MS Security Chief: Windows Never Exploited Until Patch Available 1040
BenBenBen writes "The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: 'We have never had vulnerabilities exploited before the patch was known', and '[he] could only think of one instance when a vulnerability was exploited before a patch was available'. Erm..."
Oh really? (Score:5, Funny)
"The Sky is green."
"Earth is the center of the universe."
Other ridiculous statements that have also been proven false.
So, let me get this straight, Windows will become more secure if Microsoft stops issuing patches?
Sakes alive, the Microsoft spin machine has been well oiled this morning!
ChaoticChaos
"If Windows wasn't vulnerable until the patch was released, why was the patch released in the first place???"
IN SOVIET RUSSIA... (Score:-1, Funny)
Criminal tools like "diff"? (Score:5, Funny)
"The guys who write the tools would not consider themselves to be criminals by any measure," he said, "but the tools are also being picked up by people with criminal intent."
I guess that explains why Windows doesn't include a "diff" function...
In other news... (Score:5, Funny)
So... (Score:5, Funny)
So, instead of poor programming it's incompetent management?
Must have a good source for that stuff... (Score:5, Funny)
I love how people with vested interests are called 'experts'
thhhhhhhhhtttt *choke* *gag* "ahhhhhhh" So as I was saying, hackers haven't found any of these flaws and exploited them before they were patched. Man, this is some strong crack, I almost believe what I said, myself"
And how do these fine experts actually know there aren't, at this moment, flaws being exploited left and right? Ah, they're experts, of course!
This just in... (Score:3, Funny)
What happened to the month of March? (Score:5, Funny)
Re:Oh really? (Score:1, Funny)
Karl Rove moonlights?
Iraq (Score:5, Funny)
It's no wonder... (Score:2, Funny)
Re:Oh really? (Score:5, Funny)
"We think it is due to our patented time-traveling module," quips Steve Balmer.
Revised Quote (Score:3, Funny)
Since when.. (Score:4, Funny)
Don't trivialise their complicit condonment!! (Score:2, Funny)
As they loose face before me... (Score:2, Funny)
wow, credibility meter falling
What the Fuck? What the Fucking Fuck Fuck? (Score:5, Funny)
"Bullshit" doesn't begin to do justice of the level of falsehood present here. We're talking about taking the very essence of falsity, distilling it over the flames of ignorance, condensing it within intestinal walls of monumentally bovine intellectual apathy and sponsoring a college kegger with the elixir-excremento obtained therefrom.
Re:Security is in the eye of the beholder (Score:2, Funny)
Re:Piffle (Score:5, Funny)
Ridiculous. Why would they want to force upgrades to Windows ME?
Re:Oh really? (Score:1, Funny)
Back at work, I see... (Score:3, Funny)
I wonder if he's moonlighting for tobacco companies on the side as well.
XP = Legacy? (Score:5, Funny)
So is that what they're calling WindowsXP now?
Iraqi Information Minister working for MS? (Score:5, Funny)
"The infidels packets are slaughtering themselves at the ports to our OS"
"There are no exploits against windows, they are all lies from the so called Open Source community"
"We removed the Windows Update site to better serve our loyal followers."
Re:Piffle (Score:5, Funny)
He went on (Score:2, Funny)
Re:The dark arts? (Score:2, Funny)
I sure hope so. I wonder how much MS will pay for:
a) First posts
b) "In Soviet Russia" jokes
c) "I for one welcome X overlords" jokes
Goatse & Tubgirl redirects must be worth a bundle!
Darl?? IS THAT YOU?? (Score:1, Funny)
Re:On the same logic (Score:1, Funny)
Washington, D.C.
I work from home, but you can find out my vacation schedule by watching the news.
Hope to see you soon.
Legacy Systems (Score:3, Funny)
Defining the Microsoft Legacy.
Re:Riiight... (Score:2, Funny)
I did exactly what he claims and I have a very secure system. I upgraded to Linux.
Or a very old quote:
"The box said Windows 95 or better, so I bought a Macintosh"
And despite photographic proof... (Score:4, Funny)
Ever.
No, really... I didn't.
Logic? (Score:5, Funny)
Re:Oh really? (Score:5, Funny)
It's true! I was copying a file over the LAN the other day, and IE said it had -8342563246 seconds to go!
Microsoft Time (C)(R)(TM)
Where do you want to go yesterday?
Re:Don't trivialise their complicit condonment!! (Score:2, Funny)
i FOUND ONE. mY KEYBOARD IS TYPING EVERYTHING IN OPPOSITE CASE. pRESSING SHIFT PRINTS A LOWER-CASE CHARECTER AND DOING NOTHING PRINTS UPPER CASE.
caps-lock, wHAT'S THAT?
Oh hells bells...
Re:So... (Score:2, Funny)
you must be new around here....
welcome to america. where the most incompetent employee is promoted to the position where he/she will do the least amount of damage... Management.
Re:Legacy Systems (Score:2, Funny)
That can't stand one bit of competition.
Re:Piffle (Score:5, Funny)
Those people are Amateurs.
The latest kernel is 2.0.40 [kernel.org], as everyone should know.
[/sillyness]
Re:Oh really? (Score:5, Funny)
Re:Piffle (Score:5, Funny)
Am I the only one who remembers a few exploits that 95/8 were immune to because of innovations in new OSs? I mean, just a little thing like MS.Blaster. Probably didn't make the news
Microsoft admits it! (Score:2, Funny)
I think I'll sue now that I have proof!
Re:Security through Obscurity (Score:2, Funny)
I shouldn't have said that
I shouldn't have said that I shouldn't have said that
I'm talking too much
I shouldn't say that
I'll just be quiet now
I promise (doh)
Re:Oh really? (Score:2, Funny)
They cut the quote short. It was really "If you want secure software updgrade to Linux "
"It says it runs on Windows 98 or better and I'm running Linux and it won't work..."
;)
Re:Oh really? (Score:5, Funny)
Slashdot stories always accurately summarize the content of the linked story, and wouldn't ever misrepresent vulnerabilities are hardly ever exploited before patches are released as "is never vulnerable until a patch appears".
He was missquoted... (Score:3, Funny)
"We have never had vulnerabilities exploited before Apachi was available."
Typographical error in article (Score:2, Funny)
Alright! (Score:3, Funny)
Re:Oh really? (Score:4, Funny)
When do you want to go today?
Basically sums up my windows experiences over the past years
In related stories (Score:5, Funny)
Film at 11:00 (just after the anchorman tells us about all of the muggings he committed).
Flies Cause Garbage, says Microsoft Expert (Score:3, Funny)
--30--
Re:Oh really? (Score:5, Funny)
Isn't this.... (Score:4, Funny)
Re:Oh really? (Score:5, Funny)
then we downloaded damn patch
Okay, now that was funny!!!!!!! (Score:3, Funny)
Could this mean... (Score:5, Funny)
I don't know about you but I confused myself.
Two Observations... (Score:3, Funny)
Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.
Re:Assume for me... (Score:2, Funny)
Microsoft believes Windows security only works due to the obscurity
Microsoft source code released
Re:Oh really? (Score:3, Funny)
Re:Since when.. (Score:2, Funny)
We finally see what "IP" Microsoft lisenced from SCO. I didn't know crack counted as IP, though
One Instance (Score:3, Funny)
Re:Oh really? (Score:5, Funny)
They must have had a delivery of snake oil
It could be true! (Score:3, Funny)
After all, I've never had a cavity until I went to the dentist!
Re:Oh really? (Score:5, Funny)
Re:Oh really? (Score:5, Funny)
Re:Logic??? (Score:4, Funny)
Does anyone remember Bill G's statement a few years ago... "Nobody upgrades their software to fix bugs, that's the stupidest thing I've heard of. People buy new software to get new features."
I guess not getting 0wnd must be considered a "feature".
Re:Oh really? (Score:5, Funny)
Re:Must have a good source for that stuff... (Score:3, Funny)
A woman I used to work with said it best:
Don't call me an "expert". "Ex" means a "has been", and a "spurt" is a drip under pressure.
Re:Oh really? (Score:5, Funny)
open ( PERLYGATES ) or die "Trying";
Re:On the same logic (Score:3, Funny)
Redmond, WA 98052
Kinda sucks that people are always home, but that's okay, they usually aren't doing anything important.
Re:Piffle (Score:3, Funny)
What'd he say?? (Score:3, Funny)
Put your money where your mouth is (Score:5, Funny)
OK, I'll take you up on this. Starting today, release no more patches for XP and 2003 Server (or IE or IIS or OE or MS-SQL or any other component.) We should see no new exploits from this day forward. We'll give it a year. If an explot is found, I get your house and car. If no exploits are found, you get mine. Deal?
PS: If you release another patch, I win. Any "feature upgrades" must be thoroughly examined by a 3rd party to make sure you aren't sneaking any patches in. I promise I will not actively look for exploits myself.
Re:Oh really? (Score:5, Funny)
One! One exploit without a patch, and that other one against Internet Explorer.
Okay, two exploits without a patch. Unless you count the many against Outlook Express.
AMONGST THE EXPLOITS WITHOUT A PATCH ARE... Can we start the interview again?
Re:Oh really? (Score:5, Funny)
Oh, c'mon, guys. Can't you see that Mr. Aucsmith is just trolling the world?? Move along.. Nothing to see here. The best way to deal with trolls is to ignore thm. Responding only encourages their actions!
BTW, I have a slashcode improvement request: I'd like the ability to moderate front page articles as "-1 Troll"
Re:Criminal tools like "diff"? (Score:4, Funny)
Re:Piffle (Score:4, Funny)
That would be... (Score:3, Funny)
Wouldn't believe it if I hadn't seen it firsthand.
Re:Oh really? (Score:1, Funny)
Iraqi misister of information (Score:4, Funny)
Re:Oh really? (Score:2, Funny)
In the beginning there was UNIX. And it was good. And then Windows came along. And then all hell broke loose... ad infinitum, you get the idea.
Re:only Microsoft finds exploits (Score:5, Funny)
Or is it the other way around ?
say [pun]"Only Microsoft exploits exploits"[/pun]...
I think the other way around would read "Only exploits find Microsoft."
Seems more probable that way...
Re:Oh really? (Score:5, Funny)
Re:Piffle (Score:2, Funny)
Three Monkeys Accounting (Score:3, Funny)
Re:only Microsoft finds exploits (Score:2, Funny)
Re:Oh really? (Score:3, Funny)
the universe if it is expanding at anything greater than
Re:They don't get the point... (Score:4, Funny)
If they were giving X shares of Microsoft stock for every vulnerability found, you can bet MS Employees would be finding a lot of holes!
Microsoft: Security Through Hilarity... (Score:2, Funny)
Yes, really. (Score:2, Funny)
You haven't RTFA, have you? The quote in the Slashdot summary is a little bit out of context, but is a perfectly valid statement of a well known historical fact nonetheless. Please read it carefully:
The head of Microsoft's security business and technology unit states that Windows is never vulnerable until a patch appears, and that releasing patches is what causes exploits to be developed. Good quotes: "We have never had vulnerabilities exploited before the patch was known," and "[he] could only think of one instance when a vulnerability was exploited before a patch was available."
Does he say anywhere that the patch is a specific diff patching this particular vulnerability? No. Of course not. It would be ridiculous.
Now, if I recall correctly, Larry Wall made the patch available in 1984 and I honestly cannot remember any Windows vulnerability whatsoever before that time.
Please, people, just because it was Microsoft Security Chief, doesn't mean that what he said must not be true!
Re:Oh really? (Score:3, Funny)
I hope someone doesn't post a picture of it on their blog and get fired
Re:Criminal tools like "diff"? (Score:3, Funny)
I guess MS really did name their OS accurately.
XFree86 licence v2.0 (Score:3, Funny)
What if you don't like the next version of MS' EULA?
1. suck it up and patch
2. refuse and be owned by the next RPC buffer overflow worm
Whee.
Best laugh I've had all day! (Score:2, Funny)
"Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts."
Ok, all you lazy good-fer-nothing lazy script kiddies -- get out your disassemblers and get to work! Service pack 2 is just around the corner and guaranteed to keep you busy for weeks! Brush up on VB scripting.
Whee-hoo!
So thats where the Iraqi Information Minister went (Score:1, Funny)
"The Linux infidels are commiting suicide and throwing their dead bodies on the walls of Redmond..."
Childsplay (Score:2, Funny)
Re:Oh really? (Score:3, Funny)
Re:Oh really? (Score:3, Funny)
Well, that explains top-posting.
Re:That would be... (Score:5, Funny)
Windows of Mass Destruction.
Re:Oh really? (Score:5, Funny)
This is how they can patent so much prior art.
Re:Oh really? (Score:5, Funny)
Re:only Microsoft finds exploits (Score:5, Funny)
Maybe in Soviet Russia, perhaps?
Re:Oh really? (Score:5, Funny)
[cheapo] haha, this screen appeared on my windows that said "time before shutdown: 60 seconds" :D:D :D
[cheapo] so i turned the windows clock 2 years backwards and now it says "time before shutdown: 729 days"
[cheapo] i just love windows
[#227455 [bash.org]]
Windows has a great sense of humor. :-)
Re:Oh really? (Score:5, Funny)
exactly, so MS shouldn't patch any holes in the first place, then no malware would be written and everyone would live happily ever after
Re:Oh really? (Score:3, Funny)
Re:Oh really? (Score:5, Funny)
Re:Windows updates (Score:3, Funny)
At work we're switching from Sucky Coding Operation over to XP systems next month. Security, updates, yadda yadda. It'll still be an improvement, but I'm wondering just how much BS we're going to have to deal with this year. Here goes....I'm going to lay in a big supply of aspirin (preventative) and beer (pallalatitive).
Oh, and Corporate was originally going to linux systems, but changed their minds almost exactly one year ago. I wonder why? Thanks, SCO, you assholes. Don't be surprised if your gravestone is covered with spittle 24/7, Darl.
SB
Re:Piffle (Score:4, Funny)
Um, that means you have to restart to have an updated system...
SB
Hmm.... (Score:1, Funny)
If thats true then (Score:2, Funny)
Nobody washed dishes before washing-up detergent was invented
Nobody had a crap before bog roll was invented
Nobody got pregnant or caught diseases until condoms were invented.
Help! I'm trapped in a parallel universe where the laws of logic are being inverted!
Re:Oh really? (Score:2, Funny)
Re:only Microsoft finds exploits (Score:1, Funny)
Oh wait...
Re:Oh really? (Score:3, Funny)
Re:Oh really? (Score:1, Funny)
Re:Oh really? (Score:3, Funny)
Re:Oh really? (Score:5, Funny)
Running screamingly offtopic, but when it comes to all-time best KB article headlines, here's yer winner:
Earth Rotates in Wrong Direction [microsoft.com]
Re:Oh really? (Score:3, Funny)
How much research does this TAKE ?
UPDATE: We've discovered something called the law of the excluded middle, but we're still investigating how it might apply to this situation."
Security through obscurity... (Score:2, Funny)
So stop releasing these patches bastards! (Score:1, Funny)
I did not believe that, I thought it is those
nasty Linux hackers, but now you admit it yourself!
I demand that you stop relasing these patches so our OS is more secure! If you don't we will go into
class action suit against you.
Re:Oh really? (Score:4, Funny)