Slashdot Mirror
Microsoft a Weak Link In Possible Cyber War
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods.
If he really said that I bet Microsoft execs are spewing their cornflakes as we speak!
Film at 11.
I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.
Lost at C:>. Found at C.
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."
Why do I feel like Captain Obvious is being obvious here?
Microsoft is the Walmart of the software world. Cheap goods that a lot of people use. Of course they're the weak link.
Sent from your iPad.
If you look at any ecosystem, you'll find that there are pests trying to gain a foothold into that system by exploiting a weakness. If there is only one type of organism, the pests will adapt and exploit the weakness of that organism. This is why you need ever more powerful pesticides when cultivatign monoculture crops such as corn, wheat or even soybeans.
Same goes for ecosystems of comptuers. Given 90% are running Wintendo, you find that the pests (virus and other exploit authors) take adavantage of that monoculture. The weaknesses are then exploited and have to be "patched" in order to ensure survival of data and/or systems.
Given an ecosystem with multiple operating systems - Windows, Linux, Unix/OSX, zOS - you'll find a greater ability to defend against continual threats.
The Kai's Semi-Updated Website Thingy
For once, I RTFA. The summary seemed interesting. However, the FA was even more interesting, although it had little to do with all the money that Microsoft had in its back pocket, and how it's market dominance was based on low cost products.
The main thrust of the FA, for those of you who don't want to click the link, is that because the Windows OS is so prevalent in civilian and corporate usage, a Cyberattack could devastate the economy (and western civilization).
âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.
"I'm just here to regulate funkiness."
Remember, he was the guy who warned Rice and President Cheney about an imminent Al Qaeda attack. Or depending how you view it, failed to convince them of it. Still, as ass covering goes, his was iron clad.
If you were blocking sigs, you wouldn't have to read this.
But then, to a large extent they helped popularize the PC which became ubiquitous and hence became worthy of attack. The PC also became a reasonably standard platform upon which Linux etc. could be developed and cheap enough that we can all afford to own one and join in the fun. It is by no means certain that this would have happened otherwise because I don't believe security is the enemy of profit, in fact I think we'll see a future where security tightens to the point where hardware will be locked to only run a certain OS - where will Linux be then ?
Nullius in verba
All of the money spent on lobbying the government against using Linux would have been much better spent on developing a reliable, secure operating system. The shortsightedness of large corporation never ceases to amaze me. Since they spent all of this money on lobbying, which ultimately was unsuccessful, they had to spend money on securing Windows anyway. So, Microsoft spent a large sum of money in total, when they could have just made a better product to being with.
Why do you people always say this? Windows is the Single-User system botched into a multi-user environment, not Unix.
I might argue that many operating systems would be wink links in the cyber warfare scheme. The most noteable exception would be OpenBSD. If I were in a decision-making capacity, I would reach out to Theo de Raadt, apologize for the way we previously treated him, and get him started immediately in developing a secure network. He and his team seem to have the understanding of security from the lowest level possible. The current en-vogue trend, end-point security, is useless if your web application leaks memory. Ostensibly, you would need a hole in the end-point to reach the application and that gets exploited opening the network wide open.
I feel I should point out once again that if Apple or Linux was the #1 most popular with like a 75%+ market share, they'd be the horribly insecure ones that are getting hacked all the time. It's not about the product quality, it's about what thousands of foreign programmers are targetting because they're going to find a security hole eventually no matter what system it is.
Foreign programmers? really? there are no american hackers? Damn', i was sure that there were hackers everywhere
There's nothing wrong with the newer rounds of MS software; the problem is the older stuff, which as time goes further back, tends to get less & less secure (all the way to Win98/95 which actually had no security at all).
Even now I occasionally run into boxen running thoroughly rooted Windows.....98. That's your problem.
throw new NoSignatureException();
a botnet?
Yours In L.A.,
Kilgore Trout
As such you would expect them to excel at security nowadays since it seems a very big concern amongst most users. Still their security efforts are pretty laid back and half assed. Microsoft dont take security seriously, its a pr problem for them at the most.
As a market leader one would expect Windows spanking Linux, BSD and Apples behinds but in reality Windows security sucks. Not because its more prevalent but because its a sitting duck. At Microsoft, features and ease of development has always stood higher than security on the priority lists. The only thing that can change that is monetary pressure like demand for accountability of their products. Until then, Microsoft security is a game of statistics, lies and damn statistics.
HTTP/1.1 400
"It's not as if people didn't already know about Microsoft's abysmal security record." - by StuartHankins (1020819) on Thursday June 10, @11:16AM (#32523878)
Ok, let's take a peek at that statements & it's "anti-Microsoft" implications, & we'll do so, by simply using the stats of the "latest/greatest" from the "big 3" OS vendors/OS types out there today, from a respected security vulnerabilities reporting website, in SECUNIA.COM:
---
Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 5% (11 of 217 Secunia advisories)
(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (so, I.E.-> How much more would be added by diff. distros & their softwares/shells (KDE/Gnome), etc.- et al?))
---
APPLE MacOS X SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/96/?task=advisories
Unpatched (approximately) 1% (8 of 1233 Secunia advisories)
(NOTE: I had to calculate the %, & I + others do NOT like how Apple & SECUNIA are reporting on the errors in security present in Apple's MacOS X there... see the comments below those stats, for an "example thereof"...)
---
MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
---
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 13% (2 of 16 Secunia advisories)
REMEMBER/AGAIN: This is the ENTIRETY of Windows 7 being analyzed - not just its kernel, as is the case with Linux 2.6x above... & ONLY 2 security problems are present!
Top that off with the fact that 1 of them IS EASILY "worked-around" no less, in the AERO problem, simply by selecting the "Windows Classic" theme, or, shutting off the "Themes" service!
The other only deals in SSL, for those that run an IIS 6/7 server (which is FAR from everyone, especially desktop users)... so, for example, from the system I am posting on now during lunchtime @ home? I have no IIS running, & thus, I am "proof to it".
----
(Sure, now I am certain I will also see repliers here to my post here say
"but the 2 security vulnerabilities in Windows are 'remote' in nature"
Well, newsflash - ANY OF THESE SECURITY VULNERABILITIES REALLY "BOIL DOWN" TO BEING LOCAL, IN THAT SOONER OR LATER, THEY HAVE TO "TOUCH" THE LOCAL SYSTEM ANYHOW IN ORDER TO EXPLOIT THEM PERIOD! Javascript exploits being the MOST "prevalent" of this type, and where do they ACTUALLY RUN? LOCALLY, inside a webbrowser program's javascript processing engines... turn off javascript (on "every site under the sun", & use it only where you HAVE TO and where you can trust the website)? Problem solved!)
---
So, can Windows be secured far better than it comes "out of the box/oem-stock"? Absolutely. Heck, any OS usually can be... such as is shown here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):
http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123
(Much of what's in it "principles-wise" (uses the concept of "layered security") & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X (done via Apple's guide for this, no CIS Tool exists for MacOS X, sorry) + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also (again, except MacOS X, but Apple's got a GREAT GUIDE for this too
From the headline: "Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods". That does not make any sense. WHO in their right minds would knowingly buy a low-quality good (unless they were broke, but then Micro$oft has not quite been known as a discount reseller)? There is no reasonable way any company would be "incredibly successful" and gain "market dominance" with crappy products unless some other stronger force was over riding good common sense and competing by the rules.
This really smacks of corruption, plain and simple.
The love of money is the root of all evil. (I timothy 6:10)
Thanks Micro$oft.
Not new to us, but I still find those who want to stand by their Microsoft, because they are uncomfortable with the unfamiliar alternatives. Microsoft is a weak link in every computer security issue because they continue to put wide-open holes into their system in order to be all encompassing. I believe that they just consider the few that get attacked and taken as being acceptable losses, and look at the masses of the herd (where they make their money). Someone at the higher levels of government making this public may have several effects: 1) Embarrass Microsoft to not stupidly repeat the same mistakes (maybe). 2) Start some agenda towards minimum standards for security. 3) Show that there are more secure alternatives, and make them more familiar.
[Windows] may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.
Compared to home desktop PCs, servers are more likely to be administered by someone with a clue about locking down and updating the system. Small mobile devices have only a sporadic connection to the Internet, much like home PCs in the dial-up era, and many use an executable whitelist managed by the device maker. So barring a security hole in something like a home router appliance, desktop PCs running Windows are likely the juiciest targets for establishing a botnet.
http://en.wikipedia.org/wiki/Warhol_worm
one of these days, some genius asshole is going to, just for the lulz, shut down the whole goddamn internet in 15 minutes. he or she is going to it with a worm that, of course, will be based on something in the microsoft constellation of oses/ products/ third party software. perhaps from our other security averse friend, adobe
i thought it was going to be code red or sql slammer, but no, these infections were content to zombify, not zombify and enslave the nonzombies (see below):
http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
http://en.wikipedia.org/wiki/SQL_Slammer
enslave the nonzombies: of course there are other oses out there, but they are in the minority. so listen up genius asshole: whoever writes this worm will cleverly make sure that all compromised systems DDOS non-microsoft os ip addresses on purpose. sql slammer and code red just blindly reached out to all ips and latched on to any promiscuous microsoft bitches that proved to be receptive to getting fucked. but you, oh genius asshole, will take note of those ips which defy you and share this list dynamically and automatically in real time between your other pwn3d machines
if a machine does not respond to your rude advances to be fucked, or can otherwise be quickly and reliably sniffed out as a non-microsoft os ip, punish the defiant, hard and cruel
you leveraging your growing zombie horde of microsoft os monoculturalism to mount a directed attack on nonmicrosoft machines. DDOS the responsible and the vigilant. leverage the power of the insecure to take down the secure. if the bitch won't fuck you, slap that bitch. if they will not be defeated, then they will be enslaved in a deluge of requests until they succumb. none shall survive, all shall be zombified or enslaved
and therefore completely wipe out the whole goddamn internet. for the lulz, you see
i'm still waiting, and when it happens, even though my means of livelihood is based on the internet, i'll be clapping and eating popcorn, reveling in the sheer armageddon horror of it all. awesome dude!
so where are you, genius asshole? make it happen
please don't let it happen for some insipid mundane making-up-for-my-small-penis-through-nationalism reason like cyberwarfare between usa/ russia/ china/ iran. that would be boring. nationalism is fucking retarded
get it done FOR THE LULZ my genius asshole friend, where ever you are. i'm waiting to be adequately entertained by global internet meltdown. MAKE IT HAPPEN
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Try to install Windows on a powerpc. Thank you, thanks for playing. Retard. Since when is x86 all there is?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Once you get away from using popular applications and O/S's, the price rises incredibly quickly. Instead of spreading (say) a billion dollar development costs across 100 million product sales, you have maybe 10,000 customers who can be persuaded to pay for a product. This immediately means no-one will buy it unless forced to by law, or unless they can in turn, pass on the costs to their customers. The smaller market also means there will be fewer suppliers - probably just one. Which in turn will drive up costs due to lack of competition and decrease any incentives to fix problems or develop new wares in a timely fashion.
We know what a secure operating system for the year 2010 will look like. It will look like VMS from 1995, for all the reasons discussed above. Now, which are we prepared to pay for: Microsoft products on every store shelf, running the country or critical systems with the security, features, lack of connectivity from the mid-90s?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
There's huge difference between the number of Windows 7 installs and total Windows systems installed. The security issues with XP are a bigger concern (there are a sh!tload of XP machines in the world), a good chuck of which are still on SP 2 and/or IE6. MS's current offerings are in pretty good shape but their install base is not. The responsibility of prior security weaknesses is still MS's no matter how hard they try to get people to upgrade out of XP (and earlier) deployments.
BTW, hell of a post.
anyone could have told you this.
True, but now that it's been posted on /. it's officially official.
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. ... while windows will run on pretty much any hardware.
Set the koolade down and step back. Microsoft Windows works on a much wider range of hardware than OSX, but it's still quite limited. I will concede that only Microsoft Windows excels at making use of a proprietary piece of crap like a Win-modem or a Win-printer.
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
My experience is that the average XP user is more baffled by Windows 7 than by Ubuntu. And don't even think of suggesting that Ubuntu can't be set up by someone knowledgeable.
Sure windows had bugs, but many of those aren't MS's fault, but rather vendors that write crap drivers.
Microsoft provides an ever-changing foundation of thick muck. And like you, they are quick to blame others for any problems.
My other car is a 1984 Nark Avenger.
Only government agencies can afford to spend a year designing a bullet-proof system, then another year writing the software and a year or two more making sure that no-one can ever break in to it. Are yo prepared to slow down software development by a factor of 8, from 6-monthly release cycles to a new version every 4 years? It would be commercial suicide and far too expensive.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Linux 2.6x KERNEL SECURITY VULNERABILITIES
It doesn't make sense to compare a line of kernels dating back to 2003 to an operating system that came out last year. The 7 kernel is just a derivative of the Vista kernel, for example. And in '03, XP was still going strong. Furthermore, 2.6 or whatever is just a name. I am running 2.6.32. How does the NT 6.1 you are presumably running compare to that?
The soylentnews experiment has been a dismal failure.
Man, I know we all spend quite some time reading /. and replying. But dude! Your post goes beyond crazy!
Were you paid to write it at least?
Thats some great spiel, but I think the point is Windows has a much bigger marketshare and a greater percentage of unpatched machines, particularly in regards to 3rd party apps. Hence, the security record for Microsoft portraying itself as a greater danger in this so called "cyber war". As an aside, 2.6 came out in 2003 wheras Windows 7 came out in 2009. By comparing "latest/greatest" your misrepresenting the userbase pool in the real world, which is what counts. Also, by implying the number would be greater once you include KDE/FF etc. you must concede that if you were to do the same for Windows and include all popular apps the number would be substantial.
...yes, because we all know some buffer overflow is the same as worms that repeatedly bring down the internet or people's individual machines.
Cherry picked statistics can't quite compare to how systems actually behave in the wild.
This is why Lemmings cling to them so much.
A Pirate and a Puritan look the same on a balance sheet.
And Apache is the most widely used Web Server but its security record is far better than IIS. So what does that say. Also Unix/Linux far outnumber Windows Server in terms of presence on the Internet; however, they are more on the yet their track record is far better than Windows server.
I often see this wives tale but have yet to see any supporting data.
Nevermind "adequate".
It's hard to get a user to spend LESS for an alternative even when they
are ready to buy an entirely new machine because they think that their
old machine should be scrapped. That whole "vendorlock" thing comes in
and users that have no business, end up fixated on bogus compatability
issues.
The whole "MS-DOS is compatible with everything,nothing else is" meme
is alive and well and working to keep people from fleeing Windows.
A Pirate and a Puritan look the same on a balance sheet.
Right. Let's feed the troll, and spin it another way:
Look at the severity of the advisories (They are rated from 1-5). Neither windows nor Linux has any unpatched vulnerability rated higher than "less critical" (i.e., neither has anything unpatched that is 3 or higher). So for vulnerabilities >2/5, they both have a 100% patch rate. The difference is in "less critical" advisories, (1 or 2).
Window's 7, in its short life, has had 8 advisories rated "less critical" or lower. Of these 2 are unpatched. That means the patch rate for less pressing vulnerabilities is 75% (a full 25% are unpatched).
Linux (if I counted right) has had 191 advisories that were rated 1 or 2, since 2003, of these 11 remain unpatched, or ~5.8%.
The difference in the overall patch rate is due to the fact that far more of Window's vulnerabilities have been critical, >3/5, (specifically 12 of the 20) than linux's (26 of 217).
Also note that linux has never had a vulnerability rated 4 or 5, it's highest vulnerability has been a 3. But eight of Window's 20 advisories have been 4's and one was a 5.
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
Not sure I agree their attempts via lobbying were unsuccessful. Linux is used in a significant way in government/DoD systems, as noted in the article, Mr. Clarke surprised many by insisting on an evaluation of Linux in 2004 - and I remember how that study and its results ran into resistance across the boards, before the electronic ink was dry. Without lobbying efforts having tipped the playing field, Linux could very well have significantly more penetration in government infrastructure than it does today.
... the irrational resistance in federal circles to Linux desktops that prevails to this day is amazing.
And note that on the desktop front, Microsoft's strategy arguably has worked bizarrely well
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
It's a frequently used troll post. It has been completely debunked in the past several times. All of the critical bugs listed for the Linux kernel, for example, were local exploits only -- NONE were remote. In contrast, Microsoft's exploitable bugs are famously remote exploits meaning they can be done over a network connection. Mac OS X is another bag of worms... but thankfully, Apple controls and limits its users such that it will never be big or ubiquitous enough for large scale general use like Windows and will never likely get used in critical government or business operations.
I went straight to the bookstore to buy it. I asked the lady where it was and she said "it's filed over there under F for fucking obvious".
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I doubt it. APK has a long history of posting this kind of crazy shit. Frankly I'm surprised he wasn't going on about HOSTS files like he normally does.
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
Tell me... What's so low quality about Microsoft's products these days? I'd love to hear it. This anti-MS fap fest is one of the worst I've seen in quite some time, and that's saying a lot for slashdot.
I'd say cyber war means the making of human-killing machines, and that I have no plans to design or buy game machines with approval from the war dept, thank you very much. I'm not into being fooled, my money isn't going to DOD research and equipment, and if you want safety, security, you just don't go around showing off how well your "toys" kill, looking for enemies, then worry about how secure your gates are, that always works temporarily, not forever. See Rome, Greece, Spain, USSR, England, Germany, Japan, etc.
Build your own energy sources from scratch. http://otherpower.com/
I was comparing the "latest/greatest" from Apple, Microsoft, & the LINUX camp
If you're including linux from 2003, you have an odd and erroneous definition of "latest/greatest". Not only that, Windows 7 is an OS, Linux is not. And, furthermore, if you are comparing kernels, you have to include the Vista kernel to the 7 kernel which you did not.
I'm not going to bother refuting the rest of your drivel since it all rests on this one blatant fabrication. If you want to attack Linux's security record, at least do it in good faith then people might be willing to listen to your arguments. Your original post is little more than noise and it just sets you up for ad hominems and derision as no one can really take you seriously.
The soylentnews experiment has been a dismal failure.
Microsoft's actually been pretty useful. The blame is on the people who have installed it in critical systems. Ever since I've read anything about medical systems and the like ,something they always repeat is not to install Windows or a similar desktop OS on the systems because it makes unauthorized access easier and the OS wasn't designed for such critical systems, so it might crash every now and then. Designers of critical systems know this, and if they are negligent and use Windows, then the blame for the consequences should fall on them.
That's not a troll post.
Even if his post is false,
It's a troll for one very simple reason. He's including 2.6 kernels from 2003 and comparing them to Windows 7 which uses the NT 6.1 kernel which is a derivative of the NT 6 kernel used in Vista. Intentionally distorting facts to support your argument is trolling. Furthermore, he's bringing up secunia stats as if that is the whole story without mentioning the relative severities. Of course, it's a red herring anyway as I've already pointed out.
The soylentnews experiment has been a dismal failure.
Considering you can't see the source I would say that it seems like remote vulns would be less easy to find.
While your statements are true for desktops you're completely wrong in the server space and those machines are far more valuable to own.
What is this "work" you speak of? We just want to sit on our bums and rake in the cash as it comes floating by. Just think of us as tunicates or sea anemones who have secured a really rich position in this market environment. We're permanently attached; it's why we don't need chairs to sit on, and can instead use them for projectile weaponry...
[/cynicism]
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
if you defeat me, you get a live-action cutscene of me doing your mom
unless you won teh internets by traversing the far more difficult /b/tard PvP realm in the Retards and Trolls Comment Board (tm) expansion pack (beta)
in which case you get a hentai animated cutscene of rule 34 THAT NEVER ENDS AN ETERNAL HELL OF FURRIES GROUP SEX OH MY GOD MY EYES
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No. It was created to replace Multics. From the very foundation it was made to be portable, multi-user and multi-tasking. I think you're thinking of emacs... or possibly Linux, which was originally to be a terminal emulator.
Ad hominem attacks are a logical fallacy & only show that when one has to use that? They are on "the ropes", losing badly... pretty simple!
Ad hominems are also useful when your opponent's arguments are so utterly ridiculous and unconvincing to the audience that it is utterly pointless to refute them point by point...
To whit, you have no idea what you are talking about and I'm not going to even bother wasting time arguing with you anymore.
The soylentnews experiment has been a dismal failure.
They might have broken into the US automobile (and motorcycle) market by selling at low prices, but quality was indeed part of their leverage. My dad remembers when Yamaha first started making motorcycle sales in Minnesota -- people actually started buying them instead of Vulcans or Indians because 1) they didn't shake themselves apart, and 2) they would actually start in the winter. And I can easily recall how crap the US cars were in the late 70s through the 80s, when Toyota and Honda really started eating Detroit's lunch. My folks went in for a Saab and a Honda. My first two cars were a Honda Civic and a Toyota Corolla. Ford stood for "fix or repair daily", something the Japanese automakers wouldn't stand for -- or more accurately, couldn't afford. Ford et al couldn't afford it either, in the long run, but too few people were looking at the long run.
So no, I don't think market share alone determines success or market control, not long-term. A monopolist or consortium can control a market to some degree, but if things get too far out of balance, if they stray out of bounds (set prices too high, allow quality to degrade too far, try to lead their customer base in a very different unliked direction, etc etc), the time is ripe for outsiders to bring in new products and new brands and dethrone the controlling interests. Detroit got cocky, and was undone by its own hubris; it kinda looks like Microsoft is heading down that same road.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
You're RIGHT - so, IF I was to add on the KNOWN SECURITY VULNERABILITIES in the remaining parts of LINUX not noted (such as KDE or GNOME, or even BA$H, to name only a FEW parts omitted in my fair analysis of the LINUX KERNEL/CORE ONLY mind you, vs. the rest of it that folks use regularly/usually, which DO GET ANALYZED IN WINDOWS 7 &/or MacOS X?)?
Why don't we just compare apples to apples and see what the results are when Windows goes head to head against the most popular Linux distro with some of the best hackers in the world trying to break in.
Damn.
The soylentnews experiment has been a dismal failure.
the use of decompression chambers. Then again its because he DIED from caisson disease (decompression.)
But MANDATING the use of decompression chambers, just like the use of collapsible steering columns in cars which would stop you from resembling a bug in a Victorian collection, (pinned through the chest,) had to be enacted by someone who wasn't in it just for the money.
The accountants told GM, Ford and Chrysler: "This will cost share holders $ and upset the P&L Statements".
The government and a whole bunch of the American public read "Unsafe At Any Speed" and said "Screw YOU GM, Ford and Chrysler! I'll pay the extra $300 to not get skewered..."
SOMEBODY has to take the reins from "Laisser Faire" at some point because businesses are too short sighted to look up from the balance sheet.
(I'm convinced that HELL has a special section for accountants where balance sheets DON'T, nobody gives a shit about P&L Statements and Journals are maintained up to the microsecond...)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
So a political figure has had the epiphany that many figured out by common sense and experience a decade ago.... *sigh*
I have checked various registries of accreditation and do not find Anonymous Coward in any of them. Perhaps you should start by revealing your identity and proving your assertions of credentials. Next, don't assume I have less experience and no accreditation. I have a degree. I have certifications and I have been in the industry since I was 16... I am 42 now. I have experience with everything from mainframes to the most obscure PCs and just about everything in between. I know the lay of the land. I know it too well. I was there for the birth of Unix (sort of... it coincides with my own birthday) and have followed the tech since then. It has been my life and obsession. Do not begin to believe that degrees and certifications even BEGIN to make someone qualified to understand what is really going on.
What you have is "product training" and little more.
Your assumption is that publicly acknowledged vulnerability count is an accurate indication of software quality, but this assumption is flawed. First, the software could have bug, but nobody knows about it because nobody looked for it nor observed it. You always have bugs that are unobserved. Even when the vendor has perfect knowledge of how many bugs they have in the software, their willingness to disclose it for public acknowledgement determines how many vulnerabilities are counted on Secunia.
Secunia shows bugs that are reported to the public, and by definition, all bugs in open source software are public information. The vulnerability count for Linux enjoys the most accurate disclosure. Mac OS X is partly closed source and partly open source. Even so, Apple voluntarily acknowledges the presence of vulnerabilities whenever it publishes software update. The unfixed vulnerabilities reported to the public all belong to the open sourced part of Mac OS X, which is public knowledge. If Apple decides to stop acknowledging vulnerabilities, at least the vulnerabilities in the open sourced part of Mac OS X is still public information, and they can be found through careful code review.
Last, we have Microsoft Windows, which is a closed source software, so nobody can see how the software is written except by reverse engineering the machine instructions, which violates the EULA. Any end user who purchased a version of Windows are automatically disqualified to find bugs, except when they stumble upon it by accident (software crash). Even so, the information you gain from a crash report is extremely limited. It doesn't even tell you how severe the bug is.
How then, do Windows vulnerabilities get published on Secunia? They're mostly found by independent third-party who stumbled upon a bug and decided to break the EULA to investigate the crash. Studying how the software works by reverse engineering is excruciating and time consuming. Unless you have an ulterior motive, you will not be doing that. If you are in the business to create 0-day exploit, you won't want to disclose the bug either.
So I argue that the reason Windows has lowest vulnerability count on Secunia is because of the near zero disclosure from Microsoft as well as third-parties, not because the software is well-written.
I once had a signature.
Plus, you've already said that 2-3x or so, by now (that you were leaving & not responding here anymore, gee I wonder why (NOT)), while you avoid a SIMPLE QUESTION I ASKED OF YOU HERE 2-3x now too, see above...
What can I say? I'm a sucker for a troll.
See that post, & answer the questions there (mainly the one regarding IF Linux's only PARTIAL LIST of kernel/core level errors only, 11 left (not counting ones probably present in LINUX 2.6x's Window managers, KDE/GNOME shells, &/or BA$H + other tty terminal consoles too possibly & more) are as easily "worked around" as those in Windows 7 are?)
I've already told you why your argument is too stupid to even respond to but, here. Now scurry back under your little bridge, little troll and chew on that for a while as that's about the best actual apples to apples comparison that I could find where Windows and Linux were in the same room.
The soylentnews experiment has been a dismal failure.
Security through obscurity is no kind of security at all...
So only foreign hackers hack MS products? What ever pair of rose tinted glasses you are wearing when you view your own countrymen (I'd guess American) I'd remove.
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
Windows is missing an integrated centralized package manager. This results in programs with redundant update mechanisms, often implemented in a poor or annoying way. Many programs seem to update themselves during startup, the most inconvenient time because that's when you actually want to use them. Or they annoy the user with popups in the system tray.
A centralized package management would instead rely on a list of package repositories to which vendors could add their own URLs. Of course packages would be secured with public key cryptography infrastructure to prevent man-in-the-middle attacks and ensure integrity, much like it is implemented in Debian GNU/{Linux|kFreeBSD}.
The package manager keeps track of all packages' files. That allows the administrator to clean up a system very easily, by listing all files that weren't installed intentionally and deciding what to keep & delete. How many programs leave crap in the Windows directories?
Packages could, optionally, share dependencies instead of using a dozen copies of the same DLLs. Shared dependencies save disk space, eventually RAM and can increase security. When a security problem emerges in a library, the system only needs to update that one package instead of every program that ships with a redundant copy.
These are the some of the problems that keep Windows away from my systems.
Richard Clarke gets it.
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down" (as usual with my posts like these)... they only prove this point for me, everytime, lol... apk
Yeeeah, it's just a big old conspiracy against apk. I mean, surely it doesn't have anything to do with his flawed arguments that have been thoroughly debunked and dismissed by myself and others. It's just the "slashdot samurai" (lol) out to get you.
The soylentnews experiment has been a dismal failure.
Try this on Google.com, slashdot microsoft works better on apple hardware".
Your information is STALE, because that's currently not the case for Windows 7
No, it isn't STALE. What I said was that "eight of Window's 20 advisories have been 4's and one was a 5", this is not stale. It's true, per the links above.
BTW, the verb I used, 'have been', has what's called "perfect aspect". In context it means that MS shipped Windows 7 with serious problems and patched them later.
The 2 small ones Windows 7 has are EASILY worked around too, I wonder if the same can be said of the 11 outstanding issues on LINUX 2.6x??
Yes, for the most part the same can be said:
The rest are classified as "not critical" because they only involve a local DoS.
Anyway, enough troll-feeding for me.
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
To my understanding, the argument of the "ex-white house" official only demonstrates that the government has been spending money in "poor quality goods". If microsoft got its money for its low quality software, then someone was not doing its homework.
Why blaming MS now, when their massive adoption and lack of alternatives boosted their millions? Why the government never supported linux or other systems?
So what, you are seriously comparing kernel 2.6 (released December 2003), all versions of Os X (server released in 99, desktop 2001) with Windows 7? I guess that could be a fair comparison in some dimension.
Dude, if you're taking this message board so seriously that you are going to "defend" yourself by posting more ac comments and pretending to be somebody else, you need psychiatric help.
The soylentnews experiment has been a dismal failure.
Dude, don't argue with the apk. It just makes it stick around longer.
Dewey, what part of this looks like authorities should be involved?
There was some government money (DARPA, I think) was was used to fund some development of OpenBSD. But then Theo, a Canadian, expressed his feelings about the invasion of Iraq. The money disappeared suddenly. (See http://en.wikipedia.org/wiki/Theo_de_Raadt and find the "DARPA funding cancellation' section.) The JASONs, it seems, have to answer to politicians. If you are more kind to the JASONs, you could note that the funding was yanked in April, 2003. The JASONs traditionally work in July, August, September, October and November so they only have to miss one semester. So in April, DARPA has all the bureaucrats and fewer JASONs.
Think global, act loco
So go on and ask your moderators if I am posting from the same ip addresses as apk is.
If you don't know what a proxy server is, you aren't qualified to even be in this conversation. But, what the hell...
Infoworld even alludes to that going on here, so that is good enough for me.
So, uh, some people started a web site and said some stuff. Welcome to the internet, Mr. not-apk *wink wink*.
So no one reading this gets duped by your feigned ignorance, I'll summarize the situation for you. Apk brought up the secunia statistics for every linux kernel since 2003 and compared them to Windows 7. This is fallacious for several reasons, among them, 7 uses virtually the same kernel as Vista so why didn't he include the Vista number? Also, nobody is using a kernel from 2003 so it's irrelevant anyway. Also, the severity of the security advisories between Linux and Windows don't even compare so the raw numbers are useless for a real comparison between the two.
This, of course, was all brought up in subsequent posts so apk just moved on to the red herring of Linux+KDE/Gnome/Bash/thekitchensink as if that wasn't an even worse argument. First of all, it depends on the validity of the first argument which has been debunked here and elsewhere ad nauseum. But, for arguments sake, it was examined anyway. As there are practically no reliable comparisons, it was brought up that the last pwn2own competition that included osx, windows, and linux, only Linux was left standing at the end.
So, he was answered and debunked repeatedly but like the typically incessant crank he has proved to be over the years, he just kept repeating the same crap. He's like the little kid that says why everytime you answer him. Eventually you get sick of it just stop answering.
The soylentnews experiment has been a dismal failure.
That could make the problem far worse... could be a lot of exploits to vulnerabilities that could not be announced nor reported as doing so would put in legal troubles.
And the desktop is a big trouble. I think it was desktop what was used in Google intrusion, same for this bank intrusion. The biggest vulnerabilty of any system is the people that works on it.
I know I shouldn't but it's so much fun watching him squirm.
The soylentnews experiment has been a dismal failure.
I like the article.
I agree that Windows is a major security problem, not just for end-users but the United States as a whole. Having a single dominant platform makes life much easier for hackers, since it allows them to focus their efforts much more narrowly. Switching completely over to Linux however, is not a panacea, since well just have the same problem - a single platform (yeah yeah, there are lots of distributions of Linux, but its Linux ffs). I completely disagree with Clarke's call for monitoring of net traffic for "malware", since I don't trust the federal government to define "malware" in the way a normal person would. Even if he is sincere in his claim that this monitoring would help, it would eventually devolve into an end-run around the 4th Amendment.
A better plan is to let the free market take its course, allowing a spectrum of operating systems to appear. Obviously, it will take a while since MS is so dominant, and people are generally scared of trying new things (like Linux), but eventually consumers will figure out that Microsoft's stuff is lower in quality-per-cost compared to other alternatives, and switch over.
As an aside, has anyone seen the prices on Microsoft's Office 2007 stuff? They were selling it for like, $400 at Office Depot a few days ago. And OpenOffice is free and has ~95% of the functionality o_O. I can only imagine how much money my local government (school board, etc.) would save by switching over to open-source programs.
White House advisor states a piece of software installed on almost every government desktop is a possible target for cyber war.
Can we start moderating submissions as flamebait?
Your post may be completely right, but your haphazard punctuation and aggressive boldfacing and capitalization have dissuaded me from actually reading it.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
WinCE that is used for the XBox is PPC
That is the most aptly name Windows version ever.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
You kind of ignore the fact that the best security exploits are the ones that have not been publicly declared. From any government's point of view when foreign powers have access to windows source and can search for exploitable faults and not declare the ones found but simply use them, it has to be a worry.
Whilst the same can be said of Linux source code, there is nothing stopping governments from securing Linux code for the own use whilst windows is being used by other governments in an unfixable state.
From a Linux point of view it is fairly difficult for someone to fix undeclared bugs and distribute the fixes without everyone else finding out about it and also making use of that fix. There is also nothing stopping them from finding all the bugs in windows and then using Linux to secure their own system. Especially non-US governments, as everyone knows due to lobbyists corruption and the M$ bank balance the US will continue to be forced to use it out into the foreseeable future.
Hell, the Republicans were even going to put Steve "Uncle Fester" Ballmer in charge of US government IT and let's guess what software he would have chosen and what price the US would have paid for it, how about the pharmaceuticals no discount for the feds option full tote retail (those guys don't even try to pretend about corrupt corporate political placements).
Chaos - everything, everywhere, everywhen
Impose tax on 'idle' cash reserves.
I'd like to buy homeland for our 10 million people. http://twitter.com/mahadiga
You're RIGHT - so, IF I was to add on the KNOWN SECURITY VULNERABILITIES in the remaining parts of LINUX not noted (such as KDE or GNOME, or even BA$H, to name only a FEW parts omitted in my fair analysis of the LINUX KERNEL/CORE ONLY mind you, vs. the rest of it that folks use regularly/usually, which DO GET ANALYZED IN WINDOWS 7 &/or MacOS X?)?
You'd see more than the 11 security vulnerabilities in Linux... my guess? Far more.
So all the stats you quoted do not really matter, and we are down to your guesswork...
Not impressive.
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Like I said in my post you replied to? FIND US MORE CURRENT DATA ON WHATEVER BUILD OF LINUX YOU CAN FIND THERE... ok?? I'll be GLAD to see it in fact!
The absence of better evidence does not make your "evidence" better. Or less skewed. And does not excuse comparing a 2003 kernel to a 2009 OS and going "I bet there are even more stuff wrong with all the 1000+ distros running the kernel".
Also, the shouting is becoming rather shrill...
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Well thanks for proving my point anyways. I call you a lunatic, you respond with yet another tangled mess of rambling nonsense.
Oh, and I wasn't trying to argue your point or anything like that, I was just informing a neophyte about one of the famous Slashdot crackpots.
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
Two points to be made, one towards the original article, and one towards you and open source in general.
First point, the bad guys know more about Windows vulnerabilities than you and Secunia, possibly even more than Microsoft if they already found a way into their corporate repository and stole the source code. After all, Google is fairly security conscious, and even they suffered a breach. You don't know if Microsoft is similarly breached because they wouldn't admit it. You and everyone else lose if you use Windows, both short run and long run. If anyone gains, it is either Microsoft in the short run, or the bad guys in the long run.
Second point, in the case of open sources (e.g. Linux, *BSD, parts of Mac OS X, which you unkindly call open sores for no conceivable reason except to provoke nuisance), everyone has an equal opportunity to audit the code to find bugs and discover vulnerabilities. If you have the skill and the will of charity, your effort can benefit everyone. Linux users may appear to suffer more bugs right now, but as bugs get fixed, everyone wins in the long run—even you if at some point you decide that Linux suits your needs—all but except the bad guys. It looks like there is enough people to improve Linux right now, so that when the rainy day comes, you'll get an umbrella despite your antagonist attitude all along.
If I were the bad guys, I'd steal Windows source code and build up a list of exploitable vulnerabilities in secret. Then on the day I want to cause cyber warfare, I would unleash one exploit every month since I know Microsoft can't release patch faster than a monthly cycle. If I were to continue devastating the economy for 2 years, which is a long time for an economy to suffer permanent damage, I only need 24 exploits, which is not that many.
I once had a signature.
Who ran anywhere? I don't and can't spend all day reading and writing slashdot. I have a life and a job. And it's a private life and a private job. I'm not stupid enough to reveal myself to others... how many slashdot stories have there been posted about lives and careers screwed up because their online activities were connected with their work and private lives? I don't play that -- I know better.
The previous responder reveals himself as an accredited Windows person. I haven't checked all of the references, but it is easy to see that there's not much knowledge outside of the environment that Microsoft has provided. So yeah, if the only tools you have are Microsoft, then everything is solved with Microsoft tools and they are the best tools for the job. People with a much more rounded range of experience, however see things differently.
Still, impressive list of references. It'd be interesting to see what would happen if he did something other than Microsoft. Most people like him are just a bit weary and afraid to go back to ground zero to learn something else. But this guy claiming to be my senior? His first published work is in the late 90's. By that time I was programming in BASIC of nearly all varieties from Microsoft's to Commodore's to Apple's to Microware's Basic09. I was programming in C for all of those environments. I was programming in Assembly language for a few of them. (well, those that were Motorola processor based which at the time was most of those on the list.) I have had experience with DEC, VAX, and AS/400 by that time and actual credentials to back up my knowledge of COBOL among other things. I was there for Windows 1.0 and above. I loved Windows95 and 98 because they were huge improvements in the way computing was done on PCs. I learned to hate Windows because of what became of it over time.
He might be my senior in age but I seriously doubt that in experience. He's a one-trick show horse and can't speak about things that are not DOS/Windows. He's just not qualified. And if he's not qualified to speak on things non-Windows, then he's not qualified to say what is best.
So you used to prosecute Christians, like apostle Paul?
You are Alexander Peter Kowalski. You wrote a couple of niche Windows freeware using Delphi, but you have a tendency to optimize code that doesn't benefit from optimization. You also like to post the same stuff over and over again to different people you run into online. You're an interesting character, but unfortunately I can't seem to find many positive things to say about you. Sorry.
I once had a signature.
BTW, here's a hint -- if you want someone to know you replied to their posting, use an account and not AC. I don't get email notifications of a reply when it is from AC responders. Just get an account already.
Also, it's clear you have a particular style and manner that involves excessive length. All of my college writing courses taught me the same thing -- if it can be said completely and accurately while also being short, that's the best way to write. You are excessively wordy and tend to lose the interest of your readers pretty early on.
Knowing what you purport to know about Windows, how is it you manage to ignore the operational standards used by Windows versus every other advanced operating system? Frequent crashes are barely acceptable for a desktop. Not for a server and yet Microsoft saw fit to port a desktop OS into the server sphere. Now everything requires reboots for a wide variety of reasons and Microsoft technet recommends rebooting periodically "just because." I have *nix servers with uptimes measured in years of reliable service. Not saying it "can't" be done with Windows, but it is most certainly not recommended. That places Windows servers below par for quite a few operations. And of course the security model is entirely too weak... you're either administrator or your not. Most of the permissions are associated with the file system. And since device drivers are placed at the same level as the kernel, device drivers enjoy infinite freedom of infiltration and the ability to crash the entire OS. When Linux video drivers crash (and they do!) they don't take the whole machine with them. I had an NVidia proprietary driver failing on me and I had no access to video at all. I had to "ssh" into the machine to get in and fix it... the machine wasn't killed, just the display. I was able to fix the problem without rebooting. Can you say the same for Windows? Why would that be? Oh yeah... ring-0.
We get it. You're a Windows fan... a professional even. But if you KNOW Windows, then you know its weaknesses and how it doesn't compare with other operating systems whose authors wouldn't even dream of designing an OS the way Microsoft has.
You are the person who started using your credential to justify your argument, i.e. Argument from authority, therefore Argumentum Ad Hominem is all you're going to get. I, on the other hand, speak of objective arguments that don't depend on who says it. That's why I can afford to be an anonymous person, but you can't.
Who in their right mind is going to write hand-optimized inline assembly for a CD alarm clock program that spends 99.999% the time idling, waiting for the timer to go off? You did. I think you're crazy.
And finally, you read the bible (good for you), but you don't understand what it says.
I once had a signature.
You have to admit, you actually have no evidence one way or another. I don't have to tell you anything about myself to win an argument.
I'm glad you at least humble yourself before God. I have the impression that you don't humble yourself before other men, so no matter what I say you won't listen. That's okay. Why don't you do a little research on your own about who wrote the books of Corinthians, and read at least Luke and Acts in entirety? That would give you enough context to understand where Paul was coming from. Then, go back to 1 Corinthians 15:9, the verse before the one you quoted. You really shouldn't take the bible out of its context. A lot of harm has been done that way.
I once had a signature.