Vista Security Claims Debunked 315
An anonymous reader writes "Apparently Microsoft still hasn't learned that counting vendor acknowledged vulnerabilities isn't a good way to establish the security of an OS. As an analysis of Microsoft's claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista's chart. Then we see that vulnerabilities aren't vulnerabilities when they're security-challenged features such as Vista's Teredo. Also, there's far too little consideration given to severity, given that it stoops to counting even extra access restrictions on a file in OSX to have something to show. In short, the original Microsoft analysis was good PR and poor research."
Re:The Microsoft guy did a second report (Score:3, Informative)
Also, none of the vulnerabilities were enumerated, so you couldn't guess at what software was installed on that basis.
So it's quite possible that the report was based on Linux, X11, and GNOME with the minimal amount of other stuff to make the system run, but somehow I doubt that.
Re:er (Score:3, Informative)
Of course, the solution is blindingly simple. If an icon is on the "All Users" desktop, and you delete it, it simply marks it deleted for *your copy* of the desktop. If you rename it, it's the same icon.. just renamed on your desktop. If an administrator wants to delete it, give them another context menu option, or let them delete it from the actual "All Users\Desktop" folder.
Arguments in terms of Active Directory/Domains are moot--you could simply administer that right via group policies to prevent users from renaming, for example, the icon for Outlook.
Re:Teredo (Score:3, Informative)
A vulnerability is a vulnerability regardless of whether other systems have similarly flawed mechanisms.
If Mac OS X had a vulnerability in its Apple File Service, it wouldn't be dismissed simply because Windows doesn't natively support the AFP service.
Re:The Microsoft guy did a second report (Score:3, Informative)
Some of the issues I noticed in the second report include:
http://blogs.technet.com/security/archive/2006/10
I'll leave the final comment to the man himself;
November 07, 2006, Jeff Jones
Re:The really sad part.... (Score:5, Informative)
Alternatively, press F8 during bootup and disable automatic restarts.
Re:Don't accept abuse. MS apparently lied. (Score:4, Informative)
Better yet:
Wait until the service pack is out and independent reviewers are happy with it. Because if people stick to the rule "after SP X things are fine", it is merely an incentive for Microsoft to rush the service packs until the number X in question is reached.
In the case of Vista, it seems Microsoft was already organizing the beta testing for SP1 before the OS was released to end users:
http://news.com.com/2100-1016_3-6152704.html [com.com]
That article was from January 23rd. Looks like the beginning of a trend to increase the SP count as fast as possible.
Re:Where is the debunking? (Score:5, Informative)
That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.
From Secunia's advisory atatistics:
Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?
Re:The really sad part.... (Score:4, Informative)
No it wasn't. OS/2 was waaaaay ahead of win95 in pretty much every way.
Re:Microsoft found making PR-FUD-ing research (Score:5, Informative)
- The existing number of unfound bugs is related to the number of discovered bugs. Well no not really: The number of found bugs is actually related to how long and how many researchers have been testing and actively looking for the bugs and second to that is how buggy the software is. I can assign a team of one researcher with no experience and they'll never find any bugs in the poorest of software.
Re:Microsoft found making PR-FUD-ing research (Score:4, Informative)
Windows Vista is "dramatically more secure than any other operating system released", Microsoft founder Bill Gates has told BBC News [bbc.co.uk].
(Emphasis added.)