Slashdot Mirror
Vista Post-SP2 Is the Safest OS On the Planet
pkluss noted Kevin Turner, COO of Microsoft making the proclamation that "Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
That this thread will consist only of positive remarks, and supportive statements towards Microsoft.
The greatest revenge in life is massive success.
He should have stopped here.
It's the safest and most secure OS on the planet today
Until tomorrow when all those pesky exploits come out
I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
Even if it is, it's too late. Vista is already perceived as the new Windows ME. With Windows 7 coming up soon, I doubt there will be much sales increase for MS.
In the history of man there have been several cases of fatal hilarity(http://en.wikipedia.org/wiki/Fatal_Hilarity) and this article might inflict this seemingly comical effect on technically concious people.
Posting an article like this without thinking about the consequences might actually hurt and kill people. Please don't.
Knowledge is power. Knowledge shared is power lost.
It's also the most secure OS on the planet
Trusted Solaris would like to have a word with you.
Dewey, what part of this looks like authorities should be involved?
Waving red in front of the bull. Always a good idea.
Pity that it will be MicroSofts' customers, not MS that will suffer when the hackers, script kiddies and miscellaneous ne'er-do-wells inevitably trash the security for their latest offering.
~ a low user id is no indication I have a clue what I'm talking about.
Did he mention that Vista post SP2, there is no network stack? Fwoppies FTW!
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-4.html
'The NX bit is very powerful.When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.'
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
This seems to be a pretty powerful statement, from someone who would stand a chance of knowing.
My only question is, where is Vista SP2? Last I checked, it was not yet released.
http://lkml.org/lkml/2005/8/20/95
Richard Stallman announced in a press conference today that Emacs is the safest operating system on the planet. According to Stallman Emacs is safer than Linux, Windows Vista, or Apple's Mac OS X.
He never stated which planet...
If at first you don't succeed, so much for skydiving.
"..It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today.... oh...uh.... i mean NOT including.. NOT including, sorry i misread that part, it actually says NOT including so.... can i start again please?"
Would you rather that RAM sit there doing nothing? Windows Vista has many features that utilize RAM to its fullest extent. Any free RAM on my system is RAM that is sitting on its lazy ass doing nothing. Windows Vista is actually smart enough to user it (Super Prefetch comes to mind) when my applications are not.
I'm actually typing this in Internet Explorer 8 on Windows Vista Business SP1 32-bit on a Pentium M 1.4 GHz with 1 GB RAM, and it's actually quite snappy.
That leaves Vista
...and all the security-designed systems. Do you really think Windows is safer than OpenBSD, let alone OpenVMS? Or whatever the NSA uses on their hardest systems? His quote is like saying that "the Ford Mustang is the fastest car on the planet".
Dewey, what part of this looks like authorities should be involved?
one that allows the user to decide not to install potentially insecure software during the initial OS install. This is the biggest problem with Microsoft Windows when it comes to security, the huge amount of crap that gets installed automatically without the ability to decide DURING the install what features you want or do not want.
Linux as a whole does provide the ability to make a very minimal install with only those applications that you want on the machine. Solaris used to have this ability as well, though I am not sure if you can go package by package during the initial install to decide what you want or do not want on the machine.
You hear about Linux problems, but then it only applies to a specific Apache version that comes with a "typical" RedHat install, or some other issue which only applies to a certain software package. When a problem can be traced to the kernel or some other core component, that is when it applies to the OS as a whole.
So, saying that Vista is the most secure after SP2 means nothing if garbage like Internet Explorer is still open to all the exploits that Microsoft doesn't like to talk about.
Only 8 days late? For M$, that's better than their normal delivery.
Today Eric Schmidt, CEO of Google, proclaimed "Google search is the best search on the planet!"
Also, Tom Long, CEO of Miller Brewing Company announced, "Our beer is the best tasting beer in the world!"
Here's a template: [Insert Person's Name Here], [insert title here] of [insert company name here] [announced|proclaimed|stated|declared|quothed] "[insert company's product here] is the [insert positive attribute here] in the entire [world|planet|universe]."
Repeat, ad infinitum.
"Do I see any serious problems with this story? Uh, yeah, maybe one or two..."
How about the fact tha Vista SP2 is not "in the marketplace" at all.
It hasn't been released yet and is still an RC candidate in beta testing!
If Microsoft wants to compare imaginary not yet released software to actual software, I set let them and Google play games with beta releases. The rest of us have actual work to do.
Let's see here. On the left hand, we have the people at Microsoft claiming to make a secure operating system, and putting escrow into the encryption such that data can be seamlessly copied from the operating system to an unknown location. We witness Microsoft as an incredibly corrupt entity, in nearly every possible way - from locking in hardware manufacturers to using Windows to throwing lawsuits at everybody who even vaguely seems to threaten them (remember Lindows?). On the right hand, we have the code of Linux, FreeBSD, etc. available for the entire world to review, figures of authority are not chosen based on how much of a jackal they are, but how much their experience is worth. OpenBSD and FreeBSD have things like in-kernel crypto, chroot jails, are actually POSIX compliant, and seem to suffer from very little bloat due to the trend to make specific utilities as discrete as possible, and hence nearly as flawless as possible. Let's just agree to disagree. Or I can just call you an idiot. I'm fine with either.
The reason why Vista, Mac OS X, and Linux have fewer exploits is simple. Windows XP is easier to exploit.
Just remember that the security of the newer OSes is only one factor in the availability of the exploits.
If you want to visualize a flawed analogy; when you're being chased by a hungry lion, it doesn't matter how fast you run as long as you run faster than the guy beside you.
In this analogy XP is the slowest runner who is still plentiful. When the XP prey dwindles away, the hungry blackhat lions will look for the next slowest runner.
"And as for Linux? Well, it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years. And then another high profile distro let attackers actually sign some rogue packages with their private key. I don't think anybody should be making smart comments about the security of Linux."
Let's get this straight. You think *all* Linux distributions are unsafe because of TWO vendors. Do you believe in eugenics as well?
You do realize that your comment glosses over the hundreds(thousands?) of holes and exploits that M$ is responsible for it every OS up to and including this one you're waxing poetically about, right?
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted. Once a week at least.
... and not only because the article isn't about OpenBSD at all.
Anyway, yes, OpenBSD as an OS is probably pretty secure, but so are many others to, but the more crap you pile on top of it the more risk.
Anyway, the OpenBSD people count their "security" (marketing vise atleast) in years since the last remote root(?) exploit.
How likely is a remote root/administrator exploit vs Vista with a software firewall, no extra services and a user which don't do anything? ...
When it comes to exploits vs browsers, mail clients, IM clients, document viewers and such the OS isn't the issue.
Vista is arguably the most secure OS suitable for desktop use.
It is not the safest OS suitable for desktop use however.
What's the difference?
The President of the United States is arguably the most secured individual on the planet.
However, due to the large number of threats against him and his need to travel and be in the public eye often, he is not the safest individual on the planet.
Operating systems are the same. Vista has added many good defenses, but is still the OS with the target on its back.
I'm ok with Microsoft claiming to be the most secure OS for desktop use. OpenBSD and some hardened Linux distros might wish to disagree, but most people don't run hardened systems on desktops, they want more functional systems that are easier to support.
However, I'm not going to let MS get away with calling Vista the safest OS out there, because it just isn't.
Blessed are the pessimists, for they have made backups.
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Where are my mod points when I need them? Mod parent up informative please!
He is correct.. Vista and beyond use an interface in the Control Panel which is vastly superior to the IE Windows Update. Read up here: Windows Update
Your comment is like saying that an Abrams Tank is more secure than a Mustang.
True, but can a tank get on the freeway without causing a traffic jam?
If the internet was a warzone, would you take the tank which is impervious to nearly everything they'll shoot at you with, or would you take the Mustang, paint a target on the back of your head, and relax, knowing you can have air conditioning while trying to dodge the bullets?
See all those wrecked Mustangs on the side of the road? They too can cause a traffic jam. It's called a botnet.
The pRNG was disabled in the openssl library, thus compromising any system using keys generated by that library. That is a major, major hole and has nothing to do with sshd initialization scripts (where did you get that from anyway?)
Heh, "since XP," because man, that was freakin' eons ago. Like back before marketshare fell from 63.76% to 63.67%.
Microsoft is reeling from the vicious and unwarranted slanders of security companies and the US government's Computer Emergency Response Team that its Internet Explorer web browser has alleged "security holes" or is in any way less than the finest software known to mankind and excellent value for your money.
The festering paedophiles of CERT have gone so outrageously far as to make the ludicrous claim that just viewing a malicious webpage in IE could leave your computer open to being hacked and turned into a Russian Mafia spam server. "We don't know what could have triggered such vindictiveness," sobbed Microsoft marketing marketer's marketer Steve Ballmer. "Do they hate free enterprise that much?"
There are things you can do to make your computing experience even more secure. Microsoft's official suggestion -- make sure your anti-virus software is up to date and using an entire CPU doing nothing much, click through five screens to run IE in "protected mode," click through four screens to set zone security to "high," click "JUST BLOODY DO IT WILL YOU" when the User Access Control asks if you really want to do this, enable automatic updates with the minor side-effect of installing Microsoft DRM on your system or Windows Genuine Advantage randomly turning your computer into a paperweight, and sacrifice a goat to Microsoft at midnight on a moonless night -- is simple and straightforward. "It's the quality you're paying for."
On no account should you consider that there might be other web browsers out there, as researchers have demonstrated that all of them automatically download the cover of Virgin Killer. "I saw a report," said marketing marketer John Curran of Microsoft Completely Enderlependent Analysts, Inc., "that another browser had more vulnerabilities than ours! People would be very foolish indeed to move from the latest IE to Netscape 4.01."
"These CERT wankers are Mactards and trolls," said Guardian marketing marketer Jack Schofield. "They just want to take IE users out, brutally sodomise them, gas them in concentration camps and" [This comment has been removed by a Guardian moderator. Replies may also be deleted.]
http://rocknerd.co.uk
If you're the one driving the tank there are no traffic jams.
I live ze unknown. I love ze unknown. I am ze unknown.
The sad truth is the majority of people using Vista have it because that was the only choice at the computer store.
(Then there is the fun bit where MS counts every Vista license purchased as a downgrade to XP as a "Vista sale".)
I suggest reading the docs BEFORE accusing people of not knowing what they are talking about. You probably don't recall but there was a lot of discussion about this bizzare counterproductive feature of superfetch at the time Vista was released and it's all explained quite well on Microsoft's technet site.
I installed Zenwalk Linux on my 79 year old Mom's compromised (by malware) XP computer two weeks ago.
Linux can run on 79 year old hardware.
I think you don't properly understand how SuperFetch works. It caches in RAM frequently used program data by pre-emptively loading commonly used applications and program data into unused RAM in anticipation of the user intending to run these applications. If he/she does, load times can be greatly reduced.
However, note that the SuperFetch service runs at a very low priority, and will yield system resources to effectively any other process that requests system resources. Further, in the event of a program requesting memory that isn't available, SuperFetch will just dump from its cache a large enough portion of memory to accomodate the program. By your own admission, and correctly, RAM is _FAST_. The process of re-allocating a segment of memory from SuperFetch to your new program is negligible. SuperFetch will also never page to disk memory in use by an actually running program in order to fill the cache. I'm not saying that running programs won't be cached to disk, but it isn't SuperFetch that is the culprit. There are many other mechanisms in place that can result in this occuring, and SuperFetch isn't the only code on the system that plays around with the cache.
Suffice to say, if you dislike SuperFetch, it's easy to disable it. Just go into Windows Services and change the SuperFetch service startup from Automatic to Disabled, and stop the service. You've now disabled the aggressive pre-caching, no harder than any other tweak for any other operating system.