Slashdot Mirror
Microsoft Talks Back To Google's Security Claims
Kilrah_il writes "Yesterday there was a piece about Google ditching Windows for internal use because of security concerns. Now Microsoft is fighting back, claiming its products are the most secure — more than Google's and Apple's. 'When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'"
I don't like MS, though the truth is that with this last Windows, they are really more secure than others SO's, if you guys pay attention in the hacker championship, that one the gives a prize for the fastest hacker that invade one system, the fast invasion happens into Mac OS X, then Linux and Windows for last.
Oh, you mean Pwn2Own? 2010? Nope, Linux not tested. 2009? Nope, not tested. 2008? Can't be, the Sony Vaio running Ubuntu was never cracked.
Anybody got results from 2007 or earlier? I can't find them.
I always figured they hacked the prize they valued most and that's why Windows was on the bottom of the list.
Wrong. They always hacked the Mac because Apple is way easier to hack then Microsoft
From the links article:
This came in via e-mail: Many pundits have made a lot of the fact that the Mac was the first to be exploited in the Pwn2Own contest. Was the choice of the Mac as the first target because the hardware/operating system combo was more desirable as a prize than the commodity Windows laptops of the other competitors? Or was it just because Macintosh exploits occur with much less frequency than Windows exploits and would therefore be more newsworthy?
So until this year, applications on Apple were way easier to exploit than Windows. This is because Apple had weak ASLR and no DEP while Windows had full ASLR and DEP. This year, Snow Leopard has DEP, so its no longer trivial to exploit. In fact, I have lots of bugs in Safari that I easily could have exploited on Leopard but will be very difficult on Snow Leopard. So it used to be that that it was much worse, but now its mostly comparable (although still slightly behind)
And this is from Pwn2Own 2010.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
I seem to remember the person that won the P0wn20wn contest stating that there are several security enhancements with regards to the memory stack that are not present in OSX but are in FreeBSD, Linux, and Vista.
But this may be things like the windows login being provably secure, but the firewire driver allowing you to end run the login screen.
Windows has security features that on paper make it look like it could be a very secure system, the problem is that once you have locked it down to use all the security features, you probably have to write your own applications, as most off the shelf windows software does not run in that type of environment.
Work bio at MMWD
All of these work without any user intervention, by default, on all running programs. Part of the OpenBSD developers' philosophy is that all code is buggy, and the system should do everything that it can to minimise the security impact of running buggy code.
Another part is that no one uses optional security measures. Windows NT has had fine-grained ACLs on all kernel objects from the start, yet people tend to leave Windows permissions wide open because they're hard. Even now, Fedora and Ubuntu documentation often says 'disable SELinux' for various things to work. It doesn't matter how secure SELinux or UAC is, if the end user disables it.
I am TheRaven on Soylent News