Microsoft Says Vista Most Secure OS Ever 440
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
MS Airforce Attacks OpenBSD Leader, Servers (Score:5, Funny)
CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).
de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.
Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.
Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."
Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."
Black hat? (Score:4, Insightful)
Could someone explain the difference between the two so I can make sure I didnt screw up?
Re:Black hat? (Score:3, Funny)
Now that the blackhats have had a look at the source code, we had better pony up the money to buy that service or else....
Re:Black hat? (Score:2)
Re:Black hat? (Score:5, Insightful)
What would you think if an airport employed terrorists as security personnel because they know better what to look for?
Re:Black hat? (Score:3, Funny)
Sure, white hat hackers do it for glory and money. Black hat hackers do it for money and glory.
Oh balls!
Re:Black hat? (Score:2)
Typically, yes. But if you're Microsoft, trying to do everything you can to deal with a horrible reputation regarding the security of your software, it makes a hell of a lot of sense to go nuts and hire every crazy black-hat hacker willing to pen-test the OS for you. Remember, plenty of black-hats are just in it for the money, and for them, it probably makes a hell of a lot of sense to take a big
Re:Black hat? (Score:2)
Wouldn't make even mor
Re:Black hat? (Score:3, Insightful)
Yes it would.
Making this particular claim a:) a fundamental logic error made by the biggest manufacturer of software in the world, or b) a completely unbased and silly statement based upon marketing.
Funny thing is, this is the first time I've ever hoped for a Microsoft statement to be FUD.
Re:Black hat? (Score:3, Insightful)
A black hat also got a month's contract for the same duty. He ran the rootkit and found all the exploits on day one. Then he used the corporate network for gaming and DDOS for the rest of the days. A
Which just goes to prove... (Score:3, Funny)
The University of Alberta is in Edmonton.
Maybe true today, but (Score:5, Insightful)
As always, future history is yet to be written--although it tends to reflect and repeat the past.
No they are speaking the truth (Score:5, Interesting)
Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.
Re:Maybe true today, but (Score:2)
can't break what you can't see!! (Score:3, Insightful)
Re:can't break what you can't see!! (Score:4, Funny)
The Slashdot Criteria (Score:5, Interesting)
Re:The Slashdot Criteria (Score:2)
More pageviews means more money.
And it worked on both of us!
Although, I suspect that the editors just want to read the +5 funnies
Re:The Slashdot Criteria (Score:2)
Re:The Slashdot Criteria (Score:5, Funny)
Or, as in this case, any story with a headline that will start an instant flame war.
Hey, it works for Dvorak. Why shouldn't it work for Slashdot? ;-)
OK MS, put a naked Vista box on the Internet (Score:2)
Re:OK MS, put a naked Vista box on the Internet (Score:2)
*laughs* (Score:2)
I'll believe it when I see it (Score:2)
Meanwhile... (Score:4, Insightful)
Re:Meanwhile... (Score:2)
Microsoft (Score:3, Insightful)
1) The OS is not used by anyone when the "most secure" sentence was released.
2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).
Comment removed (Score:4, Insightful)
Re:Depends on the definition. (Score:3, Insightful)
Secure against whom?
KFG
Comment removed (Score:5, Interesting)
Well, I suppose in the end, it *is* secure... (Score:5, Funny)
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*
*launches Internet Exploiter*
"You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
*clicks "Yes"*
"Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess your computer up! Are you absolutely sure you want to connect to the internet?"
*clicks "Yes"*
"Oooooh, sorry - you don't have sufficient privileges to connect to the internet. Contact your Administrator or type your Administrator password now."
*types password*
*connects to internet*
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*clicks "Yes."
"You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
*sighs* *clicks "Yes"*
*beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
*kicks computer*
*installs Linux/BSD or buys Mac*
VERY secure, indeed.
Re:Well, I suppose in the end, it *is* secure... (Score:3, Informative)
Re:Well, I suppose in the end, it *is* secure... (Score:3, Funny)
Yeah - I was going to go boot it up and copy the actual text in the ultra-annoying, constant stream of "As a user, you're too stupid to understand security. We need to ask you every question in existance about every OS function to ensure to completely understa
Re:Well, I suppose in the end, it *is* secure... (Score:3, Funny)
Re:Well, I suppose in the end, it *is* secure... (Score:3, Interesting)
*insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*
When autorun is turn off for all removable media, and can only be turned on with an administrator password, and there is no override for "special DRM encoded media", then I will believe that MS is concerned about security. U
Acronyms (Score:5, Interesting)
I noticed in this article that they're treading on our acronyms.
SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?
RMS - Rights Management Something
This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor [linuxvirus.net], or is a complete prick. I really doubt that this was accidental.
It's superficial, but I think both examples are very symbolic.
Nothing new (Score:3, Interesting)
That's okay. Nobody else does, either.
Re:Acronyms (Score:5, Interesting)
I'm sorry, but rms has meant "root-mean-square" to me for about 15 years, or roughly 8 years longer than I've known about GNU or Linux, and it's meant that to mathematicians for a lot, lot longer than that.
Since when does anyone "own" an acronym? Talk about overly touchy...
Re:Acronyms (Score:4, Funny)
In the case of MS-DOS, both.
Hold The Font Page! (Score:5, Funny)
Re:Hold The Font Page! (Score:2, Funny)
"We hope it's more secure than XP, but we'll just have to wait and see."?
Re:Hold The Font Page! (Score:2)
Re:Hold The Font Page! (Score:3, Insightful)
I seem to recall that Dave Barry had a good line that would extend well to this case:
'...Windows XP, which according to everybody is the "most reliable Windows
ever." To me, this is like saying that asparagus is "the most articulate
vegetable ever."'
Microsoft claims on Vista... (Score:2)
Damn formatting... (Score:3, Interesting)
Let's count the kinds of attacks that have existed in the past:
Bad daemon/service design allowing for root control through the service itself remotely
Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
Bad port use allowing for access to stuff that should be off by default
Bad user permissions control requiring everyone who actually want to do something to have local admin access
Bad
Most secure in what configuration? (Score:2)
Second, it is empirically accurate to state that no one has complete, a priori knowledge of bugs in a reasonably complex piece of software, some of which could lead to exploit conditions.
Third, is it even theoretically possible to have a priori knowledge of such bugs given a system of sufficient complexity?
This doesn't work. (Score:2, Informative)
If you want security, use Windows 95... A crashed computer is incredibly secure - far more secure than Vista.
Re:This doesn't work. (Score:4, Funny)
Combined.
This is laughable (Score:3, Insightful)
Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.
Re:This is laughable (Score:2)
While I am not defending Vista I would like to think that MS has enough forethought to submit their new OS to attacks of various natures. I doubt any large software house lets a product go to market without submitting it to the rough and tumbles of a simulated user environment.
In the end I also think that Windows (W2K and XP that is) is fairly safe and stable while you pay at
Re:This is laughable (Score:2)
I'm sure you are right. And if they were to say, "We have subjected Vista to more security checks and tests than any previous OS", I would probably accept that as fact. They do list many features that MIGHT enhance security. But
Re:This is laughable (Score:5, Insightful)
It's bad enough to be prompted every 15 minutes for a restart after I've installed updates, EVEN IF I AM IN THE MIDDLE OF SOMETHING. Yes, Windows will pull me out of full-screen just to tell me that it has finished installing updates. To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy. Piss people off enough so that they never use your OS.
That kind of treat-you-like-you're-stupid shit is what makes me dread installing updates. I dont give a shit that I need to restart to install updates. Windows has waited for weeks for me to restart, and I dont need the constant nagging while it's waiting. Let me know when Vista has had its obligatory "dont treat me like I'm a mindless twat computer user" update. Then I'll get it.
Bwaaa ha ha ha ha!! (Score:2)
Microsoft will repeat the security message in the media until most people believe it. Meanwhile I'll still have plenty of work babysitting their products and buying security software to use on top of their "secure" software.
Uh oh (Score:2)
It's like handing software to QA and saying "I've got all the bugs out this time."
Pass the linctus (Score:3, Informative)
Sorry about that. Did someone say Microsoft thinks they've got "t3h m0st s3cur3 05 ev4r lollll!!!!1111" or something?!
Vista most secure ever. (Score:2)
Simply amazing.
Similar Headlines (Score:5, Funny)
* White Star Lines Pronounces Titanic "Unsinkable"
* Hindenburg Safest Way To Fly
* Ford Pinto Named Safest Car For 1973
Well of course (Score:2)
Secure for me! (Score:2)
Can't get much more secure than that...
Seriously, though, the drive really is unreadable. Don't know if Vista managed to kill it (how?!?!) or if it's just a strange coincidence.
Yeah, yeah, yeah (Score:2, Interesting)
Would you stop already. Always the best and revolutionary like never before.
Life will show that nothing really changed, except Microsoft coffins getting bigger
Re:Yeah, yeah, yeah (Score:2)
Employed black hat hackers??? (Score:2, Insightful)
Black hat?? Come on guys. (Score:5, Informative)
By definition, if you employ hackers to test an operating system, they are NOT "black hat" hackers - they are, at best, "grey hat" hackers.
Definition from Wikipedia [wikipedia.org]:
Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction.
Open BSD users everywhere... (Score:2, Funny)
Re:Open BSD users everywhere... (Score:5, Funny)
Yeah (Score:2)
funny... (Score:2)
I declare the Vega class starship the fastest ever (Score:5, Funny)
And it's not shipping yet either.
Employ in what sense? (Score:2)
Is Microsoft saying that they actually handed over money, got sentences reduced, or somehow offered compensation to the black hat hackers t
Just FYI (Score:2, Informative)
Re:Just FYI (Score:2)
Further, why "penetration test team" or "pen test team"? The latter sounds like they work in an animation studio. If Microsoft is hiring them and still calls them "black hat hackers", why not go all the way and make it clear to everyone what they think of them by calling them a more widely known and inflammatory term, such as "rape gang"?
My OS is just as Secure ... (Score:3, Funny)
... and you will be able to run it in five minutes.
Five minutes pass.
GOTO LINE 1.
trs-80 is more secure, I think (Score:2)
there you go - security by lack of clock speed. (has that ever been done before?)
"most secure os ever". pffft! anyone who would believe this deserves to run --(xp++)
And thus the security trap is sprung! (Score:2)
So, in other words... (Score:2)
Meanwhile...
"I'll pay you guys one-hundred dollars each if you pretend to be script kiddies."
"Two-hundred."
"Deal."
No OS is secure enough (Score:2, Insightful)
Or maybe it's just a bug (Score:2)
And... (Score:2, Funny)
Carrot Top is funny,
Cigerettes don't cause cancer,
Irac had weapons of mass destruction,
George Bush is listening to your phone calls to make you safe.
No NT 4 and Windows2k are the most secure OS's (Score:3, Funny)
So until holes appear in either platform I think we can trust Microsoft when they say something is secure. After all I never heard of a single security hole in WindowsXP or IIS or any server product from MS. Have you?
In Similar News... (Score:5, Funny)
3D Realms gave a presentation of the all the features that will help Duke keep the number one spot in the market. It also outlined the TV channel, movies series and theme park spun from the elements of the game.
Check it out! [wikipedia.org]
Mod the entire article as +5 Funny and move on... (Score:2, Insightful)
It is (Score:2)
MS just left off the "Because no one is using it yet".
Pales in comparison (Score:2)
Tommy Boy (Score:3, Insightful)
For some reason, MS saying that makes me think of that line...
(Sorry if I butchered it a bit).
Secure? (Score:3, Insightful)
But I would never, ever, ever utter the words Vista, OpenBSD, and security in the same sentence in a positive tone.
Trusted Solaris (Score:3, Interesting)
bummer of a birth mark... (Score:5, Insightful)
From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."
It's True! (Score:5, Funny)
Tip: You must update to latest cvs of rdesktop, something about key size.
Re:It's True! (Score:3, Insightful)
If this is true (I don't have a machine infected^W with Vista to test it against) that's an instant denial-of-service attack for you. Better still, there may be a way to get a shell on the Vista server under the priviledges of the user that started the RDP session ... So much for checking all interfaces parsing through incoming data to check for overflows or ba
Re:Microsoft + Stupid Claims = ... (Score:4, Funny)
Of course it's the most secure OS ever. No one can compromise an OS that hasn't even been released yet.
Re:Microsoft + Stupid Claims = ... (Score:5, Informative)
They haven't told us about any exploits they've found, but some crackers hold their exploit until the day of release and use it on retail, instead of beta. This allows them a '0-day release' that would be impossible otherwise for something with this much 'security'.
Re:Microsoft + Stupid Claims = ... (Score:5, Insightful)
Honestly, I think Vista is their Titanic and they just solidified this feeling by claiming that it's 'unsinkable'
Ahoy! Iceberg ahead...
Microsoft + Stupid Claims = ... (Score:5, Funny)
Re:Microsoft + Stupid Claims = ... (Score:2)
Compromise? Yeah, they can. Simply by releasing it.
Re:Microsoft + Stupid Claims = PROFITS! (Score:3, Insightful)
If you read TFA, you'll see the phrase 'the most secure operating system in the industry' is similar to what auto makers use. Ford or Toyota never says 'Our car is the best'. They say 'The Toyota Newsupercar is best in its class', which of course means the class is limited to all vehicles that are the same year, color, size, weight, manufacturer, and model as the Toyota Newsupercar.
The 'in the industry' is most
Exactly... (Score:3, Informative)
Exactly... just like this one. [wikipedia.org]
Re:Microsoft + Stupid Claims = ... (Score:5, Funny)
1. They made PR claims about
2. Based on 1. only Windows exist.
3. MS was bitching about computer without OS, meaning Linux and others in their eyes are not OS
4. Based on 4. Windows is the only OS
5. So this will be most secure Windows ever.
6. In MS eyes 2. and 4. equals to most secure OS ever.
Re:Hackers? (Score:3, Interesting)
Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile,
Re:Hackers? (Score:3, Interesting)
White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.
People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"
Re:until (Score:2)