro let attackers actually sign some rogue packages with their private key. I don't think anybody should be making smart comments about the security of Linux.
That leaves Vista, the result of many years of applying the Secure Development Lifecycle. Extensive fuzz testing on the APIs. Extensive security review of all features. IE uses a low privilege renderering engine like Chrome (and unlike any browser on Linux or MacOS).
This doesn't mean MacOS or Linux are bad. But Microsoft have been throwing enormous resources behind security for years now. Is it any surprise they are caught up and in many ways ahead?
Flight Simulator ... grounded.
Please leave and never come back.
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
Umm... what planet are they on?
All things are subject to interpretation, whichever interpretation prevails at a given time is a function of power and n
Security through obscurity?
Brilliant!
That leaves Vista
...and all the security-designed systems. Do you really think Windows is safer than OpenBSD, let alone OpenVMS? Or whatever the NSA uses on their hardest systems? His quote is like saying that "the Ford Mustang is the fastest car on the planet".
Dewey, what part of this looks like authorities should be involved?
It depends on what your definition of is, is.
Seriously, MS... We know that you're excited about being even a little secure, but let's be a little realistic in terms of what "the planet" consists of. I think that anyone who's ever worked on a real mainframe would dispute your little claim, cute though it is.
Regards, Ian
As Joe Isuzu would say, "Right.... You have my word on it." :)
"Ahhhh, best laid plans of mice and men... and Cookie Monster." -- Cookie Monster, Sesame Street
...unbreakable Oracle.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Did they send a copy of Vista SP2 to Mars or something?
one that allows the user to decide not to install potentially insecure software during the initial OS install. This is the biggest problem with Microsoft Windows when it comes to security, the huge amount of crap that gets installed automatically without the ability to decide DURING the install what features you want or do not want.
Linux as a whole does provide the ability to make a very minimal install with only those applications that you want on the machine. Solaris used to have this ability as well, though I am not sure if you can go package by package during the initial install to decide what you want or do not want on the machine.
You hear about Linux problems, but then it only applies to a specific Apache version that comes with a "typical" RedHat install, or some other issue which only applies to a certain software package. When a problem can be traced to the kernel or some other core component, that is when it applies to the OS as a whole.
So, saying that Vista is the most secure after SP2 means nothing if garbage like Internet Explorer is still open to all the exploits that Microsoft doesn't like to talk about.
... err ... I mean without virus protection. Let's see just how safe the OS ... by itself ... really is.
now we need to go OSS in diesel cars
While the technologies in Vista sounds promising on paper all they really do is take away one attack vector out of many possible. Windows has been extremely easy to own historically wich has made the exploits for it pretty trivial. As the arms race continue hackers will still be ahead of Microsoft and all the companies doing applications for windows. The hackers will have to dig deeper into Windows but as always there will be plenty of bugs to go around. As long as Microsoft has a reactive aproach to security instead of a proactive one the hackers have the upper hand.
DRM is what has brought a bit more security but mostly as a side effect and not as an intended goal. Also keep in mind that UAC puts the blame for every possible breach on the user regardless of whos at fault wich is the reason Microsoft makes theese kinds of statements. "Its not a security hole, the user has to press ok for it to work!"
When every possible action demands that keypress UAC is utter useless from a security standpoint.
HTTP/1.1 400
That's the only explanation.
Computer abstinence. No network stack, no USB driver, no floppy drive. It's the only way to keep Micro$oft OS safe. Only trusted files from your Linux partition can run on Windows.
You know, M$ has always been behind the curve when it comes to security and structuring their OS to be secure from the ground up; security has been a real afterthought for over a decade, and that's simply not acceptable. I don't envision this changing anytime soon, either with Vista or whatever other junk they're peddling.
Uh... I think not. $20 that Vista SP2 still won't achieve EAL6+ by the NSA. Apparently he's never heard of INTEGRITY.
Today Eric Schmidt, CEO of Google, proclaimed "Google search is the best search on the planet!"
Also, Tom Long, CEO of Miller Brewing Company announced, "Our beer is the best tasting beer in the world!"
Here's a template: [Insert Person's Name Here], [insert title here] of [insert company name here] [announced|proclaimed|stated|declared|quothed] "[insert company's product here] is the [insert positive attribute here] in the entire [world|planet|universe]."
Repeat, ad infinitum.
No kidding. The rest is just doublethink.
Light the blue touch-paper and retire immediately.
Tell ya what. I have a cable right here that will connect your computer directly to the internet. Lets plug in a computer and kick off a Vista SP2 install (I assume you can get an installation disk that's pre-patched to SP2, right?) Then we'll measure how long it takes for the system to get taken over. Then we'll do the same thing with a stock Debian install CD. Then we'll post our results on the Internet. If your operating system is indeed so secure, you should have no problem with this, right?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It may truly be the safest OS MS has made yet- by a fine line.
Regardless, it's still not saying much.
The only way Microsoft manages to keep Windows safe is by reducing usability.
the safest OS on the planet is one stored in non-erasable ROM.
Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.
Pity that it will be MicroSofts' customers, not MS .....
It will be those who support ans enrich MS that are punished. This does not seem a pity to me.
I'm an American. I love this country and the freedoms that we used to have.
No kidding!
It was touch and go there for a bit.
Just reading the headline I swallowed my dentures while spewing soda across my keyboard and crt monitor, which dutifully shocked me senseless onto the floor...that's when uncontrollable ROFLCOPTERS struck and I ended up with a dislocated shoulder, broken leg, and a concussion.
Whew!
Then while I was still dazed, bleeding, and drooling on the floor, my neighbor calls...she is claiming that my cat is ass-raping her dog!
Keep watch, Kevin Turner, I owe you one!!!
I have a feeling those words will come back to haunt/taunt him...
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Hey my old 73 mustang a 351 cleveland and NOS was pretty damn fast.
With Windows, the problem lies less with the OS itself than who runs it.
There are a few glaring holes in Windows which need to be addressed. Things autorun/autoplay functionality need to be completely re-engineered to minimize the attack profile. On a lot of systems, one hacked U3 USB flash drive can wreak a lot of havoc. Microsoft has been decent at addressing issues. IE8 has come a long way for example.
Is it significantly more secure than OS X, or Linux? This is hard to say because OS X and Linux are not under the microscope of numerous well funded criminal organizations 24/7 looking for the smallest flaw to exploit. Comparing operating systems to locks (as opposed to cars), it is hard to compare the security of two different types of locks if one is holding an expensive bike to a pole in a seedy neighborhood at night, on a day by day basis, versus another lock which keeps shut a gate on some house in the middle of rural Montana. Any flaw on the bike lock will be found and used immediately while the lock on the gate may see a long time before someone pries at it.
Is it on par with OS X, Linux, or other UNIX variants for security features, such as signed executables, NX addresses, ASLR, user/admin separation, storage of user credentials in a secure manner, and other items? Definitely. Especially the 64 bit version.
Would I use it on a publically facing production server if needed? Of course. The OS used should be determined by the task being done. Of course, no servers should be directly connected to the Internet regardless of OS and should be behind some sort of packet filtering mechanism.
"Do I see any serious problems with this story? Uh, yeah, maybe one or two..."
How about the fact tha Vista SP2 is not "in the marketplace" at all.
It hasn't been released yet and is still an RC candidate in beta testing!
If Microsoft wants to compare imaginary not yet released software to actual software, I set let them and Google play games with beta releases. The rest of us have actual work to do.
Guys, I thought April Fool's day was about two weeks ago or so?
Does BSD do everything that Vista does? Those systems are so locked down that it affects their capabilities. I'm not saying it's bad, but I don't think you can compare BSD to Vista without starting by saying that BSD doesn't do alot of the important things that Vista users take for granted.
Your comment is like saying that an Abrams Tank is more secure than a Mustang.
True, but can a tank get on the freeway without causing a traffic jam?
Let's see here. On the left hand, we have the people at Microsoft claiming to make a secure operating system, and putting escrow into the encryption such that data can be seamlessly copied from the operating system to an unknown location. We witness Microsoft as an incredibly corrupt entity, in nearly every possible way - from locking in hardware manufacturers to using Windows to throwing lawsuits at everybody who even vaguely seems to threaten them (remember Lindows?). On the right hand, we have the code of Linux, FreeBSD, etc. available for the entire world to review, figures of authority are not chosen based on how much of a jackal they are, but how much their experience is worth. OpenBSD and FreeBSD have things like in-kernel crypto, chroot jails, are actually POSIX compliant, and seem to suffer from very little bloat due to the trend to make specific utilities as discrete as possible, and hence nearly as flawless as possible. Let's just agree to disagree. Or I can just call you an idiot. I'm fine with either.
They neglected to tell you that it was only true for machines without network hardware.
The planet Zarg.
Stick Men
As in secure for the content providers of the world?
Sorry, Microsoft... I'm not jumping that soiled bed.
Funny but I was thinking the same about thing OpenVMS and what about the Z/OS for the ZSeries?
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
The reason why Vista, Mac OS X, and Linux have fewer exploits is simple. Windows XP is easier to exploit.
Just remember that the security of the newer OSes is only one factor in the availability of the exploits.
If you want to visualize a flawed analogy; when you're being chased by a hungry lion, it doesn't matter how fast you run as long as you run faster than the guy beside you.
In this analogy XP is the slowest runner who is still plentiful. When the XP prey dwindles away, the hungry blackhat lions will look for the next slowest runner.
Pwn3d before nightfall.
No sir, my money IS on Vista.
Yep, go ahead and mod me down. I firmly believe what I just said and I REFUSE to to say something else just to appease the goddamn MS haters here.
*Does not count if you have any other software, including MS Office installed. Does not count for Vista system that need to be upgraded to SP2 post-install.
$250,000 for the arrest and conviction of the author of the conflicker worm.
But only if he is caught before releasing the Vista & W7 versions of the worm.
"And as for Linux? Well, it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years. And then another high profile distro let attackers actually sign some rogue packages with their private key. I don't think anybody should be making smart comments about the security of Linux."
Let's get this straight. You think *all* Linux distributions are unsafe because of TWO vendors. Do you believe in eugenics as well?
You do realize that your comment glosses over the hundreds(thousands?) of holes and exploits that M$ is responsible for it every OS up to and including this one you're waxing poetically about, right?
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted. Once a week at least.
I've stopped listening to anything Microsoft, Steve Balmer, or Bill Gates says (not to mention MSNBC, Fox/Faux News, etc.)
Too many half truths, lies, blatant lies, and pure crap has lost them any credibility with me. I rely on opinions from people I trust.
Call "shenanigans" on everything MS releases and maybe, just maybe, they will eventually start to tell the truth.
Or they will just go on they way they always have...
Yes, it can. It just has to run over a few cars first. :)
Since we've cluttered the US legal system with corporate slander laws, how 'bout Sun or IBM sue M$ for slandering their OSs as less secure than Vista SP2?
DOS is probably more secure than both OpenBSD and Vista. At some point, you have to say "so what?". Usage does count for something.
I remember another brainless MS "spokesperson" claiming that Vista was so secure they'd never need antivirus software... http://it.slashdot.org/article.pl?sid=06/11/10/0114210 Now after the second patch its so secure no other OS can touch it! Maybe if they beg customers http://slashdot.org/article.pl?sid=07/06/20/0643241 and lie some more people will actually use it.
Just add a "consumer oriented operating system" in there and stop the nitpicking.
EAL-1 what? http://www.commoncriteriaportal.org/products_OS.html#OS
Thats because we are never going to let SP2 out of our vault ... that's why!
For the record that high profile distro that let attackers sign some rogue packages recently made a full disclosure of this issue and it seems it wasn't the result of a software vulnerability.
What the hell does that mean (it's in the actual press release). As far as I know, open source is not an operating system.
On another note, I think it's interesting they even mention Linux & OSX. First it means that they are implicitly admitting that these have been more secure operating systems. Secondly, they're making Coke's mistake all over again in mentioning the competition. You never do that if you are the market leader because it gives credibility to your competitors.
Of course it's the most secure. Nobody is using it yet.
IE uses a low privilege renderering engine like Chrome
it's always boggled my mind that IE is used for system update... so the most "dangerous" app on your computer to access the most untrusted content on the internet is also used to download and install system updates which require the highest levels of security?!
to my mind, that's like using the same brush to clean your toilet and your teeth... but it's ok because we ensure the brush is cleaned properly each time.
In the past, every time some Microsoft salesman has said something similar, a dramatic, new hack was shortly announced.
Can't they grok reality?
B.S. to this article, on 2 issues, as regards security (AND, bloat/inefficiency), & with 2 concrete examples thereof:
----
1.) THE REMOVAL OF THE PORT FILTERING GUI FRONT-END CONTROLS in VISTA &/or Windows 7, for one thing - Port filtering functions perfectly operating simultaneously alongside software firewalls, & IP Security Policies
(All 3 security "filters" for IP here, run FINE together, even w/ a NAT true stateful packet inspecting "firewalling" router, for example)
They do so in a layered security manner, just like door handle locks (firewall), deadbolt locks (port filters), & chain locks (IP Security policies) do...
(I.E.-> Take 1 of those 3 layers down (which is what many malware seek to do, right away)? The others are STILL IN THE WAY, since they all operate via diff. drivers & on DIFF. LEVELS of the IP stack...!)
AND, FOR ANOTHER?
2.) The issue with HOSTS files involves EFFICIENCY more than security though!
See - in removing (after the 12/2009 Patch Tuesday update) 0 as a valid blocking IP address (vs. the larger & slower 0.0.0.0, & worse still the default 127.0.0.1 loopback adapter address)? MS made a blunder on disk, & made things less efficient in HOSTS files, since the filemass is now larger & WILL be slower to read thru, as well as not being able to 'pack' as many entries into a tinier filespace to read them up from.
(Contributing to inefficiency & yes, "bloat", in doing this latter one... I merely note this, because HOSTS files do have a tremendous security benefit as well - blocking out KNOWN BAD SITES, & making THAT less efficient, is rather dumb!)
----
Nuff said...
APK
He is right - Vista is very secure. Too bad Windows 7 isn't!
Extensive security review of all features.
This is utterly false. Microsoft audited less than half the code in Windows. They were very careful with new features, but Windows Vista still had Windows 3.1 security holes upon release. Although most known holes have been patched, I'm positive they didn't get them all. It's only a matter of time...
Microsoft Operating System tester: So. How are things going for you?
Linux Operating System Tester: Well, my five year old managed to get a keylogger visiting 3boobbetty.com, but other then that, not too shabby. You?
Microsoft Operating System Tester: Not a blip on the radar. Smooth sailing. All is well.
Linux Operating System Tester: That's great, man. Awesome. Um...hey, dude. You got that thing plugged into the network?
Microsoft Operating System Tester: What?
That's not the implication if his statement and you know it. Is Vista the safest OS of every single OS on the planet? Of course not. Does that change the impact of his statement one bit? Not at all. Look, I'm not one to take a random quote from a Microsoft exec at face value; in fact, I personally believe that nearly any mainstream Linux distro is going to be more secure (in practice) than any Vista system. But seriously, your response to this claim is, "but Vista isn't as secure as the NSA's classified operating systems." Is that a joke? You're clutching at straws for the sake of disproving a marketing quote, it's embarassing.
Since you like car analogies, I'll give you one: The SSC Ultimate Aero is the fastest car on the planet. Of course, there are rocket cars that travel much faster.
Well, together Debian Ubuntu and Red Hat probably compromise the majority of Linux installs these days. If two large and well respected distros can fail in such basic ways, then it's reasonable to extrapolate that smaller and presumably less professional outfits will be even more flaky. Of course you can always find some Linux distro that has a perfect track record, but like I said above, usage counts. At some point if you want the word "Linux" to be meaningful you have to start talking about the bits actually in circulation.
... and not only because the article isn't about OpenBSD at all.
Anyway, yes, OpenBSD as an OS is probably pretty secure, but so are many others to, but the more crap you pile on top of it the more risk.
Anyway, the OpenBSD people count their "security" (marketing vise atleast) in years since the last remote root(?) exploit.
How likely is a remote root/administrator exploit vs Vista with a software firewall, no extra services and a user which don't do anything? ...
When it comes to exploits vs browsers, mail clients, IM clients, document viewers and such the OS isn't the issue.
Vista is arguably the most secure OS suitable for desktop use.
It is not the safest OS suitable for desktop use however.
What's the difference?
The President of the United States is arguably the most secured individual on the planet.
However, due to the large number of threats against him and his need to travel and be in the public eye often, he is not the safest individual on the planet.
Operating systems are the same. Vista has added many good defenses, but is still the OS with the target on its back.
I'm ok with Microsoft claiming to be the most secure OS for desktop use. OpenBSD and some hardened Linux distros might wish to disagree, but most people don't run hardened systems on desktops, they want more functional systems that are easier to support.
However, I'm not going to let MS get away with calling Vista the safest OS out there, because it just isn't.
Blessed are the pessimists, for they have made backups.
it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years.
Umm, no.
A certain high-profile distro accidentally disabled the pRNG in it's sshd initialization scripts.
another high profile distro let attackers actually sign some rogue packages with their private key.
again, no. The key was suspected to have been compromised, and as soon as it was discovered, the key was revoked, they performed a complete audit of all packages, and everything checked out.
I don't think anybody should be making smart comments about the security of Linux.
Least of all you... of course the fact that the only two incidents that you could come up with are entirely in your head actually speaks volumes.
I see the headline in RSS and think to myself, "Wow, that's an interesting story. Wonder who evaluated that" and then I read the blurb and it's from the COO of Microsoft? Seriously, what is a PR statement doing on the front page of Slashdot? What next, will Tim Cook go on record to say that Leopard is actually the most secure OS on the planet? Will he say that Snow Leopard will be absolutely immune to attack? Will that go on the front page, too?
Probably because nothing runs on vista. Not even viruses.
Hey my old 73 mustang a 351 cleveland and NOS was pretty damn fast.
I kinda like 'em, too, but it's not going to outrun a Veyron.
Dewey, what part of this looks like authorities should be involved?
Security has to be designed in.
When Microsoft deployed ActiveX installation and launch over HTTP and email with Active Desktop in 1997 they made Windows inherently insecure in a way that nobody had ever imagined anyone would be stupid enought to do. In fact it used to be a joke, the "Good Times" virus... a virus so effective it would run without you even opening the email message it was contained in. EVERYONE knew it was a joke, because EVERYONE knew nobody would be so stupid as to deliberately allow untrusted content to automatically run.
Nobody but Microsoft was that stupid, anyway.
Jesus Christ, man, the fundamental desing of Internet Explorer is so f-ing bad that over 10 years later I am STILL aghast that ANYONE would defend it, or any OS that depends on it. What the HELL are you smoking? DO you honestly not understand just how amazingly stupid this is? Honestly? By the bowels of Christ, consider that you might be mistaken.
Someone tell the guy that put him in charge that April Fools Day was 13 days ago and joke's over, time to put an intelligent person back on that position.
Whops it's microsoft, guess there aren't any more smart people since bill left.
...Just as I was reading this, Windows Automatic Update popped up informing me of 7 critical updates, 4 of which could allow a remote attacker take control of my system...
How do I install SP1???? It takes a damn hour, gets 100% complete, then says there was an error, takes two hours to uninstall, and gives me a generic message that basically means "you're f-ed".
I've tried about ten times now, no luck, uninstalled all drivers and programs, etc...
--Joey
you say "most secure OS" twice doesn't make it so, although I can see how repeating that mantra might make YOU believe it!
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
That's not the implication if his statement and you know it. Is Vista the safest OS of every single OS on the planet? Of course not. Does that change the impact of his statement one bit? Not at all. Look, I'm not one to take a random quote from a Microsoft exec at face value
So your position is that it's OK to flat-out lie as long as it's in the context of selling more of your product. Turner didn't qualify his statement when he made it, so I feel no compulsion to qualify it when I disprove it.
Dewey, what part of this looks like authorities should be involved?
is whatever is running the Mars Rover. They didnt especified the planet, and probably will pay NASA to launch a probe loaded with Vista to Venus to have some backing to their claims.
Unless, of course, they got misquoted. In "The Planet", a small internet cafe somewhere, there are 2 PCs with Windows Me, and one with Windows Vista, and there they tested the SP2.
But why to try to explain it? Is the standard Microsoft speech that claimed that 640k is enough, that Internet Explorer 1.0 was secure, and that windows vista with no problems will run on average circa 2004 PCs. The only place where secure and MS OS were ever together were in MS sales speech.
IE is only used for Windows 2003/XP and earlier systems. Vista/2008 has its own separate updating program.
What, did they break the network interfaces drivers?
The problem is that there are different types of security-- security from passive threats and security from a targeted attack. Maybe Microsoft is best at the targeted attack, I don't know. But it's sure as heck not more secure than MacOS X at the passive threats. There are no viruses or worms in the wild for MacOS X, and a small handful of trojans that have cropped up and disappeared before infecting more than a few hundred machines.
I can leave a MacOS X machine on the internet and browse all day, clicking any site I want with no virus protection and installing all the Mac random internet software I find and, at least as of right now, I'm completely safe. Is that really true of Vista?
E pluribus unum
Not to mention Microsoft's very own Singularity project -- is this guy somehow not aware of that?
Well maybe not stock it wont, but if you do this to it. http://weburbanist.com/2009/01/19/rocket-and-jet-powered-vehicle-designs/ It might give it enough kick =)
Try a version of Windows less than ten years old please.
Vista doesn't alow you to access Windows (or Microsoft) Update through IE anymore.
Professional hackers have said that the implementation of ASLR/NX on Vista is far superior to Apples.
Edible fruit probably aren't much use in protecting you against professional hackers. I guess you could throw them at them?
Get your own free personal location tracker
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Where are my mod points when I need them? Mod parent up informative please!
He is correct.. Vista and beyond use an interface in the Control Panel which is vastly superior to the IE Windows Update. Read up here: Windows Update
Dude, he caught you out in a unsupported blanket statement; be a man and admit you were wrong.
The DOS thing just points out your unwillingness to admit a mistake.
The foundation of any fact.
-- Lattyware (www.lattyware.co.uk)
Vista is secure if you do not install any 3rd party applications or connect it to a network. It helps to not use it either, just watch the screen saver and you will be safe.
but it's not going to outrun a Veyron.
But the Veyron won't outrun a BMW M3? .... Or will it? =P
http://www.loaded.se/
Well thats great! Since everyone is using Vista and no one is still using XP/2003, were all good...
How are they in many ways ahead? You act as though vista hasn't had any security problems lately.
But only when dealing with date rape cases...
Democracy is the theory that the common idiots know what they want, and deserve to get it good and hard.
What does this mean? Lets say there was some way to measure the safety of a system by the total number of ways somebody could gain unauthorized access, control, or generally do something related to the computer running the OS in question (vista) that the computers owner does not want. Obviously we can't measure this. If we could however there is still a second side to the equation.
There are a whole boat load more people using vista than any other os besides xp which ill ignore. Not getting into the type of people who use vista and whether they are inherently more likely to fall pray to safety failures. More people using vista mean more people trying to find safety flaws in vista. So you could say its more safe but at the same time the non-safe parts are more likely to be discovered and exploited at any point in time.
I don't pretend to know enough to really judge the safety or security of a system but this logic seems pretty strong to me. By using any non MS operating system you have safety in small numbers.
Locked down? In what way? Sure you can lock down both OpenBSD and Linux with additional patches and what not, but quite functional as is? The standard amount of applications and services may differ though, but then there is the question where you draw the line between OS and applications.
For comparison I'd like to draw it so that OS covers things various applications may use, whereas single applications which don't offer anything for other applications would be just that.
The systems people really care about are not on the Internet.
Support a great indie game: http://www.abaddon360.com
Didn't anyone tell this guy that April 1 was two weeks ago?
His quote is like saying that "the Ford Mustang is the fastest car on the planet".
More precisely, it's like a Ford salesman saying the Ford Mustang is the fastest car on the planet. They are probably both equally accurate.
While Vista is definitely a step above XP in security and does a much better job of trying to bring security to the users attention, the idea of it being the safest on the planet makes me laugh til it hurts.
If you take the total number of successful attacks, from not just desktop PC's, but servers inc. web and mail servers and then completely disregard the number of actual machines (real or virtual), then Vista comes out smiling! Of course it does! Big business in general doesn't want it and will stay with XP as long as possible, end users in general HATE it (I run a PC repair business - never had a customer yet who liked Vista) and often enough go back to XP when possible or even migrate to Linux. Lets face it. There just aren't that many Vista machines out there when compared to XP or on the server scene, Linux.
When (if ever) there are as many installs of Vista or Win 7 as there are of XP now, then I have no doubt it will catch more viruses than parents of pre-schoolers. Perhaps Kevin Turner also needs to be educated about the whole concept of 'per capita'.
sudo mount --milk --sugar
Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist.
Point 2. IE 7 runs in a sandbox. IE8 does as well as well as having inbuilt checking of known bad sites (Smartscreen filter), anti-phishing, popup blocker, blocking of add-ons etc. SO YOU DON'T NEED ANY OF THAT SHIT YOU'RE ON ABOUT which actually causes MORE trouble than its worth.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
Safe as in tequila...
"i lost my dignity on a slippery wiener"
B.S. to this article I say, &, on 2 issues - As regards security (AND, bloat/inefficiency), & with 2 concrete examples thereof:
----
1.) THE REMOVAL OF THE PORT FILTERING GUI FRONT-END CONTROLS in VISTA &/or Windows 7, for one thing - Port filtering functions perfectly operating simultaneously alongside software firewalls, & IP Security Policies
(All 3 security "filters" for IP here, run FINE together, even w/ a NAT true stateful packet inspecting "firewalling" router, for example)
They do so in a layered security manner, just like door handle locks (firewall), deadbolt locks (port filters), & chain locks (IP Security policies) do...
(I.E.-> Take 1 of those 3 layers down (which is what many malware seek to do, right away)? The others are STILL IN THE WAY, since they all operate via diff. drivers & on DIFF. LEVELS of the IP stack...!)
AND, FOR ANOTHER?
2.) The issue with HOSTS files involves EFFICIENCY more than security though!
See - in removing (after the 12/2009 Patch Tuesday update) 0 as a valid blocking IP address (vs. the larger & slower 0.0.0.0, & worse still the default 127.0.0.1 loopback adapter address)? MS made a blunder on disk, & made things less efficient in HOSTS files, since the filemass is now larger & WILL be slower to read thru, as well as not being able to 'pack' as many entries into a tinier filespace to read them up from.
(Contributing to inefficiency & yes, "bloat", in doing this latter one... I merely note this, because HOSTS files do have a tremendous security benefit as well - blocking out KNOWN BAD SITES, & making THAT less efficient, is rather dumb!)
----
Nuff said...
APK
It's absurd pedanticism. If Apple says "MacOS X is the easiest to use operating system in the world" do people respond with, no, the operating system that runs my car is easier to use? No they don't because that's obviously comparing apples to oranges. Trying to make a marketing dude look bad by comparing a production desktop OS like Windows to OpenVMS is just time wasting.
True, but can a tank get on the freeway without causing a traffic jam?
As far as the tank driver is concerned, there is no traffic jam!
sudo mount --milk --sugar
Your comment is like saying that an Abrams Tank is more secure than a Mustang.
True, but can a tank get on the freeway without causing a traffic jam?
If the internet was a warzone, would you take the tank which is impervious to nearly everything they'll shoot at you with, or would you take the Mustang, paint a target on the back of your head, and relax, knowing you can have air conditioning while trying to dodge the bullets?
See all those wrecked Mustangs on the side of the road? They too can cause a traffic jam. It's called a botnet.
Every time Ubuntu pushes out an update to the kernel, my nVidia poops the bed and my X server conks back to 800x600. So I guess if you include stupid updates as part of the security process, Vista would be more secure.
This is my sig.
OpenVMS is the most secure operating system on the planet.
The pRNG was disabled in the openssl library, thus compromising any system using keys generated by that library. That is a major, major hole and has nothing to do with sshd initialization scripts (where did you get that from anyway?)
I knew there was a reason the CIA and others used Linux... it all makes sense now.
Seriously though, Linux is more secure than Vista - 'Desktop' Linux distributions however are not.
Oh, wait this is Slashdot! Sorry.
Linux rulz and Windoze Sux! If you use Windows you're a luzr!
---
Posted on my iPhone.
I meant specific software though, like, if you happen to like KDE it's not very likely you will run it on Vista so then a different OS than Vista may happen to be a better alternative for you.
In any case, of course there are reason to not use Vista, say if you are an AROS or Haiku developer you may prefer to run those, of if it's your homeserver you may prefer Solaris.
Quit spamming this shit, you whiner. I've seen this post in a dozen stories now.
I'm sure no one can hack Vista SP2 because no one is using it. Therefore it's impenetrable!
Ever built. Hey, that's what they said, "Unsinkable".
Thanks to eating disorders most chicks are reasonably good looking these days.
it's the only way to be sure.
'safe' is a fixed point in time measurement in this context. It's not able to be usefully qualified by any measurement of time, be it a second, minute, hour, day or week. However, A Year is far too over-optimistic.
Won't happen. I have no idea why people are invested in this particular statement, but they certainly seem to be knotted up over it. He said something stupidly wrong and people caught it; I don't see the need to invent things he might have meant to make it sound less dumb.
Dewey, what part of this looks like authorities should be involved?
Reminder: the different meanings of "is" were "is now" vs. "has ever been or is now". Clinton was claiming that by "there is no sex between us", he was merely stating that, at that exact moment, there was not -- not that there had never been any. The prosecution's position rested on the idea that such a statement is inane in that nobody cares about "right now", thus arguing that Clinton could not have meant what he said, and must have meant something different, which also was factually untrue.
Now, how does that apply in this situation? Fairly well. Microsoft says it *is* the safest. Not that it's always been. Or even was, five minutes ago. Nor will remain so for any predictable time period.
People keep referring to Linux as if it were a single OS, and I believe that is very much the intent of Microsoft.
There are hundreds of active Linux distributions, each with a unique focus and out of the box functionality. Some are security leaders (like Fedora) that have driven security in Linux development.
However, when comparing to "Linux" (the collection of active distributions), the distribution with the weakest security can be held up as an example of how poor Linux is in this area.
Rather than play via Microsoft's rules, folks need to clarify their arguments. Linux is about freedom, which includes the ability to run a distribution that has no security features active whatsoever.
If security (or any other attribute) is the attribute under discussion, hold up the distribution that best exemplifies it.
Every distribution can be made to do anything (it is Linux after all), but most of these discussion center on the out of the box experience - which is actually pretty poor on windows, since it comes with nothing but the base OS.
Can You Say Linux? I Knew That You Could.
"Saying that [Vista] is the most stable MS OS is like saying that asparagus is the most articulate vegetable." -- Dave Barry
This statement would hold water if MS didn't wait an eternity to release an OS.
When you change the statement to "Try a version of Windows less than one version old please." the argument starts to break down...
Heh, "since XP," because man, that was freakin' eons ago. Like back before marketshare fell from 63.76% to 63.67%.
... on Planet Suck! HAR HAR HAR!
The enemies of Democracy are
It's only safe because nobody uses it.
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
Are you trying to hide data in your slashdot posts? Good to see you included your link... you've slipped up in the past.
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
It still uses IE in the same sense that Explorer and Help still use IE. It's still the same engine and activex controls hiding behind a shiny control panel.
Okay, so the three other "operating systems" Vista is specifically compared to are:
1) Linux,
2) open source, and
3) Apple Leopard
There's a couple of problems with this. First, "open source" isn't an operating system, its a licensing model. Second, Linux isn't an operating system, its an OS kernel which is included in many operating systems. Third, Linux-based OS's and Leopard aren't the most secure non-Windows OS's on the planet (specially designed, narrow-niche, security-focussed operating systems are, naturally.)
It seems to me that this is pure marketing fluff, an empty, unsupported claim of superiority over generalized threats that Microsoft fears they are losing mindshare to in the marketplace.
If you grant physical access to a machine, it is no longer a special feat in my mind.
Jesus was a compassionate social conservative who called individuals to sin no more.
Yea, and conficker on OS X is a bitch.
The storm botnet's penetration on Linux was greater as a percent of users than was on windows.
Its one thing to tout all the high tech anti-crack security features you have, but as a pragmatic user its nice to know there are no self propagating programs that will infect my ubuntu set up.
In b4 someone mentions obscure trojan that only affected one linux/os x box.
I am sure...
After all, the bot nets and viruses never affect Windows... no one ever has hackers roaming their Microsoft based systems...
And out of the box, Microsoft is perfect!
Give me a break.
You can lock down Windows so that no one can use it. Sure, then it is secure. But when you make it usable by anyone without an advanced degree in Computer Science or Hacking, you remove any security that it had...
Linux, on the other hand, allows security and usability. You can do things to make it un-secure, but those are conscience choices you make... adding your user to SUDOERS, disabling SELINUX, using dictionary passwords, etc...
But if you do things right, you system will remain free of viruses (not many exist for Linux for 2 reasons...1 - what OS do you think hackers use? WOuld they want to open their systems to attack? and 2 - Windows just makes it so easy...) and keeping and updated/patched system will prevent many vulnerabilities (Check Secunia for info about Windows and their vulnerabilities and how/where/when they are patched (if at all) and compare that with Linux's info...) and using simple security measures, (passwords, etc), your system will be, more or less, free of issues while Windows is running bot-nets, viruses, and hackers...
Look, you dumb shit cockgobbler, lots of people still use XP and he didn't mention which windows he was talking about.
Did he mention that in order for it to stay that safe you have to unplug the network cable?
Why bother
I'll bet you that the servers that Microsoft is using to store its original code on aren't running Vista.
This really a rather complex statement. While it's true that no other consumer desktop operating system has quite the level of security and anti-exploit code, etc... Linux and Mac simply exist in a safer world. Perhaps one of the safest aspects of a linux system is that you're almost always running trusted code from a verified repository. This means that you really don't have to test the mettle of a linux installation (and thank god you don't) besides the fact that the level of incompatibility between linux systems provides a level of security through obscurity. Now, common images such as OpenWRT or (eventually) default Ubuntu installs may eventually be targeted, but right now they're simply not.
If someone is trying to take over your machine remotely, you're probably better off with Vista. If you're an idiot, you're probably better off with linux, where it's more difficult to shoot yourself in the foot by running insecure code as administrator.
From the results of the recent pwn2own competitions, I would say that Apple is going to eat a lot of security crow as they get just a tad bit more popular. I think Mac OS X will prove to be comically insecure when people start attacking it.
I have some bargain basement keyboards, and upgraded to a MS one. Needless to say, I have a mouse as well, but I don't use it unless I have to.
Anyway, if I open a picture with IrfanView (ENTER key), delete the crappy photos I took, then return to Explorer (ESC), explorer does not respond for like 10-15 seconds. Key up, down, left, right, backspace, no navigation. Spy++ says it's getting the messages, but it just doesn't get translated (TranslateMessage/DispatchMessage). After a few seconds, translation happens again.
Does it happen with other keyboards/mice? No. Same on another PC? Yes. Updated the drivers? Yes. Why does MS driver exist as an EXE that takes 1-3% of the CPU when I drag the mouse around? Before the MS keyboard I could move it around and nothing went to 3%.
Not happy with it, nosiree. Tonight I disassemble it to find out why it sucks. Wireless Desktop 2000 it is.
You may be true although OpenBSD makes a decent desktop (beside server), at least for me. (Even with more security measures than enforced by default.) On the other hand, if you look at the article, Kevin Turner is quoted like the following: "It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
I don't like car analogies but well this is /. :-) When you actually look at your analogy you will notice that you made a separation (Tanks vs. actual cars) while Kevin Turner made none between Operating systems (e.g. desktop OS). So why did you?
Besides OpenBSD (Have a look at the list of security features: http://en.wikipedia.org/wiki/OpenBSD_security_features) and other very secure UNIX(-like) operating systems there is also Integrity 178B (http://en.wikipedia.org/wiki/INTEGRITY-178B). There was an article about it on slashdot some time ago and although I am no big fan of the NSA EAL rating, INTEGRITY 178B is rated EAL6. Probably very hard for Windows Vista SP2 to outperform this OS security wise.
Maybe on your Home Planet of Oh, yeah sure.?
Sorry. I couldn't help it.
I don't trust solaris.
Last week, I left my wallet in a room next to a copy of solaris and when I came back, $20 was gone.
Trusted my ass!
I'd like to set the record straight on your comments about the "other high profile distro" that "let attackers actually sign some rogue packages with their private key". This is verifiably false on all points.
The full description of how this attack took place is available here: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html
No software vulnerability was exploited. It was a classic case of social engineering. A hacker was able to gain access to an ssh key providing access to the build infrastructure and uploaded a set of modified packages. They were designed to snoop for the passwords necessary to use the signing server. The intrusion was detected and repaired before any infected packages were signed.
Please do at least a trivial amount of homework before throwing about accusations.
The failing of the first distribution was in their insistence upon forking a private copy of the crypto libraries that the community at large refused to even look at, which is why the error went undiscovered for so long. This was a failure of the developers to follow the core tenets of collaborative development, and should serve to prove the effectiveness of community development rather than imply that open-source is somehow less secure.
You may treat all information submitted above as wild speculation.
to my mind, that's like using the same brush to clean your toilet and your teeth... but it's ok because we ensure the brush is cleaned properly each time.
I must be the only one here imagining what it might look like to brush my teeth using the same brush I would use for a toilet -- whether or not it was brand new, off the shelf... or previously used for that "other" purpose.
On a slightly related note, I got to wondering "we have electric toothbrushes, why not electric toilet brushes?" Well, ladies and gents, a quick google search reveals that we do indeed have electric toilet brushes. And get this, they look a lot like giant electric toothbrushes.
Microsoft is reeling from the vicious and unwarranted slanders of security companies and the US government's Computer Emergency Response Team that its Internet Explorer web browser has alleged "security holes" or is in any way less than the finest software known to mankind and excellent value for your money.
The festering paedophiles of CERT have gone so outrageously far as to make the ludicrous claim that just viewing a malicious webpage in IE could leave your computer open to being hacked and turned into a Russian Mafia spam server. "We don't know what could have triggered such vindictiveness," sobbed Microsoft marketing marketer's marketer Steve Ballmer. "Do they hate free enterprise that much?"
There are things you can do to make your computing experience even more secure. Microsoft's official suggestion -- make sure your anti-virus software is up to date and using an entire CPU doing nothing much, click through five screens to run IE in "protected mode," click through four screens to set zone security to "high," click "JUST BLOODY DO IT WILL YOU" when the User Access Control asks if you really want to do this, enable automatic updates with the minor side-effect of installing Microsoft DRM on your system or Windows Genuine Advantage randomly turning your computer into a paperweight, and sacrifice a goat to Microsoft at midnight on a moonless night -- is simple and straightforward. "It's the quality you're paying for."
On no account should you consider that there might be other web browsers out there, as researchers have demonstrated that all of them automatically download the cover of Virgin Killer. "I saw a report," said marketing marketer John Curran of Microsoft Completely Enderlependent Analysts, Inc., "that another browser had more vulnerabilities than ours! People would be very foolish indeed to move from the latest IE to Netscape 4.01."
"These CERT wankers are Mactards and trolls," said Guardian marketing marketer Jack Schofield. "They just want to take IE users out, brutally sodomise them, gas them in concentration camps and" [This comment has been removed by a Guardian moderator. Replies may also be deleted.]
http://rocknerd.co.uk
Please explain the "capabilities" of OpenBSD that are "affected" by being "locked down". Also, please define the "important things that Vista users take for granted" which OpenBSD doesn't have?
Out of the box OpenBSD doesn't do much, but that's sort of the point. When you install OpenBSD, all you get is the base OS, a shell, and basic management utilities. You're not given crap that you may or may not need; this allows you the option to decide what you do in fact need.
Need a GUI? Install X and favorite GUI. Need web browser? Install favorite browser. Etcetera.
It's possible to get OpenBSD to the point of having all the bells and whistles a particular Linux distro would have on the base install. It's also possible to get OpenBSD to the point that the average user would be quite happy.
This is what I've found most users need:
-Pretty GUI
-Web browser with Flash and JavaScript support
-Productivity suite (word processor, spreadsheet app, etc.)
-Video player
-Music player
-Photo management and basic manipulation
-Cheesy game(s) when they're super bored.
-Ease of use
This can be done with OpenBSD. The ease of use just isn't there when installing for the average user. However, if the average user took the time to learn, had someone else do it, or some group sets up a distro or fork like what PC-BSD did, ease of use can be achieved.
There's always a compromise when it comes to security. Be thankful that when it comes to Operating Systems, it doesn't mean giving up your Freedom.
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted. Once a week at least.
Odd, I've had this Vista Machine running for about a year, and have yet to get a rootkit. Then again I have yet to get a rootkit on my OS X, or on my CentOS or my FreeBSD... or my... Basically, you are telling us that you shut off your firewall on the Vista box and just waited for a rootkit? I assume you must have been rushing in, like installing a bunch of remote control servers on standard ports without password...
--Matt
At least you came to your conclusions before testing it~
Also - Pessimists don't make backups, becasue those will fail too.
The Kruger Dunning explains most post on
If you're the one driving the tank there are no traffic jams.
I live ze unknown. I love ze unknown. I am ze unknown.
"Utter fucking bullshit. Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist." - by Computershack (1143409) on Tuesday April 14, @06:37PM (#27578863)
It sounds as if you're talking about Windows' Firewall, & its ability to "filter ports" (by known services/ports)? That's NOT THE SAME...
(AND, the one you're talking about operates via Windows' own firewall driver level, NOT the same driver used for PORT FILTERING (or IPSec either, not even same listener ports, like IPSec uses 445 iirc) in earlier models of Windows, unless YOU can prove otherwise... I don't think you will be able to either & I think your understanding of this is limited to be honest...)
SO - Before you go tossing anymore names in the uncouth manner in which you do this?
Take a read here, & realize a few things:
http://technet.microsoft.com/en-us/library/bb878072.aspx
----
TCP/IP filtering Allows you to specify by IP protocol, TCP port, or UDP port, the types of traffic that are acceptable for incoming local host traffic (packets destined for the host). You can configure TCP/IP filtering on the Options tab from the advanced properties of the Internet Protocol (TCP/IP) component in the Network Connections folder.
Filter-hook driver A Windows component that uses the filter-hook API to filter incoming and outgoing IP packets. On a computer running Windows Server 2003, the filter-hook driver is Ipfltdrv.sys, a component of Routing and Remote Access. When enabled, Routing and Remote Access allows you to configure separate inbound and outbound IP packet filters for each interface using the Routing and Remote Access snap-in. Ipfltdrv.sys examines both local host and transit IP traffic (packets not destined for the host).
Firewall-hook driver A Windows component that uses the firewall-hook API to examine incoming and outgoing packets. On a computer running Windows XP, the firewall-hook driver is Ipnat.sys, which is shared by both Internet Connection Sharing and Windows Firewall. Internet Connection Sharing is a basic network address translator (NAT). Windows Firewall is a stateful host-based firewall. Ipnat.sys examines both local host and transit IP traffic. On a computer running Windows Server 2003, Ipnat.sys is shared by Internet Connection Sharing, Windows Firewall, and the NAT/Basic Firewall component of Routing and Remote Access. If the NAT/Basic Firewall component of Routing and Remote Access is enabled, you cannot also enable Windows Firewall or Internet Connection Sharing.
IPsec The IPsec component, Ipsec.sys, is the implementation of IPsec in Windows to provide cryptographic protection to IP traffic. Ipsec.sys examines both local host and transit IP traffic and can permit, block, or secure traffic.
----
Things like the fact that IP Security Policies, Software firewalls, & PORT FILTERING, all work with the security of the Tcp/IP stack, via diff. drivers & at diff. levels of the ip stack, via these discrete drivers:
ipsec.sys
Ipfltdrv.sys
ipnat.sys
tcpip.sys (IPv4)
& any custom "hooking drivers" that other software firewalls do...
(As it is implemented in Windows 2000/XP/Server 2003)
APK
P.S.=> People who use VISTA told me that the PORT FILTERING gui interface is gone, & I have not seen it in Windows VISTA (logged on a normal user, not administrator @ least), so, care to tell me otherwise? I also noted you "steer clear" of the portion of my original post regarding HOSTS files also... why is that?apk
Did you not see Independence Day? Jeff Goldblum took down AlienO/S with some C++ he wrote on a fucking Apple Notebook. He didn't even AUTHENTICATE for god's sake. Vista is a goddamn fortress next to that.
Think of it like this:
Windows is a skanky woman with halitosis and an ear-grating accent and laugh. She has a habit of going out in the bad part of town drunk and stoned, in a short skirt and no pants, and saying (in an ear-splitting shriek) "WHAT COULD POSSIBLY GO WRONG? LOL!!!!1!"
This Microsoft marketer is proclaiming her to have taken the best possible brand of condom with her in her bag.
http://rocknerd.co.uk
Let me get this straight... you're installing keyboard drivers? That could be your problem...
Don't you wish your girlfriend was a geek like me?
Welcome to the party MS, sorry to see you were late as usual.
The NSA's SELinux has been ported to FreeBSD, Solaris, and Darwin. Oh ya, it was released years ago. Vista SP2 isn't even out of Beta yet!
http://www.nsa.gov/research/selinux/faqs.shtml#I2
* Clean separation of policy from enforcement
* Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context)
* Individual labels and controls for kernel objects and services
* Caching of access decisions for efficiency
* Support for policy changes
* Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)
* Controls over process initialization and inheritance and program execution
* Controls over file systems, directories, files, and open file descriptors
* Controls over sockets, messages, and network interfaces
* Controls over use of "capabilities"
My first thought was that if you start using words like "all OSes" then that includes smaller OSes that are mathematically provably correct and used in the safety critical industry. For example: http://www.informationweek.com/blog/main/archives/2008/11/green_hills_sof.html
I dont see Apple/MS/Linux/any other huge OS putting out proofs of their OSes correctness anytime soon.
What? Are you kidding. Great security features like, oh I don't know autorun enabled by default. If they cared at all about security they would have removed that for a start. Before they start with fuzzy testing of the APIs the could just remove stupid features (like autorun) that allow script kiddies to write viruses.
I'm not competent to judge Windows vs. any flavor of Linux or Unix, but the idea that Windows is more secure than IBM's mainframe z/OS operating system is utterly laughable. Now get off my lawn.
Just after last Christmas I spent £350 on an Acer Aspire 5535 from Asda - £300 for the kit and £50 for an additional 3 year RTB guarantee. The machine is a QL-60 dual-core 64 bit @ 1.9GHz, 3 Gig of DDR2 RAM, a 160 Gig HDA and an integrated Radeon 3200 GFX chip. The OS is Vista Home Premium. It took me a few hours to uninstall all the crap I did not want that had been pre-installed, burn a recovery disk and then install my FOSS of choice. Vista has never crashed, never even seemed as though it might and it allows me to easily connect wirelessly and wired - depending on my situation and it also runs Oblivion (with all updates and DLC) to my hearts' content. I am so happy with this "box". I am not an M$ "fanboi" - never have been, never will be - but this is just what I wanted, at the right time, right price and it fucking works. Having said that I want to make it dual boot and shove an Ubuntu dist onto it for serious work.
Todd: I hope it proves as delicious as the farmers that grew them
You're using hear-say from "professional hackers" for Mac and a mere 2 examples confined to 2 (different) Linux distributions for Linux, versus the ongoing MS "security" track record?!
..?
"That leaves Vista, who hasn't yet had a problem."
========
77 77 77 2e 6d 65 6c 76 69 6e 73 2e 63 6f 6d
The sad truth is the majority of people using Vista have it because that was the only choice at the computer store.
(Then there is the fun bit where MS counts every Vista license purchased as a downgrade to XP as a "Vista sale".)
A stock M3? Most likely.
The Loaded M3 is of course way lighter than a Veyron, being practically a GT-racecar, with track tires, and as such is faster on the Nurburgring.
It is very bad if my car breaks when I try to brake.
Man, this argument has been going on since the late 1970's. The OS names have merely changed. Frankly here's my two-bits: 1> My "main" PC has Vista Ultimate 64 with 4 gigs of RAM, 3.2GHz dual core Core2 and GF 8800Ultra video card. A beast. Ever since I installed SP1 on it, it's been extremely fast and rock solid. I have had less problems and issues with it than I had with XP Professional up to SP2. 2> My media server has Ubuntu 9.04 (Beta) with 4 gigs of RAM, AMD-6600 x2 and GF 8600 card. It's also a beast. It runs very solid, and I use it to program in addition to serving my media. 3> My PS3 has Yellow Dog Linux on it and I am quite happy to sit in my lay-z-boy using that. 4> I have another PC with XP Professional SP2. It's more of my miscellaneous data store. It's old and tired, but works OK. It's the most flakey of all of them. I happen to like to use them all. My preference for games is my Vista machine. For tinkering I have my Ubuntu machine, which has more storage than I know what to do with. It's just as rock solid as my Vista machine. Due to the limits of my PS3, it's not as fun to use Yellow Dog as it is Ubuntu simply because it's only 256mb of RAM in the sucker, but it serves its gaming, media, and browser on TV purposes. Do I have some sort of evangelical or fanatic attachment to one OS or the other? No, all have their purposes. I'm happy with all of them. Nevertheless, if I would compare the two Microsoft OS', then I'd say that Vista Ultimate 64 SP1 is much better and more stable than XP Pro SP2. Seriously. Vista pre-service pack did suck rocks. However, SP1 was what the release should have been. It's even better than XP. Yes, the UAC is annoying, but it can be tamed. I use Linux, XP and Vista. All are good OS'. I don't have to be loyal to one and reject the other. By the way, I've been using Linux since RedHat 5.0 many many years ago. I have also been using Windows since 3.11. Obviously Microsoft is wagging their uh "unit" around making such claims. However, compared to their previous releases, Vista is pretty secure, out of the box. Nevertheless, Linux can be made to be more secure with tweaking, though it's not "out of the box" secure either.
Anyone who uses a computer is a "consumer" of operating systems.
May be you meant "operating systems oriented toward those consumers who don't realize they have a choice?"
My turnips listen for the soft cry of your love
"Windows Vista Secure Edition Is About To Start"
"OK" or "Cancel"
-- "OK" button pressed--
"Are You Sure?"
---button pressed again---
"Are You Really Sure?"
---button pressed again---
"Aw C'mon, You're Not So Computer Illiterate To Really Believe Us; Are You Really, REALLY Sure?
"OK" or "Cancel"
"It's the safest and most secure OS on the planet today..." as long as you either:
a) have anti-virus, anti-spyware software installed
b) are not using Vista but instead some derivative of linux/bsd.
-- Sex is the antonym of pringles. Once you pop it's time to stop.
That must be why Windows Vista has an astronomically awesome EAL1 rating by NIAP labs (link to PDF), why Windows Vista SP2 is trusted by the US government to divide classified networks (oh, wait, did I say Windows? I meant Solaris, SELinux, or HP/UX, mybad), or why my Vista PC got infected with Conficker while my Linux box hasn't had such problems (and it's in my DMZ, while my Vista box ain't!).
Go Microsoft Go.
The Right Reverend K. Reid Wightman,
I think it is misleading in general to call any OS a "secure OS". It might be secure out of the box (if your lucky), but a sufficiently skilled administrator will be able to un-secure it very quickly. The likes of OpenBSD may be intensely secure to begin with, but edit a few config files and this can change very quickly. Same goes for Vista.
Now, if I take a cross-section of OpenBSD users and Vista users, which group is going to be easier to persuade that they should edit their config in a way that leaves their system wide open and bending over...
If the internet was a warzone, would you take the tank which is impervious to nearly everything they'll shoot at you with, or would you take the Mustang, paint a target on the back of your head, and relax, knowing you can have air conditioning while trying to dodge the bullets?
See all those wrecked Mustangs on the side of the road? They too can cause a traffic jam. It's called a botnet.
Since we are moving into military analogies, and If it's all the same to you... I'd rather be flying the A-10 Warthog with the whopping big 30mm Gatling gun that made all those wrecks. And if you think my 30mm Gatling can't crack your Abrams Tank open, think again...
It's absurd pedanticism. If Apple says "MacOS X is the easiest to use operating system in the world" do people respond with, no, the operating system that runs my car is easier to use? No they don't because that's obviously comparing apples to oranges. Trying to make a marketing dude look bad by comparing a production desktop OS like Windows to OpenVMS is just time wasting.
Well, Turner is comparing Vista to "open source", which isn't even an operating system. If we decide to be kind and limit the statement to "all open source OSes", he has still opened up quite a can of worms. In either case, that statement isn't limited to "production desktop OSes" (and we aren't talking about technicalities here). I will be very surprised if Vista SP2 stacks up against OpenBSD and hardened Linux.
Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today.
That statement is very far-reaching, and Turner seems pretty confident about that. I'd say OpenVMS is a valid comparison, though a "tamer" one such as OpenBSD would be better. ;)
Of course, Turner is a businessman speaking to other businessmen, not a professor talking to other professors. I'm amused by the bragging, not angered at the inaccuracy.
Hello my dear friends, I want to use this medium to do an advert about our product being au gold dust and bars. We are a group of local miners from Ghana west Africa, right now we have about 250kilos of gold dust, and we are sourcing for prospective buyers from any part of the globe. We are selling at LME discount. You can contact me on my email id ramsey_kwame at live.com. Then from there, i will send our procedure to you.
FTA: "Because from a compatibility standpoint, if it works on Vista, it will work on Windows 7. If it doesn't work on Vista, it won't work on Windows 7." So... nothing's changed? What's the incentive to upgrading to WIndows 7? If it (nothing) will still work and it (everything) will still not work, is there really a point to just dumping more money at M$?
SIG FAULT: Post index out of bounds.
That leaves Vista
The OS that still has an unpatched remote exploit that grants 'system' execution via the TCP stack, which was been in windows since 2k and still was up through vista and 2k3 server...
If you think One distro of linux (out of all of them) leaving random numbers mucked up for two years, only affecting software not included out of the box... compare that to a remote code execution exploit needing nothing more than TCP connectivity, for EIGHT years!
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
That is some messed up logic there
It's windows. they don't support the cool keyboards without drivers. Same goes with mice. Get more than two buttons and you need special software. don't forget the new tray icons, desktop shortcuts(cause we all need shortcuts on the desktop to keyboard settings) auto updater that runs as admin and interferes with hibernation mode.
Too be fair MSFT only allowed the problem. other companies made it horrendous.
i thought once I was found, but it was only a dream.
hahahahaha
hahahahahahahahahahahahahahahahahahahaha
(PAUSING FOR BREATH)
hahahahahahahahahaha
hahahahaha
SARAVA!
Hello Mr Ramsey, I am interested in the gold you have for sale. Send me details pls.
Can I safely run it without antivirus software and expect my system to not get rooted within days? No? Thanks, but I'll stick with *nix.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted.
I wonder why I haven't ever had a rootkit on my Vista install of 2 years old.
Once a week at least.
My god man, where do you work? Best Buy? And the ratio of loonix machines to M$ machines is?
Point being, the OS is as secure as the device between your ears allows it to be. How is the 'rootkit' getting onto the machine? From my experience fixing windows installs, a quick look at the browser cache and finding "ClickMe_LoveYou.exe" tells me where the security problem really is.
Then ask yourself, would "ClickMe_LoveYou.exe" run on your linux install? This may have to do with the low infection rate of linux installs.
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Wait, what? Since XP? I think you meant since Win 2003, not since XP (since as worded that would include XP)
I still use XP, and for me at least it really seems windows update is tied to IE.
Parts of it in XP still use active x controls, and in some funky strange way as well.
It works fine in IE of course, but load the mozilla active x extensions and I still cant run windows update in firefox.
If you did mean what you typed, I'm really really interested to know how you got windows update to run outside of IE?
but Vista isn't as secure as the NSA's classified operating systems.
Not classified. Published as Open Source. Called SELinux. Available as an enhancement to most major distros. Can be applied to any *nix.
http://en.wikipedia.org/wiki/Selinux
It won't quite make Ubuntu as hard as OpenBSD with the same SE kit, but it will make it much harder in actual operation than even the design objectives for Windows. And still as usable as Ubuntu (ie: more user-friendly for those uninitiated in either OS than Windows).
Aside: I still tell my brother, Mom, and Dad that they should stick with Windows for now. I'm not a zealot. But "It's the safest and most secure OS on the planet today." reflects either a lack of awareness, creative definitions for the words in the sentence, or deception.
When Microsoft gets noexec and chroot we can maybe start to have this conversation. I'm not saying it's a bad OS. I recommend it to people, including my immediate family members. But it is not trying to be as hard as some other operating systems. Be realistic.
Stop-Prism.org: Opt Out of Surveillance
Lies. I have yet to come across the keyboard or mouse (both full-featured and mundane) that required a driver beyond the basic human interface device driver. My Logitech MX3200 set, for example, is perfectly supported with no drivers required.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Didn't get that analogy.
Mod Microsoft COO as Troll.
Actual quote from Apple.com
["Brains⦠Whatâ(TM)s inside a Mac? Only the worldâ(TM)s most advanced operating system and a suite of software thatâ(TM)s just as brilliantly designed as the computer itself"]
It seems you can say whatever you want nowadays. With no fear of potential lawsuits for misinformation. So in order to keep up with the present marketing concepts, - SkunkHunter is the greatest game ever made
I think you're confusing Windows Update with Automatic Update. The latter has a separate client UI, the former is definitely in still in IE in all OSes prior to Vista, and in Vista is probably using it embedded in Control Panel.
"Pity that it will be MicroSofts' customers, not MS that will suffer when the hackers, script kiddies and miscellaneous ne'er-do-wells inevitably trash the security for their latest offering." - by m0nkyman (7101) on Tuesday April 14, @05:24PM (#27577555) Homepage
B.S. to this article, on 2 issues, as regards security (AND, bloat/inefficiency), & with 2 concrete examples thereof:
----
1.) THE REMOVAL OF THE PORT FILTERING GUI FRONT-END CONTROLS in VISTA &/or Windows 7, for one thing - Port filtering functions perfectly operating simultaneously alongside software firewalls, & IP Security Policies
(All 3 security "filters" for IP here, run FINE together, even w/ a NAT true stateful packet inspecting "firewalling" router, for example)
They do so in a layered security manner, just like door handle locks (firewall), deadbolt locks (port filters), & chain locks (IP Security policies) do...
(I.E.-> Take 1 of those 3 layers down (which is what many malware seek to do, right away)? The others are STILL IN THE WAY, since they all operate via diff. drivers & on DIFF. LEVELS of the IP stack...!)
AND, FOR ANOTHER?
2.) The issue with HOSTS files involves EFFICIENCY more than security though!
See - in removing (after the 12/2009 Patch Tuesday update) 0 as a valid blocking IP address (vs. the larger & slower 0.0.0.0, & worse still the default 127.0.0.1 loopback adapter address)? MS made a blunder on disk, & made things less efficient in HOSTS files, since the filemass is now larger & WILL be slower to read thru, as well as not being able to 'pack' as many entries into a tinier filespace to read them up from.
(Contributing to inefficiency & yes, "bloat", in doing this latter one... I merely note this, because HOSTS files do have a tremendous security benefit as well - blocking out KNOWN BAD SITES, & making THAT less efficient, is rather dumb!)
----
AND, before I see another "raging/foaming @ the mouth" name tossing reply, like I had here (& set him straight on his misunderstanding) -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27579551
?
Take a read all, & the quote of "ComputersHack"'s there:
"Utter fucking bullshit. Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist." - by Computershack (1143409) on Tuesday April 14, @06:37PM (#27578863)
Ok:
It sounds as if you're talking about Windows' Firewall, & its ability to "filter ports" (by known services/ports)? That's NOT THE SAME...
(AND, the one you're talking about operates via Windows' own firewall driver level, NOT the same driver used for PORT FILTERING (or IPSec either, not even same listener ports, like IPSec uses 445 iirc) in earlier models of Windows, unless YOU can prove otherwise... I don't think you will be able to either & I think your understanding of this is limited to be honest...)
SO - Before you go tossing anymore names in the uncouth manner in which you do this?
Take a read here, & realize a few things:
http://technet.microsoft.com/en-us/library/bb878072.aspx
----
TCP/IP filtering Allows you to specify by IP protocol, TCP port, or UDP port, the types of traffic that are acceptable for incoming local host traffic (packets destined for the host). You can configure TCP/IP filtering on the Options tab from the advanced properties of the Internet Protocol (TCP/IP) component in the Network Connections folder.
Filter-hook driver A Windows component that uses the filter-hook API to filt
Every operating system is vulnerable as long as it provides a service. No matter how many of these "correctness" verification routines are run, they will never be able to outmatch what is learned in the field.
OS X, Vista, and all varieties of linux cannot be proven to be secure. Vista has a lot of know-nots that open the machine wide open to "click here and win a prize." How can you anticipate what someone will come up with in that vein?
All told, no operating system in secure on its own. Nearly all of the security is up to the user and system defaults. If I know my buddy's root password, how secure is Vista, Mac, or Linux?
This article brought to you by Microsoft shills.
from the government and I'm here to help you.
Duh. He wants a Conflicker-based OS.
"Today", sure... how about in three weeks time? Will it be back to "business as usual"?
No sig today...
Really, because the last "professional hacker" who cracked it at once of those conferences said it was still the MOST secure.
Yeah, real Mac users don't surf the web. They just stare at their wonderful shine plastic box and are happy with that.
Perhaps it's best not to make these kinds of claims on Patch Tuesday.
Surely this should have been posted on April 1st.
Considering how many people still use XP, that information definitely still applies. For example, according to http://en.wikipedia.org/wiki/Operating_system_usage, 68% of desktop computers run XP, while 22% run vista. That information is not out of date at all, let alone "many years out of date."
When Commander Taco was posting this article I'm pretty sure he put on his asbestos undies and muttered something about the smell of napalm in the morning breeze. :)
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
All of the MS bashing is missing the real point here. Kevin Turner, COO of Microsoft compared Vista to Linux.
Do I need to spell that out? If the OP is accurate, an executive officer of Microsoft, the largest software company around, and one of the richest companies in the world is worried enough about competition from Linux to make comparisons with their flagship OS.
He didn't mention BSD, right? Didn't mention SunOS. Or Unix. Or OS/2. Or OS9 (personal fave). Or any one of three dozen other smaller OSes. But he did mention Linux. This isn't some marketing drone. This isn't a throwaway statement from a salesman. This is the Chief Operating Officer. This is a Big Deal. No, strike that, this is a Huge Deal.
Ladies and Gentlemen, Linux has arrived. It is on the big stage now. Let's not blow it.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
No, really, is this arrogance or ignorance or Igor-rance?
It's so safe, that no one uses it! It's kind of tough for it to be unsafe when everyone refuses to touch it! That would be like Rosanne Bar being in the high-risk category for STD's.
No he is just pointing out an outrageous statement, more MS BS hype.
The safest OS on the planet is MS-DOS on a box with no floppy drive and no ethernet or serial ports. Of course, you also can't do anything with it except get eaten by a grue. I'm not really sure what your point is, other than to appear clever by overly literal statements.
http://www.phrack.com/issues.html?issue=59&id=9
Quoth the article:
anti-virus, anti spy/malware, internet explorer, and outlook, and MS Office?
He never stated which planet...
Since the statement came out of a rectal database, the planet must be...
URANUS!!!
... the feeling I've stepped in this crap before.
Isn't this the same argument Windows fanbois employ to explain the "apparent" safety of the Mac OS? i.e. if you have the lowest marketshare then no one is out there deploying exploits in your general direction.......?
I was rather shocked to find the Win 7 beta to be easy to deal with. (after the disaster/joke that is Vista!) On a generic 1 year old laptop it was 22 minutes from inserting the DVD to completing login to the desktop. And it didn't ask for a single driver.
I used it the next day to do dial in support for customers while I was on jury duty. I had a drive with my XP load for the system but it wasn't worth shutting down the computer to swap drives.
I still dislike the visually complex 'cartoon' interface (visually simple lets the eye see what's important faster) and the graphic "Let's guess the user with the weak password" login. My real worry is doing data transfers. There is so much of the file system that you can't touch that moving people's randomly scattered junk will probably be a real pain in the future.
1998 called. They want their complaint back.
Seriously, though, XP supports 5-button mice and out of the box. Not sure about keyboards (I use Vista 64-bit now, which supports most of this cheap keyboards extra buttons out of the box).
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Ubuntu being a fork/branch of Debian? You're forgetting Mandrake/Mandriva, Slackware, SuSE/SLED/OpenSuSE, DSL, a dozen OTHER Debian's... Damn, we're talking hundreds of Distro's and you're trash talking because of two of the seven or eight major D's out there, not to mention their branches and the BSD's... You know, I know a guy who got sick at a restaurant once and never went back to any of the chain's 100+ franchise stores because of it. Sounds like you'd get along with him. Mockery gains us nothing.
Um no, its still IE Windows update. Its just a fancy gui over it, but it is STILL IE at its core.
"Slashdot, where telling the truth is overrated but lying is insightful."
cause them boys are smoking some mighty potent bullshit over there to be making claims like this.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I would say that an OS that refuses to even run on my computer must be the safest OS imaginable. And to want to actually do something with your computer is so nineties.
Windows Vista has noticed that you gave a positive comment about its security.
Windows needs your permission to continue.
Continue or Cancel?
Not classified. Published as Open Source. Called SELinux. Available as an enhancement to most major distros. Can be applied to any *nix.
http://en.wikipedia.org/wiki/Selinux
It won't quite make Ubuntu as hard as OpenBSD with the same SE kit, but it will make it much harder in actual operation than even the design objectives for Windows.
People keep saying this, but I suspect that many of them have never tried to work around SELinux to create malware.
I haven't created malware, but I have beaten down SELinux "protections" with no extra tools beyond what was already installed by the distro. Once you understand SELinux contexts, it turns out they don't prevent you from doing anything that the current UID would be permitted to do without SELinux installed.
What's worse is that when running as root (which some programs have to do at some point on any Linux system), it's very easy to completely subvert SELinux, without even any logging of what was done...a simple "setenforce 0" will allow you to tinker all you want, but there are many other ways.
Wrong. They broke the entire OpenSSL library, not just some initialization scripts.
Wrong. Not only did they break the entire OpenSSL library - they broke it in such a way that every damn certificate created using that distro was one of a "limited series" of around a thousand certs.
They broke the seeding of the PRNG such that the only seed was the PID.
It was, in laymans terms, a fucking disaster. They may have well enforced everyones root password to be 'password***', pick your three numbers.
3laws: No freebies, no backsies, GTFO.
Please, don't say you want 300MB of your RAM wasted for Aero, when you could use them when they are required by applications.
That's one of the most ignorant arguments against using Vista that gets spouted over and over again on /.
Aero looks good on the desktop and helps make more sense of open applications. Windows also "pop out" at you more than they ever did with Luna.
Finally, consider that 4GB of DDR2 RAM is readily available for under $30. That 300MB of RAM is a $2.19 investment in your computer that raises the attractiveness of the UI over its entire lifetime. You probably spent more than that on lunch...
And seriously, Vista (post-SP1) really doesn't crash anymore than XP ever did.
Boot Windows, Linux, and ESX over the network for free.
Hmm, that sounds so familiar: "Who are in control, they are not in control of anything - they don't even control themselves!" "These cowards have no morals. They have no shame about lying" "They are like a snake and we are going to cut it in pieces." "Please, please! The Americans are relying on what I called yesterday a desperate and stupid method." "This is unbased" "I have detailed information about the situation . . . which completely proves that what they allege are illusions . . . They lie every day." "They think we are retarded - they are retarded."
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Server 2003?
XP SP3 was released less than a year ago.
Eric Baird
This is just like them calling the Titanic "unsinkable". We all know how that turned out...
Do you perhaps mean Automatic Updates? To access Windows Updates on XP, you must use IE.
"You are coming to a sad realization."
Well, together Debian Ubuntu and Red Hat probably compromise the majority of Linux installs these days.
Wow. I didn't know that the majority of Linux installs were compromised, let alone by those particular groups. Can either of them compromise SuSE 11.0?
Evaluation by Common Criteria Portal:
Microsoft Windows Vista and Windows Server 2008. Evaluation Level: EAL1
Miracle Linux:EAL1
Red Hat Enterprise Linux Version 5.1:EAL4+
Microsoft Windows Server 2003 SP2; Windows XP Professional SP2 and x64 SP2; Windows XP Embedded SP2 EAL4+
Microsoft Windows Server 2003 and Microsoft Windows XP EAL4+
http://www.commoncriteriaportal.org/products_OS.html#OS
This at least shows that Vista is total swiss cheese and that much-patched 2003/XP is in the same ballpark as some linux distributions.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Or whatever the NSA uses on their hardest systems?
Windows 2000. People tend to greatly overestimate the NSA's technical ability. All the really smart people are in private sector and work for the NSA as contractors
This is the best chance to MS bash I have seen in ages but since hitting 30 allot of my views have changed. I have been building computers for over half my life, I have used Windows and Linux for as long as I can remember and I have had some recent thoughts about this.
If you bought a car and drove it into a wall would it be the manufacturers fault? No. Granted Microsoft's operating systems have some security issues, virus' and malware are rampant throughout the interweb but computers will never be 100% secure.
On my gaming rig that I often end up using for browsing as well I have an over clocked 2.4 to 3.2 quad core Q6600 aftermarket air cooled and Vista ultimate 64 and it has never crashed ever, not once. (Post voltage settings and prime 95 all night stress test) This machine is never switched off and rebooted very rarely. I use Symantec Endpoint Protection, Spybot, Malware bytes anti malware and Firefox for web browsing with no script and I am constantly infection free. The operating system is as responsive as it was when I installed it. If you had a car and did not service it would it stay at peak power or would it develop problems? Of course it would. Vista can work if you protect your computer and spend a few minutes a week keeping it clean.
Computers require maintenance in exactly the same way cars do, and it is nothing short of naive to consider otherwise. It is up to professionals like us to tell others that installing a few simple, free programs can protect them from the majority of web based attacks.
I guess what I am trying to say is it is easy to bash Microsoft for security but it is not their fault that there are tens of thousands (more?) of sad malicious people that want to screw over the normal user with infections. Microsoft said they would take a better stance on security and they are. Granted, the wheels are moving slowly but they are moving. Overhauling an entire operating system is no easy task while maintaining a high degree of backward compatibility. Vista was a step in the right direction for the home user and I am looking forward to Windows 7 to see how it is.
So bash Microsoft all you want, I have been there, done that, bought the T-Shirt but I will give credit where credit is due. Just my thoughtsâ¦
- Sig
..the safest OS on the planet. mahahahaha! he's not talkink about planet earth, is he? wasn't april fool's day two weeks ago? morons!
Those in security know that security is a balancing act. Increase security, and you decrease usability as well as increase the annoyance factor. Increase it too high, and users tend to bypass or disable security. Increase usability and decrease the annoyances and you decrease security. Vista is indeed a pretty secure Operating System, when used properly. Unfortunately that same security also tends to be pretty annoying. The constant pop ups lead the vast majority of people to either start clicking without thinking, or leads them to turn off security features. Many of the students I teach that use Vista (and these are a very small percentage - Vista still hasn't caught on with the digital natives) have turned off many of the security features Vista offers. So while Vista is indeed a fairly secure platform in theory, in practice it isn't, because the users disable the security. More secure than Linux? I can't say that, because I just don't know for sure. However, in the real world it isn't because of what users do to the system. Kind of like the Linux user who always runs as root. I applaud MS for their attempt at making their operating systems more secure. I hope they aren't deluding themselves into thinking that they haven't made some serious mistakes as well. Right now if you have a security problem they can ask you if you have disabled features, and when the user says they have, MS can wash their hands of the situation. That is not true security. A good first step, but it definitely needs improvement. They still need to find the correct balance between usability and security.
Open Source: Eroding the Digital Divide
I installed Zenwalk Linux on my 79 year old Mom's compromised (by malware) XP computer two weeks ago.
Linux can run on 79 year old hardware.
and I promise not to...
If VISTA is so sooper-dooper, why is there no mention of it on the front page of microsoft.com. Lots of other MS products, including Windows 7 Beta! Poor VISTA, she must feel unwanted even in her own birthplace. Strange way to treat your flagship product, if you are really, really proud of it.
If you want your life to be different, live it differently.
It's not used in XP, except optionally. XP is perfectly capable of pulling all the updates it needs without invoking Windows Update through IE. (You do have fewer options when you do it this way, but it certainly works.)
I appreciate you trying to correct misinformation, but please correct it with actually correct information.
(I can't speak for Windows Server 2003. My guess is it can also update without invoking IE. Server 2008 certainly can.)
Comment of the year
Would you rather that RAM sit there doing nothing?
I have two RAM sticks in a battery-powered computer. If I don't have enough resident data to fill the first stick, I would rather have the second stick turned off and not drawing current from the battery. Or how would that be entirely impractical?
I don't even want to know how many "cancel or allow" dialogue boxes they have added to this service pack
an OS that prompts you every 30 seconds to confirm your actions is hardly user friendly. Not only that, but when users a prompted so frequently they begin to just click through the dialogue box without reading it - thus making the system less secure AND a pain in the ass to use!
Which planet is Turner from?
Have gnu, will travel.
With 4G of RAM selling for $25-35 dollars these days on Newegg
And how much for a motherboard and CPU that can take that much RAM? The PC I have costs me $0 because it's been fully depreciated; a PC that can run Windows Vista would cost hundreds more.
Vista 64 is a good alternative
Not for hardware hackers. Windows Vista 64-bit editions require all kernel-mode code to be digitally signed, and if you try to install a self-signed certificate in order to use a driver that you compiled yourself or that a dedicated hobbyist compiled for you, Windows puts ugly "Test Mode" banners in all four corners of the screen.
Much like Microsoft and the whole C2 thing, OpenBSD is secure when you don't use anything useful on it.
I'm a BSD fan, but OpenBSD just changes their definition of 'exploit' everytime an exploit is found. I used to think it was impressive for their sayings on their website like 'no exploits in 10 years'. But then it happened, and it was changed to no remote exploits, then no exploits in a default install, and it appears now they've finally started admitting to it a little better.
But really, you can't actually put a lot of faith in OpenBSD, as good as it is, Theo is far far to egotistical for me to put any faith in him. Considering its install base, its not really surprising it doesn't have many known exploits.
What the NSA uses on their hardest systems is no networking in a secure room with about 150 other reasons why it wouldn't matter even if the OS was exploited cause you aren't living with the data unless you can memorize it anyway.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
No, it isn't. It may still use the inet library, it may (possibly) use the trident renderer, but that isn't IE.
Because the rootkit on your linux box is better written than the windows one so you haven't noticed that its doing EXACTLY what its supposed to? You can act all cocky and bad ass, but if a rootkit does its job, you never know about it, and since you're acting all cocky and bad ass its a safe bet you really don't have a clue.
And seriously, once a week? Just because you keep going to the same malware infested website on your vista PC and getting infected with the same stupid virus does not mean there is a new exploit every week.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Wrong, it only worked in IE long after XP's release.
SP2 was where it no longer was dependent on IE.
It didn't exist before the release of XP.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Does Vista do everything openBSD does? I don't seem to remember anything in the release notes about Vista shipping with a SSH or Web server. Hell does windows even ship with an SSH client yet?
Of course, the XP and Vista versions of Automatic Updates both use the same Microsoft HTTP DLL that IE uses to fetch data.
So, there is some truth to the statement that the most dangerous program is used to install updates. And that HTTP component has been patched a few times to fix unspecified "critical security issues".
Of course, Turner is a businessman speaking to other businessmen,
And that's dangerous. What happens when these other businessmen go with Windows in an environment which demands a much more secure OS?
Don't thank God, thank a doctor!
Citation needed.
I want to agree with you, because that would be fucking hilarious, and it would just fill my heart with glee. But I'd like some evidence.
Don't thank God, thank a doctor!
"" Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built ""
Micro$oft is finally admitting it.... Or in other words "this is the best we can do".
Internet Explorer is one of the most pervasive viruses out there, and I'm guessing it won't be hard to find Vista systems infected with it.
... 4 out of 5 dentists recommend (pick your brand of toothpaste)
At the airport I was chatting with a guy clearly running winXP, I see the Vista registration sticker and say something about like "oh you were downgraded from Vista." His response (clearly talking about current XP OS) no, I haven't had any problems, I really like Vista its much better. (I should have noticed it was a corporate laptop, same scenario as my corporate laptop, the sticker says Vista, but its not...)
Umm, no.
A certain high-profile distro accidentally disabled the pRNG in it's sshd initialization scripts.
This is false. The Debian OpenSSL maintainer commented out the line that added entropy to OpenSSL's pRNG. It's very hard to tell the difference between good security and bad security.
From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:
----
"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero interaction with each other:
Windows Firewall that was first introduced in Service Pack 2
TCP/IP Filtering, which is accessed from the Options tab of the Advanced TCP/IP Properties sheet for the network connection
IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in
On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service (RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"
----
Lame reasoning imo!
I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).
AND
Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES, layered ontop of software firewalls, NAT "firewalling" routers (or true packet inspecting stateful units also), &/or RRAS methods even + more?
WELL - You get, AS THE RESULT, what you get, via lack (in part) of "layered security", or weakening it, as MS clearly HAS done via my original post here (infested systems galore online today).
APK
P.S.=> As to the "effete/impotent" retaliation of modding down my original post above -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27578269 from being scored originally as +1 Informative or Interesting, & now modding it down as a 'troll'?
Hey, you only messed up on this yourself, not I... others who saw this post here this week thought QUITE otherwise, such as Bert64 here ->
http://tech.slashdot.org/comments.pl?sid=1197039&cid=27576845
apk
And if the internet was a bowl of salsa would your OS be a tortilla chip or a potato chip?
The internet isn't a warzone and an OS isn't a vehicle.. There are so many problems with your analogy it's not even worth trying to list the problems
// MD_Update(&m,buf,j);
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted. Once a week at least.
Because Linux is so secure, of course. What else could it be?
// MD_Update(&m,buf,j);
MAC: Hi, I'm a Mac.
PC: And I'm a PC.
LINUX: Hi, I'm Linux. Who are all those guys behind you Mac and PC?
PC: Oh it's just Ballmer.
MAC: And Jobs
LINUX: And all those others? And why are they picking your pockets, and going through your wallets?
PC: Well, anytime we want to do something, or want something extra, we have to pay.
MAC: Yes, in fact there are industries based on removing money from our wallets.
LINUX: Hahahahahahahaahahahahaah!
Great ==> Thanks for ruining my whole day!
I was having a great month until I was subjected by your rambling bullshit.
Now I'm going to have to beat my wife. Thanks a lot.
---
Dick.
Sincerely, Yuri Urvanovich Klastalov (YUK)
""It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today.""
-----Translation: "The key is under the mat."
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
shhh!
next thing he's going to be suspicious of the chassis drivers
So they're saying that their client OS vista is more secure than windows 2008?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
My point is risk assessment is hard, and "security" is only one factor of quite a few in the calculation.
My sub point is that this Microsoft guy is full of it, even if what he is saying is somewhat true.
Patched Vista with DEP enabled is a fairly tough nut to crack security-wise, and Microsoft is no longer the laughing-stock of the security world.
On the other hand, this MS spokesperson is implying that you are safer on Vista then OS X or Linux, and due to a number of factors that's probably not true.
Blessed are the pessimists, for they have made backups.
I've warned Kevin over and over to stop smoking dope. It is ruining his judgment.
Maybe it's better in vista, but in xp for my Logitech Illuminated keyboard I needed to install setpoint for the sound volume controls, search shortcut, media controls and a bunch of other things I don't use to work. This is also true for my mouse's 6th and 7th buttons and to be able to rebind those buttons so that they're actually useful.
As someone who spent many long hours performing patent searches while working for a consultant to MS Hardware, I can assure you that yes, they do their own hardware design. They are subject to counterfeiting and "third shift" IP theft* just like many other companies who manufacture overseas, and the keyboard you saw was no doubt one or the other. In parts of Asia it is just as easy to find counterfeit or copycat Logitech stuff too. I know because my company bought them to study.
* Third shift theft is when a company (often Chinese) signs a legitimate manufacturing deal with a U.S. company but purposefully overproduces. So say Company X does a deal to manufacture 2 million MS keyboards. They produce 2.5 million and do another deal on the side to slap a no-name label on the extra 500,000.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
IE7 needs to run in a sandbox because users were foolish enough to run it as an admin user in the first place...
Unix has had the capability to run a browser in a sandbox (chroot) for many years, it is considered less necessary because noone runs their browser as root and linux browsers are not being targeted so heavily by hackers, but the capability is there and always has been.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Seriously, though, XP supports 5-button mice and out of the box. Not sure about keyboards
Xp supports 5-button keyboards out of the box too.
Not only the slowest runner.
Let's say unicorns are very slow runner but rare.
The hungry lions would settle for more accessible food, even it is harder to hunt. Like Rhinos, they have a horn too.
Don't forget systems with MLS security which makes SELinux feel like a breeze to operate.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
He said "OS" with no specifications. This means all OSes.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
"Vista Post-SP2 Is the Safest OS On the Planet"
I seem to remember hearing that before somewhere.... oh yeh! When they first released Vista!
"Windows Update does not use IE and hasn't since XP"
I hope 'since xp' you mean 'Since the OS after XP came out' as XP still uses IE for Windows Update - albeit most of the actual functions are carried out by an ActiveX Control.
But behind you there is a lot of jam made out of former traffic.
> I also disagree that ASLR was old hat before MS announced support for it. ASLR isn't old hat even today.
Good God, man, ASLR was first introduced in 2001 with some patches for the Linux kernel, which is practically ancient history for a computer security geek. Next you'll be telling me that WEP is cryptographically weak. Although WEP was introduced in 1999, the cryptographic attack on the IVs wasn't disclosed until August 2001; around the time when the term ASLR was first coined. Just for reference, the Linux 2.4 kernel was not yet released at the start of 2001.
> As to your comments that MS NX and ASLR in Vista SP1 mean nothing, the back to back winner of pwn2own seems to disagree.
First, I didn't say that it "means nothing." I said that it wasn't as great as you're making it out to be and that Microsoft wasn't somehow at the head of the pack.
Second, security contests are a bad way to metric for a great many reasons that anyone who was part of the security community ought to know by now (they're gimmicky, they don't attract top talent, they're no replacement for a real security audit, and they're frequently used to "prove" things about security that simply aren't true). I'm not saying that guy who won is bad at security (anyone who can write their own exploits has to know a thing or two), just that you cannot and should not judge expertise by how many contests someone has won. Computer security is not a sport.
Third, I still say you're misreading what the guy is saying. You made me research it more than I had bothered to yet, but Vista's ASLR implementation isn't all that great (PDF). Apparently, this one guy hadn't worked out how to use any of that in time for the contest. Don't worry, even with the contest over, hackers will continue to analyze it and exploit those weaknesses later.
> There is only one mainstream OS that ships with it on, so it's not old hat yet.
If you're going to play the "mainstream OS" game, I'm going to have to ask for a definition of "mainstream" that isn't ad hoc. Especially when you say "ships." Nobody uses just the Linux kernel and nothing else, they use a packaged distro (several of which do, in fact "ship" with this on, because they're made with security in mind). Linus' kernel is not the end-all-be-all of Linux. Hardened Linux distros are widely used and generally contain features like ASLR by default (along with a great many other things).
Furthermore, OpenBSD is quite mainstream for security-critical applications. I personally prefer using Linux, but if someone wants a server and security is top priority, I would start by exploring OpenBSD-based solutions followed by various hardened Linux distros. There's no way in hell I'd go to Vista first. Their security records aren't even comparable, particularly if you want to compare default installations.
Now, you can either continue to insist on misunderstanding what some security guy you don't know wrote, or listen to someone who was a part of the security community when ASLR was new. It's old hat.
But that's okay, if you hang around long enough you'll find out that people often find really old stuff (say, the reasons for using SYN cookies) and think they've discovered something brand new. It happens all the time in the security community. That, too, is old hat.
It's been happening since long before I first learned the basics of the art.
It's the safest and most secure OS on the planet today.
I know Vista being more secure than any of the other MS system, but comparing the security with other OS is pointless when you are named Microsoft, which means "I provide OS for the large majority of computers" for hackers over the world. The more hackers an OS interests, the harder it is to keep it safe. Because I don't believe in a perfectly secure OS.
You want a secure OS? Then don't choose a MS OS. Period.
They who would give up an essential liberty for temporary security, deserve neither liberty or security. --Ben Franklin
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
Translation:
I have more lawyers than you, I can lie my ass off and nobody can do anything about it. And I know there are people out there who will believe anything.
Sales people bend the truth. Sometimes they bend it really far.
The pwn to own prize was $20000 plus the laptop on the first day, (it dropped as they allowed more attack vectors) so whatever machine you wanted the best machine to attack was gonna be the weakest. (You can always ebay or give your gran the unwanted one.) Look here
"It's also the most secure OS on the planet, including Linux and open source and Apple Leopard."
I have never heard of the OS "open source" before. Perhaps I missed it? Either that, or Kevin Turner isn't someone tech-savvy enough to creditably proclaim safety and security dominance.
Awesome choice Microsoft! The guy who is in charge of your day-to-day operations doesn't have a complete understanding of the competition, or even sense enough to have someone knowledgeable fact check his press releases.
Guess he was busy with planning the stimulus bridge...
line 01: jmp 01; ;)
No hacking possible!!! 2 bytes long OS!
Windows supports the USB Hid class, and that allows pretty much anything in terms of mice and keyboards. So n buttons, scrolling, zooming etc is all supported by the drivers in the OS in mice. Most keyboard functions are handled pretty well too - there are dedicated scancodes for multimedia functions, sleep and so on. All this stuff works with the Microsoft drivers in the OS.
Of course, if you want to differentiate your product, you're supposed to invent some functionality which is unique, and then you probably need at least a user mode application to glue things together - basically it needs to listen for events from the device and translate them into API calls.
And companies tend to be obsessed with branding and insist on developing in the latest .Net so you tend to end up with a 'driver' CD that installs a fairly large application. Even worse it will often use hooks and inject a DLL into every process, layer drivers above or below hidclass.sys and so on. Now in my experience big vendors get this more or less right eventually - there's overhead to be sure, but it is stable. Small manufaturers get this completely wrong.
But if all you want is a scroll mouse or a multimedia keyboard, don't install the 'value added' software and all the unorginal features will work.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I'm quite disappointed.
The quote says that Vista SP2 "the safest, most reliable OS we've ever built". "we" as in Microsoft.
Since when is Microsoft "the world"?
They say its the most reliable THEY have ever built, but they dont say its the most reliable on the planet. i.e. its still got loads more bugs than anything else out there.
and the titanic is unsinkable! ;)
XP, Service Pack 1. Seven years ago. Since Service Pack 2 a separate client-side application has been used.
But as usual some parts of my body are to big to allow me dance.
I just wet my pants with laughter...
Our culture doesn't get smarter, it just finds new ways of being retarded.
I wonder why I haven't ever had a rootkit on my Linux installations but ...
A well written rootkit leaves one marveling at its absence.
A look at the index.html page in the CVS repository (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html) reveals that this is not true in the form you told it. As you can see, the "bragging" as the call it in the first introduction, started with Revision 1.284 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.283;r2=1.284;f=h) like the following:
So the statement was always about remote holes (besides localhost holes) in the default installation. In Revision 1.305 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.304;r2=1.305;f=h) the "localhost thing" was dropped and in Revision 1.391 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.390;r2=1.391;f=h) a "Only" was added.
:-)
In Revision 1.534 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.533;r2=1.534;f=h) and 1.535 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.534;r2=1.535;f=h) the years were updated. In Revision 1.549 (http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.548;r2=1.549;f=h) the statement changed from "Only one" to "Only two" remote holes which is the current version.
Costed me five minutes of cvs crawling.
Normally I like to play devil's advocate, but this statement is total and utter bull. Having the SP2 beta on my laptop (which I am using to write this now), I can say that while it's OK, I'd go back to XP in a heartbeat if all the hardware and games weren't made for Vista now.
How is it possible to satirize this - did he have his fingers crossed whilst he spoke? We should be told!
Fact checks: Debian is different to Ubuntu (but both were involved in the pRNG cockup), and Fedora is the community-run testbed which had a compromised package signing system for a few hours. Fedora is the feeder system to Red Hat Enterprise Linux, but Fedora and Red Hat Enterprise Linux are not the same thing. You may as well mention that the Debian source repository was compromised around 2003-4 timeframe.
The issue is whether you trust these outfits which admit and then rectify these issues and still let you vet the source code (if you're inclined that way), or if you want to trust the company whose press releases tell you that their software is the most secure on the planet.
Comment removed based on user account deletion
Umm.. what about z/OS ? by what metric are we comparing here ?
If we are using 'on the planet' to contain our set of compared OS's, then z/OS is eligible..
Although it does raise the question, is there a more secure OS on the Mars Landers? I'd query the ISS, but I'm not sure if that's close enough to earth to actually count as 'on the planet', even tho it's going round it..
Windows prefers to cache IO. Makes loading an application faster if you have a demo machine (since you won't be demoing with too little ram or too many open apps) but kind of sucks for real use.
Lets alter this statement to "We knowingly choose to stiff former customers with performance and security issues".
Microsoft or a capable third party, could easily port improvements in Vista, to XP or release a re-jigged SP for XP, buy shifting a few core dll and kernel patches.
But they choose NOT to for the sake of $$profit.
Best remembered as a bad, uncaring corporate citizen.
I have a Logitech keyboard that exhibits that behavior. I've discovered that this is due somehow to how I position my legs while typing.
The problem is also fixed if I move my tower, but I have neither the location or motivation to move it.
"Lack of speed can be overcome. In the worst case by patience." --Znork
Is it any surprise considering the minuscule number of users Vista has obtained. The majority MS world is running on XP... Who's going to take their time to infiltrate an operating system that isn't guaranteed running at every internet doorstep?
Huh??? What OpenBSD patches are you talking about that would lock it down any more than the base install? The whole point of OpenBSD is secure by default. The system is quite minimal as is. I don't know of anything that would be added which would help this 'lock down' you mentioned. Maybe patches for applications installed by the user?
Ok, maybe for Linux, but throwing OBSD in there was just random.
Yes indeed, where have you drawn that line exactly?
Fear is the mind killer.
What do you mean by USED? Have you tried the "free" command? It can tell you how much of the USED [sic] memory that can be (almost) immediately handed over to other stuff.
"Sincerely, Yuri Urvanovich Klastalov (YUK)" - by Anonymous Coward on Wednesday April 15, @01:29AM (#27582631)
Alias the "RUSSIAN HACKER"... lmao, "NOT!"
Hehe, I am Getting a picture of "Boris & Natasha" from "Bullwinkle" here, in fact - lol, ala -> http://msa4.files.wordpress.com/2008/09/boris_and_natasha_1.jpg !
(You know: The kind(s) of online scum who wreak havoc of all kinds on people, especially "noobz" (yes, that takes a real saint/hero to do, NOT)... The types who now is/are "upset" that I notified others of what strongly appears to be MISHAPS, on Microsoft's end, as regards VISTA &/or Windows 7 port filtering, AND custom HOSTS files... which has adversely affected BOTH speed/efficiency, AND layered security, both, also, which perhaps he intended on using no less? NO, couldn't be... lol!)
?
Well, then I guess it's "SORRY BORIS & NATASHA - Didn't mean to 'give away your plans for world domination'", ala "Pinky & the Brain" style...
APK
P.S.=> Oh well - until SOMEONE from Microsoft answers me back with a LOGICAL TECHNICALLY SOUND REASON as to why HOSTS files can no longer use the more efficient 0 blocking IP address (for blocking KNOWN bad sites, for added layered security no less in this capacity, vs. the larger & slower 127.0.0.1 loopback adapter address, OR, 0.0.0.0 VISTA &/or Windows 7 can still use, though both are less efficient on disk & in how much they can pack into a file, making them slower & more inefficient still) As well as WHY Port filtering's GUI was removed in Windows 7 + VISTA as well (which harms "layered security")?
I'll stick by my statement that MS has messed up, here -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx?CommentPosted=true%23commentmessage , apk
Just fyi both Microsoft keyboards and mice work really well under Linux.
I use them partly because they are cheap and reasonably solid, plus I get points for the irony.
If I remember correctly there exist(ed?) some extra lockdown thingy, or maybe I just confuse/mix it up with some Linux thing. I don't run OpenBSD nowadays, don't follow it / deadly.org / anything and don't remember.
Guess I may just confuse it with some of the multiple ones for Linux, earlier people used to say that Linux with said patches would be even more locked down than OpenBSD but maybe it have enough functionality on it's own to offer a similar amount of options?
I told in the post where I draw the line, I do see the difference in an OS offering more applications than another one, so I chose to differ on basic required service for things to work as expected vs additional tools which you may or may not need.
it doesn't matter how fast you run as long as you run faster than the guy beside you.
Or hit him over the head with a 2x4.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
We'll see just how secure it is. My PhD is in InfoSec and I think I'm going to put some of my best doctoral and masters students on this one. :-)
You think by now Microsoft would know that saying things like that will be taken as a challenge.
Well, the gauntlet has been thrown, and the challenge has been accepted.
CmdrTaco posted this story 14 days too late..
this is probably the most boring sig in the world
Parent is no troll. Yes the HID and USB stuff works without drivers, but they are not SUPPORTED.
I saw the behavior, decided to install the drivers to resolve, then decided to update.
I agree, installing drivers could be the problem. Normally you don't install the drivers for simple USB stuff, an the fewer the better.
If you have problems with for example a Logitech MX3200, they will ask you to install the drivers.
The President of the United States is arguably the most secured individual on the planet. However, due to the large number of threats against him and his need to travel and be in the public eye often, he is not the safest individual on the planet.
>
Perfect analogy for the reality of the IT world. The big dog is always the big target. (not saying that MSFT has worn the mantle wall though)
You not only made the same argument I was going to make, but you also used the same analogy that I was going to use (re: the President).
Along similar lines of reasoning, I've found "security through obscurity" to be enduringly useful, however much it may (and should) offend the sensibilities of those responsible for security engineering. It may not be security, but I've never seen such a [obscured] result be compromised.
But then you try upgrade OpenBSD...BOOM!
Are you seriously going to suggest that Open BSD could be a replacement for what Windows users generally ask for? How about after *you* set them up with everything they want. Please tell me how they will handle upgrades.
In the *real* olden days it was a mislabeled box of punched cards
--Ivan
If I can't understand how it does things, and if I can't explicitly enable/disable components as needed, then no, it is not the most secure OS on the planet. Not even close. And as for functionality? Please.
Hint: I can easily build a linux box to be a hardened gateway/firewall/ipsec device out of the box. I don't think windows can do that, nor will it ever with Microsoft's past and current philosophy.
Does windows include a flexible SPI firewall at the level of iptables yet? Can I disable all services that listen on network sockets yet without breaking *something* in the OS?
What about the Windows 2008?
Can I audit their code so I can know for sure, or pay someone else to do so? I can with OpenBSD, or any Linux distribution, or any other piece of open-source code. If not, then there is no way to know whether it is more or less secure. Openness is a necessary prerequisite, not necessarily to security itself, but to the ability to verify that security.
Nonaggression works!
I wouldn't say it's the most secure OS on the planet but I can honestly say Vista is the first Windows OS I've used and I haven't had a single spyware/trojan/virus problem. Vista is in no way, shape or form of being the next WindowsME, 64-Bit Vista with compatible hardware is one of the greatest computing experiences ever, and this is coming from a daily user of unix shells, Mac OSX and Windows.
If by reliable you mean can run BSoDs for months at a time with out rebooting, and safe you mean unable to attack it because it is currently halted at a BSoD then yeah I guess you would be right.
This post is 13 days late, right?
"No matter how cynical you get, it is impossible to keep up." -- Lily Tomlin
If the MS spokesperson there had confined his remarks to "mainstream desktop operating systems", he might have actually been close to the mark. I'm not a security expert, though, so I can't really say one way or another.
"Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
Damn!! I haven't laughed that hard in a long time! An M$ operating system? SRCURE!? HA! Never happen!! as for Vista (after SP2) being " the safest and most secure OS on the planet today.", Good luck getting anyone to believe that most horendious of lies!!!!!!!
This wins the prize for the best car analogy ever.
Want to hear the voice of GOD? cat
My three numbers are pi, the root of 2 and i!
How old are you? For me, it was standard procedure to virus scan every floppy before accessing it. Forgot it once and promptly got a very nasty virus that hid for a few weeks, then displayed funny messages and wiped my partition table.
Want to hear the voice of GOD? cat
Greenhills DO-178B Integrity has been certified to EAL 6+.
Perhaps the title should have been "Vista Post-SP2 Is the Safest Version of Vista On the Planet". And does this mean that I won't have to run antivirus software to go on the net?
and it turns into a fully functioning unicorn!
really. and it's a secure unicorn too
This new "Vista" laptop probably replaced his "XP" laptop that had Win2k installed.
Linux isn't an operating system. It's a kernel. Open-source is a term describing a licensing model which make the source code available.
How on earth can they say XYZ product is safer than any program anyone in the world can create? That is essentially what Microsoft have said here.
A 'linux' system can have all its modules unloaded completely, be changed into something completely proprietary, closed, incompatible.. and run on a 1 in a million piece of hardware that noone has heard of just to make a light bulb turn on and off. I think that would be 'more secure'.
Whats the harm in yelling 'Computer, end program!'? You could be living in Star Trek! Go on.. give it a try.
OSX
This statement would hold water if MS didn't wait an eternity to release an OS.
When you change the statement to "Try a version of Windows less than one version old please." the argument starts to break down...
Wat. Service packs don't count?
The President of the United States is arguably the most secured individual on the planet.
However, due to the large number of threats against him and his need to travel and be in the public eye often, he is not the safest individual on the planet.
Operating systems are the same. Vista has added many good defenses, but is still the OS with the target on its back.
Great analogy... In fact, in reading the IBM Internet Security Systems 2008 Trend and Risk report, this seems to be the case. The X-Force group analyzed and documented 7,406 vulnerabilities in 2008. Of those, the breakdown of the top 5 OSes with security issues found was: OS X Server: 14.3% OS X: 14.3% Linux Kernel: 10.9% (not distro specific) Solaris: 7.3% Win XP: 5.5% Vista came in 7th with 5.1%. At the same time, as stated above, even though the OS may be "secure", there are a lot more people targeting Windows than there are targeting OS X or Linux, simply because most people are running Windows.
Plug a Micro$oft mouse into a Mac and if you listen hard enough you can hear a little scream.
If I were God, wouldn't I protect my churches from acts of me?
I don't know why but this seemed strangely appropriate.
THAT GUY
Let's cut to the chase. There are two
kinds of people: sheep and sharks. Anyone
who's a sheep is fired. Who's a sheep?
ZOIDBERG
Uh excuse me? Which is the one people
like to hug?
THAT GUY
Gutsy question, you're a shark. Sharks
are winners and they don't look back
'cause they don't have necks. Necks
are for sheep. I am proud to be the
shepherd of this herd of sharks and
I am gonna lead you to the top of this
industry of...of...
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
It's market share is almost lower than Apple's. Why bother updating viruses to be Vista-capable if no one is running Vista?
B.S. to this article, on 2 issues, as regards security (AND, bloat/inefficiency), & with 2 concrete examples thereof:
----
1.) THE REMOVAL OF THE PORT FILTERING GUI FRONT-END CONTROLS in VISTA &/or Windows 7, for one thing - Port filtering functions perfectly operating simultaneously alongside software firewalls, & IP Security Policies
(All 3 security "filters" for IP here, run FINE together, even w/ a NAT true stateful packet inspecting "firewalling" router, for example)
They do so in a layered security manner, just like door handle locks (firewall), deadbolt locks (port filters), & chain locks (IP Security policies) do...
(I.E.-> Take 1 of those 3 layers down (which is what many malware seek to do, right away)? The others are STILL IN THE WAY, since they all operate via diff. drivers & on DIFF. LEVELS of the IP stack...!)
AND, FOR ANOTHER?
2.) The issue with HOSTS files involves EFFICIENCY more than security though!
See - in Microsoft removing (after the 12/2009 Patch Tuesday update) 0 as a valid blocking IP address, in a HOSTS file (vs. the larger & slower 0.0.0.0, & worse still the default 127.0.0.1 loopback adapter address)? MS made a blunder on disk, & made things less efficient in HOSTS files, since the filemass is now larger & WILL be slower to read thru, as well as not being able to 'pack' as many entries into a tinier filespace to read them up from.
(Contributing to inefficiency & yes, "bloat", in doing this latter blunder to HOSTS files... I merely note this, because HOSTS files do have a tremendous security benefit as well - blocking out KNOWN BAD SITES, & making THAT less efficient, is rather dumb!)
----
AND, before I see another "raging/foaming @ the mouth" name tossing reply, like I had here (& set him straight on his misunderstanding) -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27579551 [slashdot.org]
?
Take a read all, & the quote of "ComputersHack"'s, from here -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27578863 in response to the points I also noted in THIS reply:
"Utter fucking bullshit. Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist." - by Computershack (1143409) on Tuesday April 14, @06:37PM (#27578863)
Ok:
It sounds as if you're talking about Windows' Firewall, & its ability to "filter ports" (by known services/ports)? That's NOT THE SAME as classical PORT FILTERING in Windows 2000/XP/Server 2003...
(AND, the one you're talking about operates via Windows' own firewall driver level, & that's NOT the same driver used for PORT FILTERING (or IPSec either, not even same listener ports, like IPSec uses 445 iirc) in earlier models of Windows, unless YOU can prove otherwise... I don't think you will be able to either & I think your understanding of this is limited to be honest...)
SO - Before you go tossing anymore names in the uncouth manner in which you do this?
Take a read here, & realize a few things:
http://technet.microsoft.com/en-us/library/bb878072.aspx [microsoft.com]
----
TCP/IP filtering Allows you to specify by IP protocol, TCP port, or UDP port, the types of traffic that are acceptable for incoming local host traffic (packets destined for the host). You can configure TCP/IP filtering on the Options tab from the advanced properties of the Internet Protocol (TCP/IP) component in the Network Connections folder.
Filter-h
Also, we would like to take this opportunity to announce that the xbox 360 is the most reliable gaming console in the world...
How was he "clearly" running XP? If you disable the Aero interface, Vista looks almost pixel-for-pixel like XP. Yet, it still has some of the better functions Vista has to offer, like search on the Start Menu, or better driver pooling or better application execution protections. I find it amusing you imply the business man was clueless when the reality is probably exactly the opposite.
*So long as you are not connected to the Internet.
My Logitech MX3200 [...]
Funny, my Logitech MX3200 requires special software for all the application keys to be configured... Perhaps you just aren't using all the features of your keyboard.
Bad analogy
The restaurants buy raw food from the suppliers and turn that stuff into prepared meals. We're talking about something that many people download completely independently from the OS provider.
A better analogy would be if you bought takeout dinner from restaurant X and then bought beer from convenience store Y, then getting mad at restaurant X because you cut your finger on the bottlecap of the beer.
I mean, if you're going to judge Microsoft for the bad quality drivers on the Windows platform, are you going to judge the LINUX platform equally harshly for totally lacking drivers for many hardware products?
First off, I've seen these. The year of the Linux desktop is at hand.... and microsoft made a secure operating system, the bestest in the big whole wide world! Uh-Huh! Sure! Absolutely! NOT!
True. Their more-informed brethren are watching to see if Win7 can fail harder.
Alas, most people seem to be believing that a few tweaks to the GUI is what OS development is all about.
No one seems to question much less get upset about some of the crazy design decisions that are being made in the iceberg of invisible code that is Windows.
Just one random example of what I have read online about Win7: Apparently the "record everything" that's been a feature of audio cards for ages now will become a thing of the past. This is DRM expanding its scope from Vista, taking more of my user rights away.
Is it just me, or is anyone else freaked out about Operating Systems that *must* phone home and *must* be authenticated by their creators before they run on your computer?
As far as I can see, this is setting us up for disaster. What happens when PCs the world over phone Microsoft only to find no one answers? This bothers me greatly and I have lead by personal example. Windows 2000 was the last OS I ever used. Windows XP phoned home and that was the deal breaker.
I know I am posting long after the initial rush, but for the three people who read my post, I hope you have enjoyed it. Just remember, there's so much more to an OS than what meets the eye.
Computershack I think you are wrong.
I read the link from Microsoft what apk put up in his second reply here and this is where the packet processing order as well as what drivers correspond to what layers of security in windows as it occurs.
(From http://technet.microsoft.com/en-us/library/bb878072.aspx )
*****
1.) After receiving the IP packet, Tcpip.sys passes it to Ipfltdrv.sys for processing.
2.) Based on the interface on which the IP packet was received, Ipfltdrv.sys compares the packet to the configured inbound IP packet filters.
a.) If the inbound IP packet filters do not allow the packet, Ipfltdrv.sys silently discards the IP packet.
b.) If the inbound IP packet filters allow the packet, Ipfltdrv.sys passes the IP packet back to Tcpip.sys.
3.) Tcpip.sys passes the packet to the IP forwarding component to determine the next-hop interface and address for forwarding the packet.
4.) Tcpip.sys passes the packet to Ipnat.sys.
a.) If Internet Connection Sharing or the NAT/Basic Firewall is enabled and the interface on which the packet was received is a private interface connected to the intranet, Ipnat.sys compares the packet to its NAT translation table.
b.) If Internet Connection Sharing or the NAT/Basic Firewall finds an entry, it translates the IP packet and treats the resulting packet as source traffic.
c.) If Internet Connection Sharing or the NAT/Basic Firewall does not find an entry, it creates a new NAT translation table entry, translates the IP packet, and treats the resulting packet as source traffic.
d.) If Internet Connection Sharing or the NAT/Basic Firewall is not enabled, Ipnat.sys passes the IP packet back to Tcpip.sys.
5.) Tcpip.sys passes the packet to Ipfltdrv.sys.
a.) Based on the next-hop interface, Ipfltdrv.sys compares the packet to the configured outbound IP packet filters.
c.) If the outbound IP packet filters do not allow the packet, Ipfltdrv.sys silently discards the IP packet.
d.) If the outbound IP packet filters allow the packet, Ipfltdrv.sys passes the IP packet back to Tcpip.sys.
6.) Tcpip.sys passes the packet to Ipsec.sys for processing.
a.) Based on the set of IPsec filters, Ipsec.sys determines whether the packet is permitted, blocked, or secured.
b.) If permitted, Ipsec.sys passes the packet back to Tcpip.sys without modification.
c.) If blocked, Ipsec.sys silently discards the packet
d.) If secured, Ipsec.sys adds the appropriate IPsec protection to the packet before handing it back to Tcpip.sys.
7.) Tcpip.sys then sends the IP packet over the next-hop interface to the next-hop address.
and
The TCP/IP filtering portion = IPFLTDRV.SYS
The Windows Firewall portion = IPNAT.SYS
The IPSec portion - IPSEC.SYS
(Each operates with TCP/IP (tcpip.sys) and at different stages or layers of its packet processing stream)
Good article and this is quite clear now, and that makes you appear to be the stupid one Computershack.
Clearly, you have not used Windows 2003 R2 or 2008 then.
They are "secure out of the box" until you enable services and turn the firewall off.
I'm a Linux/BSD fan, don't get me wrong, but some of the comments regarding Windows on here may have been true 10-15 years ago, but Microsoft has (for the most part) improved in leaps and bounds.
Yes, if you leave a non-firewalled Windows machine exposed to the internet for years without updates, it will get owned. So will a linux box - I've *had* linux machines owned in the past when I was a noob linux admin (1996-1997) thinking "linux is great, i can install and forget.. lalalala"
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Just because ASLR was mentioned in 1999 doesn't mean it's old hat today.
Less than 1/3rd of the machines out there on the internet are using ASLR. And of those, most are running Vista.
I had an internet email address in 1988. Does that mean that when people got them in 1997 the internet was already "old hat"? I saw a demo of Sony's HDVS (HDTV) system in 1989. Does that mean that it was "old hat" when people bought HDTVs in 2004?
Just because I say something isn't old hat doesn't mean I think it's new. Something can be know for a while but not widely adopted yet.
I do agree there are limitations to security contests. This contest shows it itself, by giving insufficient reason to attack Linux machines or the T-Mobile G1, there were no serious attempts on them. Instead of meaning they are more secure than the rest of the machines in the contest, it just means that contest generated no useful data for those machines. Note I am not saying Linux is less secure than Vista, merely that you can't tell anything about Linux security by looking at this contest.
This man has some experience, and he is speaking about what directly relates to what he did. That's good enough for me. It sure carries more weight than some random dude (such as yourself) on the internet who apparently knows little enough about Vista security to blow his attempt at research (see below).
As to your research with a Symantec paper, if you read it, it said that it is about Vista RTM (first release), not about SP1. If you can respond to a post that says:
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
then link to a bit of research about Vista pre-SP1 and say you have shown my premise wrong, I cannot understand. If you want to say how the ASLR and NX in Vista SP1 means nothing, you should use research that is about Vista SP1 or later.
As to your comment about the contest, in 2008 Vista SP1 was hacked (flaw in Flash). The people hacking it had more trouble than they expected because the machine was running SP1 which was new and the NX and ASLR made it a lot tougher, they had to rework their hacks they had prepared on Vista RTM before the contest. Also, in 2009 Vista SP1 was hacked. In the latter case, it was hacked through a vulnerability in Java. They never were able to inject code onto the platform, but they didn't need to to hack in.
Name one mainstream linux distro that has NX and ASLR on (not the weak forms) and is widely used please. Then we'll check its market penetration and add it to Vista's and see if we reach 1/3rd of all machines out there. If so, then I guess ASLR is old hat.
If I were running a server, I'd run OpenBSD too. A fat lot of good that does me on my machines that aren't servers and I do want to run commonly-available apps on. I am typing this on a Mac right now, but I have to have a PC because I can't get many apps (like games) for it. This situation is far worse for Linux or OpenBSD. The most secure OS in the world isn't useful if it can't run the software I need to run, so we all have to make compromises.
Now, you can either continue to insist on misunderstanding what some security guy you don't know wrote, or listen to someone who was a part of the security community when ASLR was new. It's old hat.
Don't be a chump. When you stop advertising your misunderstandings about Vista security (see above) on the net, then maybe I'll start to listen to you over a guy who seems to know it inside and out.
But that's okay, if you hang around long enough you'll find out that people often find really old stuff (say, the reasons for using SYN cookies) and think they've discovered something brand new. It happens all the time in the security community. That, too, is old hat.
Don't try to screw with me, okay? I remember with SYN floods were new. I was already working with machines (in "IT" as you call it now) when the Morris Wo
http://lkml.org/lkml/2005/8/20/95
I'm looking forward to get the most secure operating system worldwide onto my servers!
Tonight I'll upgrade all my Windows 2003 and Windows 2008 boxen to Vista SP2, yahoo! Finally!
TGIV: Thank God It's Vista!
Don't try to screw with me, okay? I remember with SYN floods were new. I was already working with machines (in "IT" as you call it now) when the Morris Worm went around...
I work with an old programmer. He has a lot of knowledge. None of it is relevant. He's a horrible coder and an even worse CM.
Name one mainstream linux distro that has NX and ASLR on...
Oooh. There's that tricky word again.
... (not the weak forms) and is widely used please. Then we'll check its market penetration and add it to Vista's and see if we reach 1/3rd of all machines out there. ... Just because ASLR was mentioned in 1999 doesn't mean it's old hat today.
Less than 1/3rd of the machines out there on the internet are using ASLR. And of those, most are running Vista.
ASLR has been known about for ten years and had a Linux implementation for seven. Something that's widely known within a community is old hat. It doesn't matter if the proles aren't using it.
The people hacking it had more trouble than they expected because the machine was running SP1 which was new and the NX and ASLR made it a lot tougher, they had to rework their hacks they had prepared on Vista RTM before the contest.
Holy shit! Hackers who prepared a hack on a soft system had to modify their techniques when attacking a harder system? STOP THE PRESSES! THIS MUST GO ON THE FRONT PAGE!
Also, in 2009 Vista SP1 was hacked. In the latter case, it was hacked through a vulnerability in Java. They never were able to inject code onto the platform, but they didn't need to to hack in.
A system cannot be considered secure if insecure code running as an unprivileged user on the system causes it to be compromised.
If you want to say how the ASLR and NX in Vista SP1 means nothing, you should use research that is about Vista SP1 or later.
Read this. I've been to this guy's presentations. He knows his stuff:
http://taossa.com/archive/bh08sotirovdowdslides.pdf
Computershack: What you describe is ONLY for opening ports through the WINDOWS FIREWALL only (allowing them, NOT STOPPING them (via ipfltdrv.sys, as the older method I describe is done which is used in Windows 2000/XP/Server 2003, but, not VISTA + Windows 7)):
http://www.technospot.net/blogs/managing-windows-vista-firewall-basic/
See the graphic there -> http://img.technospot.net/windows-vista-add-port-firewall.png (3rd graphic image down)? That says on it:
"Use these settings to open a port through the Windows firewall"
BUT, this is NOT for ALLOWING A PORT THROUGH only (but, not for STOPPING IT as is done in the older method I describe, and this is for the WINDOWS FIREWALL (not classical PORT FILTERING done by IPFLTDRV.SYS))
APK
I have a Microsoft Wireless Desktop keyboard + mouse set(7000). This is the thing that has the thin keybaord with a built in mouse pad + seperate Laser mouse, and uses bluetooth, with a bluetooth dongle. I have used the thing with WindowsXP/Windows Vista, and Linux without needed to install Intellipoint, or whatever crap they have.
Hell, the keyboard even works with my PS3 (bluetooth connection, both direct to built in bluetooth and via USB transmitter plugging into PS3 usb port). I can use the mouse pad on the keyboard as a mouse for the PS3.
Have a nice day!
Windows Filtering Platform:
http://www.microsoft.com/whdc/device/network/wfp.mspx
This is NOT the same as it was done in Windows 2000/XP/Server 2003, as I stated here earlier... &, here is the "issue" I have with it, in a single sentence there:
----
"Because all the applications and services use the same filtering engine, it is easier to determine whether other applications or services exist that perform the same function."
&
"You have a fine level of access control to the TCP/IP packet processing path. This control differs from the filter and firewall hook methods that are supported in Windows XP and Windows Server 2003"
----
That? That seems to say that the Windows VISTA/Server 2008/Windows 7 protective measures of IPSec, &/or Windows Firewall are DRIVEN by the same engine, & thus, that represents a SINGLE POINT OF POSSIBLE FAILURE (and only a single point to attack, for an interloper)...
The "older method" of using IPFLTDRV.SYS (PORT FILTERING), IPSEC.SYS (IP Security Policies), IPNAT.SYS (Windows Software Firewall) had 3 diff. spots/levels/layers it worked in (yes, they did not "sync" automatically, which is GOOD in respect to making it harder for intruders to attack just a SINGLE POINT as WPF seems to say it allows)...
Get it now, ComputersHack?
APK
P.S.=> ADDED INFORMATION/PROOF:
http://www.osronline.com/ShowThread.cfm?link=120152
Re: IpFilterDriver firewall hook in Windows Vista
"The filter hook extension interface is not supported on Vista. Vista
provides the Windows Filtering Platform (WFP) which replaces this hook as
well as the firewall hook - it is well documented in the WDK. As for why the
driver is still loaded, I am not sure."
(What he is NOT sure of, is WHY IPFLTDRV.SYS is still loading in VISTA... same thoughts here, also!)
apk
For your "old programmer", you took my words out of context and twisted them. The poster was trying to "drop knowledge" on me from his assumed superior position of knowing what SYN cookies are for. I was merely responding to that. Your insult comes out of left field.
You can substitute any word you want for mainstream if you have trouble figuring out the meaning of it. Since we're adding up the total market penetration anyway, it doesn't really matter if the distro you pick isn't mainstream, since that means it'll just have an immeasurably low market penetration.
The stupid old hat thing has taken on a life of its own. My point (and why this came up) about whether ASLR is old hat or not is merely to try to measure the relative value of Vista having ASLR. If ASLR is commonplace, then Vista's ASLR isn't anything special, it just means it is keeping pace with other OSes. But, if ASLR is not commonplace, then Vista SP1 having ASLR means it has an additional layer of security that most people don't have working for them right now, and it bolsters MS' claim that perhaps Vista should be considered a pretty secure OS (I don't get into this "most secure OS" thing, as I've said many times, the most secure OS in the world likely doesn't do the things I need to do, although, I'm sure it is excellent for the uses it is designed for). Somehow my argument about this got turned into the idea of when ASLR was invented, which isn't at all the point.
No mainstream OS besides Vista SP1 has more than a weak form of ASLR. And thus very few people who are using any OS besides Vista have ASLR working for them. So this means Vista is a step above those other OSes in at least one way. It also means for virtually everyone out there, if they switched to Vista they would gain some security measures that they don't currently have. This, for the sake of the actual argument (and not some word game about old hat), it DOES matter if the proles aren't using it.
As to your comment 'A system cannot be considered secure if insecure code running as an unprivileged user on the system causes it to be compromised.', Vista SP1 does not come with Flash (the source of the 2008 pwn2own exploit) or Java (the source of the 2009 pwn2own exploit) installed. So saying these exploits show problems with Vista SP1 is a bit of a stretch. Just as when you make your linux machine secure you don't insert stuff on it that would add no functionality you need, only more bugs, if you wanted to secure a Vista SP1 machine, you wouldn't install Java or Flash. Additionally, I'm not sure you understand that these two exploits only get you to regular user status, not privileged user status. Of course, as on UNIX, once you get in, all you need to know is a privilege escalation exploit.
Thanks for the helpful presentation, I appreciate info (instead of slap fights) in all forms. I wonder why there was no .NET exploit at pwn2own 2009?
After all the "sky is falling" responses to the presentation you linked, there was an actual thoughtful interview.
http://blogs.zdnet.com/Bott/?p=513
He has a lot of nice things to say about Vista SP1 in this recap, seems he's more impressed than the parent poster. He also mentions the exploit he demoed was actually closed a long time ago, he did exploit on a Vista SP1 machine, but with an exploit which is not present in IE anymore, he had a gaffed machine.
I wonder what Vista SP2 has in store? The original article has the MS person bragging about Vista SP2. Of course, Vista SP2 has a very low market penetration right now since it isn't out. As such, to me it's not valid to brag about how secure it is, since it (like all the minor linux configs with full ASLR/DEP you talk about) is not really out in the real world where it can protect machines.
http://lkml.org/lkml/2005/8/20/95
the statement is that vista is the most "secure, stable" operating system.
:) )
I split partition with ubuntu and vista with the latest update. Neighther has crashed, but my last installation of vista was plagued with bugs and viruses.
My process manager lost its close button (something that still blows my mind), and I recieved 25 viruses while using proprietary symantec (I now use Avira, its exceptional).
Sure, I've had to google a few problems in ubuntu, but as an EXPERIENCED user, I can do everything I need to, generally without help. It also never crashes, unless I get crazy with compizFusion (hehehe
So while most people SHOULD use Vista, as it is friendly for the average user, the claim that Vista is more stable is silly.
And as far as security, Vista still has gaping problems with administration. It will never be secure until regEdit and Debug require a password. RegEdit holds passwords and I once saw a demonstration where a guy formatted a hard drive in 3 lines of text under Debug.
regEdit: edits the registry, runs in commandline as regedit
debug: Assembly Language injections into the processor. Should have been dumped on the 64 bit system. (WHY?!?!) runs in command line as debug in older systems, runs in run program as debug in vista.
You are seeing port filtering controls Computershack, but they are not for the ipfltdrv.sys (which was for port filtering in Windows 2000, Windows XP, and Windows Server 2003 and operated at a different level than it was in Windows Vista or Server 2008 or the upcoming Windows 7, just as the Anonymous Coward apk stated) method, in 3 layers of security, which Windows 2000, Windows XP, and Windows Server 2003 utilized as the ac apk noted with proofs from microsoft, here http://it.slashdot.org/comments.pl?sid=1198841&cid=27597041 and then he also followed up with actual proofs of portions of the former 3 layer network security stack being removed and why here http://it.slashdot.org/comments.pl?sid=1198841&cid=27579551 ,b>as well as details on how Microsoft Windows 2000, Windows XP, and Windows Server 2003 used to work in a 3 layer phalanx/zone defense like arrangement of security regarding port filtering, firewalls, and ip security policies that the older Ms Os' used. All good reads. Your name calling was unnecessary though and I thought that it was bullshit on your part if any bullshit came out around here it was from you in that alone.
Isn't Windows insecure by design?
I'd like to buy homeland for our 10 million people. http://twitter.com/mahadiga
Which will be true until every car is a tank.
We'll never agree because whatever security-hardened distro I mention will not be "mainstream" enough for you. You never did tell me why OpenBSD isn't "mainstream." Why is only a "mainstream Linux distro" acceptable as proof? And why is ASLR the be-all-end-all of security? It's not like you can't harden a Linux box to have better security than Vista probably ever will. I mean, you can't even do a proper audit of Vista's code (unless maybe you're the government, or one of the small handful of people they will allow to see the code under special circumstances). People can (and have) done a great many audits of Linux. Hell, any time someone makes a new code security scanner, they almost always test it on large open-source codebases and publicize the results to get free advertising...
Anyhow, suffice it to say that ASLR, just like email, is indeed old hat, no matter how new it is to the general public. I'm glad you know what SYN cookies are for, though (I still remember when people suddenly "rediscovered" them a few years back...). It means that you're not dumb, you just want to argue. Even though you've had to retreat down to your only somewhat-defensible point: what constitutes "mainstream" and what constitutes a "weak" form of ASLR (even though I pointed out that the 'extra' randomness of the "strong" form in Vista isn't as great as it was supposed to be), so I have no interest in continuing after this post.
But I still don't agree with the way you put it, because it sounds like a few small updates to an old technique are being marketed as "NEW!! SHINY!!!" That's also how people perceived AOL during the year of the Eternal September, I grant you, so you can say that there's some truth to it. But I'm just not going to get swept up by it. It's old hat and I refuse to recognize it as anything else. It might not have been widely used beforehand. But to me, it's old hat.
My post was merely a reply to AC's questions. Yes, I am suggesting that OpenBSD could be a replacement for Windows given a few conditions. However, my argument for OpenBSD being a replacement for Windows could be made for most any other OS that can support a GUI.
I don't think you completely took in all of my post though. OpenBSD isn't easy to get setup for most people; neither are many other OSs. Windows can be just as difficult for many people too. In my post I stated that they could learn how to set it up, have someone else do it, or perhaps a more user friendly fork/distro would come along. This applies to upgrades as well.
The only difficulty I've had with upgrading OpenBSD was when they switched to ELF; the upgrade path was a bit more involved. Other than that I haven't had many issues with upgrades.