Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Microsoft Says Vista Most Secure OS Ever

Posted by Zonk on Thu Jun 15, 2006 12:42 PM
from the that's-evar dept.
Microsoft Operating Systems Security Software Windows
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
+ -
story

Related Stories

[+] IT: Longhorn Server's "Improved" Security 151 comments
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Microsoft Says Vista Most Secure OS Ever 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).

    de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.

    Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.

    Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."

    Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."

    • Black hat? (Score:4, Insightful)

      by gcnaddict (841664) <gcnaddict @ g m a il.com> on Thursday June 15 2006, @12:51PM (#15541698)
      Arent the white hat hackers typically the ones employed for legitimate jobs such as this? Now I'm confused :-s

      Could someone explain the difference between the two so I can make sure I didnt screw up?
      • Not if you want to sell copies of WINDOWS DEFENDER!

        Now that the blackhats have had a look at the source code, we had better pony up the money to buy that service or else....
      • Could someone explain the difference between the two so I can make sure I didn't screw up?

        Sure, white hat hackers do it for glory and money. Black hat hackers do it for money and glory.

        Oh balls!
      • When a white hat got a month's contract. He looked at the technical specifications of the product, search for all possible exploits that would affect it. Tested the product with all possible exploits found in a controlled environment and deliver a detailed report with recommendations at the end of the month.

        A black hat also got a month's contract for the same duty. He ran the rootkit and found all the exploits on day one. Then he used the corporate network for gaming and DDOS for the rest of the days. A

        • Re:Black hat? (Score:5, Insightful)

          by maxwell demon (590494) on Thursday June 15 2006, @01:14PM (#15541956) Journal
          Imagine you are a black hat hacker, and are asked to evaluate the security. Wouldn't you be very tempted to keep silent about a few security problems you found, in order to exploit them later?
          What would you think if an airport employed terrorists as security personnel because they know better what to look for?

          • Yes.

            Yes it would.

            Making this particular claim a:) a fundamental logic error made by the biggest manufacturer of software in the world, or b) a completely unbased and silly statement based upon marketing.

            Funny thing is, this is the first time I've ever hoped for a Microsoft statement to be FUD.
    • That not even Microsoft's air force can shoot straight.

      The University of Alberta is in Edmonton.

  • Maybe true today, but (Score:5, Insightful)

    by SIGALRM (784769) on Thursday June 15 2006, @12:44PM (#15541588) Journal
    Vista is the most secure operating system in the industry
    Of course it is... virtually no one is using it yet. While Vista is obscure, it follows that there will be little exploitive effort.

    As always, future history is yet to be written--although it tends to reflect and repeat the past.

    • No they are speaking the truth (Score:5, Interesting)

      by SmallFurryCreature (593017) on Thursday June 15 2006, @12:58PM (#15541781) Journal
      It was their most secure OS ever, right up to the point that WMF bug was exploited and Vista was found to be just as vulnerable as every other windows version.

      Claiming Vista to be the most secure OS ever when it has already had a security flaw is just insane and tells us that MS still just don't get it. Or maybe they do get it. After all they make billions. It is sad but lying to the gullible pays better then telling the truth to the clever. There are just so many more gullible people. Last count about 6 billion.

  • can't break what you can't see!! (Score:3, Insightful)

    by netsavior (627338) on Thursday June 15 2006, @12:44PM (#15541600) Homepage
    I think PhantomOS is more secure. No virus in the world can infect an OS that does not exist.

  • The Slashdot Criteria (Score:5, Interesting)

    by eldavojohn (898314) * <my/.username@@@gmail.com> on Thursday June 15 2006, @12:44PM (#15541603) Homepage Journal
    From the Slashdot FAQ:
    Slashdot gets hundreds of submissions every day. Every day our authors go through these submissions, and try to select the most interesting, timely, and relevant ones to post to the homepage.
    Or, as in this case, any story with a headline that will start an instant flame war.

  • Meanwhile... (Score:4, Insightful)

    by Tweekster (949766) on Thursday June 15 2006, @12:45PM (#15541613)
    Those blackhats are just making notes of the real vulnerabilities while reporting simple superficial ones.

  • Microsoft (Score:3, Insightful)

    by denisbergeron (197036) <DenisBergeron@ya ... om minus painter> on Thursday June 15 2006, @12:46PM (#15541627)
    said that for every version of Windows, and it's right if you considere two premises :
    1) The OS is not used by anyone when the "most secure" sentence was released.
    2) The only OS existing in the Microsoft world has the one made by Microsoft (excluding OS/2).

  • Depends on the definition. (Score:4, Insightful)

    by jcr (53032) <jcr@mac.cUMLAUTom minus punct> on Thursday June 15 2006, @12:47PM (#15541630) Journal
    If the "industry" he's referring to is "the MIcrosoft operating systems industry"...

    -jcr
  • So, it's the most secure operating system ever... and from my use of the beta, I might be tempted to believe that. Here's an example of that "security":
    *insert CD*
    "You've just inserted an insecure piece of removable media. Are you sure you want to proceed?"
    *clicks yes*

    *launches Internet Exploiter*
    "You are attempting to connect to the internet. The internet is a very insecure place. Are you sure you want to do?"
    *clicks "Yes"*
    "Are you really sure? I mean, there are viruses out there on the internet. Do you know what a virus is? I mean, this stuff can really mess your computer up! Are you absolutely sure you want to connect to the internet?"
    *clicks "Yes"*
    "Oooooh, sorry - you don't have sufficient privileges to connect to the internet. Contact your Administrator or type your Administrator password now."
    *types password*
    *connects to internet*
    "You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
    *sighs* *clicks "Yes"*
    *beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
    *clicks "Yes."
    "You are attempting to send an IP packet over an unsecured interface. This is how viruses get on your computer. Are you sure want to send this packet?"
    *sighs* *clicks "Yes"*
    *beep beep beep* "USER ALERT: Your computer has received an unsecured packet from the internet! This packet could be part of a virus! Are you certain you want to allow this packet into the application for processing?"
    *kicks computer*
    *installs Linux/BSD or buys Mac*

    VERY secure, indeed.

    • Re:Well, I suppose in the end, it *is* secure... (Score:3, Informative)

      by Anonymous Coward
      This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.

      • This may seem like a joke but I spent an hour trying to install a Flash active-X plugin on IE in XP_64 running as Adminstrator and finally gave up. The series of prompts from the OS were painfully close to the scenario presented in this "joke" post.

        Yeah - I was going to go boot it up and copy the actual text in the ultra-annoying, constant stream of "As a user, you're too stupid to understand security. We need to ask you every question in existance about every OS function to ensure to completely understa

    • I think that is just a big cover for the fact that they have not been able to complete TCP/IP support.

  • Acronyms (Score:5, Interesting)

    by linvir (970218) * on Thursday June 15 2006, @12:49PM (#15541658)

    I noticed in this article that they're treading on our acronyms.

    SDL - Security Development Lifecycle
    Relatively inconspicuous. Simple DirectMedia Layer has nothing to fear from this in terms of mindshare. But then again, they knew that SDL was in use. Why not show a bit of cooperation?

    RMS - Rights Management Something
    This one is amazing, because it's basically DRM named after Richard Stallman. Someone at Microsoft either has a sense of humor [linuxvirus.net], or is a complete prick. I really doubt that this was accidental.

    It's superficial, but I think both examples are very symbolic.

  • Hold The Font Page! (Score:5, Funny)

    by NickFortune (613926) on Thursday June 15 2006, @12:49PM (#15541659) Homepage
    In other news, Kellogs say Corn Flakes "taste nice". Film at eleven.

  • This is laughable (Score:3, Insightful)

    by Starker_Kull (896770) on Thursday June 15 2006, @12:50PM (#15541677)
    You can't possibly know how secure an OS is until it's deployed in the wild, statistics are garnered, attacks are noted, etc., etc. To preemptively announce that "Vista [is] the most secure OS in the industry" before it is even released makes me think Microsoft is still high on itself.

    Maybe it's just marketspeak, or maybe it's more of the same arrogance that they know better what is secure than reality does. I'll sit back and wait for a few years, thanks.

        • Re:This is laughable (Score:5, Insightful)

          by DeadChobi (740395) <DeadChobi.gmail@com> on Thursday June 15 2006, @01:37PM (#15542197)
          Oh, wow. So they're going to top Vista off with being MORE ANNOYING than Windows XP? You mean I'm actually going to have to be prompted every time I want to do something? There'd better be a way to turn this off or I'm never going to buy a copy of Vista.

          It's bad enough to be prompted every 15 minutes for a restart after I've installed updates, EVEN IF I AM IN THE MIDDLE OF SOMETHING. Yes, Windows will pull me out of full-screen just to tell me that it has finished installing updates. To top it all off, I wont be able to browse the internet or insert CDs without some twat at Microsoft building the program to assume that I dont know what the fuck I'm doing with my computer? Sounds like a brilliant security strategy. Piss people off enough so that they never use your OS.

          That kind of treat-you-like-you're-stupid shit is what makes me dread installing updates. I dont give a shit that I need to restart to install updates. Windows has waited for weeks for me to restart, and I dont need the constant nagging while it's waiting. Let me know when Vista has had its obligatory "dont treat me like I'm a mindless twat computer user" update. Then I'll get it.

  • Pass the linctus (Score:3, Informative)

    by ettlz (639203) on Thursday June 15 2006, @12:51PM (#15541696) Homepage Journal
    Cough! OpenBSD Coughhhhhhh!

    Sorry about that. Did someone say Microsoft thinks they've got "t3h m0st s3cur3 05 ev4r lollll!!!!1111" or something?!

  • * White Star Lines Pronounces Titanic "Unsinkable"

    * Hindenburg Safest Way To Fly

    * Ford Pinto Named Safest Car For 1973

  • Black hat?? Come on guys. (Score:5, Informative)

    by TheDarkener (198348) on Thursday June 15 2006, @12:58PM (#15541782)
    "...the company has employed black hat hackers...

    By definition, if you employ hackers to test an operating system, they are NOT "black hat" hackers - they are, at best, "grey hat" hackers.

    Definition from Wikipedia [wikipedia.org]:

    Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction.

  • And it's not shipping yet either.

  • My OS is just as Secure ... (Score:3, Funny)

    by twitter (104583) on Thursday June 15 2006, @01:03PM (#15541843) Homepage Journal

    ... and you will be able to run it in five minutes.


    Five minutes pass.


    GOTO LINE 1.



  • ... ever made. After all Microsoft said so both in 1996 and 1999.

    So until holes appear in either platform I think we can trust Microsoft when they say something is secure. After all I never heard of a single security hole in WindowsXP or IIS or any server product from MS. Have you?

  • In Similar News... (Score:5, Funny)

    by mugnyte (203225) on Thursday June 15 2006, @01:08PM (#15541891) Homepage Journal
    3D Realms declared today that "Duke Nuken Forever" is The Best Game Ever! With an incredible non-linear storyline, incredible learning AI across games, outrageous low-lag multiplay, both 1stP and ortho views - and runs on a standard gaming machine! Published with a complete set of of level-making tools and start-of-the-art texture and atmosphere effects, Duke Nuken Forever is set to be the most played game ever.

    3D Realms gave a presentation of the all the features that will help Duke keep the number one spot in the market. It also outlined the TV channel, movies series and theme park spun from the elements of the game.

    Check it out! [wikipedia.org]

  • bummer of a birth mark... (Score:5, Insightful)

    by slashname3 (739398) on Thursday June 15 2006, @02:36PM (#15542771)
    Microsoft just painted a huge bullseye on Vista. If the hackers were not interested in spending time finding exploits they will now. Waving red flags and yelling watch this are things you should not do unless you know for sure the bull is in the other corral or that you are an expert at the stunt you are about to try and pull. Microsoft is in the same corral with the hackers and they are not experts on OSes based on past performance.

    From my favorite FarSide cartoon: Two deer standing in the woods, one has a bullseye on his chest, the other one says, "Bummer of a birth mark Hal."

  • It's True! (Score:5, Funny)

    by ch-chuck (9622) on Thursday June 15 2006, @03:08PM (#15543077) Homepage
    I just tried to rdesktop to my Vista installation from Linux, and instead of allowing a remote 'hacker' access the system, it bravely BLUESCREENed. Imagine an OS so secure it would rather self destructs than allow an intruder. Now that's a secure OS, yes indeed.

    Tip: You must update to latest cvs of rdesktop, something about key size.

    • The message should have looked like:

      ...sound like a challenge to me...

      Let's count the kinds of attacks that have existed in the past:

      Bad daemon/service design allowing for root control through the service itself remotely
      Bad daemon/service permissions allowing a buffer overflow to give one service-level command access
      Bad port use allowing for access to stuff that should be off by default
      Bad user permissions control requiring everyone who actually want to do something to have local admin access
      Bad
    • ??? I thought the whole idea behind "black hat" vs. "white hat" was the relationship between the "hacker" and the victim. White hat hackers do their stuff with permission and with people's best interests at heart. Black hat hackers do things for their own interests, at the expense of the victims.

      Following this line of reasining, if MS really employed "black hat hackers," wouldn't such hackers immediately say, "Gollee, this OS is super secure! I couldn't find a single way to compromise it!" Meanwhile,

      • Its called media speak. Black-hat hackers sounds like a group of evil-doers who are now turned to the light side and are helping MS secure their OS, but they are still bad boys.

        White-hat hackers sound like a bunch of pocket-protecting IT professionals who work in OS security.

        People will think that if the "bad boy" hackers aka the ones lurking in the wild can find all the exploits, then the OS will be "teh most secure ever"

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.