Microsoft Says Vista Most Secure OS Ever

darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."

Microsoft + Stupid Claims = ...

[hejog]

The most secure OS ever? No one will take them seriously seeing as a) Its Microsoft, b) Its a ridiculous claim, c) The OS has been delayed and delayed and delayed, had tons of stuff removed, and d) THE OS ISNT EVEN OUT YET! Microsoft loves making such bold ridiculous statements. Maybe Vista is the most secure Windows platform ever (even that'd be impressive, NT was fairly solid...) but at least wait till launch for christs sake! Vista is slowly turning into the biggest joke in the Computing Industry, if they continue at this rate they'll even beat Windows ME..! PS- are the comments detail bar along the top of your screen (even when you scroll down), and the muliple story categories new? Swear I never noticed those before...

Maybe true today, but

[SIGALRM]

Vista is the most secure operating system in the industry

Of course it is... virtually no one is using it yet. While Vista is obscure, it follows that there will be little exploitive effort.

As always, future history is yet to be written--although it tends to reflect and repeat the past.

can't break what you can't see!!

[netsavior]

I think PhantomOS is more secure. No virus in the world can infect an OS that does not exist.

Meanwhile...

[Tweekster]

Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.

It's true...

[Nutmegan]

Vista is amazingly secure. I've been trying to crack a Windows Vista machine all morning, and I can't even find one. Nothing like those operating systems that people are actually using.

Microsoft

[denisbergeron]

said that for every version of Windows, and it's right if you considere two premises :
1) The OS is not used by anyone when the "most secure" sentence was released.
2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).

Comment removed

[account_deleted]

Comment removed based on user account deletion

How does that compare

[Anonymous Coward]

How does hiring a dozen black hat hackers compare to having thousands of professionals seeking errors at large?

The power of the public is cooperation. Someone finds a small bit and _shares_ it with others. A dozen guys in a microsoft office (pun) have none of this power.

Not finding a hole is no proof of being airtight anyway.

vajk

This is laughable

[Starker_Kull]

You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc. To preemptively announce that "Vista [is] the most secure OS in the industry" before it is even released makes me think Microsoft is still high on itself.

Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.

Black hat?

[gcnaddict]

Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s

Could someone explain the difference between the two so I can make sure I didnt screw up?

Employed black hat hackers???

[someone1234]

Admitting employment of black hats is admitting a crime. Or, if they did a legal work, they are not black hats. Or, the article is messed up.

Re:Depends on the definition.

[kfg]

I am more curious about their definition of "secure."

Secure against whom?

KFG

No OS is secure enough

[SimpleBinary]

No matter how secure they make Vista or any OS there will always be those users/hackers who have too much free time their hands and want to make life miserable for the rest of us. The real problem lays with the users who incorrectly store lucrative information without securing their actual computer network.

Mod the entire article as +5 Funny and move on...

[alexfromspace]

Mod the entire article as +5 Funny and move on...

Re:Black hat?

[maxwell demon]

Imagine you are a black hat hacker, and are asked to evaluate the security. Wouldn't you be very tempted to keep silent about a few security problems you found, in order to exploit them later?
What would you think if an airport employed terrorists as security personnel because they know better what to look for?

Re:Black hat?

[jsse]

When a white hat got a month's contract. He looked at the technical specifications of the product, search for all possible exploits that would affect it. Tested the product with all possible exploits found in a controlled environment and deliver a detailed report with recommendations at the end of the month.

A black hat also got a month's contract for the same duty. He ran the rootkit and found all the exploits on day one. Then he used the corporate network for gaming and DDOS for the rest of the days. At the end of the month, show them the exploits and tell them their product is fucked.

Re:This is laughable

[DeadChobi]

Oh, wow. So they're going to top Vista off with being MORE ANNOYING than Windows XP? You mean I'm actually going to have to be prompted every time I want to do something? There'd better be a way to turn this off or I'm never going to buy a copy of Vista.

It's bad enough to be prompted every 15 minutes for a restart after I've installed updates, EVEN IF I AM IN THE MIDDLE OF SOMETHING. Yes, Windows will pull me out of full-screen just to tell me that it has finished installing updates. To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy. Piss people off enough so that they never use your OS.

That kind of treat-you-like-you're-stupid shit is what makes me dread installing updates. I dont give a shit that I need to restart to install updates. Windows has waited for weeks for me to restart, and I dont need the constant nagging while it's waiting. Let me know when Vista has had its obligatory "dont treat me like I'm a mindless twat computer user" update. Then I'll get it.

Re:Black hat?

[MrAnnoyanceToYou]

Yes.

Yes it would.

Making this particular claim a:) a fundamental logic error made by the biggest manufacturer of software in the world, or b) a completely unbased and silly statement based upon marketing.

Funny thing is, this is the first time I've ever hoped for a Microsoft statement to be FUD.

Tommy Boy

[ruiner13]

"I can take a shit in a box and slap a guarantee on it, and all that means is you have a guaranteed piece of shit."

For some reason, MS saying that makes me think of that line...

(Sorry if I butchered it a bit).

Secure?

[Necrotica]

By "secure" they must mean "annoying." I'm running Vista beta 2 right now and I'm running into all sorts of security-related issues. Like warning popups when applications run, local admins not being able to delete things, local admins not even being able to do an "ipconfig /release" in order to get a new IP address via DHCP. Seriously, Vista is going to drive people freaking nuts!!

But I would never, ever, ever utter the words Vista, OpenBSD, and security in the same sentence in a positive tone.

Re:Hold The Font Page!

[Onan]

I seem to recall that Dave Barry had a good line that would extend well to this case:

'...Windows XP, which according to everybody is the "most reliable Windows
ever." To me, this is like saying that asparagus is "the most articulate
vegetable ever."'

bummer of a birth mark...

[slashname3]

Microsoft just painted a huge bullseye on Vista. If the hackers were not interested in spending time finding exploits they will now. Waving red flags and yelling watch this are things you should not do unless you know for sure the bull is in the other corral or that you are an expert at the stunt you are about to try and pull. Microsoft is in the same corral with the hackers and they are not experts on OSes based on past performance.

From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."

Re:Depends on the definition.

[kfg]

Do not overlook the point that my question also implies there may be entities whom their defintion of "secure" does not cover.

KFG

Re:Microsoft + Stupid Claims = ...

[Foofoobar]

And oddly enough, exploits were already found that affect XP as well as VISTA. But since Vista isn't even out yet, they don't have to patch anything.

Honestly, I think Vista is their Titanic and they just solidified this feeling by claiming that it's 'unsinkable'

Ahoy! Iceberg ahead...

Re:Microsoft + Stupid Claims = ...

[cp.tar]

If they're not paying you for it, don't.

If you're supposed to pay for the OS, they're supposed to pay for the bug reports. Plain and simple.

Re:Microsoft + Stupid Claims = PROFITS!

[vandon]

They are refering to their market position and their rights being secured away from the end user.

If you read TFA, you'll see the phrase 'the most secure operating system in the industry' is similar to what auto makers use. Ford or Toyota never says 'Our car is the best'. They say 'The Toyota Newsupercar is best in its class', which of course means the class is limited to all vehicles that are the same year, color, size, weight, manufacturer, and model as the Toyota Newsupercar.
The 'in the industry' is most likely limited to large companies that had 2005 quarterly gross profits of over $8 billion and have a product called Windows. The "industry" is further limited to all home products with the names Vista or WindowsME.

As you can see, Vista is indeed the most secure OS in the industry.*

Re:It's True!

[tjwhaynes]

I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed.

If this is true (I don't have a machine infected^W with Vista to test it against) that's an instant denial-of-service attack for you. Better still, there may be a way to get a shell on the Vista server under the priviledges of the user that started the RDP session ... So much for checking all interfaces parsing through incoming data to check for overflows or bad handling.

Cheers,
Toby Haynes

Re:This is laughable

[alan.briolat]

Welcome to Windows! You're not in control, you're just the passenger!