Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Talks Back To Google's Security Claims

samzenpus posted more than 4 years ago | from the smack-talking dept.

Google 528

Kilrah_il writes "Yesterday there was a piece about Google ditching Windows for internal use because of security concerns. Now Microsoft is fighting back, claiming its products are the most secure — more than Google's and Apple's. 'When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'"

cancel ×

528 comments

Some Helpful Advise (5, Insightful)

eldavojohn (898314) | more than 4 years ago | (#32438608)

When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else.

Hint: Your worst nightmares do not have open jovial dialogues with you. And if they did communicate with you or offer you a score card or report, they would want you to feel as though you are completely safe -- totally unaware and unprepared for what you may face.

You've come a long way, Microsoft, but you have much much further to go. If you measure security by percentage increase in security then the evolution from Windows 95 to Windows 7 is nigh impassable. But that in no way means you're number one in the security scores. Run your marketing campaign with setting the "facts" straight but people like me know. With what little (journalistic) evidence you presented, there's no way I can build a conclusion that backs up your statement. And there's no way around that. It would better prepare you to look into the several thousand anecdotes found daily [krebsonsecurity.com] revealing the issues with Windows and Internet Explorer.

Re:Some Helpful Advise (4, Funny)

onionman (975962) | more than 4 years ago | (#32438658)

Microsoft's products are completely secure!! Completely! You don't even need to bother with any more security "research". In fact, I've even seen Bruce Schneier running Windows on his laptop, so it's completely safe!!

Re:Some Helpful Advise (1)

negRo_slim (636783) | more than 4 years ago | (#32438686)

No one argues they are fool proof the point is merely that Microsoft ships a more secure product than most of it's competitors.

Re:Some Helpful Advise (2, Insightful)

DavidR1991 (1047748) | more than 4 years ago | (#32438736)

I love the weasel words that come out in these kinds of discussions. "Most" - what is "most"? One competitor? (Maybe, Apple?). Because it certainly does not include (on an OS level) Linux, BSDs etc. Heck I'd be surprised if you could say definitively that MS trumps Google (I certainly don't think that's the case)

Re:Some Helpful Advise (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32439132)

linux isn't a competitor.

Re:Some Helpful Advise (2, Insightful)

jbeach (852844) | more than 4 years ago | (#32439202)

I personally would doubt they're even more secure than Apple. I can't recall the last time Macs around the world were taken out by some virus. Ditto for botnet infections.

Re:Some Helpful Advise (1)

Romancer (19668) | more than 4 years ago | (#32439192)

Microsoft ships a more secure product than most of it's competitors.

Name one.

Then back it up with more than a general feeling and you've got a point to make. Otherwise your comments are useless.

Re:Some Helpful Advise (3, Funny)

Anonymous Coward | more than 4 years ago | (#32439272)

I have owned several Microsoft mice and not has ever been compromised!

Re:Some Helpful Advise (1)

FuckingNickName (1362625) | more than 4 years ago | (#32438678)

That's a story about using your kid's unmanaged Windows PC for the first time to manage your finances.

MS security record is far less than impressive, but that's an awesome case of PEBCAK.

[OT]Oh god, I need to sleep but I keep getting given things to do. My fault for wasting half the afternoon on /..[/OT]

Both have problems (1, Insightful)

kvillaca (1276120) | more than 4 years ago | (#32438786)

I don't like MS, though the truth is that with this last Windows, they are really more secure than others SO's, if you guys pay attention in the hacker championship, that one the gives a prize for the fastest hacker that invade one system, the fast invasion happens into Mac OS X, then Linux and Windows for last. Of course as Windows has more platforms spread than any other OS, it's the target number one. However, I don't like the Google politics, because even the browser with or without privacy enable, they always will receive some data from you. If exist one big brother world wide, Google is this one, and don't thing that it will get better, because will not.

Re:Both have problems (4, Insightful)

hedwards (940851) | more than 4 years ago | (#32438918)

Hmm, I must've missed MS beating out OpenBSD for security.

Re:Both have problems (2, Insightful)

dclozier (1002772) | more than 4 years ago | (#32438956)

I always figured they hacked the prize they valued most and that's why Windows was on the bottom of the list.

Re:Both have problems (2, Interesting)

bryan1945 (301828) | more than 4 years ago | (#32438984)

The latest results I could find was from 2006. Do you have a link to a new competition?

Re:Both have problems (4, Informative)

butalearner (1235200) | more than 4 years ago | (#32439100)

I don't like MS, though the truth is that with this last Windows, they are really more secure than others SO's, if you guys pay attention in the hacker championship, that one the gives a prize for the fastest hacker that invade one system, the fast invasion happens into Mac OS X, then Linux and Windows for last.

Oh, you mean Pwn2Own? 2010? Nope, Linux not tested. 2009? Nope, not tested. 2008? Can't be, the Sony Vaio running Ubuntu was never cracked [tippingpoint.com] .

Anybody got results from 2007 or earlier? I can't find them.

Re:Some Helpful Advise (2, Insightful)

Omega Hacker (6676) | more than 4 years ago | (#32439112)

Even more interesting is that the "hacker" is comparing Microsoft to Adobe and Apple. Adobe is an *applications* vendor, which has no bearing on the OS security discussion. Apple has engineered a far more secure product from the ground up, being based roughly on OpenBSD et al, thus they have far fewer security holes in the first place. Not to mention he's talking about their internal processes, and not the results or the need for the process in the first place.

Yeah, claim to be more secure than Apple is a joke (1)

jbeach (852844) | more than 4 years ago | (#32439222)

Someone else can prove me wrong here, but I've never known a Mac to be susceptible to botnet infection, as only one example.

Re:Yeah, claim to be more secure than Apple is a j (0)

Anonymous Coward | more than 4 years ago | (#32439278)

Someone else can prove me wrong here, but I've never known a Mac to be susceptible to botnet infection, as only one example.

iBotnet. [zdnet.com] At least first try a basic google search....

Re:Some Helpful Advise (1)

ma1wrbu5tr (1066262) | more than 4 years ago | (#32439190)

But, they are making great strides.
Just a few months ago, they completely secured thousands of PCs, making them "unhackable" (and unbootable, LOL).
https://patrickwbarnes.com/blog/2010/02/microsoft-update-kb977165-triggering-widespread-bsod/ [patrickwbarnes.com]
When Microsoft can properly secure the OS at the kernel level, then I'll start taking those statements a little more seriously.

ROFL? (3, Insightful)

snowboardin159 (1744212) | more than 4 years ago | (#32438648)

can i be the first to just say... ROFL

Re:ROFL? (1)

ma1wrbu5tr (1066262) | more than 4 years ago | (#32439300)

I would have beat you to it, but I had to clean Mt. Dew off my keyboard, desk, and both of my monitors after I sprayed it everywhere upon reading the article.

Security? (5, Insightful)

WahCheng (1543195) | more than 4 years ago | (#32438656)

Security is NOT about patching holes, a system must be designed from the ground up to be secure. Doze and it's predecessors were NEVER designed this way. Mind you, it's created one hell of an industry patching holes.

Re:Security? (2, Insightful)

hedwards (940851) | more than 4 years ago | (#32438684)

That's just the thing, investment is one thing, but what has been their return on investment in terms of security? Are they really getting their moneys worth out of it, or are they just throwing it down a hole like they've been doing on IE. It's not just the investment it's the stupid ideas that they've failed to kill, most notably activex and the tight integration into the OS.

Re:Security? (0, Flamebait)

negRo_slim (636783) | more than 4 years ago | (#32438754)

Security is NOT about patching holes, a system must be designed from the ground up to be secure. Doze and it's predecessors were NEVER designed this way. Mind you, it's created one hell of an industry patching holes.

Coming from the guy with years of programming experience in the industry and is obviously an expert on Windows' inner workings as well as methodology practiced internally at Microsoft.

Re:Security? (4, Insightful)

hedwards (940851) | more than 4 years ago | (#32438886)

A shill's a shill. UAC in vista was more or less completely worthless because it was so intrusive that nearly everybody turned it off. Patch Tuesday is not the definition of prompt security updates. The permission system they use has gotten a lot better over the years, but it's absolutely inexcusable that Windows XP was allowed to ship without a proper security model. Yes, that's kind of an old OS, but it is still heavily used in the Windows world and it did ship at a time when proper security models dating back decades before indicated that running everything as admin was bad. Technically you didn't have to, it's just to get any work done at all you had to be.

Some of these things MS has fixed, but most of it is just whitewash. The internet was never something they planned for. And it took them a really long time to even consider stopping to just fix things properly. Sure they may spend more time and money on security than the competition, but is it being productive. The actual effect is what's important, not the amount of resources.

Re:Security? (5, Insightful)

MrEricSir (398214) | more than 4 years ago | (#32438762)

They've added a lot of security. For example, when I debug an application on Windows 7, I have to click four dialog boxes instead of just one. If that isn't real security, I don't know what is.

Re:Security? (5, Funny)

WrongSizeGlass (838941) | more than 4 years ago | (#32438976)

They've added a lot of security. For example, when I debug an application on Windows 7, I have to click four dialog boxes instead of just one. If that isn't real security, I don't know what is.

Well, four is greater than one. A car has four wheels and a unicycle only has one. A car is more secure than a unicycle. In fact, in a collision between a car and a unicycle the passenger(s) in the car will always be safer - even if the car isn't moving. Based on the preceding car analogy I can confidently declare Windows 7 is more secure than a unicycle.

Re:Security? (0)

Anonymous Coward | more than 4 years ago | (#32439062)

Well, four is greater than one. A car has four wheels and a unicycle only has one.

My car must be more secure than yours because it has a steering wheel.

Re:Security? (3, Insightful)

Barny (103770) | more than 4 years ago | (#32438788)

This is the total point, it shouldn't matter if your apps have holes in them or not (although "not" would be best), they should never have the kind of privileges that allow things to take over (do a little search for "smitfraud" and you will understand what I mean).

They seemed to be going top-down for a long time, when only now are they starting to realise that sandboxing (UAC) the user from the OS is a good idea, not the best, not 100%, but they are almost on the cusp of "getting it" at last :)

Re:Security? (2, Insightful)

edelbrp (62429) | more than 4 years ago | (#32439136)

True.

One argument that seems to come up over and over again when the topic of security comes up is that Windows is targeted because it's more popular. The fact is that modern networked equipment, from routers to printers to VoIP gateways, to gaming consoles, to cable modems, to smart phones, etc. run an OS with a network stack. Often many of these devices go for years without patches. I would argue that there are more non-Windows based networked computing devices than Windows PCs. I would also argue that hackers would love to sink their teeth into all those identical game consoles and other devices so they can skim CC #s and do the usual botnet activities of spam and DoS attacks.

Yet, it's rare that we hear of an exploit for those devices, while at the same time, it's so common to have a Windows computer get infected with something that it's almost considered a normal occurrence. From one point of view, it could be seen that Windows PCs have more general utility and therefore more security risks, particularly for attacks that rely on the user to do something to enable the attack. But, on the flip side, lots of identical appliances only need one attack vector to make them all susceptible and they are less likely to have the ability to phone home for security updates.

Microsoft's track record is horrible, and it's complicated by the fact that they not only make it a hassle to get updates, but there's often little incentive in the way of new features or assurance that it won't break something. Window's security problems may also stem from the history of the OS not putting a priority on networking and therefore, security (remember Bill saying the Internet was a fab and just a home-shoplifting-network?).

Re:Security? (0)

Anonymous Coward | more than 4 years ago | (#32439152)

That does not exist, by design software has flaws - human design of million lines.

Security is many things, and most experts call it a process. Not only being updated, patching un-evitable holes, making logic barriers (be it a firewall or a role based system, or more secure systems like Plan 9, etc.)

Often, issues also happen because of configuration, user's stupidity, etc. You can just say "they're just doing it wrong, snap fingers magic and it's designed super secure!"

Anyway.. Microsoft does work on Singularity which is C# based and thus has features designed from the ground up to be secure. That is, the most sensible part of operating system is memory. Most "real" exploits are just about manipulating memory by tricking programs into it. This is difficult with managed code.
No worries tho, anything human make, human can break :P

Re:Security? (1)

Yvanhoe (564877) | more than 4 years ago | (#32439178)

I would believe that Microsoft spends more on security than any other software company. Problem is, they take security as a separate issue from software design. I mean, without Microsoft, the whole antivirus field would not even exist. Of course they are spending more than anyone. They also are making other people waste money on security more than anyone

Re:Security? (1)

buchner.johannes (1139593) | more than 4 years ago | (#32439262)

The response from Microsoft is half-hearted at best. They don't even bother to claim that their systems are most secure, look at the post on how it emphasizes only the efforts into building secure systems, not the results. Sisyphos also put a lot of effort into his work.

The blog post also doesn't claim that Macs are less secure than Windows OS: They just reference articles that say Malware is coming to Macs now too.

The referenced study only shows one graph (Malware detection in IE8), so it is weak evidence of a whole picture.

They can play this game until someone finally comes up with a neutral, objective standard for measuring security -- such as impact-weighted bug report counts for example. Both the security industry and Microsoft will have to do better.

Re:Security? (1)

blair1q (305137) | more than 4 years ago | (#32439318)

Nor was Mac.

Nor was Unix (file permissions are not a software-security system).

Not even Linux is pure.

Cisco (5, Interesting)

abigor (540274) | more than 4 years ago | (#32438668)

Well, I can tell you right now that a lot of Cisco's engineers use Macs, and server-side it's Linux. That said, I imagine Cisco management, marketing, etc. are mostly Windows-based.

Re:Cisco (5, Insightful)

ThePhilips (752041) | more than 4 years ago | (#32438832)

That resonates with my own reading of the quote: all companies who are on the receiving end of M$' security investments praise the investor.

And obviously anti-virus companies would tell that Windows is better: without the swiss cheese OS they would be out of job.

Re:Cisco (1)

woboyle (1044168) | more than 4 years ago | (#32439286)

Not to mention that Cisco's most secure IOS operating system is an OEM version of QNX. No Windoze there...

Microsoft? (5, Funny)

Anonymous Coward | more than 4 years ago | (#32438672)

Secure products?

Crap.... woke up in the wrong universe again.. I hate when that happens.

Re:Microsoft? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32438758)

Thank you for explaining what the hell is going on today. I was beginning to think of going out and buying the latest version of Tin Foil Hat, because I seem to have displaced mine. But waking up in the wrong universe again explains everything!

Awwwwwww, crap! (1)

LifesABeach (234436) | more than 4 years ago | (#32438692)

I just sprayed coffee all over my keyboard. I guess Bill is going to try stand-up comedy now? He's got a great prop, "Clippy"

Re:Awwwwwww, crap! (3, Funny)

Barny (103770) | more than 4 years ago | (#32438820)

Damn you, now i sprayed my tea all over my keyboard with the image of Steve doing a ventriloquist act with a puppet of clippy :) (since bill doesn't work there any more)

Waitaminit, which Steve? (1)

zooblethorpe (686757) | more than 4 years ago | (#32438882)

I had the wrong Steve in mind, making for a very different "Hi, I'm a Mac" commercial...

Cheers,

That guy doesn't understand what irony means (1)

DavidR1991 (1047748) | more than 4 years ago | (#32438696)

In a rough sense, irony means a contradiction. In which case, can someone please explain how this:

"There is some irony here that is hard to overlook. For starters, check out this story from Mashable a few months ago where it was reported that Yale University had halted their move to Gmail (and their move to Google’s Google Apps for Education package) citing both security and privacy concerns."

makes sense as a comparison, let alone counts as irony/ironic? What the hell is ironic here?

The fact Google is moving away from MS citing security concerns, and something else citing Google security concerns is not any kind of a contradiction as far as I can see.

Re:That guy doesn't understand what irony means (0)

Anonymous Coward | more than 4 years ago | (#32439118)

Irony != contradiction. You said it yourself, "in a rough sense", so you can't just swap terms.

Re:That guy doesn't understand what irony means (1)

spazdor (902907) | more than 4 years ago | (#32439146)

Come to think of it, maybe Yale backed out of the Gmail deal because Google staff were running Windows.

Hackers (0)

0123456 (636235) | more than 4 years ago | (#32438700)

"even hackers admit we're doing a better job making our products more secure than anyone else"

It's much easier to make your products more secure when they start out as a huge mass of security holes than when they're already secure by design; fixing a hundred Windows security bugs probably takes less time than finding a single Linux security bug.

what did the Chinese hackers bypass? (0)

Anonymous Coward | more than 4 years ago | (#32438712)

I'm wondering what "secure" OS the Chinese hackers got past just before Google started its spat with the Chinese government.

Focus and Investment (5, Insightful)

Weaselmancer (533834) | more than 4 years ago | (#32438722)

Nice zero content marketingspeak there:

"...third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."

Focus and investment. Notice "results" aren't on that list.

As a side note, I'd also like to add that lately BP has had a huge focus and investment on cleaning up oil spills. More so than any other oil company. But still - nobody loves them this week. Wonder why?

Re:Focus and Investment (1)

newdsfornerds (899401) | more than 4 years ago | (#32439174)

I salute you, my fellow spelling enforcer. "Rediculous" is one of my pet peeves. And yeah, screw Microsoft right in the neck.

Re:Focus and Investment (4, Funny)

grcumb (781340) | more than 4 years ago | (#32439188)

Nice zero content marketingspeak there:

"...third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."

Focus and investment. Notice "results" aren't on that list.

SECURITY ANALYST: WTF? You invest billions and billions of dollars trying to fix your software, and this is the best you can do? Christ on a kebab, man! Do your developers even know how to tie their own shoelaces? What do they do, sit their slack-jawed at their desks all day, watching the grass die on their Farmville plots and pissing their pants because they can't even remember where the toilet is?

MS MARKETING PERSON: sotto voce Hmmm, billions spent... developers unable to leave desks... Ah!
[WRITING] "industry leaders tell us regularly that our focus and investment continues to surpass others."

Microsoft products are the most secure? (3, Insightful)

morgan_greywolf (835522) | more than 4 years ago | (#32438734)

Microsoft has come a long, long way in security, yes, that's true. But the most secure? No way. Not compared to systems designed around security from the ground up like OpenBSD or a security-hardened Linux distro with SELinux and the like. I really like the progress that Microsoft has made, and Windows 7 is much improved over previous Windows versions, but if I want a system that's truly secure, it's not a system I'm likely to pick.

Microsoft products are the most secure lawnmowers (5, Interesting)

davecb (6526) | more than 4 years ago | (#32439094)

Poor chaps, they can only make a "c2" grade in the old orange-book (U.S.Department of Defense) grading by removing the networking, while a mainline Linux distro hits b1 (courtesy of the CIA).

--dave

Direct from Baghdad! (1)

Drunkulus (920976) | more than 4 years ago | (#32438742)

Good to see that the former Iraqi Information Minister has a new job.

2 quotes (1)

snowboardin159 (1744212) | more than 4 years ago | (#32438746)

2 quotes come to mind From TFA: "all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows" and "On the bright side, though, the owner’s wife now has a new Mac.” Really great pro?-windows article

Hi, I'm a hacker... (5, Funny)

thestudio_bob (894258) | more than 4 years ago | (#32438750)

Hi, I'm a hacker and Windows 7 was my idea.

Re:Hi, I'm a hacker... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32438856)

When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else.

Let's parse that sentence...

At least two hackers have admitted that Microsoft is doing a better job of making their products more secure than anyone else is.

Translation: Microsoft does a better job of securing Microsoft products than third parties do.

So what Microsoft is really saying here is that some hackers believe that third party security products targeted at Microsoft products aren't as good as Microsoft's in-house security solutions. Way to sidestep the issue.

Re:Hi, I'm a hacker... (1)

morgan_greywolf (835522) | more than 4 years ago | (#32439264)

So what Microsoft is really saying here is that some hackers believe that third party security products targeted at Microsoft products aren't as good as Microsoft's in-house security solutions.

Yeah. Duh. Microsoft is a $200 billion company with an incentive to invest in improving the security of their own closed-source OS. Of course they're going to to do better than a 3rd-party company like McAfee or Symantec.

But that still doesn't mean they're doing better than other systems with security designed-in from day 1.

Re:Hi, I'm a hacker... (1)

future assassin (639396) | more than 4 years ago | (#32438892)

Best one line response I've read on /. in a long time. Someone please make a video with this line in it and post it on youtube or something.

Re:Hi, I'm a hacker... (1)

newdsfornerds (899401) | more than 4 years ago | (#32439198)

LOL!

Re:Hi, I'm a hacker... (0)

Anonymous Coward | more than 4 years ago | (#32439212)

Hi, I'm a hacker and I find Windows 7 a lot more secure than some other operating systems, like Mac OS X.
Making jokes about Microsoft is fun and all, but they're not as bad as you think

Re:Hi, I'm a hacker... (0)

Anonymous Coward | more than 4 years ago | (#32439248)

No, but he is funny and witty, while you are neither.

Keep saying it and one day it might stick (4, Insightful)

kaptink (699820) | more than 4 years ago | (#32438792)

All I know is that for more than ten years I made good money removing malware from Windows boxes. In all fairness tho Windows 7 is a much better effort at a secure OS but saying that 'hackers' are making such comments is just not all that believable. Any serious geek will tell you the long sorded history of windows and all its memorable virii, malware and hacks is nothing to be proud of but I guess if you start telling people what you want them to think and keep at it one day it will stick. I think a few statistics should set the record straight.

Re:Keep saying it and one day it might stick (2, Interesting)

dave562 (969951) | more than 4 years ago | (#32438878)

Any serious geek will tell you the long sorded history of windows and all its memorable virii, malware and hacks...

Where are the equivalent virii in 2010? I remember Code Red and Slammer and the really malicious code that was raping any system stupid enough to expose 135/137 and 445 to the world. I don't remember any malware of that league in recent memory. The worst malware these days seems to be the AntiVirus 2010 and its related ilk. The malware itself is insidious and requires a pave and rebuild "just to be sure". The infection vector is the same old, same old mess of compromised websites and browser exploits. So in that regard Microsoft is getting better. Their software isn't getting owned two minutes after being connected to the internet. Like others have mentioned, they still have a long way to go.

I will believe that Microsoft has figured out secure software once they properly sandbox their browser and manage to prevent malicious code from breaking out of it to compromise the system. There is not any reason why visiting a webpage, either deliberately or through a redirect, should result in a compromised system.

Re:Keep saying it and one day it might stick (5, Insightful)

Dynedain (141758) | more than 4 years ago | (#32439002)

Where are the equivalent virii in 2010? I remember Code Red and Slammer and the really malicious code that was raping any system stupid enough to expose 135/137 and 445 to the world. I don't remember any malware of that league in recent memory.

That's because modern spyware is more focused on hijacking your machine to be part of distributed botnets. That means you don't want the user to realize the machine is compromised. As such, vandalism is less prominent in favor of the lucrative enterprise of selling access to the botnets.

Re:Keep saying it and one day it might stick (3, Interesting)

dave562 (969951) | more than 4 years ago | (#32439114)

You are right that the focus has changed. The infection vector has also changed. The old vectors don't work, or if they do the access to them has been mitigated on the client by the software firewall, and on the network permimeter by hardware firewalls. The operating system has been hardened to the point that most of the exploits are targetting applications. That is an improvement. Once they figure out how to properly sandbox the applications, the entire system will become more stable. Whether or not Microsoft is really up to the task is debatable.

Re:Keep saying it and one day it might stick (1)

spazdor (902907) | more than 4 years ago | (#32439170)

Where are the equivalent virii in 2010?

Storm.

Re:Keep saying it and one day it might stick (1)

RobbieCrash (834439) | more than 4 years ago | (#32439158)

Does the article state "Windows has always been the most secure everything, and we don't need to fix anything, we're awesome and hack proof?"

I believe it states, and I'm paraphrasing here, "We're doing more to help idiot users protect themselves than Apple is." Which is true.

Article after article has pointed out that Apple's security through obscurity model makes an unpatched Mac much less secure than an unpatched Windows box.

In five years, everyone will be talking about how vulnerable Macs are, and how you can't run an OSX box without just as much shit as you have to put on a Windows machine in order to be secure.

Weasel words... (1)

Ynot_82 (1023749) | more than 4 years ago | (#32438796)

If indeed "hackers admit [you're] doing a better job making [your] products more secure than anyone else"
then that just means your product is less secure in the first place, and you have to do more work to patch the holes

Other OS's need not put so much effort in on a release-by-release basis
the basic security of Unix was the there 35-40 years ago, and remains largely the same

Extra security features (SELinix, AppArmor, non-root-X, etc.) come along every so often
but agreed, no-one puts the sheer level of effort into security (largely in vain) as MS

Security claims (1)

DaMattster (977781) | more than 4 years ago | (#32438802)

Uh, yeah .... whatever. I'd say security has improved, albeit by a decent margin but it has a long way to go. I won't be convinced until Microsoft, Apple, and the Penguin can go toe to toe with OpenBSD. I have heard of would-be intruders performing OS fingerprinting, finding an OpenBSD machine, and moving on as if it is not even worth their time to try. If you need to protect a network, set up OpenBSD as your bastion host and you can rest easier at night.

Re:Security claims (0)

Anonymous Coward | more than 4 years ago | (#32439042)

Google's choice is about desktop systems, not protecting a network.

Uh huh (5, Interesting)

starfishsystems (834319) | more than 4 years ago | (#32438816)

Right. That's why there's no longer any market for third-party virus checking on the Windows platform.

And all those idiotic corporate restrictions on email attachments can go, too. That'll be a great relief, because right now I can't even attach a zipfile without Outlook complaining about it.

And those flashes of screen content that appear when I reconnect to a locked Remote Terminal session, those are just in my imagination. No information exposure there, any more. Good, cause that was really stupid. Wait, I'd better check. Nope, still there.

And those irritating and needless messages requesting permission after I've launched an Active Directory management window, those are gone too, right? Because now the system has finally caught up to the X Window System technology available back in 1993?

Oh, no. Actually, I just checked, and it hasn't.

Wow, Microsoft. I am impressed. You actually drank the kool-aid to prove that it was harmless. Except that it's not.

Re:Uh huh (1)

Sponge Bath (413667) | more than 4 years ago | (#32438926)

...idiotic corporate restrictions on email attachments

Amen! I've started having emails silently dropped by customer's email systems for having links in the email to driver downloads requested by the customer! The customer is usually unaware of the changing rules on incoming emails, so I get to troubleshoot it for them when they complain about a lack of response. I now break up any URL into a base on one line and a file on another line, but who knows how long that will work. In conclusion, I close my rant with "kill all spammers".

Re:Uh huh (1)

tsm_sf (545316) | more than 4 years ago | (#32439246)

Oh god. I just flashed back to a project where my client wanted to send opted-in emails to customers with AOL addresses...

You know the cleaning woman character [youtube.com] on Family Guy? The one who answers everything with "ehhh...no...."

Vista reinstall (5, Insightful)

NetNed (955141) | more than 4 years ago | (#32438826)

I did a reinstall on a Vista machine recently for a friend. 100+ windows critical updates later and it was done! Really, the install itself took a fraction of the time that all the updates took. I guess if security is measured in security updates, you win Microsoft. Now claim your paper hat that says "We Won!"

iPad (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32438862)

The iPad actually seems to be a perfect device for doing Banking. Mac/Windows or Linux - I am always scared when opening a browser and browsing to my bank's website. Who knows when and what got installed on the machine - even open source stuff sometimes has had malware (I forgot the name of the one where the author just emailed everyone's passwords to his mail account.)

Locked down device like the iPad is godsend - never install any apps and just use it for browsing and email. Feels much secure. (One only needs to worry about Apple - hopefully the disgruntled Foxconn employees don't go installing bad stuff on the iPads.)

You can hate me now - a) for bringing up the iPad and b) for being paranoid.

Re:iPad (1, Insightful)

MichaelSmith (789609) | more than 4 years ago | (#32438900)

On linux I can open a shell and go

rm -rf ~/.mozilla

Can I do that on an ipad?

Re:iPad (0)

Anonymous Coward | more than 4 years ago | (#32439010)

Why would you need to do that on an iPad? Just use it in factory condition only for browsing, email and the occasional PDF from trusted source.

Re:iPad (1)

spazdor (902907) | more than 4 years ago | (#32439238)

And if it ever ceases to be factory condition, that just means it's time to buy the next model up?

Re:iPad (1)

MikeFM (12491) | more than 4 years ago | (#32439204)

If you really want to. I dunno what it'll gain you. You can burn charcoal bricks in your bathtub for heat too but typically it's not a good idea just because it does something.

Funny how the Linux wannabes make the same pointless arguments about why their OS is better that Windows users did when we started pushing Linux. Something is different and doesn't have random program X so it sucks. Kids I was using a Linux desktop when you were in diapers and Unix before that so don't even try to sell me on your crap desktop environment. If anything the Linux desktop has been wandering in the desert all this time with no real idea where it is going.

Re:iPad (1)

larry bagina (561269) | more than 4 years ago | (#32439206)

You can also stick a cactus up your ass. Doesn't mean other people are interested.

Re:iPad (1)

MichaelSmith (789609) | more than 4 years ago | (#32439324)

My point is that a closed device will only provide specific workarounds for specific problems like "delete history" and "delete cookies" while an open device provides more options for privacy such as low level file deletion and chroot jails, so the open device should be more secure.

I have a guest account on my linux laptop for situations where I need to lend it to other people. I am not aware of such a facility on the ipad.

classic microsoft spin (1)

Michael Kristopeit (1751814) | more than 4 years ago | (#32438868)

When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else

when you're starting with the least secure, it's pretty easy to be the most "more secure".

polish up that turd, M$

Google is the competition.. (2, Insightful)

naelurec (552384) | more than 4 years ago | (#32438884)

Google is Microsoft's #1 competition right? Of course Microsoft wants Google to continue to use Windows.. not using Windows puts Google at an even further advantage.. its not like Microsoft can drop using Windows for its internal systems.

Focus and investment != results (4, Insightful)

Todd Knarr (15451) | more than 4 years ago | (#32438890)

Certainly Microsoft's focus and investment surpasses everyone else's. That's because it needs to simply to tread water. The problem is that most of Microsoft's security problems aren't bugs, they're design features of their system.

There's a quote from a boss: "I don't want the industrious guy who'll keep busy doing things over and over. I want the lazy guy who'll do it once, right, so he doesn't need to keep doing it over."

Really now? (0)

Anonymous Coward | more than 4 years ago | (#32438930)

Microsoft's popularity base in the consumer market certainly earns it a spot as the most targeted operating system.

I doubt that any amount of security updates will make it a secure enough operating system.
On the other hand, Google will have to do a lot of work in part to ensuring all software is usable, since Microsoft (incidentally) has a huge pool of resources all across the net.
All in all, I think it was inevitable. Microsoft corp. just needs to accept this fact, that security issues are a common occurrence in their operating systems.

Windows may be most secure... (1)

EmagGeek (574360) | more than 4 years ago | (#32439008)

... but from whom? The people on the Internet? Or, the people sitting behind the keyboard?

Sometimes I feel like it's the latter...

Damned by faint praise (1)

HangingChad (677530) | more than 4 years ago | (#32439024)

When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else.

Yeah, that's why the Google breach in China was traced to Windows exploits, because hackers always go after the strongest link in the chain.

I'd be the first one to admit Microsoft has come a long way on security. Vista and Windows 7 are better but you still won't catch me surfing the net with Windows or using it to access my bank account online or for anything that requires higher security. Windows gets to see Windows Update and updates for the few Windows only applications I run. That's it.

Microsoft Security Improvements (1)

DerKlempner (249063) | more than 4 years ago | (#32439092)

...making our products more secure than anyone else...
...our focus and investment continues to surpass others...

It's easy to be the best at these things when you're playing catch-up to everyone else.

Ahhh /. (1, Troll)

RobbieCrash (834439) | more than 4 years ago | (#32439104)

Again we refuse to admit that MS has done anything right, because they still have problems. Improvement doesn't matter, because they're not perfect yet.

Not like OSX, or Linux. No sir. Neither of those products have any security holes. It doesn't matter that OSX is the first system to fall in any form of hacking contest, or that there have been at least 15 articles on /. in the last 6 months talking about how piss poor OSX's security model is. Nope, Microsoft isn't perfect, therefore they have not fixed anything.

Re:Ahhh /. (1)

inode_buddha (576844) | more than 4 years ago | (#32439320)

As the old saying goes, "Those who fail to understand UNIX are doomed to re-invent it -- poorly." Attributed to Ken Thomson. And it seems to me that is exactly what MS has done over the last 15 years.

(*WINK, WINK*) (0)

Anonymous Coward | more than 4 years ago | (#32439128)

"Even hackers," he said, batting his left eyelid twice, "admit we're doing a better job making our products more secure than anyone else..."

However: (0)

Anonymous Coward | more than 4 years ago | (#32439134)

It doesn't matter how much perfume you put on a steaming pile of dung, it's still a steaming pile.

No, you! (1)

russlar (1122455) | more than 4 years ago | (#32439156)

Microsoft might as well have said "oh yeah? well, your mom!"

Complete that thought (0, Offtopic)

Rix (54095) | more than 4 years ago | (#32439164)

third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others. Because we pay them to do so.

Re:Complete that thought (1)

GourdCaptain (1169555) | more than 4 years ago | (#32439260)

I love how one of the things they are doing to improve security is "We highly recommend our customers enable Automatic Update to ensure they are protected from attacks." Okay, you improve the security in the product by recommending people use it safely. I'm impressed. Then again, they also claim that Parental Controls make it safer... The heck? This is about an enterprise company, not a family computer!

Re:Complete that thought (1)

blair1q (305137) | more than 4 years ago | (#32439292)

No, they say it because it's true.

But having to work harder at security and spend more on it doesn't mean you have it yet. It just means you have a bigger castle so you need a longer moat.

Users not Computers (0)

Anonymous Coward | more than 4 years ago | (#32439244)

Look every operating system has flaws. The bigger problem is the users and how they act not which OS is secure. I would bet a years salary that the windows machine compromised in China were pirated and hadn't been patched and also had a huge number of cracked software installed.

What does that mean? (1)

blair1q (305137) | more than 4 years ago | (#32439280)

Does it mean it's harder for a hacker to create a malware that will infect my machine, or that I am less likely to get malware?

Because I have no doubt the former is true. Because Microsoft is a fat target with a billion users, it has had tens of thousands of exploits thrown at it and has had to beef up its standards to fend off similar attacks.

But I have no doubt the latter is false. Because Microsoft is a fat target with a billion users, it is still the target of choice for the vast majority of exploits.

However, any other OS that claims I won't get hacked while using its system is utterly full of shit. Apple is egregiously baiting hackers by constantly reminding them that the reason they haven't had to improve security is that they've been targeted less often. Which means hackers can turn and apply low-grade exploits that haven't worked on a Windows box in years, and expect a hit.

As for Linux, the black-hats can just put their exploit in the distro and let us install it as a feature.

Seriously, all of these lamers can quit pretending they have a clue how to write secure software.

WTF? (1)

8127972 (73495) | more than 4 years ago | (#32439288)

"When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."

Hackers said that Microsoft is better at making their products more secure than anybody else? What about Charlie Miller the Pwn2Own winner who said pretty much the exact opposite? [tomshardware.com] I guess he doesn't count.

Apple is catching up (1)

AHuxley (892839) | more than 4 years ago | (#32439298)

They now have real malware with pretty pictures.
The end user still has to install the software, but its a move in the right direction.
How many more years until Apple desktop malware has the classic surf and own functionality?
http://blog.intego.com/2010/06/01/intego-security-alert-osxopinionspy-spyware-installed-by-freely-distributed-mac-applications/ [intego.com]
As for MS, they had how many years to secure a single users OS.
They finally started launching PR about it and seem to finally have packed some buzz word tech into the backend.
Great, but the damage was done, is been done and will be done until MS spends the cash to write a real OS.
They have the smart people, can reuse ideas from other OS ect.
Why is MS still so open around the world? They are not poor, distracted, have security clearances, top US university support... MS has all it needs.
Greed and easy market share all over the world got MS to the top, but is the OS really worth anything anymore in a networked world until totally reworked?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...