Microsoft Says Vista Most Secure OS Ever 440
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
The Slashdot Criteria (Score:5, Interesting)
Acronyms (Score:5, Interesting)
I noticed in this article that they're treading on our acronyms.
SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?
RMS - Rights Management Something
This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor [linuxvirus.net], or is a complete prick. I really doubt that this was accidental.
It's superficial, but I think both examples are very symbolic.
Damn formatting... (Score:3, Interesting)
Let's count the kinds of attacks that have existed in the past:
Bad daemon/service design allowing for root control through the service itself remotely
Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
Bad port use allowing for access to stuff that should be off by default
Bad user permissions control requiring everyone who actually want to do something to have local admin access
Bad MS software design giving software designed to look at public (read: anything) access to the service or kernel level
Bad implementation of MS software allowing for public, untrusted content to arbitrarily install stuff on the PC (see also: the Balmer Story)
Sounds like we have a lot of possible places to start, and I'm not even someone used to breaking into Microsoft systems. There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users...
very old news -- XP was the most secure (Score:1, Interesting)
http://www.macobserver.com/article/2001/12/21.5.s
It was so secure that a guide had to be published, Windows XP: Surviving the first day:
http://seclists.org/lists/security-basics/2003/No
Yeah, yeah, yeah (Score:2, Interesting)
Would you stop already. Always the best and revolutionary like never before.
Life will show that nothing really changed, except Microsoft coffins getting bigger
Hmmm... (Score:1, Interesting)
No they are speaking the truth (Score:5, Interesting)
Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.
Nothing new (Score:3, Interesting)
That's okay. Nobody else does, either.
Re:Hackers? (Score:3, Interesting)
Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile, they're digging around inside (being careful to erase traces of their visit), getting extremely familiar with an OS that hasn't even been released yet. 0-day exploits indeed....
Comment removed (Score:5, Interesting)
Re:Hackers? (Score:3, Interesting)
White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.
People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"
Re:Acronyms (Score:5, Interesting)
I'm sorry, but rms has meant "root-mean-square" to me for about 15 years, or roughly 8 years longer than I've known about GNU or Linux, and it's meant that to mathematicians for a lot, lot longer than that.
Since when does anyone "own" an acronym? Talk about overly touchy...
Re:Microsoft + Stupid Claims = ... (Score:2, Interesting)
"...when the New York office of the White Star Line was informed that Titanic was in trouble, White Star Line Vice President P.A.S. Franklin announced 'We place absolute confidence in the Titanic. We believe the boat is unsinkable.'"
Source: http://www.historyonthenet.com/Titanic/unsinkable
Trusted Solaris (Score:3, Interesting)
Re:Well, I suppose in the end, it *is* secure... (Score:1, Interesting)
Re:Acronyms (Score:1, Interesting)
I say to hell with acronyms altogether. Is it a disk operating system or a denial of service?
(MRC="bandying", glad you got the MRC generator working again!)
Re:Well, I suppose in the end, it *is* secure... (Score:3, Interesting)
*insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*
When autorun is turn off for all removable media, and can only be turned on with an administrator password, and there is no override for "special DRM encoded media", then I will believe that MS is concerned about security. Until then, they are doing the minimum neccesary to meet a current PR, while making sure that control of MS Windows stays out of the hand of the end user, and in the hands of MS and it's partner advertisers.