Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever (thurrott.com)

Posted by EditorDavid on from the setting-the-bar-low dept.

A new white paper from Microsoft claims that "devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7". But an anonymous reader brings more news from Windows-watcher Paul Thurrott: in a separate blog post, it also makes its case for why Windows 10 version 1607 -- that is, Windows 10 with the Anniversary Update installed -- is the most secure Windows version yet. Improvements in this release include: Microsoft Edge runs Adobe Flash Player in an isolated container, and Edge exploits cannot execute other applications... [And] the Windows Defender signature delivery channel works faster than before so that the in-box anti-virus and anti-malware solution can help block ransomware, both in the cloud and on the client. Additionally, Windows Defender responds to new threats faster using improved cloud protection and automatic sample submission features, plus improved behavioral heuristics aimed at detecting ransomware-related activities.
Interestingly, the paper also touts Microsoft's "Advancing machine-learning systems in our email services to help stop the spread of ransomware via email delivery."

33 of 194 comments (clear)

  1. Security that the USER cannot control. . . by Salgak1 · · Score: 5, Interesting

    . . . .is not what **I** would call a selling point. Sticking to Win7 on my Windoze gaming box, and Ubuntu for my main box. . .

    1. Re:Security that the USER cannot control. . . by Salgak1 · · Score: 5, Insightful

      And what of small businesses ? Medical practices ? Only the Enterprise Edition of Win10 gives any real control over security. Not controlling your own security will make things like, oh, HIPAA and PCI compliance problematical.

      Claiming security controls for the public is like handling firearms without training ? Well, there goes Linux as a replacement for Windows, by your argument. . .

    2. Re:Security that the USER cannot control. . . by fisted · · Score: 3, Insightful

      That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

      --
      CLI paste? paste.pr0.tips!
    3. Re:Security that the USER cannot control. . . by Anonymous Coward · · Score: 5, Interesting

      Not the same AC but I am a scientist in a corporate environment who does electron microscopy and x-ray microanalysis. We have a lot of hardware that requires Windows. Typically the software is a minimal part of the problem. I have hardware that still only runs on Win XP and Win 7. We have one system still Win 2000 and one on NT. They are all like the Energizer Bunny - they keep on going... The hardware upgrades would cost anywhere from several thousand to over $1 million because entire instruments would need to be replaced. We are specialists at getting parts from E-bay. We preserve jobs by letting our analytical needs determine our upgrade path, not Microsoft...

    4. Re:Security that the USER cannot control. . . by temcat · · Score: 4, Informative

      Being a translator still kind of forces me onto Windows because of the lack of quality GUI OCR tools in the Linux ecosystem. (The commercial ABBYY engine does exist and is really not that expensive, but I need manual area selection and categorization, heuristics still suck big time.) That may change in the (not so distant) future but still is the case.

    5. Re:Security that the USER cannot control. . . by houghi · · Score: 5, Insightful

      I have no issue of the company doing the updates and users having no control. I do blind updates on my Debian as well. The issue is that you can't turn it off. If have not done updates because I have read there where issues, so I waited two days.

      So Windows tries to be too clever for its own good.

      --
      Don't fight for your country, if your country does not fight for you.
    6. Re:Security that the USER cannot control. . . by fnj · · Score: 3, Insightful

      I have no issue of the company doing the updates and users having no control ... The issue is that you can't turn it off.

      Consistency is the hobgoblin of little minds, eh?

    7. Re:Security that the USER cannot control. . . by dkone · · Score: 2

      You can turn it off by setting the Windows Update service to manual and turning it off. If I had to put only on thing on my hate list for Win10 it would be the automatic updates and worse yet the automatic reboot. I constantly run with 10-15 open apps at any given time most as source references to my main app. Nothing worse then coming in in the morning, or even walking down to the kitchen to get water and finding you computer has rebooted.

      FYBG

    8. Re:Security that the USER cannot control. . . by drinkypoo · · Score: 2

      That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

      Odds are they're correct, but it never actually seems to become functionally secure, does it?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    9. Re:Security that the USER cannot control. . . by tepples · · Score: 2

      Because on desktop and laptop computers sold in the United States, Windows is used as a substitute for an operating system far more often than a real OS such as FreeBSD or GNU/Linux is. One can walk into a Staples or a Best Buy store in the United States, and virtually every desktop or conventional laptop computer for sale will come with Windows. There are three categories of exceptions:

      • Apple products, which run a GUI similar to GNUstep on top of a FreeBSD-derived operating system.
      • Devices running Android, a smartphone-derived operating environment that uses Linux as its kernel but whose GUI enforces "all maximized all the time" window management. Android 7 "Nougat" begins to fix this, but most tablets don't come with Nougat yet.
      • Chromebooks, which are designed to run a web browser and nothing else. If a more conventional GNU/Linux environment is installed, a Chromebook begs the user to wipe it and reinstall Chrome OS every time it is turned on.
    10. Re:Security that the USER cannot control. . . by The+Optimizer · · Score: 2

      > Not controlling your own security will make things like, oh, HIPAA and PCI compliance problematical.

      Add Sarbanes-Oxley (SOX) Compliance to the list as well.

      My wife just dealt with this at her Fortune 500 company. Microsoft will not disclose completely what the telemetry in SQL Server 2016 is phoning home. They have no choice with respect to compliance , and have made the decision to migrate their older reporting from SQL server (older versions) to Oracle.

      She wishes she had a recording of their MS sales rep telling her team that it doesn't matter.

    11. Re:Security that the USER cannot control. . . by fahrbot-bot · · Score: 2

      That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

      Ya, but *this* time, the baked-in, mandatory telemetry that tracks everything confirms it's the most secure version.

      --
      It must have been something you assimilated. . . .
    12. Re:Security that the USER cannot control. . . by Ravaldy · · Score: 5, Insightful

      Are you new to the industry?

      If you work for a company that lives in Windows you should be living in Windows as well. It forces you to live like your users. After all, you're the technical expertise and you will see opportunities for improvement that users many not see.

      My 2 cents.

    13. Re:Security that the USER cannot control. . . by davester666 · · Score: 2

      The important part of the statement is "most secure Windows ever". It's relative only to earlier versions of Windows. It doesn't mean that Windows is no longer riddled with security issues, or is not actively being exploited by zero-day hacks.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. So, if they're aware of all these flaws in Win7... by msauve · · Score: 2

    Where are the patches for Win7 which address all these known flaws? They're supposed to be providing security updates until 2020.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  3. OK, that's funny on it's own, but... by Baloo+Uriza · · Score: 2

    ...now say it in Donald Trump's voice.

    --
    Furries make the internet go.
    1. Re:OK, that's funny on it's own, but... by Chrisq · · Score: 3, Funny

      ...now say it in Donald Trump's voice.

      We have a big beautiful firewall. That's goin to block websites. Because websites have drugs, pornography, crime ... and some I believe may be good sites.

    2. Re:OK, that's funny on it's own, but... by omnichad · · Score: 2

      Something something about Mexico paying for our firewall.

  4. That's only because by toonces33 · · Score: 5, Insightful

    That's only because it won't boot. That way, the machine can't get infected.

  5. This is like Samsung saying... by mrsam · · Score: 5, Funny

    ... that the Galaxy Note 7 is the hottest phone of the year!

  6. It's not secure at all by RandomSurfer314 · · Score: 5, Insightful

    If it was secure, I could control which outside servers the operating system contacts and what information it sends to them. An operating system for which you cannot even control where it connects to is insecure by definition.

    It connects to more than a hundred outside servers Microsoft refuses to publish a complete list of these places and what data it exactly transmits, so it is also practically impossible for the end user to reliably distinguish Microsoft traffic from trojan horses and malware. It's ridiculous to call that secure.

  7. Vendor security better than mom security by sjbe · · Score: 5, Insightful

    Security that the USER cannot control is not what **i** would call a selling point

    A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea. Microsoft can do a better job of it than my mother can. (yes I know... stop snickering) The VAST majority of users don't have the foggiest idea how to properly secure their computers nor any meaningful interest in learning. Having the option of user control for those with the ability is a good idea but probably not a good default for most users. Microsoft may not do a great job but they'll probably do a better job than the majority of users (which is kind of a sad commentary but it is reality). It only is a problem if they deny competent users the ability to control security when the need arises.

    1. Re:Vendor security better than mom security by Ol+Olsoc · · Score: 3, Interesting

      Security that the USER cannot control is not what **i** would call a selling point

      A fine stance if you are a a technically competent IT pro or equivalent.

      Because security is soooooooo hard!

      What we have here is people trying to claim to have it both ways. The "most secure Windows ever" still requires a lot of security updates, which means it really isn't all that secure. As well, thre are two parts to any security updates. One is making the computer more secure. The second is having the computer work after the update.

      Nothing like the secure aspect of a computer in endless reboot mode. Nothing like being powerless to do anything about it

      I guess.

      Microsoft's biggest failure in W10 was the Bohica update idea. Microsoft has always had problems with updates. I made a good part of my living by figuring out and repairing what they bitched up every month.

      And W10 is no different - you just have no choice but to bend over and take it.

      And having a working computer is as important as having one that is secure.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Vendor security better than mom security by nine-times · · Score: 4, Interesting

      A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea.

      Let's assume that's true. It doesn't follow that 99+% of computers aren't managed by people who are competent. A lot of those users are using computers that are managed by IT departments, and Microsoft is taking control away from those IT departments.

      I would 100% endorse Microsoft trying to set sensible defaults, and hiding complex or dangerous controls in the registry where those incompetent users won't be able to find them. The controls should still exist somewhere.

    3. Re:Vendor security better than mom security by tepples · · Score: 2

      Relegating everybody other than experienced system administrators to devices running a single-window GUI with no automation would create an even bigger divide between those with the tools to create works of authorship and those who can only view works created by others. This divide chills speech.

    4. Re:Vendor security better than mom security by Rick+Schumann · · Score: 3, Insightful

      See, the problem here isn't the authoritarian dictatorship attitude of MS about updates, it's the spyware they force on users, even of older versions of Windows, and forcing Win10 on people through various ruses. You're assuming MS has the best interests of the end users at heart, when clearly, through their actions, they do not; they're more interested in ensuring their revenue stream, and what the users want is not particularly relevant to them. How can you trust a company that clearly doesn't listen and doesn't care about your rights?

  8. Security is an historical function, not marketing by bguthro · · Score: 2

    How secure this version of Windows is can only be determined after-the-fact.
    Once a year goes by, and security researchers have sunk in their teeth, can we really determine how good the initial threat model was.

    "The most secure version of windows" has been claimed for every release since Windows 98... and we know how that turned out.

  9. Re:Security is an historical function, not marketi by houghi · · Score: 4, Insightful

    "Most secure since" does not mean it is secure. Just that it is more secure thann what came before.

    Say on a scale of 1-100 that Win95 was 1 secure and Win98 was 2 secure and Win8 was 15 secure and this one is 16 secure, it is indeed the most secure one. Not secure, most secure.

    And that is all without knowing how the security is measured. Is the securety level stable over the lifespan, or does it decrease with time as more faults are found, or does it stay the same?

    So even though the claim is valid, it is also meaningless. It is like saying that the birthday girl is the oldest she ever was on her birthday. True, but useless info.

    --
    Don't fight for your country, if your country does not fight for you.
  10. Re:You know what's also secure? by Anonymous Coward · · Score: 2, Insightful

    You'll be modded down, but in all honesty I get about as much useful information from your post as I get from what Microsoft says about Microsoft's Windows security.

  11. "Most secure Windows" by willoughby · · Score: 2

    Isn't that something like "Best Mexican wine"?

  12. So, not that secure? by Karl+Cocknozzle · · Score: 4, Funny

    Saying something is "the most secure Windows ever" is roughly the equivalent of being the finest outdoor ice hockey player in Ecuador. That is to say, something which is only impressive out of context.

    --
    Who did what now?
  13. Wow. by Gr8Apes · · Score: 2

    I'm shocked that they cleared such a high hurdle!

    --
    The cesspool just got a check and balance.
  14. Re:Domain expertise by dwywit · · Score: 2

    My CEO once asked me why he wasn't a QSECOFR. I told him politely but bluntly that it wasn't a recommended practice for people who didn't know what they were doing to have such a level of access, that I had done the IBM courses on managing an AS400, and he hadn't.

    He was a bit taken aback, but my boss backed me up.

    Unfortunately at the next job the Analyst and the Programmer were QSECOFRs, and I couldn't convince my boss that was a bad thing.

    --
    They sentenced me to twenty years of boredom