Microsoft Says Vista Most Secure OS Ever

darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."

The Slashdot Criteria

[eldavojohn]

From the Slashdot FAQ:

Slashdot gets hundreds of submissions every day. Every day our authors go through these submissions, and try to select the most interesting, timely, and relevant ones to post to the homepage.

Or, as in this case, any story with a headline that will start an instant flame war.

Acronyms

[linvir]

I noticed in this article that they're treading on our acronyms.

SDL - Security Development Lifecycle
Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?

RMS - Rights Management Something
This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor [linuxvirus.net], or is a complete prick. I really doubt that this was accidental.

It's superficial, but I think both examples are very symbolic.

Damn formatting...

[TWX]

The message should have looked like:

...sound like a challenge to me...

Let's count the kinds of attacks that have existed in the past:

Bad daemon/service design allowing for root control through the service itself remotely
Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
Bad port use allowing for access to stuff that should be off by default
Bad user permissions control requiring everyone who actually want to do something to have local admin access
Bad MS software design giving software designed to look at public (read: anything) access to the service or kernel level
Bad implementation of MS software allowing for public, untrusted content to arbitrarily install stuff on the PC (see also: the Balmer Story)

Sounds like we have a lot of possible places to start, and I'm not even someone used to breaking into Microsoft systems. There are probably many, many more vectors of attack that I haven't thought of without even resorting to social engineering or taking advantage of stupid or ignorant users...

very old news -- XP was the most secure

[Anonymous Coward]

I seem to recall similar statements made in 2001 about new and improved user-oriented operating system XP. XP was supposed to be the most secure O/S ever and M$ made lots of statements about it being very secure, best ever, very hard to hack, etc.

http://www.macobserver.com/article/2001/12/21.5.sh tml [macobserver.com]

It was so secure that a guide had to be published, Windows XP: Surviving the first day:

http://seclists.org/lists/security-basics/2003/Nov /0555.html [seclists.org]

Yeah, yeah, yeah

[HansKloss]

It's getting boring. I heard the same argument last time when they released Win XP, and before for Win 98.
Would you stop already. Always the best and revolutionary like never before.
Life will show that nothing really changed, except Microsoft coffins getting bigger

Hmmm...

[Anonymous Coward]

what's this in the article about MS using acronyms such as RMS and SDL? Could this be part of the extend and conquer strategy? Next thing you know they will use LIB, KDE, RHL, PHP, LAMP or OSS as part of their system naming scheme. No, really.

No they are speaking the truth

[SmallFurryCreature]

It was their most secure OS ever, right up to the point that WMF bug was exploited and Vista was found to be just as vulnerable as every other windows version.

Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.

Nothing new

[Tony]

Remember "DNS?" Digital Nervous System?

That's okay. Nobody else does, either.

Re:Hackers?

[Em Adespoton]

??? I thought the whole idea behind "black hat" vs. "white hat" was the relationship between the "hacker" and the victim. White hat hackers do their stuff with permission and with people's best interests at heart. Black hat hackers do things for their own interests, at the expense of the victims.

Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile, they're digging around inside (being careful to erase traces of their visit), getting extremely familiar with an OS that hasn't even been released yet. 0-day exploits indeed....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Hackers?

[StarvingSE]

Its called media speak. Black-hat hackers sounds like a group of evil-doers who are now turned to the light side and are helping MS secure their OS, but they are still bad boys.

White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.

People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"

Re:Acronyms

[Tim C]

Treading on "our" acronyms?

I'm sorry, but rms has meant "root-mean-square" to me for about 15 years, or roughly 8 years longer than I've known about GNU or Linux, and it's meant that to mathematicians for a lot, lot longer than that.

Since when does anyone "own" an acronym? Talk about overly touchy...

Re:Microsoft + Stupid Claims = ...

[foamrotreturns]

Hm, while we're talking about beta/not released, etc, let's make a "maiden voyage" comparison with a very relevant quote:
"...when the New York office of the White Star Line was informed that Titanic was in trouble, White Star Line Vice President P.A.S. Franklin announced 'We place absolute confidence in the Titanic. We believe the boat is unsinkable.'"
Source: http://www.historyonthenet.com/Titanic/unsinkable. htm [historyonthenet.com]

Trusted Solaris

[RedOregon]

What... no one's going to mention TSOL? Sure it's a royal PITA to administer, but it doesn't get much more secure...

Re:Well, I suppose in the end, it *is* secure...

[Zaplocked]

While I agree the amount of popups vista brings up is laughable, one wonders what you were doing wrong to fail at installing flash - I just went to macromedia's site and click the install now button. After 6 or 7 annoying popups and 2 minutes, it was installed fine.

Re:Acronyms

[Anonymous Coward]

Do the people in Iraq who plant IEDs [wikipedia.org] have IED [wikipedia.org]? And do the IEDs have IED [ucsd.edu]? Do they belong to the IED [ied.org.uk]?

I say to hell with acronyms altogether. Is it a disk operating system or a denial of service?

(MRC="bandying", glad you got the MRC generator working again!)

Re:Well, I suppose in the end, it *is* secure...

[fermion]

So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security":

*insert CD*
"You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
*clicks yes*

When autorun is turn off for all removable media, and can only be turned on with an administrator password, and there is no override for "special DRM encoded media", then I will believe that MS is concerned about security. Until then, they are doing the minimum neccesary to meet a current PR, while making sure that control of MS Windows stays out of the hand of the end user, and in the hands of MS and it's partner advertisers.