Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Cloud Security Windows

Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever (thurrott.com) 194

A new white paper from Microsoft claims that "devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7". But an anonymous reader brings more news from Windows-watcher Paul Thurrott: in a separate blog post, it also makes its case for why Windows 10 version 1607 -- that is, Windows 10 with the Anniversary Update installed -- is the most secure Windows version yet. Improvements in this release include: Microsoft Edge runs Adobe Flash Player in an isolated container, and Edge exploits cannot execute other applications... [And] the Windows Defender signature delivery channel works faster than before so that the in-box anti-virus and anti-malware solution can help block ransomware, both in the cloud and on the client. Additionally, Windows Defender responds to new threats faster using improved cloud protection and automatic sample submission features, plus improved behavioral heuristics aimed at detecting ransomware-related activities.
Interestingly, the paper also touts Microsoft's "Advancing machine-learning systems in our email services to help stop the spread of ransomware via email delivery."
This discussion has been archived. No new comments can be posted.

Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever

Comments Filter:
  • by Salgak1 ( 20136 ) <salgak.speakeasy@net> on Monday November 14, 2016 @07:32AM (#53280101) Homepage

    . . . .is not what **I** would call a selling point. Sticking to Win7 on my Windoze gaming box, and Ubuntu for my main box. . .

    • by fisted ( 2295862 ) on Monday November 14, 2016 @07:57AM (#53280225)

      That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

      • That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

        Odds are they're correct, but it never actually seems to become functionally secure, does it?

      • That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.

        Ya, but *this* time, the baked-in, mandatory telemetry that tracks everything confirms it's the most secure version.

      • Well that makes sense if they are continuously improving security. What else would they do? Go backwards?
        • by fisted ( 2295862 )

          They claim to be continuously "improving security", yes. So "$latest_windows is the most secure windows ever" isn't news.
          That said, last time I checked, "writing new code" was the opposite of "improving security", and that's what seems to happen for the most part. Would be difficult to keep selling new stuff otherwise, too.

    • by sjbe ( 173966 ) on Monday November 14, 2016 @08:18AM (#53280307)

      Security that the USER cannot control is not what **i** would call a selling point

      A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea. Microsoft can do a better job of it than my mother can. (yes I know... stop snickering) The VAST majority of users don't have the foggiest idea how to properly secure their computers nor any meaningful interest in learning. Having the option of user control for those with the ability is a good idea but probably not a good default for most users. Microsoft may not do a great job but they'll probably do a better job than the majority of users (which is kind of a sad commentary but it is reality). It only is a problem if they deny competent users the ability to control security when the need arises.

      • by Ol Olsoc ( 1175323 ) on Monday November 14, 2016 @09:09AM (#53280535)

        Security that the USER cannot control is not what **i** would call a selling point

        A fine stance if you are a a technically competent IT pro or equivalent.

        Because security is soooooooo hard!

        What we have here is people trying to claim to have it both ways. The "most secure Windows ever" still requires a lot of security updates, which means it really isn't all that secure. As well, thre are two parts to any security updates. One is making the computer more secure. The second is having the computer work after the update.

        Nothing like the secure aspect of a computer in endless reboot mode. Nothing like being powerless to do anything about it

        I guess.

        Microsoft's biggest failure in W10 was the Bohica update idea. Microsoft has always had problems with updates. I made a good part of my living by figuring out and repairing what they bitched up every month.

        And W10 is no different - you just have no choice but to bend over and take it.

        And having a working computer is as important as having one that is secure.

        • Because security is soooooooo hard!

          For a lot of people it is. For those who make their living doing IT it might seem rather straightforward but that's a tiny percentage of the population. Like any task that is outside your domain of expertise even easy things can seem hard if you don't know enough to ask the right questions. And frankly even most IT pros really aren't experts in security despite what they might tell you.

          The "most secure Windows ever" still requires a lot of security updates, which means it really isn't all that secure.

          Every major operating system requires security updates including Windows, linux, Android, iOS, OS X, and the rest. You

          • For a lot of people it is. For those who make their living doing IT it might seem rather straightforward but that's a tiny percentage of the population. Like any task that is outside your domain of

            expertise even easy things can seem hard if you don't know enough to ask the right questions. And frankly even most IT pros really aren't experts in security despite what they might tell you.

            Standard programmer debug technique seems to be
            - Turn off local firewall,
            - Give everyone/world admin rights,
            - Open Windows Share to "World/Everyone" (and cat, and dog), with Full access,
            - Turn off UAC, and
            - Request Administrator/root/QSECOFR password.

            And they seem to be regarded as the security experts by non-IT. Infrastructure/Security/Compliance teams be damned!

            • by dwywit ( 1109409 )

              My CEO once asked me why he wasn't a QSECOFR. I told him politely but bluntly that it wasn't a recommended practice for people who didn't know what they were doing to have such a level of access, that I had done the IBM courses on managing an AS400, and he hadn't.

              He was a bit taken aback, but my boss backed me up.

              Unfortunately at the next job the Analyst and the Programmer were QSECOFRs, and I couldn't convince my boss that was a bad thing.

          • Every major operating system requires security updates including Windows, linux, Android, iOS, OS X, and the rest. You will not find a non-trivial piece of operating system software that does not require security patches from time to time.

            Then they might think of not brgging about the need for monthly security updates. Reminds me of the local ads that bray about "Our biggest sale ever! Prices have never been lower!" Pointless marketing talk, and coming from marketers, almost always a lie.

            In addition the combination of needing those monthly or more often security updates, with the system screwups that Microsoft is famous for, means exactly this:

            You ar ebuying a machine that the Operating System fucks up more than the bad guys.

            If Mic

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Monday November 14, 2016 @09:11AM (#53280547) Homepage

        A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea.

        Let's assume that's true. It doesn't follow that 99+% of computers aren't managed by people who are competent. A lot of those users are using computers that are managed by IT departments, and Microsoft is taking control away from those IT departments.

        I would 100% endorse Microsoft trying to set sensible defaults, and hiding complex or dangerous controls in the registry where those incompetent users won't be able to find them. The controls should still exist somewhere.

        • Let's assume that's true. It doesn't follow that 99+% of computers aren't managed by people who are competent.

          This very well may be true. However, one thing I know to be true in life, is that One Size Fits All is a myth. Ramrodding universal "one size" to everyone without a hint of concern for those it will not work is horrible idea.

          • This very well may be true. However, one thing I know to be true in life, is that One Size Fits All is a myth.

            I'm presenting an argument for why Microsoft shouldn't force the same settings on everyone. You also seem to be presenting an argument for why Microsoft shouldn't force the same settings on everyone. Can we agree to agree on this one?

        • A lot of those users are using computers that are managed by IT departments, and Microsoft is taking control away from those IT departments.

          That is one of the few groups which still have control over their PCs.

          • No, we don't. Microsoft has been stripping administrative controls from Windows. Build 1607, for example, removes the ability for IT departments to control whether/when Windows Update runs.
            • Yes you do. As posted in another thread. Control is not a yes no question.

              Windows Updating running? Against what? Hopefully not something other than your WSUS server because it would just be silly to voluntarily give up control of your network like that.

              • Hopefully not something other than your WSUS server because it would just be silly to voluntarily give up control of your network like that.

                Oh... I get it. Wink wink, nudge nudge. Funny.

                And hopefully you aren't silly enough to assume that everyone's use case is the same as yours (wink wink, nudge nudge).

                I'm an MSP. I have an RMM that pushes out updates. My standard practice has been to turn off automated Windows updates and use the RMM's mechanism for deciding which updates to push. Unfortunately, the RMM's mechanism uses the Windows Update service, so I can't just kill it. So up until now, I had a nice little system that gave me really

      • by MeNeXT ( 200840 )

        Microsoft has no interest in protecting your mother. This can be attested by their license agreement. They assume absolutely no responsibility as to anything in regards to the software's intents and purposes. They only care that it's secure enough that people buy it. Your mother would be better off, if shown a little bit of safe practices than trusting that Microsoft cares for her well being.

        If she was smart enough to raise you she can understand how to use it safely. Don't sell her short!

      • by Rick Schumann ( 4662797 ) on Monday November 14, 2016 @12:21PM (#53282257) Journal
        See, the problem here isn't the authoritarian dictatorship attitude of MS about updates, it's the spyware they force on users, even of older versions of Windows, and forcing Win10 on people through various ruses. You're assuming MS has the best interests of the end users at heart, when clearly, through their actions, they do not; they're more interested in ensuring their revenue stream, and what the users want is not particularly relevant to them. How can you trust a company that clearly doesn't listen and doesn't care about your rights?
      • So, what if my mom is nothing like an IT pro, but is reasonably good at shopping? There's a lot of internet security products on the market designed to protect the computers of people who are not IT pros. Are you saying that reading reviews and trusting one of these products that was liked by reviewers to be competent at providing internet security is not a successful strategy - that only the system vendor can do this job sufficiently well?
    • . . . .is not what **I** would call a selling point. Sticking to Win7 on my Windoze gaming box, and Ubuntu for my main box. . .

      Is an iPhone secure, then?

    • I think everyone misunderstands the story. Win10's malware and spyware is the most secure ever -- from the end-user trying to disable or bypass it. MS has made themselves extremely clear, through their actions, that they don't give a rats' ass about the end user, other than the revenue they can squeeze from them. Therefore MS makes a priority of ensuring their revenue stream is secure, not anything the silly sheep users ever do.
    • Windows ? Secure ? lol.
      Windows 10 ? Secure ? no way.

  • Just curbing the competition.

  • by msauve ( 701917 ) on Monday November 14, 2016 @07:42AM (#53280143)
    Where are the patches for Win7 which address all these known flaws? They're supposed to be providing security updates until 2020.
  • by Anonymous Coward

    Except for the direct pipeline to Microsoft servers that is.

  • ...is still infinity.

  • ...now say it in Donald Trump's voice.
  • by toonces33 ( 841696 ) on Monday November 14, 2016 @07:51AM (#53280185)

    That's only because it won't boot. That way, the machine can't get infected.

  • by mrsam ( 12205 ) on Monday November 14, 2016 @07:55AM (#53280215) Homepage

    ... that the Galaxy Note 7 is the hottest phone of the year!

  • Windows x is way better than Windows (x-1) ever was...since when? the 80s? Give us a break. https://www.youtube.com/watch?... [youtube.com]
  • by RandomSurfer314 ( 4412795 ) on Monday November 14, 2016 @08:06AM (#53280261)

    If it was secure, I could control which outside servers the operating system contacts and what information it sends to them. An operating system for which you cannot even control where it connects to is insecure by definition.

    It connects to more than a hundred outside servers Microsoft refuses to publish a complete list of these places and what data it exactly transmits, so it is also practically impossible for the end user to reliably distinguish Microsoft traffic from trojan horses and malware. It's ridiculous to call that secure.

    • If it was secure, I could control which outside servers the operating system contacts and what information it sends to them. An operating system for which you cannot even control where it connects to is insecure by definition.

      It connects to more than a hundred outside servers Microsoft refuses to publish a complete list of these places and what data it exactly transmits, so it is also practically impossible for the end user to reliably distinguish Microsoft traffic from trojan horses and malware. It's ridiculous to call that secure.

      Annnnd argument over! This needs to be at +5 everything moderators.

    • Yes secure is a yes no question. There's no sliding scale at all. Nosireee none what so ever.

    • What makes you think you can't control what windows can connect to?

      I love it at work when Linux nerds get a hold of windows - they automatically assume that nothing is configurable because it's made for idiots. I don't assume things about Linux and I've got no problem moving between the two.

    • I personally love this extract "automatic sample submission feature".

      We'll make you totally secure by downloading all your data!

  • How secure this version of Windows is can only be determined after-the-fact.
    Once a year goes by, and security researchers have sunk in their teeth, can we really determine how good the initial threat model was.

    "The most secure version of windows" has been claimed for every release since Windows 98... and we know how that turned out.

  • Are they really claiming that the networked Windows 10 is more secure than the non-networked versions prior to Windows 3.11 and Windows for Workgroups? In the "old" versions the only realistic attack vector was floppy disk based viruses, which only caused the systems to misbehave, not "leak" data.

  • by willoughby ( 1367773 ) on Monday November 14, 2016 @08:53AM (#53280463)

    Isn't that something like "Best Mexican wine"?

  • Well, it crashes randomly a few times a week with that above error code.

    When I ran Linux (mint) on the same box, it never crashed. I have to run Windows 10 because of my HTC Vive Virtual Reality kit, otherwise I'd say bye to that flawed system by now.
  • by Karl Cocknozzle ( 514413 ) <kcocknozzleNO@SPAMhotmail.com> on Monday November 14, 2016 @09:14AM (#53280563) Homepage

    Saying something is "the most secure Windows ever" is roughly the equivalent of being the finest outdoor ice hockey player in Ecuador. That is to say, something which is only impressive out of context.

  • I'll add the most secure Windows ever to my collection. Let's see:

    1. Most Secure Windows Evah!!!
    2. World's tallest midget
    3. Most pleasant smelling turd
    4. Most beautiful day for Rosie O'Donnell

  • So the latest sieve from MS has one less hole. Pronouncements like that, just shows how utterly craptastic the previous versions were.
  • Looking at the links and white paper, this is really related to Ransomware and Defender only. In that regard, they are certainly getting better, which then makes it an easy marketing statement to make. But everyone is (generally) getting better over time. Reading between the lines, what this is really saying is that Windows Defender is most likely Good Enough for most home users, and realistically it probably is. Most signature based software is terrible and has a 40-something% efficacy rating. The fre
    • I agree that Defender has been good enough, although the last few times I visited the Microsoft Store, they did suggest getting a separate malware defender. I've thankfully never had to handle ransomware. But the forced updates are still something that makes me feel less secure: if Microsoft can force my system to upgrade at a certain time even if I may have overnight activities running that CAN NOT take a reboot break (been in that situation not too long ago), then anyone can hijack my system in which
      • by tepples ( 727027 )

        Why are these overnight activities not partitioned into multiple short-running processes so that they can pick up right where they left off after a reboot?

        • There was one application I had that involved filling in insurance application forms for new customers. Sometimes, the customer wouldn't have their bank account details ready, and needed a day, but due to legal reasons, their info could not be saved on our computers - it had to be transmitted directly. Overnight, if the app was still running, we could recontact them, get the details and then submit. But Windows 10 updates would interfere, and since the reset time could not be set outside 24 hours, it me
          • In short: Your insurance agency had long-running interactive processes because use of volatile memory was a legal requirement and overnight storage was a marketing requirement. How big was your insurance agency? Was it large enough for use of Windows Enterprise to make sense?

  • I like the container/sandbox work in Edge. I don't use the browser myself, but I like that there's better security in the OS default browser.

    The efforts on Windows Defender are OK. Enterprise already has its own host protection, as do expert users. Any improvement is good for the masses though.

    Overall, this doesn't really make Windows 10 much more appealing, but it's a step in the right direction.

  • Windows 10 is so secure that I haven't had any security problems with it and don't expect to until Windows 7 won't run.

  • "Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever"

    Yeah, and and they should be able to say this about version 1608, and 1609, and 1610....so what? Every later version SHOULD be more secure than the previous versions.

    It's like saying that "on my next birthday I'll be older than I was on my last birthday".

  • >> "devices running Windows 10 are 58% less likely to encounter ransomware"

    In other news, 78.647% of all statistics are made-up.

  • World's fastest Geo.
    Most water resistant screen door.
    When every version has been a sieve before, even blocking one hole in the sieve makes it the most secure version. Totally insecure, but not technically lying.
  • People in this industry never seem to learn any lessons from previous failures. It is always double down and throw resources at unwinnable problems until your blue in the face.

    Hey look this ransomware iterates sequentially through all directories reads files and writes encrypted versions of the files all we need to do is check for that heuristic and we win...

    Next week ransomware iterates randomly through all directories and overwrites portions of files randomly at a time.

    Time well spent?

    What if instead the

  • Given their past security issues, Windows 10 might be insecure. It's all relative.

  • Be careful, what you say.

    MS said XP is the best windows ever. Then nobody wanted any further windows, because everyone already had the best windows ever.
    When this win 10 build is the most secure ever, you should never upgrade after you got it, if you want to be secure.

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...