Slashdot Mirror
Microsoft Talks Back To Google's Security Claims
Kilrah_il writes "Yesterday there was a piece about Google ditching Windows for internal use because of security concerns. Now Microsoft is fighting back, claiming its products are the most secure — more than Google's and Apple's. 'When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'"
When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else.
Hint: Your worst nightmares do not have open jovial dialogues with you. And if they did communicate with you or offer you a score card or report, they would want you to feel as though you are completely safe -- totally unaware and unprepared for what you may face.
You've come a long way, Microsoft, but you have much much further to go. If you measure security by percentage increase in security then the evolution from Windows 95 to Windows 7 is nigh impassable. But that in no way means you're number one in the security scores. Run your marketing campaign with setting the "facts" straight but people like me know. With what little (journalistic) evidence you presented, there's no way I can build a conclusion that backs up your statement. And there's no way around that. It would better prepare you to look into the several thousand anecdotes found daily revealing the issues with Windows and Internet Explorer.
My work here is dung.
can i be the first to just say... ROFL
Security is NOT about patching holes, a system must be designed from the ground up to be secure. Doze and it's predecessors were NEVER designed this way. Mind you, it's created one hell of an industry patching holes.
Well, I can tell you right now that a lot of Cisco's engineers use Macs, and server-side it's Linux. That said, I imagine Cisco management, marketing, etc. are mostly Windows-based.
Secure products?
Crap.... woke up in the wrong universe again.. I hate when that happens.
I just sprayed coffee all over my keyboard. I guess Bill is going to try stand-up comedy now? He's got a great prop, "Clippy"
In a rough sense, irony means a contradiction. In which case, can someone please explain how this:
"There is some irony here that is hard to overlook. For starters, check out this story from Mashable a few months ago where it was reported that Yale University had halted their move to Gmail (and their move to Google’s Google Apps for Education package) citing both security and privacy concerns."
makes sense as a comparison, let alone counts as irony/ironic? What the hell is ironic here?
The fact Google is moving away from MS citing security concerns, and something else citing Google security concerns is not any kind of a contradiction as far as I can see.
"even hackers admit we're doing a better job making our products more secure than anyone else"
It's much easier to make your products more secure when they start out as a huge mass of security holes than when they're already secure by design; fixing a hundred Windows security bugs probably takes less time than finding a single Linux security bug.
I'm wondering what "secure" OS the Chinese hackers got past just before Google started its spat with the Chinese government.
Nice zero content marketingspeak there:
"...third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."
Focus and investment. Notice "results" aren't on that list.
As a side note, I'd also like to add that lately BP has had a huge focus and investment on cleaning up oil spills. More so than any other oil company. But still - nobody loves them this week. Wonder why?
Weaselmancer
rediculous.
... using windows reduces TCO and improves performance...
http://www.microsoft.com/windowsserver/compare/linux/windows-server-tco.mspx
what is it going to be next? opensource bring bad karma and incantation upon us?
Microsoft has come a long, long way in security, yes, that's true. But the most secure? No way. Not compared to systems designed around security from the ground up like OpenBSD or a security-hardened Linux distro with SELinux and the like. I really like the progress that Microsoft has made, and Windows 7 is much improved over previous Windows versions, but if I want a system that's truly secure, it's not a system I'm likely to pick.
My blog
Good to see that the former Iraqi Information Minister has a new job.
2 quotes come to mind From TFA: "all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows" and "On the bright side, though, the owner’s wife now has a new Mac.” Really great pro?-windows article
Hi, I'm a hacker and Windows 7 was my idea.
The real Sig captains the Northwestern. This one captains
I don't like MS, though the truth is that with this last Windows, they are really more secure than others SO's, if you guys pay attention in the hacker championship, that one the gives a prize for the fastest hacker that invade one system, the fast invasion happens into Mac OS X, then Linux and Windows for last. Of course as Windows has more platforms spread than any other OS, it's the target number one. However, I don't like the Google politics, because even the browser with or without privacy enable, they always will receive some data from you. If exist one big brother world wide, Google is this one, and don't thing that it will get better, because will not.
All I know is that for more than ten years I made good money removing malware from Windows boxes. In all fairness tho Windows 7 is a much better effort at a secure OS but saying that 'hackers' are making such comments is just not all that believable. Any serious geek will tell you the long sorded history of windows and all its memorable virii, malware and hacks is nothing to be proud of but I guess if you start telling people what you want them to think and keep at it one day it will stick. I think a few statistics should set the record straight.
Those who can, do. Those who cannot, sue.
If indeed "hackers admit [you're] doing a better job making [your] products more secure than anyone else"
then that just means your product is less secure in the first place, and you have to do more work to patch the holes
Other OS's need not put so much effort in on a release-by-release basis
the basic security of Unix was the there 35-40 years ago, and remains largely the same
Extra security features (SELinix, AppArmor, non-root-X, etc.) come along every so often
but agreed, no-one puts the sheer level of effort into security (largely in vain) as MS
Uh, yeah .... whatever. I'd say security has improved, albeit by a decent margin but it has a long way to go. I won't be convinced until Microsoft, Apple, and the Penguin can go toe to toe with OpenBSD. I have heard of would-be intruders performing OS fingerprinting, finding an OpenBSD machine, and moving on as if it is not even worth their time to try. If you need to protect a network, set up OpenBSD as your bastion host and you can rest easier at night.
Right. That's why there's no longer any market for third-party virus checking on the Windows platform.
And all those idiotic corporate restrictions on email attachments can go, too. That'll be a great relief, because right now I can't even attach a zipfile without Outlook complaining about it.
And those flashes of screen content that appear when I reconnect to a locked Remote Terminal session, those are just in my imagination. No information exposure there, any more. Good, cause that was really stupid. Wait, I'd better check. Nope, still there.
And those irritating and needless messages requesting permission after I've launched an Active Directory management window, those are gone too, right? Because now the system has finally caught up to the X Window System technology available back in 1993?
Oh, no. Actually, I just checked, and it hasn't.
Wow, Microsoft. I am impressed. You actually drank the kool-aid to prove that it was harmless. Except that it's not.
Parity: What to do when the weekend comes.
I did a reinstall on a Vista machine recently for a friend. 100+ windows critical updates later and it was done! Really, the install itself took a fraction of the time that all the updates took. I guess if security is measured in security updates, you win Microsoft. Now claim your paper hat that says "We Won!"
The iPad actually seems to be a perfect device for doing Banking. Mac/Windows or Linux - I am always scared when opening a browser and browsing to my bank's website. Who knows when and what got installed on the machine - even open source stuff sometimes has had malware (I forgot the name of the one where the author just emailed everyone's passwords to his mail account.)
Locked down device like the iPad is godsend - never install any apps and just use it for browsing and email. Feels much secure. (One only needs to worry about Apple - hopefully the disgruntled Foxconn employees don't go installing bad stuff on the iPads.)
You can hate me now - a) for bringing up the iPad and b) for being paranoid.
When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else
when you're starting with the least secure, it's pretty easy to be the most "more secure".
polish up that turd, M$
I had the wrong Steve in mind, making for a very different "Hi, I'm a Mac" commercial...
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Google is Microsoft's #1 competition right? Of course Microsoft wants Google to continue to use Windows.. not using Windows puts Google at an even further advantage.. its not like Microsoft can drop using Windows for its internal systems.
Certainly Microsoft's focus and investment surpasses everyone else's. That's because it needs to simply to tread water. The problem is that most of Microsoft's security problems aren't bugs, they're design features of their system.
There's a quote from a boss: "I don't want the industrious guy who'll keep busy doing things over and over. I want the lazy guy who'll do it once, right, so he doesn't need to keep doing it over."
Microsoft's popularity base in the consumer market certainly earns it a spot as the most targeted operating system.
I doubt that any amount of security updates will make it a secure enough operating system.
On the other hand, Google will have to do a lot of work in part to ensuring all software is usable, since Microsoft (incidentally) has a huge pool of resources all across the net.
All in all, I think it was inevitable. Microsoft corp. just needs to accept this fact, that security issues are a common occurrence in their operating systems.
... but from whom? The people on the Internet? Or, the people sitting behind the keyboard?
Sometimes I feel like it's the latter...
When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else.
Yeah, that's why the Google breach in China was traced to Windows exploits, because hackers always go after the strongest link in the chain.
I'd be the first one to admit Microsoft has come a long way on security. Vista and Windows 7 are better but you still won't catch me surfing the net with Windows or using it to access my bank account online or for anything that requires higher security. Windows gets to see Windows Update and updates for the few Windows only applications I run. That's it.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
...making our products more secure than anyone else...
...our focus and investment continues to surpass others...
It's easy to be the best at these things when you're playing catch-up to everyone else.
UNIX: Find it, fsck it, forget it.
Poor chaps, they can only make a "c2" grade in the old orange-book (U.S.Department of Defense) grading by removing the networking, while a mainline Linux distro hits b1 (courtesy of the CIA).
--dave
davecb@spamcop.net
Again we refuse to admit that MS has done anything right, because they still have problems. Improvement doesn't matter, because they're not perfect yet.
Not like OSX, or Linux. No sir. Neither of those products have any security holes. It doesn't matter that OSX is the first system to fall in any form of hacking contest, or that there have been at least 15 articles on /. in the last 6 months talking about how piss poor OSX's security model is. Nope, Microsoft isn't perfect, therefore they have not fixed anything.
Keep on knockin'
https://robbiecrash.me
"Even hackers," he said, batting his left eyelid twice, "admit we're doing a better job making our products more secure than anyone else..."
It doesn't matter how much perfume you put on a steaming pile of dung, it's still a steaming pile.
Microsoft might as well have said "oh yeah? well, your mom!"
Anybody want my mod points?
third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others. Because we pay them to do so.
Someone else can prove me wrong here, but I've never known a Mac to be susceptible to botnet infection, as only one example.
The Invisible Hand of the Free Market is what punches workers in the nuts.
Look every operating system has flaws. The bigger problem is the users and how they act not which OS is secure. I would bet a years salary that the windows machine compromised in China were pirated and hadn't been patched and also had a huge number of cracked software installed.
Someone else can prove me wrong here, but I've never known a Mac to be susceptible to botnet infection, as only one example.
iBotnet. At least first try a basic google search....
Does it mean it's harder for a hacker to create a malware that will infect my machine, or that I am less likely to get malware?
Because I have no doubt the former is true. Because Microsoft is a fat target with a billion users, it has had tens of thousands of exploits thrown at it and has had to beef up its standards to fend off similar attacks.
But I have no doubt the latter is false. Because Microsoft is a fat target with a billion users, it is still the target of choice for the vast majority of exploits.
However, any other OS that claims I won't get hacked while using its system is utterly full of shit. Apple is egregiously baiting hackers by constantly reminding them that the reason they haven't had to improve security is that they've been targeted less often. Which means hackers can turn and apply low-grade exploits that haven't worked on a Windows box in years, and expect a hit.
As for Linux, the black-hats can just put their exploit in the distro and let us install it as a feature.
Seriously, all of these lamers can quit pretending they have a clue how to write secure software.
"When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."
Hackers said that Microsoft is better at making their products more secure than anybody else? What about Charlie Miller the Pwn2Own winner who said pretty much the exact opposite? I guess he doesn't count.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
They now have real malware with pretty pictures.
The end user still has to install the software, but its a move in the right direction.
How many more years until Apple desktop malware has the classic surf and own functionality?
http://blog.intego.com/2010/06/01/intego-security-alert-osxopinionspy-spyware-installed-by-freely-distributed-mac-applications/
As for MS, they had how many years to secure a single users OS.
They finally started launching PR about it and seem to finally have packed some buzz word tech into the backend.
Great, but the damage was done, is been done and will be done until MS spends the cash to write a real OS.
They have the smart people, can reuse ideas from other OS ect.
Why is MS still so open around the world? They are not poor, distracted, have security clearances, top US university support... MS has all it needs.
Greed and easy market share all over the world got MS to the top, but is the OS really worth anything anymore in a networked world until totally reworked?
Domestic spying is now "Benign Information Gathering"
User installs X, X is malicious, != insecure OS.
Now if you want to compare to the versions of windows that the default account is hot admin all the time, and can silently install SW by clicking on a web link.. well there ya go.
Keep in mind this none of this has anything to do with userland malware.
When you finally get rid of "hurr, this file is a program because it ends in .exe" and stripping executability from incoming files, then maybe you can start talking about security with the grown-ups.
But until then, go back to the kiddie-table with CP/M.
--
BMO
Wait. I can't see it... Is the legal copy that small that I can't see it?
http://www.youtube.com/watch?v=uR487qnNKCk
Operating System Choice != Security
Redmond, Wash., 2 June 2010. MicroSoft Corp. Security Directory Kluenlos Nove today announced that MicroSoft had innovated a new, unassailable security method known as Obscurity. "It's so secret, I can't tell you anything about it, but I assure you it works, and of course it works better than Mac or Linux methods," said Kluenlos.
Nobody gives a shit about your "focus and investment", only your lack of RESULTS, you shit-for-brains marketingdroid.
even hackers admit we're doing a better job making our products more secure than anyone else
Hmmm, Symantec, McAfee, Kaspersky and 34 others all appear to be working harder than Microsoft to make Microsoft products more secure.
Rich And Stupid is not so bad as Working For Rich And Stupid.
If you ask me all OS and app vendors are shit. Its really pointless to go around chest pounding claiming to suck less than the other guy.
By far more people use Windows than any other platform - naturally it has a much much bigger target painted on its back, the most amount of attack resources are brought against this platform. On these grounds I can make two contradictory arguments.
A. MS is less secure because more attack resources are available. Security by obscurity is practically useful regardless of correct purist sentiment to the contrary.
B. MS is more secure because its what the overwhealming majority of the world runs. Its security properties are at least well known and costs of manufacturing surprises are predictable.
From a consumer POV the largest problem seems to be platform agnostic - gullable users and endless streams of application, browser and browser plugin vulnerabilities are carrying the torch in terms of mass exploit of millions of PCs. Its an application and user education issue.
From a security feature POV MS does get some things right. From the very start you need to press ctrl-alt-delete to login which means full screen applications running on the host at the time can not be used to trick the user.
DEP, code signing, IE sandboxing, ASLR, VPN, IPSec, TPM, bitlocker, kerberos, sane defaults, least privledge, rdp encryption, sandboxing browsers.
Internally MS has invested a great deal of resources to their secure coding initiatives from developer education, banning "dangerous" functions to a battery of static analysis and fuzzing tools. Quite frankly the kind of stuff distributed adhoc nature the development efforts of many open source communities simply do not have the discipline or resources to pursuit. Just because something is open source does not automatically make it secure.
Then I look at other vendors like Oracle and Cisco. I've lost track of the number of Cisco IOS vulnerabilities -- its really disheartening to have to download images from our Russian friends just so network gear we spent tens of thousands of dollars on does not turn into a paperweight or we do not have to throw thousands more down the toilot on support because Cisco thinks they have a right to charge you to fix a critical defect in their gear.
Oracle is the shining example of perception not equalling reality. While its hard to beat the SQL slammer worm many people just assumed Oracle and its application stacks were world class secure platforms until massive numbers of vulnerabilities started to be made public on a recurring basis.
Everyone here knows someone who runs windows and has a machine teaming with malware/spyware/virus/botnetzombie goodness and so its very difficult to have an objective view of the entire space and analyze risks and nuances not just fall for perception traps that do not adequetly reflect the true nature of the security space.
I think in the past MS and all other OS vendors made stupid decisions from which they are all playing catch-up but from my perspective they all fail. Linux fans are quick to laugh at MS while not batting an eye as their favorite linux distro package management system installs security update after security update on an almost daily basis.
If the probability of getting something bad like a keylogger given that you are running Windows is much higher than for any other OS, then any theories about why this is true will not protect you. Nothing else matters beyond this (numeric) fact. I have a friend that gets his Windows system re-hacked a couple times a year, and he has never had a problem on his Macbook. I don't care why anymore. It's an interesting argument when talking about attacks against a pre-determined individual perhaps, but a badly setup linux setup is apparently "safer" than a super-secure Windows setup when you go by the only thing that matters: NUMBERS.
When we speak about GNU/Linux functionality, nobody takes relative values into account. They only take into account the absolute final result. Example, nobody takes into account the great hardware compatibility considering 99% of all drivers were written by the community after reverse engineering the hardware and/or other OSes privative drivers. People (including microsoft) only mention that GNU/Linux doesn't support all features of X hardware, and windows does, and therefore it's better.
Same thing for apps, marketshare, etc. They only say "More people have windows, it supports more apps, whatever, period. ".
So, why should we take into account relative values when talking about windows?
I don't care if they are trying hard, or if they have more marketshare, or about any other factor. The ONLY operating system that requires antivirus, antispyware, and other crap is windows. It is also the only operating system that is consistently, publicly and massively cracked around the world all the time. There are several botnets around the net that are the source of most spam, and this botnets consist of windows machines only.
So, in absolute terms, the most secure OS is OpenBSD. The most insecure is Windows.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
The new stuff is available here: http://www.commoncriteriaportal.org/products_OS.html#OS
Microsoft claims that they are investing more in security than anyone else. Investing heavily and having an actual secure product are not the same. Their heavy investment is because they have so far to go.
I'm sure that if you install linux from a distro that's 2-3 years old that updating all of that goes really quickly and smoothly.
Yes microsoft you're secure that's why there were 3 different (published) remote SMB bugs on windows 7's release;
Yes you are improving security that doesn't mean you're secure the *nix OS doesn't require security updates because there are very few holes to secure.
Stop being ignorant bastards and take your compliments and insults.
"...third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'"
"We've thrown money at the problem, seems to work."
Alas, the "common criteria" are a watered-down disappointment, written to allow one to certify anything. It's been successfully used to make what we used to call a "d-grade" system to look relatively good.
To be fair, it's also been used to make some decent system look decent.
--dave
davecb@spamcop.net
And how many (web) servers are running Linux? (market share of ?)
Do you have a link with more information on this? Is this current?
"These aren't the droids you're looking for..."
I read this as: MS spends more $$ and manpower investment dedicated solely and specifically to security than its competitors, and its security is improving faster than any of its competitors'.
This is perfectly plausible.
MS probably employs more people to focus strictly on security than any MS competitor does.
In other companies, regular line developers carry more burden for security. They bake it in from the start, instead of throwing something over the wall to the security team right before it ships.
And seriously, can you really say that OpenBSD has made huge improvements in security over the last three years? I mean, maybe they fixed one little SSH problem. Can you compare that to the work MS has done in the same time period?
In the same spirit, no U.S. Olympian has made the same progress I have on the decathlon this week. I can now jog to the end of the driveway with no resting. You should have seen me last week.
According to this: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
I love the weasel words that come out in these kinds of discussions. "Most" - what is "most"? One competitor? (Maybe, Apple?).
This reminds me of that Ford commercial I saw a month or two ago, where some dude is talking about how Ford won some kind of "most improved" award. That's like a retarded child who goes from flunking everything to getting straight C- grades ... relatively speaking, that's a far greater improvement that the straight A student who starts getting a few A+ grades.
Nobody cares that Microsoft's "focus and investment continues to surpass others". When Microsoft's boat has thousands of holes in it and is sinking faster than the Titanic, is it anything to boast about that you have a great investment in a massive number of people highly focused on sticking their fingers in the holes? Compare that to Apple's boat, where they only have a modest investment because there are only a few holes.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
http://www.radium.ncsc.mil/tpep/epl/index.html is the list of approved products, but none is recent. Everyone does CC these days, as they're easier.
--dave
davecb@spamcop.net
>> "leaders like Cisco tell us regularly that our focus and investment continues to surpass others."
They're probably right, however "focus" and "investment" do not indicate or replace actual results.
So after all the people complaining that there are so many Apple stories have been told a million times how to not see them, this article gets posted to the Apple section. Pure genius.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
AKA 'Newspeak' by George Orwell. Black is white. Hate is love. War is peace. Windows is secure.
It's about time the world got off the MS arsenic. Bravo Google. I wish the US federal government would follow your example so we don't get pwned by the Red Chinese hackers (the Red Hacker Alliance) every other week.
I keep track of Mac security over at:
http://mac-security.blogspot.com/
...running a malware removal tool on an XP system.
Coming from the same company who had many Windows XP machines crash with BSOD messages due to a rootkit virus breaking a security update.........
'Doing a much better job of making our products more secure' ... ?
As a statement it's a little loaded - if it was secure in the first place you wouldn't need to have a small army of people showing how pro-active you are, it'd just be secure and that would be the end of the drama...!
They're 100% correct, which is why they said it. They're the most secure by a gigantic margin, people just don't target macs, android machines, or Linux with viruses because that would be stupid. But if suddenly tomorrow Apple got 75% or so of the market share, they'd get crushed by a dozen viruses at once. There wouldn't be an internet connected mac still running on this planet. Microsoft is still completely idiotic when it comes to security though, trust me. Asking the user if they want to run some cryptically named exe file before it executes is not security.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Now Microsoft is fighting back, claiming its products are the most secure
And in related news, network admins are losing a lot of weight today by laughing their asses off...
There's no place like
Only b1? That is not what I have heard...
Ironically, Windows Mobile 6.0 is apparently more secure than Windows Vista and Server 2008.
There are two types of people in the world: Those who crave closure
Yeah, Windows is most secure and reliable environment for viruses, bots, worms and other malware. Windows is the best platform for botnets and the excellent tool for DDoS-ers. Zillions of cracked commercial software allows quick, secure and reliable distribution of trojans. No other platform on the market can't do it better.
...and the desired equipment form has Mac/OSX/windows7 as options for both the desktop and laptop. Can we please stop this tempest in a teacup now ? (I've asked for a linux desktop and a MacBook Pro as the laptop if anybody's interested)
(posting anonymously for obvious reasons)
There's one certain blog post that is screaming for a hacker hijack.
Microsoft: "When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others." Translation: "Our software is being constantly upgraded and fixed because the security is so bad it is a constant struggle. Those other guys hardly have to fix anything! Their stuff just works."
I can't blame microsoft for making clearly outrageous lies like 'our products are the most secure' when its patently clear to anyone with a brain that their products are dreadfully insecure (possibly the least secure systems on the planet). Have you ever been to a Ford (car) dealer? When you ask the salesperson what they think of GM or BMW this year, just what kind of answer do you expect to get? They are there to sell product, the product they have there. Google isn't led by college dropouts. Google leaders did well in college. Clearly security is more important to Google than it is to microsoft. Google doesn't recommend that you go out and buy someone elses security products to use with their products. Not so with microsoft. Google probably doesn't have as much pressure from shareholders about making millions at any cost. Microsoft has been shareholder driven for many years. Someone who made money selling oil and only has computer experience changing batteries on the kids speak and spell will cheerfully stand up at a shareholders meeting and demand that microsoft ship products that clearly are not ready so that they can maximize profits. Microsoft *MUST* get a lie out there so that people using their products don't feel (more) bad about decisions made years ago. Decisions they would change if they knew then what is becoming more apparent now. Apple is bigger than microsoft. Its not any kind of surprise, just very late.
...Microsoft spends significantly more than Apple on R&D...
Wait, I thought Apple was Microsoft's R&D department.
-- thinkyhead software and media
Microsoft products get owed the least in the hackoffs as of the last few years. Hate to say but it's true.
Granted, Microsoft is the best at making their products more secure. That's because they have the worst security, so it's not hard to improve on that...
Hyperbole: I use it liberally!
They have their heads so far up their asses that they may actually believe this. They think this is about the number of fixes or some particular technology they have just come up with, or some statistic about number of fixes. It's not. It's about the actual real world. The fact is, if you replace a Windows system with a Mac system, you are safer, more secure, and have increased reliability. That is just a plain fact. The Mac has zero worms, zero viruses, and only 2 Trojans that don't even run on the current Snow Leopard version. How can that even be compared to the ongoing tire fire that is Windows? Even iPhone is more robust than Windows.
It is but a few years ago M$ got slammed for spending more on marketing than anything else. After that, they just changed the line item for marketing to read 'research and development' and kept using the money for marketing.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The Monadnock is the tallest commercial building in the world with masonry load-bearing walls. It was built in Chicago in 1891. You can't build any higher than that without girders because the masonry would crumble. The same with Windows: when your core architechture has inherent design limitations, you make it any better other than to patch the outside. Until Microsoft re-designs its O/S, it will continue to have much, much larger security issues that other BSD/Unlix/Linux designs. It's Darninian: consider that some 80% of the internet, which holds much of the world's commerce is NOT built on Microsoft.
*** Don't be dull.***
Microsoft had to say something Google dropping them made the news. I guess they are afraid if Google drops them who will then follow in Google's footsteps. The snowball effect they are concerned about.
http://www.thetechnologygeek.org
Frankly I wouldn't trust anything Microsoft says when promoting their products: I don't think I'll ever forgive them for claiming IE8 supports all of CSS 2.1 and some things that aren't in the standard, since IE8 doesn't understand max-height.
One can argue at length whether Linux is more secure by design or whether it uses more secure technology (it is certainly at least state of the art).
But for Google in particular, Linux is a much better choice than Windows: Google has its own internal Linux distribution, and they're shipping Android and ChromeOS. They review a lot of the code and contribute a lot more. Even if all things were equal otherwise, that alone makes Linux a much more secure choice for Google.
Another huge difference between Windows and Linux is installation: most Linux users just get all their software from their distribution, and the distribution manages, reviews, and fixes security issues centrally. That's much better than your typical Windows installation, which gets software from dozens of vendors and freeware sites, with no consistent updates and no consistent monitoring of security issues.
Exactly. When a vulnerability is discovered Microsoft has 100s of people who are paid specifically to ID it and fix it. When a high priority security issue is discovered Microsoft pushes out a fix within hours or maybe a day or two. Other companies, you will be lucky to get a fix within a week or a month.
Yes, I know there are examples where the fast response did not happen. However, 90% of the time you even hear about a security hole is because Microsoft has just released a patch for it.
I'll try anything once. Twice if it tastes good
Windows being secure isn't only about security features, but the stupidity and willingness of users to click "Okay". UAC does something by at least asking before an installation of something, but a user can still click "Yes".
Isn't the fundamental issue of Windows more malware than it is security flaws? Sure, some hackers may be able to take advantage of some security flaws, but this is similar on Apache and elsewhere -- and the odds are, if it's a security flaw they can use, they won't share it either.
Botnets around the world are set up using malware -- not security holes. Once you are in the system and are granted rights because the user let you have them, how can you really prevent that? Google making this change is more tantamount to show that "We don't need MS" than I think, anything else. They are coming out with their own OS now, and to show they can function organizationally without Windows can enable customers and businesses to think the same way.
I like Windows, but I also know how to use it well. There are a lot of instances of people (here especially) who have grown accustomed to bashing MS for the sake of being MS, yet these same people won't bash Apple even though their business practices are nowadays, probably even worse. An OS is a tool -- if you can get your work done with it in the timeframe you want and at the price you want, and mitigate the security through the use of common sense and firewalls, then use whatever the hell you want. BSD, Ubuntu, Mac, Windows, Solaris, etc. But for Google to say it's due to security issues is disingenuous at best, and for the rest of you to say MS is terrible at security is just stupid. They can't throw it all away folks -- their entire business is based around the idea of upgradability of prior systems, and they've managed to maintain that while adding good amounts of security from XP to Win7. Oddly enough... I can still play DOS games on Windows 7, and that's a great reason for MS's success thus far.
I still use a hardware firewall though :)
The price is always right if someone else is paying.
Multics got B2 by fiat, since it only fell down on the design documentation side (according to the rumors, back when I used to be a Multician), so I mildly suspect that B2 is only properly reachable by a project with security in the design from the very beginning...
--dave
davecb@spamcop.net
The baseline for Windows XP was around 'zero' (remember all popup those message windows anybody in the entire world could make appear on your original Windows XP machine?). It's not hard to improve from there.
The biggest problem will always be between the keyboard and the chair but I don't think there's less 'critical' patches lately than at any other point in Windows history ('critical' exploits are those that can propagate to other machines without any user intervention).
No sig today...
Microsoft Should not be making claims about there security If there so secure why is there a need for Virus software, why a need for Ad ware software, in fact why is there a need for any third party security software. If you want security you move to a *Nix based system. Linux / Unix are known to be rock solid solutions on the server and the desktop. They don't have virus attacks, they don't fall to ad ware and most of all they don't blue screen. If Microsoft wants to make a real argument then how about they start by making a half decent OS which doesn't completely blow on the desktop. That's step 1, step 2 once this new Desktop system exists make it so we don't need third party security software. I'm not talking about Windows 7, it has enough current problems of it's own. I'm not talking about Vista, it's about the only system bad enough to go on the same level as ME. I'm not talking about XP which is the only decent system Microsoft ever released. What I'm talking about would be a fundamental redesign at it's core and up. Then Microsoft can start to complain. But first they do need some software to support there claim of security.
'When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'
That is called 'Stockholm Syndrome'.
I don't like Apple at all, but to say that the iPhone and the iPad were sandboxes for OS X is downright insane. The iPhone has been around for about three years, and the iPad has just been launched. OS X was launched in 1999 as a *Server* OS first.
Chat with other atheists http://secularchat.org
At the end of the day, Microsoft is probably right. Were Apple or Google's products dominant, and be so for years, they would be the primary target of hackers. Legion around here are those touting Linux's security, when it, too, does not suffer massive effort from hundreds of hackers trying to hack it for real profit, often from poor countries with weak currency.
In other words, the supposed superior security of Apple, Google, and Linux is probably more related to security-through-obscurity than any brutish, awesome-o capabilities. How would they hold up against not a few hackers, but hundreds or thousands, each on a mission from (the) God (of money)?
You're on crack if you think, "Quite well, thank you!"
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I love the weasel words that come out in these kinds of discussions.
echo(parse(" we're doing a better job making our products more secure"));
We used to not give a shit about security, but we're playing catch-up now!
echo(parse("third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."));
The guys I golf with tell me the others guys who golf with them aren't throwing as much money at this problem as us.
You can't take the sky from me...
It is hard to argue that Microsoft is making a concerted and costly effort to address the security issues with their products. Unfortunately, there's an old saw in the computing industry, which is more than applicable, "Garbage in, garbage out". A pig with lipstick is still a pig.
... Mommy tells me I'm special, more special than all the other kids, so *sticks out tongue*!
If you aren't suspicious of your government's actions, you aren't doing your job as a responsible citizen.
Anyone have any idea on what MS uses for an OS in house? All Windows? If it's so secure then shouldn't all their employees be using it?
20 Minutes? I had made my second Win98SE install, went out on Dial-Up to get updates for a-squared and in the 10 minutes it took to get them the poor little machine was infected with 5 pieces of malware.
Got a Box of Mandrake 8.1 and never looked back. That little PacHell was even the house NAT server for 4 other boxes.
I seem to recall that the relevant vulnerability hinted at here was sourced from Adobe's Flash Player. Bit ironic, given that Google has supported Flash while Apple has pointed out its security flaws. Seems like a bit of misdirection...
Jeez, how many levels of indirection is that?
Are your products secure? Or not?
I'm doing a better job turning water into wine. I can't do it. But some folks say I'm doing a better job making water more like wine than anyone else.
"When Microsoft's boat has thousands of holes in it and is sinking faster than the Titanic, is it anything to boast about that you have a great investment in a massive number of people highly focused on sticking their fingers in the holes? Compare that to Apple's boat, where they only have a modest investment because there are only a few holes." - by nacturation (646836) * on Wednesday June 02, @09:33PM (#32439898)
Per my subject-line above, I'm going to take a few minutes over coffee this a.m. to "shoot down your b.s." I quoted above is all!
I'll do so with some facts & figures from a respected security vulnerabilities gathering website (SECUNIA.COM) where we can see the number of known security vulnerabilities in each of the major "big 3" OS' in use (Windows 7, Linux 2.6x (kernel only, would be more with say, KDE/Gnome or BA$H security vulnerabilities added mind you), & MacOS X):
---
Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/08/2010:
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 5% (11 of 217 Secunia advisories)
(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (how much more would be added by diff. distros & their softwares/shells etc.- et al?))
---
APPLE MacOS X SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/08/2010:
---
http://secunia.com/advisories/product/96/?task=advisories
Unpatched (approximately) 1% (8 of 1233 Secunia advisories)
---
MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/08/2010:
---
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 13% (2 of 16 Secunia advisories)
REMEMBER/AGAIN: This is the ENTIRETY of Windows 7 being analyzed - not just its kernel, as is the case with Linux 2.6x above... & ONLY 2 security problems are present!
Top that off with the fact that 1 of them IS EASILY "worked-around" no less, in the AERO problem!
The other will also be fixed, most likely, TODAY in FULL, also (as it is "Microsoft 'Patch Tuesday'" & what-not & I wager BOTH of the security vulnerabilities in Windows 7 will be fixed by then (less emphasis on AERO issue though, as it has a valid working safe "work-around" & MS tends to not concentrate on those as much, because they have easy work-arounds (turn off the THEMES service? You turn off AERO GLASS in essence is why, easy & works)))
----
So, we have security vulnerabilities issues in Windows, Linux, AND MacOS X (but, less apparently in the current builds of Windows (7, Server 2008) than there is in Linux OR MacOS X in terms of numbers of security vulnerabilities present!
That also includes the fact that Windows 7 has MORE being checked on too, ala the Windows kernel/core AND ITS OS SHELL in this analysis... not just kernel's like Linux 2.6x shown above!
(Thus again - There is most likely even MORE security holes in Linux, especially if you toss on GUI shells & Windows managers most likely, inclusive of diff. distros variations of both to compound that more).
(Sure, now I am certain I will also see repliers here to my post here say
"but the 2 security vulnerabilities in Windows are 'remote' in nature"
Well, newsflash - ANY OF THESE SECURITY VULNERABILITIES REALLY "BOIL DOWN" TO BEING LOCAL, IN THAT SOONER OR LATER, THEY HAVE TO "TOUCH" THE LOCAL SYSTEM ANYHOW IN ORDER TO EXPLOIT THEM PERIOD!)
---
So, can Windows be secured far better than it comes "out of the box/oem-stock"? Absolutely. Heck, any OS usually can be... such as is shown here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/W