Forgot your password?
typodupeerror

Microsoft Says Vista Most Secure OS Ever 440

Posted by Zonk
from the that's-evar dept.
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
This discussion has been archived. No new comments can be posted.

Microsoft Says Vista Most Secure OS Ever

Comments Filter:
  • by Saint Aardvark (159009) * on Thursday June 15, 2006 @01:43PM (#15541586) Homepage Journal

    CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).

    de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.

    Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.

    Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."

    Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."

    • Black hat? (Score:4, Insightful)

      by gcnaddict (841664) on Thursday June 15, 2006 @01:51PM (#15541698)
      Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s

      Could someone explain the difference between the two so I can make sure I didnt screw up?
      • Not if you want to sell copies of WINDOWS DEFENDER!

        Now that the blackhats have had a look at the source code, we had better pony up the money to buy that service or else....
      • And how impressive would that sound? In reality they have several "white hats" working for them in the form of regular security people, I presume. But if you say you got an ex-bankrobber in to check out your security, it sounds a lot more impressive than just saying "we think we've done a pretty good job", even if the bankrobber is in a worse position to evaluate the security.
        • Re:Black hat? (Score:5, Insightful)

          by maxwell demon (590494) on Thursday June 15, 2006 @02:14PM (#15541956) Journal
          Imagine you are a black hat hacker, and are asked to evaluate the security. Wouldn't you be very tempted to keep silent about a few security problems you found, in order to exploit them later?
          What would you think if an airport employed terrorists as security personnel because they know better what to look for?

      • Could someone explain the difference between the two so I can make sure I didn't screw up?

        Sure, white hat hackers do it for glory and money. Black hat hackers do it for money and glory.

        Oh balls!
      • "Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s"

        Typically, yes. But if you're Microsoft, trying to do everything you can to deal with a horrible reputation regarding the security of your software, it makes a hell of a lot of sense to go nuts and hire every crazy black-hat hacker willing to pen-test the OS for you. Remember, plenty of black-hats are just in it for the money, and for them, it probably makes a hell of a lot of sense to take a big
        • Typically, yes. But if you're Microsoft, trying to do everything you can to deal with a horrible reputation regarding the security of your software, it makes a hell of a lot of sense to go nuts and hire every crazy black-hat hacker willing to pen-test the OS for you. Remember, plenty of black-hats are just in it for the money, and for them, it probably makes a hell of a lot of sense to take a big pile of cash from Microsoft than it does to keep running bot networks selling v1@garr@.

          Wouldn't make even mor

          • Re:Black hat? (Score:3, Insightful)

            Yes.

            Yes it would.

            Making this particular claim a:) a fundamental logic error made by the biggest manufacturer of software in the world, or b) a completely unbased and silly statement based upon marketing.

            Funny thing is, this is the first time I've ever hoped for a Microsoft statement to be FUD.
      • Re:Black hat? (Score:3, Insightful)

        by jsse (254124)
        When a white hat got a month's contract. He looked at the technical specifications of the product, search for all possible exploits that would affect it. Tested the product with all possible exploits found in a controlled environment and deliver a detailed report with recommendations at the end of the month.

        A black hat also got a month's contract for the same duty. He ran the rootkit and found all the exploits on day one. Then he used the corporate network for gaming and DDOS for the rest of the days. A
    • That not even Microsoft's air force can shoot straight.

      The University of Alberta is in Edmonton.
  • by SIGALRM (784769) on Thursday June 15, 2006 @01:44PM (#15541588) Journal
    Vista is the most secure operating system in the industry
    Of course it is... virtually no one is using it yet. While Vista is obscure, it follows that there will be little exploitive effort.

    As always, future history is yet to be written--although it tends to reflect and repeat the past.
  • by netsavior (627338) on Thursday June 15, 2006 @01:44PM (#15541600)
    I think PhantomOS is more secure. No virus in the world can infect an OS that does not exist.
  • by eldavojohn (898314) * <eldavojohn.gmail@com> on Thursday June 15, 2006 @01:44PM (#15541603) Journal
    From the Slashdot FAQ:
    Slashdot gets hundreds of submissions every day. Every day our authors go through these submissions, and try to select the most interesting, timely, and relevant ones to post to the homepage.
    Or, as in this case, any story with a headline that will start an instant flame war.
  • Make a bold claim, do a bold presentation.
  • Bit of a clarification...they mean this sort of Black Hat [blackhat.com].
  • Given Microsofts track record, and the fact that they've made similar claims with other releases of Windows, I'll wait to see if they speak the truth. Only after Vista has been widely deployed and all the worlds hackers have had plenty of time to bang on it will I believe what Microsoft has to say.
  • Meanwhile... (Score:4, Insightful)

    by Tweekster (949766) on Thursday June 15, 2006 @01:45PM (#15541613)
    Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.
  • Microsoft (Score:3, Insightful)

    by denisbergeron (197036) <DenisBergeron@@@yahoo...com> on Thursday June 15, 2006 @01:46PM (#15541627)
    said that for every version of Windows, and it's right if you considere two premises :
    1) The OS is not used by anyone when the "most secure" sentence was released.
    2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).
  • by jcr (53032) <jcr&mac,com> on Thursday June 15, 2006 @01:47PM (#15541630) Journal
    If the "industry" he's referring to is "the MIcrosoft operating systems industry"...

    -jcr
  • So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security":
    *insert CD*
    "You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
    *clicks yes*

    *launches Internet Exploiter*
    "You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
    *clicks "Yes"*
    "Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess your computer up! Are you absolutely sure you want to connect to the internet?"
    *clicks "Yes"*
    "Oooooh, sorry - you don't have sufficient privileges to connect to the internet. Contact your Administrator or type your Administrator password now."
    *types password*
    *connects to internet*
    "You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
    *sighs* *clicks "Yes"*
    *beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
    *clicks "Yes."
    "You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
    *sighs* *clicks "Yes"*
    *beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
    *kicks computer*
    *installs Linux/BSD or buys Mac*

    VERY secure, indeed.
    • by Anonymous Coward
      This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.
      • This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.

        Yeah - I was going to go boot it up and copy the actual text in the ultra-annoying, constant stream of "As a user, you're too stupid to understand security. We need to ask you every question in existance about every OS function to ensure to completely understa

    • I think that is just a big cover for the fact that they have not been able to complete TCP/IP support.
    • So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security":

      *insert CD*
      "You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
      *clicks yes*

      When autorun is turn off for all removable media, and can only be turned on with an administrator password, and there is no override for "special DRM encoded media", then I will believe that MS is concerned about security. U

  • Acronyms (Score:5, Interesting)

    by linvir (970218) * on Thursday June 15, 2006 @01:49PM (#15541658)

    I noticed in this article that they're treading on our acronyms.

    SDL - Security Development Lifecycle
    Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?

    RMS - Rights Management Something
    This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor [linuxvirus.net], or is a complete prick. I really doubt that this was accidental.

    It's superficial, but I think both examples are very symbolic.

  • by NickFortune (613926) on Thursday June 15, 2006 @01:49PM (#15541659) Homepage Journal
    In other news, Kellogs say Corn Flakes "taste nice". Film at eleven.
    • Of course MS said this. Duh! What are they supposed to say?
      "We hope it's more secure than XP, but we'll just have to wait and see."?
      • Well, they could just have said: "It's the most secure Windows operating system." Which might even be true.
        • by Onan (25162)

          I seem to recall that Dave Barry had a good line that would extend well to this case:

          '...Windows XP, which according to everybody is the "most reliable Windows
          ever." To me, this is like saying that asparagus is "the most articulate
          vegetable ever."'

  • ...sound like a challenge to me... Let's count the kinds of attacks that have existed in the past: Bad daemon/service design allowing for root control through the service itself remotely Bad daemon/service permissions allowing a buffer overflow to give one service-level command access Bad port use allowing for access to stuff that should be off by default Bad user permissions control requiring everyone who actually want to do something to have local admin access Bad MS software design giving software desi
    • Damn formatting... (Score:3, Interesting)

      by TWX (665546)
      The message should have looked like:

      ...sound like a challenge to me...

      Let's count the kinds of attacks that have existed in the past:

      Bad daemon/service design allowing for root control through the service itself remotely
      Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
      Bad port use allowing for access to stuff that should be off by default
      Bad user permissions control requiring everyone who actually want to do something to have local admin access
      Bad
  • Any operating system that is capable of the tasks contemporary computer users want that system to do (being connected to the Internet as the prime example) is one that can be configured to be exploited.

    Second, it is empirically accurate to state that no one has complete, a priori knowledge of bugs in a reasonably complex piece of software, some of which could lead to exploit conditions.

    Third, is it even theoretically possible to have a priori knowledge of such bugs given a system of sufficient complexity?
  • This doesn't work. (Score:2, Informative)

    by JamesF1 (918998)
    Microsoft claim that this is the most secure OS to date... but they also claim that it's incredibly stable. I don't get how that works.

    If you want security, use Windows 95... A crashed computer is incredibly secure - far more secure than Vista.
  • This is laughable (Score:3, Insightful)

    by Starker_Kull (896770) on Thursday June 15, 2006 @01:50PM (#15541677)
    You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc. To preemptively announce that "Vista [is] the most secure OS in the industry" before it is even released makes me think Microsoft is still high on itself.

    Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.
    • You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc.

      While I am not defending Vista I would like to think that MS has enough forethought to submit their new OS to attacks of various natures. I doubt any large software house lets a product go to market without submitting it to the rough and tumbles of a simulated user environment.

      In the end I also think that Windows (W2K and XP that is) is fairly safe and stable while you pay at
      • While I am not defending Vista I would like to think that MS has enough forethought to submit their new OS to attacks of various natures. I doubt any large software house lets a product go to market without submitting it to the rough and tumbles of a simulated user environment.

        I'm sure you are right. And if they were to say, "We have subjected Vista to more security checks and tests than any previous OS", I would probably accept that as fact. They do list many features that MIGHT enhance security. But

        • by DeadChobi (740395) <DeadChobi@NoSPaM.gmail.com> on Thursday June 15, 2006 @02:37PM (#15542197)
          Oh, wow. So they're going to top Vista off with being MORE ANNOYING than Windows XP? You mean I'm actually going to have to be prompted every time I want to do something? There'd better be a way to turn this off or I'm never going to buy a copy of Vista.

          It's bad enough to be prompted every 15 minutes for a restart after I've installed updates, EVEN IF I AM IN THE MIDDLE OF SOMETHING. Yes, Windows will pull me out of full-screen just to tell me that it has finished installing updates. To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy. Piss people off enough so that they never use your OS.

          That kind of treat-you-like-you're-stupid shit is what makes me dread installing updates. I dont give a shit that I need to restart to install updates. Windows has waited for weeks for me to restart, and I dont need the constant nagging while it's waiting. Let me know when Vista has had its obligatory "dont treat me like I'm a mindless twat computer user" update. Then I'll get it.
  • Seriously though, I've resigned myself to saying that Windows does the job for many people. But a secure desktop OS it is not. It's not designed like that. In steadily fewer cases, it isn't even the best tool for the job.

    Microsoft will repeat the security message in the media until most people believe it. Meanwhile I'll still have plenty of work babysitting their products and buying security software to use on top of their "secure" software.
  • You know that's one of those statements that will come back and bite them in the ass.

    It's like handing software to QA and saying "I've got all the bugs out this time."
  • Pass the linctus (Score:3, Informative)

    by ettlz (639203) on Thursday June 15, 2006 @01:51PM (#15541696) Journal
    Cough! OpenBSD Coughhhhhhh!

    Sorry about that. Did someone say Microsoft thinks they've got "t3h m0st s3cur3 05 ev4r lollll!!!!1111" or something?!

  • If you've looked at any statistics you can see that no one has ever cracked into a Vista Server. Ever. It's amazing. In fact, and the numbers don't lie here, there has never been a public patch for security reasons.

    Simply amazing.
  • by Billosaur (927319) * <wgrother@NosPAm.optonline.net> on Thursday June 15, 2006 @01:54PM (#15541729) Journal

    * White Star Lines Pronounces Titanic "Unsinkable"

    * Hindenburg Safest Way To Fly

    * Ford Pinto Named Safest Car For 1973

  • If no one can break into it, it must be secure! Forget security through obscurity, this is security through non-existence. <CLINKS GUINESS PINTS> Brilliant!

  • After I installed the Vista beta I can no longer access my hard drive. Linux fdisk, Partition Magic: nothing will let me back in (can't even repartition!).

    Can't get much more secure than that...

    Seriously, though, the drive really is unreadable. Don't know if Vista managed to kill it (how?!?!) or if it's just a strange coincidence.
  • Yeah, yeah, yeah (Score:2, Interesting)

    by HansKloss (665474)
    It's getting boring. I heard the same argument last time when they released Win XP, and before for Win 98.
    Would you stop already. Always the best and revolutionary like never before.
    Life will show that nothing really changed, except Microsoft coffins getting bigger
  • Admitting employment of black hats is admitting a crime. Or, if they did a legal work, they are not black hats. Or, the article is messed up.
  • by TheDarkener (198348) on Thursday June 15, 2006 @01:58PM (#15541782)
    "...the company has employed black hat hackers...

    By definition, if you employ hackers to test an operating system, they are NOT "black hat" hackers - they are, at best, "grey hat" hackers.

    Definition from Wikipedia [wikipedia.org]:

    Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction.
  • Falling Out Laughing
  • It's so secure that even the owner of the computer can't control it.
  • That's exactly the statement they made about XP. And we see how far that went...
  • by Weaselmancer (533834) on Thursday June 15, 2006 @02:00PM (#15541809)

    And it's not shipping yet either.

  • One of the big arguments against use of illegal drugs is that it financially supports an immoral, illegal, and corrupt system. Even though you may use your stash at home and in a manner that doesn't hurt anyone else, your money goes to the drug dealers, crime lords, and liberal democrats ... err... god-forsaken hedonists that are corrupting the very soul of this country.

    Is Microsoft saying that they actually handed over money, got sentences reduced, or somehow offered compensation to the black hat hackers t
  • Just FYI (Score:2, Informative)

    by sammysheep (537812)
    "In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
    I think "black hat" would not be quite the term to describe this sort of activity. The term "white hat" is usually used for hired hacks: http://en.wikipedia.org/wiki/White_Hat [wikipedia.org].
    • I think "black hat" would not be quite the term to describe this sort of activity. The term "white hat" is usually used for hired hacks

      Further, why "penetration test team" or "pen test team"? The latter sounds like they work in an animation studio. If Microsoft is hiring them and still calls them "black hat hackers", why not go all the way and make it clear to everyone what they think of them by calling them a more widely known and inflammatory term, such as "rape gang"?

  • by twitter (104583) on Thursday June 15, 2006 @02:03PM (#15541843) Homepage Journal

    ... and you will be able to run it in five minutes.


    Five minutes pass.


    GOTO LINE 1.



  • since if you run tcp/ip on an old trash-80, for example, no hacker would even wait on the line long enough for the first response packet to come back. he'd time-out LONG before the z80a could respond.

    there you go - security by lack of clock speed. (has that ever been done before?)

    "most secure os ever". pffft! anyone who would believe this deserves to run --(xp++)
  • The OSS community has been calling out all the security vulnerabilities of Windows for quite some time and people now pretty much take it as fact... I wonder if Microsoft's new solution to security will just be a DRM'd closed platform where everything has to be signed by Microsoft in order to run. That would be security, if everything made to run under microsoft had to be approved by microsoft. Wouldn't quite be a computer anymore. But all you wonderful IT geeks out there having been pushing a locked dow
  • "This is the most secure operating system in the world! Let's go test it to see if it's secure!"

    Meanwhile...

    "I'll pay you guys one-hundred dollars each if you pretend to be script kiddies."

    "Two-hundred."

    "Deal."
  • No matter how secure they make Vista or any OS there will always be those users/hackers who have too much free time their hands and want to make life miserable for the rest of us. The real problem lays with the users who incorrectly store lucrative information without securing their actual computer network.
  • Did someone break the network driver again?
  • And... (Score:2, Funny)

    by FrankieBoy (452356)
    Global Warming is a myth,
    Carrot Top is funny,
    Cigerettes don't cause cancer,
    Irac had weapons of mass destruction,
    George Bush is listening to your phone calls to make you safe.
  • by Billly Gates (198444) on Thursday June 15, 2006 @02:07PM (#15541883) Journal
    ... ever made. After all Microsoft said so both in 1996 and 1999.

    So until holes appear in either platform I think we can trust Microsoft when they say something is secure. After all I never heard of a single security hole in WindowsXP or IIS or any server product from MS. Have you?
  • by mugnyte (203225) on Thursday June 15, 2006 @02:08PM (#15541891) Journal
    3D Realms declared today that "Duke Nuken Forever" is The Best Game Ever! With an incredible non-linear storyline, incredible learning AI across games, outrageous low-lag multiplay, both 1stP and ortho views - and runs on a standard gaming machine! Published with a complete set of of level-making tools and start-of-the-art texture and atmosphere effects, Duke Nuken Forever is set to be the most played game ever.

    3D Realms gave a presentation of the all the features that will help Duke keep the number one spot in the market. It also outlined the TV channel, movies series and theme park spun from the elements of the game.

    Check it out! [wikipedia.org]

  • Mod the entire article as +5 Funny and move on...
  • by JustNiz (692889)
    The retail version of Vista is the most secure OS ever.
    MS just left off the "Because no one is using it yet".
  • Oh yeah? MY OS requires blood and tissue samples as well as an FBI background check to log on and the user can do one of two things: log off or reboot. No network (or God forbid internet) access, no access to install or run programs or peripherals. Nothing. But boy is it secure! Yep, nobody is EVER going to hack into it.
  • Tommy Boy (Score:3, Insightful)

    by ruiner13 (527499) on Thursday June 15, 2006 @02:42PM (#15542263) Homepage
    "I can take a shit in a box and slap a guarantee on it, and all that means is you have a guaranteed piece of shit."

    For some reason, MS saying that makes me think of that line...

    (Sorry if I butchered it a bit).

  • Secure? (Score:3, Insightful)

    by Necrotica (241109) <cspencer@lan l o r d .ca> on Thursday June 15, 2006 @02:48PM (#15542326)
    By "secure" they must mean "annoying." I'm running Vista beta 2 right now and I'm running into all sorts of security-related issues. Like warning popups when applications run, local admins not being able to delete things, local admins not even being able to do an "ipconfig /release" in order to get a new IP address via DHCP. Seriously, Vista is going to drive people freaking nuts!!

    But I would never, ever, ever utter the words Vista, OpenBSD, and security in the same sentence in a positive tone.
  • Trusted Solaris (Score:3, Interesting)

    by RedOregon (161027) <`redoregon' `at' `satx.rr.com'> on Thursday June 15, 2006 @03:25PM (#15542673) Homepage Journal
    What... no one's going to mention TSOL? Sure it's a royal PITA to administer, but it doesn't get much more secure...
  • by slashname3 (739398) on Thursday June 15, 2006 @03:36PM (#15542771)
    Microsoft just painted a huge bullseye on Vista. If the hackers were not interested in spending time finding exploits they will now. Waving red flags and yelling watch this are things you should not do unless you know for sure the bull is in the other corral or that you are an expert at the stunt you are about to try and pull. Microsoft is in the same corral with the hackers and they are not experts on OSes based on past performance.

    From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."
  • It's True! (Score:5, Funny)

    by ch-chuck (9622) on Thursday June 15, 2006 @04:08PM (#15543077) Homepage
    I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed. Imagine an OS so secure it would rather self destructs than allow an intruder. Now that's a secure OS, yes indeed.

    Tip: You must update to latest cvs of rdesktop, something about key size.

    • Re:It's True! (Score:3, Insightful)

      by tjwhaynes (114792)
      I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed.

      If this is true (I don't have a machine infected^W with Vista to test it against) that's an instant denial-of-service attack for you. Better still, there may be a way to get a shell on the Vista server under the priviledges of the user that started the RDP session ... So much for checking all interfaces parsing through incoming data to check for overflows or ba

You scratch my tape, and I'll scratch yours.

Working...