MS Security Chief: Windows Never Exploited Until Patch Available

BenBenBen writes "The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: 'We have never had vulnerabilities exploited before the patch was known', and '[he] could only think of one instance when a vulnerability was exploited before a patch was available'. Erm..."

Oh really?

[ChaoticChaos]

"The Earth is flat."
"The Sky is green."
"Earth is the center of the universe."

Other ridiculous statements that have also been proven false.

So, let me get this straight, Windows will become more secure if Microsoft stops issuing patches? :-)

Sakes alive, the Microsoft spin machine has been well oiled this morning!

ChaoticChaos
"If Windows wasn't vulnerable until the patch was released, why was the patch released in the first place???"

IN SOVIET RUSSIA...

[sputnikid]

the patches exploit you!

Criminal tools like "diff"?

[RobertB-DC]

He said tools were available that compared patched and unpatched versions of Windows to help vandals and criminals work out what was different.

"The guys who write the tools would not consider themselves to be criminals by any measure," he said, "but the tools are also being picked up by people with criminal intent."

I guess that explains why Windows doesn't include a "diff" function...

In other news...

[daeley]

In related news, the Mayo Clinic has announced that if we eliminated cancer treatments, we would eliminate cancer.

So...

[Niles_Stonne]

So, instead of poor programming it's incompetent management?

Must have a good source for that stuff...

[ackthpt]

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.

I love how people with vested interests are called 'experts'

thhhhhhhhhtttt *choke* *gag* "ahhhhhhh" So as I was saying, hackers haven't found any of these flaws and exploited them before they were patched. Man, this is some strong crack, I almost believe what I said, myself"

And how do these fine experts actually know there aren't, at this moment, flaws being exploited left and right? Ah, they're experts, of course!

This just in...

[cybercuzco]

Microsoft to stop patching systems altogether to improve security. Also announces that War is Peace, Freedom is slavery etc etc etc

What happened to the month of March?

[andreMA]

... we seem to have skipped directly to April 1st...

Re:Oh really?

[smchris]

Karl Rove moonlights?

Iraq

[LittleLebowskiUrbanA]

This ranks right up there w/ the Information Minister... Looks like the corporate world is just as bad about propaganda as the gov'ts of the world.

It's no wonder...

[Sayten241]

that with geniouses like this working for them, Microsoft has the most secure OS in the world.

Re:Oh really?

[dingbatdr]

In other news, Microsoft announce that cause and effect are reversed when it comes to their software.

"We think it is due to our patented time-traveling module," quips Steve Balmer.

Revised Quote

[pumpknhd]

Previous Quote: 'could only think of one instance when a vulnerability was exploited before a patch was available' Revised Quote: 'I can not think of even one instance when a vulnerability was exploited before windows was available'

Since when..

[bishiraver]

Since when did Microsoft hire the Iraqi Information Minister?

Don't trivialise their complicit condonment!!

[adamofgreyskull]

You may mock, but I doubt any exploit has been written without using the Shift & Return keys.

As they loose face before me...

[La Camiseta]

"It's a myth that hackers find the holes," said Nigel Beighton, who runs a research project for security firm Symantec that attempts to predict which vulnerabilities will be exploited next.

wow, credibility meter falling ... falling ...

What the Fuck? What the Fucking Fuck Fuck?

[Tackhead]

> 'We have never had vulnerabilities exploited before the patch was known'

"Bullshit" doesn't begin to do justice of the level of falsehood present here. We're talking about taking the very essence of falsity, distilling it over the flames of ignorance, condensing it within intestinal walls of monumentally bovine intellectual apathy and sponsoring a college kegger with the elixir-excremento obtained therefrom.

Re:Security is in the eye of the beholder

[kyoko21]

All the really technical people at Microsoft are all too juiced up from the free soda that they get readily available from the free soda machines posted at every 50 paces. Not to mention they also get free snacks, too.

Re:Piffle

[maiden_taiwan]

>Sounds pretty close to an admission of deliberately leaving old OS's insecure to force upgrades to me...

Ridiculous. Why would they want to force upgrades to Windows ME?

Re:Oh really?

[ChaoticChaos]

Another way to look at this is that I should be able to remove every patch from my Windows PC and it would be totally secure? LOL!

Back at work, I see...

[Hawthorne01]

It's good that ol' Bagdhad Bob, aka The Iraqi "Information" Minister, has landed on his feet and found a good position with Microsoft.

I wonder if he's moonlighting for tobacco companies on the side as well.

XP = Legacy?

[La Camiseta]

"Almost all attacks against our software are against the legacy systems," he said.

So is that what they're calling WindowsXP now?

Iraqi Information Minister working for MS?

[ageoffri]

Wow looks like Microsoft has hired the Former Iraqi Informaiton Minister.

"The infidels packets are slaughtering themselves at the ports to our OS"

"There are no exploits against windows, they are all lies from the so called Open Source community"

"We removed the Windows Update site to better serve our loyal followers."

Re:Piffle

[Erratio]

Yeah...I hate paying for those damn Linux upgrades.

He went on

[QuijiboIsAWord]

He went on to prove that black was white and was run over at the next zebra crossing..

Re:The dark arts?

[Anonymous Coward]

Has Microsoft become so jaded that they have turned to the dark art of trolling?

I sure hope so. I wonder how much MS will pay for:

a) First posts
b) "In Soviet Russia" jokes
c) "I for one welcome X overlords" jokes

Goatse & Tubgirl redirects must be worth a bundle!

Darl?? IS THAT YOU??

[Anonymous Coward]

Since when did McBride get a job a Microsoft..

Re:On the same logic

[Anonymous Coward]

1600 Pensylvania Avenue
Washington, D.C.

I work from home, but you can find out my vacation schedule by watching the news.

Hope to see you soon.

Legacy Systems

[Archangel Michael]

32 bit extensions to a 16 bit OS, built for an 8 Bit CPU by a two bit company.

Defining the Microsoft Legacy.

Re:Riiight...

[Zerikai]

He's not missing a thing!

I did exactly what he claims and I have a very secure system. I upgraded to Linux.

Or a very old quote:

"The box said Windows 95 or better, so I bought a Macintosh"

And despite photographic proof...

[Bug-Y2K]

...I never did this. [goolsbee.org]

Ever.

No, really... I didn't.

Logic?

[CaptainBaz]

Mr Aucsmith went on to prove that 1=2, that black is white, and promptly got himself killed on the next zebra crossing...

Re:Oh really?

[FrostedWheat]

"We think it is due to our patented time-traveling module," quips Steve Balmer.

It's true! I was copying a file over the LAN the other day, and IE said it had -8342563246 seconds to go!

Microsoft Time (C)(R)(TM)
Where do you want to go yesterday?

Re:Don't trivialise their complicit condonment!!

[weeboo0104]

You may mock, but I doubt any exploit has been written without using the Shift & Return keys.

i FOUND ONE. mY KEYBOARD IS TYPING EVERYTHING IN OPPOSITE CASE. pRESSING SHIFT PRINTS A LOWER-CASE CHARECTER AND DOING NOTHING PRINTS UPPER CASE.

caps-lock, wHAT'S THAT?

Oh hells bells...

Re:So...

[Lumpy]

So, instead of poor programming it's incompetent management?

you must be new around here....

welcome to america. where the most incompetent employee is promoted to the position where he/she will do the least amount of damage... Management.

Re:Legacy Systems

[squibix]

32 bit extensions to a 16 bit OS, built for an 8 Bit CPU by a two bit company...

That can't stand one bit of competition.

Re:Piffle

[Bombcar]

How many people do you know that are still running 2.0.34?

Those people are Amateurs.

The latest kernel is 2.0.40 [kernel.org], as everyone should know.

[/sillyness]

Re:Oh really?

[hcetSJ]

Next big thing in computers: the then-if statement! Available only on Microsoft products, certainly.

Re:Piffle

[rholliday]

"Almost all attacks against our software are against the legacy systems ..."

Am I the only one who remembers a few exploits that 95/8 were immune to because of innovations in new OSs? I mean, just a little thing like MS.Blaster. Probably didn't make the news ...

Microsoft admits it!

[Anonymous Coward]

Microsoft admits there they are the cause of all those security holes! By recklessly releases these patches, they are creating exploits!

I think I'll sue now that I have proof!

Re:Security through Obscurity

[Merlin42]

'Cuz if I said anymore then it wouldn't be as secure ...

I shouldn't have said that ...

I shouldn't have said that I shouldn't have said that ...

I'm talking too much ...

I shouldn't say that ...

I'll just be quiet now ...

I promise (doh)

Re:Oh really?

[MichaelKaiserProScri]

They cut the quote short. It was really "If you want secure software updgrade to Linux "

"It says it runs on Windows 98 or better and I'm running Linux and it won't work..."

;)

Re:Oh really?

[armb]

> Other ridiculous statements that have also been proven false.

Slashdot stories always accurately summarize the content of the linked story, and wouldn't ever misrepresent vulnerabilities are hardly ever exploited before patches are released as "is never vulnerable until a patch appears".

He was missquoted...

[ayjay29]

What he actually said was:

"We have never had vulnerabilities exploited before Apachi was available."

Typographical error in article

[iapetus]

Due to user error, the words "to NetBSD" were omitted from the end of the article.

Alright!

[bruns]

Alright, who gave Microsoft the SCO koolaid?

Re:Oh really?

[Anonymous Coward]

Don't you mean:

When do you want to go today?

Basically sums up my windows experiences over the past years

In related stories

[AtariAmarok]

In related stories, it has been revealed that firemen cause fires, policeman cause crime, and the good folks at Symantec have written all the viruses.

Film at 11:00 (just after the anchorman tells us about all of the muggings he committed).

Flies Cause Garbage, says Microsoft Expert

[bgeer]

REDMOND (AP)-- Microsoft's Dewey Cheetum, head of the software giant's "City and Regional Advantage Program" (CRAP) Group, announced today a major breakthrough in his group's analysis of waste management processes. "The biggest problem with dealing with a municipal landfill is all the flies. They spread disease, cause nearby property values to drop, and are a nuisance." CRAP has long known that flies were a problem, but what Cheetum discovered recently made him totally rethink the problem. "We looked hard at our research data and realized that the flies were causing all the garbage" Cheetum said "It seems counterintuitive, but I mean think about it, you never see a lot of garbage without flies around it. It makes sense to me and I'm really smart, trust me." Cheetum dismissed the idea that his group might have made an error "Look bitch, I have a fucking PhD in computer science, don't get smart with me"

--30--

Re:Oh really?

[tmasssey]

You mean like INTERCAL [encyclopedia4u.com]? How can you live without a COME FROM statement?

Isn't this....

[retinaburn]

The same company that has an exploit written for an OS that is yet to be released ??

Re:Oh really?

[ssbljk]

in the beginning there was Windows ... and it was secure ....

then we downloaded damn patch :(

Okay, now that was funny!!!!!!!

[zibix]

"Where do you want to go yesterday?" Thanks, that made me spit coffee on my screen... but it needed cleaning anyway.

Could this mean...

[jellomizer]

Could the mean that Microsoft as a Business exists moving in time backward. This explains Microsoft quick profits and good business decisions back in the 80's and over now in the 2000's a younger and less experience Microsoft is making more mistakes. and having a little more competition to deal with.

I don't know about you but I confused myself.

Two Observations...

[lynx_user_abroad]

First: Microsoft must have knowledge about vulnerabilities which they are not releasing patches for. Unless the next monthly patch (or Service Pack) is the last one ever released, it means they chose not to release a patch they currently know about, or they didn't know about/didn't have a patch for the vulnerabilities which next month's Service Pack fixes.

Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.

Re:Assume for me...

[strike2867]

Think of the great headlines.

Microsoft believes Windows security only works due to the obscurity

Microsoft source code released

Re:Oh really?

[benya]

Not necesseraly... Others might find explots, but do not actually exploit until a Microsoft patch is released.

Re:Since when..

[wintermute740]

"Since when did Microsoft hire the Iraqi Information Minister? "

We finally see what "IP" Microsoft lisenced from SCO. I didn't know crack counted as IP, though ;)

One Instance

[Vampyre_Dark]

I'm guessing that one instance of exploitation would be the initial windows purchase. That's when you bend over and Billy comes over to plant his worm in your "security hole."

Re:Oh really?

[mpe]

Sakes alive, the Microsoft spin machine has been well oiled this morning!

They must have had a delivery of snake oil :)

It could be true!

[mazarin5]

It could be true!
After all, I've never had a cavity until I went to the dentist!

Re:Oh really?

[Short Circuit]

It's called sweeping it under the rug. Until, of course, someone trips over the raised rug or sees dust puff out when the rug is stepped on.

Re:Oh really?

[zelurxunil]

Perhaps it can be reverse engineered...

Re:Logic???

[jridley]

The last statement in the article: "If you want more secure software, upgrade." pretty much sums up Microsoft's position.

Does anyone remember Bill G's statement a few years ago... "Nobody upgrades their software to fix bugs, that's the stupidest thing I've heard of. People buy new software to get new features."

I guess not getting 0wnd must be considered a "feature".

Re:Oh really?

[jocknerd]

Wouldn't Microsoft's Security Chief be a marketing guy? He obviously doesn't have anything to do with security.

Re:Must have a good source for that stuff...

[BlackHawk]

• I love how people with vested interests are called 'experts'

A woman I used to work with said it best:

Don't call me an "expert". "Ex" means a "has been", and a "spurt" is a drip under pressure.

Re:Oh really?

[Short Circuit]

One of the reasons I love Perl is that the following line of code works:

open ( PERLYGATES ) or die "Trying";

Re:On the same logic

[lpangelrob2]

One Microsoft Way
Redmond, WA 98052

Kinda sucks that people are always home, but that's okay, they usually aren't doing anything important.

Re:Piffle

[Erratio]

Not worth as much as Windows which usually costs about a couple hundred dollars...every couple years. Add on Office and all the other software you want. And then you can relax knowing that you avoided that crappy free software and instead have spent your hard earned money for programs that are written by the best people that take the to time to make sure it's the best possible software in the world and worth every penny. And just to show you how hard they're working, release patches all the time to make it even better than before. The same patches which they claim are the doorways to allow anyone on the Internet to trash your computer. But of course it's not their fault their programs have gaping security holes, or that they are apparently claiming they're helping people manipulate those holes. It's your fault because you haven't given them enough money to fix these problems that you paid for and need to pay for an upgrade which will solve these problems and have exciting new ones.

What'd he say??

[cyclist1200]

Is this Microsoft's way of saying they're not gonna patch Windows vulnerabilities any more?

Put your money where your mouth is

[sootman]

"If you want more secure software, upgrade."

OK, I'll take you up on this. Starting today, release no more patches for XP and 2003 Server (or IE or IIS or OE or MS-SQL or any other component.) We should see no new exploits from this day forward. We'll give it a year. If an explot is found, I get your house and car. If no exploits are found, you get mine. Deal?

PS: If you release another patch, I win. Any "feature upgrades" must be thoroughly examined by a 3rd party to make sure you aren't sneaking any patches in. I promise I will not actively look for exploits myself.

Re:Oh really?

[Zixia]

There has never been an expoit without a patch. Just the one.

One! One exploit without a patch, and that other one against Internet Explorer.

Okay, two exploits without a patch. Unless you count the many against Outlook Express.

AMONGST THE EXPLOITS WITHOUT A PATCH ARE... Can we start the interview again?

Re:Oh really?

[PetiePooo]

it was said by the Microsoft Security Chief.

Oh, c'mon, guys. Can't you see that Mr. Aucsmith is just trolling the world?? Move along.. Nothing to see here. The best way to deal with trolls is to ignore thm. Responding only encourages their actions!

BTW, I have a slashcode improvement request: I'd like the ability to moderate front page articles as "-1 Troll"

Re:Criminal tools like "diff"?

[tomhudson]

Great - I'm going to go to everyone's machine and replace the CompletionChar value with backspace and watch them go nuts!

Re:Piffle

[Mordac the Preventer]

"If you want more secure software, upgrade."
That quote goes for Linux as well as MS. How many people do you know that are still running 2.0.34

Yeah, but you try finding a rootkit for my trusty server running kernel 0.99

That would be...

[87C751]

"We think it is due to our patented time-traveling module," quips Steve Balmer.

That would be a kernel module. See pp. 270-271 of Oney's WDM book, 2nd. ed.

Wouldn't believe it if I hadn't seen it firsthand.

Re:Oh really?

[Anonymous Coward]

The Iraqi's information ministers stikes BACK !

Iraqi misister of information

[shawn(at)fsu]

Someone let G. W. Bush know we found the Iraqi Minister of Information.

Re:Oh really?

[ktulu1115]

Actually I think it'd be more accurate similar to this:

In the beginning there was UNIX. And it was good. And then Windows came along. And then all hell broke loose... ad infinitum, you get the idea. :)

Re:only Microsoft finds exploits

[Necrobruiser]

**"Only Microsoft finds exploits"**

Or is it the other way around ?

say [pun]"Only Microsoft exploits exploits"[/pun]...

I think the other way around would read "Only exploits find Microsoft."
Seems more probable that way...

Re:Oh really?

[Lobo_Louie]

This reminds me of a Knowledge Base link I saw on M$'s website about 3-4 years ago. I'm paraphrasing here: Warning, your password must be 324,322,322 characters long and must not match any of your last 324,234,234 passwords. The URL made the rounds in couriels *. * excuse my french!

Re:Piffle

[TheLinuxSRC]

Except it would take something like six hours to compile on what he has. I guess this is where cross-compiling would be helpful ;)

Three Monkeys Accounting

[Dark Bard]

In related news the government has fired all accountants in an effort to end budget deficits. "What we don't know can't hurt us."

Re:only Microsoft finds exploits

[stanmann]

old joke... insert so I bought a Mac.

Re:Oh really?

[stanmann]

The grandparent was partly mistaken... and slightly confused

the universe if it is expanding at anything greater than .5c and many posit that it is... is in fact growing FTL...but not in every direction..but the net effect is FTL since .50..01+.50..01=1.0..02 so objects are reaching seperation velocities of C+ which is not to be confused with C++

Re:They don't get the point...

[More Trouble]

Who is it that finds all the exploits and reports them to Microsoft in the first place? It sure as hell isn't Microsoft employees!

If they were giving X shares of Microsoft stock for every vulnerability found, you can bet MS Employees would be finding a lot of holes!

:w

Microsoft: Security Through Hilarity...

[Anonymous Coward]

MS can't expect the crackers to laugh for too long. Maybe this guy has a whole stand-up routine planned to keep the crackers too busy laughing to write exploits.

Yes, really.

[Pan T. Hose]

You haven't RTFA, have you? The quote in the Slashdot summary is a little bit out of context, but is a perfectly valid statement of a well known historical fact nonetheless. Please read it carefully:

The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: "We have never had vulnerabilities exploited before the patch was known," and "[he] could only think of one instance when a vulnerability was exploited before a patch was available."

Does he say anywhere that the patch is a specific diff patching this particular vulnerability? No. Of course not. It would be ridiculous.

Now, if I recall correctly, Larry Wall made the patch available in 1984 and I honestly cannot remember any Windows vulnerability whatsoever before that time.

Please, people, just because it was Microsoft Security Chief, doesn't mean that what he said must not be true!

Re:Oh really?

[jrockway]

> They must have had a delivery of snake oil :)

I hope someone doesn't post a picture of it on their blog and get fired :)

Re:Criminal tools like "diff"?

[shotfeel]

Quite the contrary. Criminals have been breaking into windows for centuries. Windows have been a security threat since man upgraded from the cave -either full of holes or easy to break (or both).

I guess MS really did name their OS accurately.

XFree86 licence v2.0

[StupidKatz]

A shame about that, but thankfully, there are things like Y Windows, which would be next to impossible to create without the existence of the Open Source train of thought in the first place.

What if you don't like the next version of MS' EULA?
1. suck it up and patch
2. refuse and be owned by the next RPC buffer overflow worm

Whee.

Best laugh I've had all day!

[brain1]

I just spewed coffee all over my desk! To quote the article...

"Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts."

Ok, all you lazy good-fer-nothing lazy script kiddies -- get out your disassemblers and get to work! Service pack 2 is just around the corner and guaranteed to keep you busy for weeks! Brush up on VB scripting.

Whee-hoo!

So thats where the Iraqi Information Minister went

[Anonymous Coward]

Doesn't this sound an awful lot like:

"The Linux infidels are commiting suicide and throwing their dead bodies on the walls of Redmond..."

Childsplay

[Myrmi]

"If I put my hands over my eyes, the evil booger-hackers can't see me...."

Re:Oh really?

[ejort79]

way, to use , use those, commas,

Re:Oh really?

[Gumshoe]

"We think it is due to our patented time-traveling module," quips Steve Balmer.

Well, that explains top-posting.

Re:That would be...

[SpaceLifeForm]

WDM? Damn, I parsed that as WMD.

Windows of Mass Destruction.

Re:Oh really?

[iminplaya]

In other news, Microsoft announce that cause and effect are reversed when it comes to their software.

This is how they can patent so much prior art.

Re:Oh really?

[andrew_0812]

Not yet, it hasn't been patched...

Re:only Microsoft finds exploits

[iminplaya]

I think the other way around would read "Only exploits find Microsoft."

Maybe in Soviet Russia, perhaps?

Re:Oh really?

[Oyvind Eik]

[cheapo] haha, this screen appeared on my windows that said "time before shutdown: 60 seconds"
[cheapo] so i turned the windows clock 2 years backwards and now it says "time before shutdown: 729 days" :D:D
[cheapo] i just love windows :D

[#227455 [bash.org]]

Windows has a great sense of humor. :-)

Re:Oh really?

[qcomp]

No... I think what they are trying to say is that *after* a patch is released and a description of the exploit is given, mal-ware writers then run off and use this description to write mal-ware to take advantage of folks who haven't applied the provided patches.

exactly, so MS shouldn't patch any holes in the first place, then no malware would be written and everyone would live happily ever after

Re:Oh really?

[OhHellWithIt]

> My opinion is subject to change without warning. Maybe use "perl -w"?

Re:Oh really?

[Anonymous Coward]

.well patterns-thought my reflect t'don theY .language other any to used got never I !language programming first my was ITERCAL ?funny modded this was whY

Re:Windows updates

[shadowbearer]

Someone mod this guy up.

At work we're switching from Sucky Coding Operation over to XP systems next month. Security, updates, yadda yadda. It'll still be an improvement, but I'm wondering just how much BS we're going to have to deal with this year. Here goes....I'm going to lay in a big supply of aspirin (preventative) and beer (pallalatitive).

Oh, and Corporate was originally going to linux systems, but changed their minds almost exactly one year ago. I wonder why? Thanks, SCO, you assholes. Don't be surprised if your gravestone is covered with spittle 24/7, Darl.

SB

Re:Piffle

[shadowbearer]

9% of the updates on XP don't require a restart, they just tell you it won't take effect until the next restart.

Um, that means you have to restart to have an updated system...

SB

Hmm....

[Anonymous Coward]

I wonder how the 'vulnerabilities' get discovered then? An infinite amount of monkeys on an infinite number of keyboards? Perhaps microsoft employs a grad student to snif out these things.... yes - that's got to be it. Or perhaps while spewing out code, the IDE automatically highlights vulnerabilities in Red to 'remind' the programmers that there is something to fix (which they never get around to doing). Perplexing isn't it?

If thats true then

[Tandoori Haggis]

Nobody smoked until nicotine patches were released

Nobody washed dishes before washing-up detergent was invented

Nobody had a crap before bog roll was invented

Nobody got pregnant or caught diseases until condoms were invented.

Help! I'm trapped in a parallel universe where the laws of logic are being inverted!

Re:Oh really?

[cavebear42]

Nooooooooo one expects the Microsoft inquisition!!!!

Re:only Microsoft finds exploits

[Anonymous Coward]

In Soviet Russia, Microsoft exploits you!

Oh wait...

Re:Oh really?

[radon28]

not as good as this one [microsoft.com]...

Re:Oh really?

[Anonymous Coward]

Better yet, release fix to patch holes, and create new ones at the same time, that'll keep malware authors in a state of permanent confusion.

Re:Oh really?

[Mixel]

Maybe Microsoft should adopt a new strategy and also release fake patches to fictional bugs that dont exist (in large, bandwidth-permitting numbers). This would confuse all the malware authors and solve the information exploitation problem!

Re:Oh really?

[mino]

Running screamingly offtopic, but when it comes to all-time best KB article headlines, here's yer winner:

Earth Rotates in Wrong Direction [microsoft.com]

Re:Oh really?

[Zork the Almighty]

Microsoft has confirmed this to be a problem in Explorapedia, World of Nature, version 1.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

How much research does this TAKE ?

UPDATE: We've discovered something called the law of the excluded middle, but we're still investigating how it might apply to this situation."

Security through obscurity...

[Secahtah]

...never works. That's like a bank saying "No one ever robbed our bank until we fixed that big gaping hole in the side of the vault that was exposed to the outer wall of the building."

So stop releasing these patches bastards!

[Anonymous Coward]

It is all your fault then, Mirosoft!
I did not believe that, I thought it is those
nasty Linux hackers, but now you admit it yourself!

I demand that you stop relasing these patches so our OS is more secure! If you don't we will go into
class action suit against you.

Re:Oh really?

[yulek]

i'm sorry, but that doesn't hold a handle to this kb headline [microsoft.com]