Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever (thurrott.com) 194
A new white paper from Microsoft claims that "devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7". But an anonymous reader brings more news from Windows-watcher Paul Thurrott:
in a separate blog post, it also makes its case for why Windows 10 version 1607 -- that is, Windows 10 with the Anniversary Update installed -- is the most secure Windows version yet. Improvements in this release include: Microsoft Edge runs Adobe Flash Player in an isolated container, and Edge exploits cannot execute other applications... [And] the Windows Defender signature delivery channel works faster than before so that the in-box anti-virus and anti-malware solution can help block ransomware, both in the cloud and on the client. Additionally, Windows Defender responds to new threats faster using improved cloud protection and automatic sample submission features, plus improved behavioral heuristics aimed at detecting ransomware-related activities.
Interestingly, the paper also touts Microsoft's "Advancing machine-learning systems in our email services to help stop the spread of ransomware via email delivery."
Interestingly, the paper also touts Microsoft's "Advancing machine-learning systems in our email services to help stop the spread of ransomware via email delivery."
Security that the USER cannot control. . . (Score:5, Interesting)
. . . .is not what **I** would call a selling point. Sticking to Win7 on my Windoze gaming box, and Ubuntu for my main box. . .
Re:Security that the USER cannot control. . . (Score:4, Insightful)
That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.
Re: (Score:3)
That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.
Odds are they're correct, but it never actually seems to become functionally secure, does it?
Re: (Score:3)
That said, MS has labeled every version of Windows as 'the most secure windows' ever since computers are regularly networked. Geez.
Ya, but *this* time, the baked-in, mandatory telemetry that tracks everything confirms it's the most secure version.
Re: (Score:2)
Re: (Score:2)
They claim to be continuously "improving security", yes. So "$latest_windows is the most secure windows ever" isn't news.
That said, last time I checked, "writing new code" was the opposite of "improving security", and that's what seems to happen for the most part. Would be difficult to keep selling new stuff otherwise, too.
Vendor security better than mom security (Score:5, Insightful)
Security that the USER cannot control is not what **i** would call a selling point
A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea. Microsoft can do a better job of it than my mother can. (yes I know... stop snickering) The VAST majority of users don't have the foggiest idea how to properly secure their computers nor any meaningful interest in learning. Having the option of user control for those with the ability is a good idea but probably not a good default for most users. Microsoft may not do a great job but they'll probably do a better job than the majority of users (which is kind of a sad commentary but it is reality). It only is a problem if they deny competent users the ability to control security when the need arises.
Re:Vendor security better than mom security (Score:4, Interesting)
Security that the USER cannot control is not what **i** would call a selling point
A fine stance if you are a a technically competent IT pro or equivalent.
Because security is soooooooo hard!
What we have here is people trying to claim to have it both ways. The "most secure Windows ever" still requires a lot of security updates, which means it really isn't all that secure. As well, thre are two parts to any security updates. One is making the computer more secure. The second is having the computer work after the update.
Nothing like the secure aspect of a computer in endless reboot mode. Nothing like being powerless to do anything about it
I guess.
Microsoft's biggest failure in W10 was the Bohica update idea. Microsoft has always had problems with updates. I made a good part of my living by figuring out and repairing what they bitched up every month.
And W10 is no different - you just have no choice but to bend over and take it.
And having a working computer is as important as having one that is secure.
Domain expertise (Score:2)
Because security is soooooooo hard!
For a lot of people it is. For those who make their living doing IT it might seem rather straightforward but that's a tiny percentage of the population. Like any task that is outside your domain of expertise even easy things can seem hard if you don't know enough to ask the right questions. And frankly even most IT pros really aren't experts in security despite what they might tell you.
The "most secure Windows ever" still requires a lot of security updates, which means it really isn't all that secure.
Every major operating system requires security updates including Windows, linux, Android, iOS, OS X, and the rest. You
Re: (Score:2)
For a lot of people it is. For those who make their living doing IT it might seem rather straightforward but that's a tiny percentage of the population. Like any task that is outside your domain of
expertise even easy things can seem hard if you don't know enough to ask the right questions. And frankly even most IT pros really aren't experts in security despite what they might tell you.
Standard programmer debug technique seems to be
- Turn off local firewall,
- Give everyone/world admin rights,
- Open Windows Share to "World/Everyone" (and cat, and dog), with Full access,
- Turn off UAC, and
- Request Administrator/root/QSECOFR password.
And they seem to be regarded as the security experts by non-IT. Infrastructure/Security/Compliance teams be damned!
Re: (Score:3)
My CEO once asked me why he wasn't a QSECOFR. I told him politely but bluntly that it wasn't a recommended practice for people who didn't know what they were doing to have such a level of access, that I had done the IBM courses on managing an AS400, and he hadn't.
He was a bit taken aback, but my boss backed me up.
Unfortunately at the next job the Analyst and the Programmer were QSECOFRs, and I couldn't convince my boss that was a bad thing.
Re: (Score:2)
Every major operating system requires security updates including Windows, linux, Android, iOS, OS X, and the rest. You will not find a non-trivial piece of operating system software that does not require security patches from time to time.
Then they might think of not brgging about the need for monthly security updates. Reminds me of the local ads that bray about "Our biggest sale ever! Prices have never been lower!" Pointless marketing talk, and coming from marketers, almost always a lie.
In addition the combination of needing those monthly or more often security updates, with the system screwups that Microsoft is famous for, means exactly this:
You ar ebuying a machine that the Operating System fucks up more than the bad guys.
If Mic
Re: (Score:2)
Most, but not all, problems solved AMD back to a familiar controllable (sort of) environment.
You hit it. I never used the word controllable before in this context but that is the perfect word to use.
With Windows 10, we are no longer controlling our own computers. The updates come in when they decide they come in, They tell you things work that aren't working, and have turned even administrators into plain users.
It gets laughable some times. I've had several cases where an update bitches up a sound driver, but since the sound card troubleshooter claims the driver is okay, the person with the p
Re:Vendor security better than mom security (Score:5, Interesting)
A fine stance if you are a a technically competent IT pro or equivalent. However for the 99+% of the people out there who don't fit that description, having the security handled by the system vendor can actually be a good idea.
Let's assume that's true. It doesn't follow that 99+% of computers aren't managed by people who are competent. A lot of those users are using computers that are managed by IT departments, and Microsoft is taking control away from those IT departments.
I would 100% endorse Microsoft trying to set sensible defaults, and hiding complex or dangerous controls in the registry where those incompetent users won't be able to find them. The controls should still exist somewhere.
Re: (Score:2)
Let's assume that's true. It doesn't follow that 99+% of computers aren't managed by people who are competent.
This very well may be true. However, one thing I know to be true in life, is that One Size Fits All is a myth. Ramrodding universal "one size" to everyone without a hint of concern for those it will not work is horrible idea.
Re: (Score:2)
This very well may be true. However, one thing I know to be true in life, is that One Size Fits All is a myth.
I'm presenting an argument for why Microsoft shouldn't force the same settings on everyone. You also seem to be presenting an argument for why Microsoft shouldn't force the same settings on everyone. Can we agree to agree on this one?
Re: (Score:2)
A lot of those users are using computers that are managed by IT departments, and Microsoft is taking control away from those IT departments.
That is one of the few groups which still have control over their PCs.
Re: (Score:2)
Re: (Score:2)
Yes you do. As posted in another thread. Control is not a yes no question.
Windows Updating running? Against what? Hopefully not something other than your WSUS server because it would just be silly to voluntarily give up control of your network like that.
Re: (Score:2)
Hopefully not something other than your WSUS server because it would just be silly to voluntarily give up control of your network like that.
Oh... I get it. Wink wink, nudge nudge. Funny.
And hopefully you aren't silly enough to assume that everyone's use case is the same as yours (wink wink, nudge nudge).
I'm an MSP. I have an RMM that pushes out updates. My standard practice has been to turn off automated Windows updates and use the RMM's mechanism for deciding which updates to push. Unfortunately, the RMM's mechanism uses the Windows Update service, so I can't just kill it. So up until now, I had a nice little system that gave me really
Re: (Score:2)
Microsoft has no interest in protecting your mother. This can be attested by their license agreement. They assume absolutely no responsibility as to anything in regards to the software's intents and purposes. They only care that it's secure enough that people buy it. Your mother would be better off, if shown a little bit of safe practices than trusting that Microsoft cares for her well being.
If she was smart enough to raise you she can understand how to use it safely. Don't sell her short!
Re:Vendor security better than mom security (Score:4, Insightful)
MS & mom - only two choices? (Score:2)
Re: (Score:3)
Relegating everybody other than experienced system administrators to devices running a single-window GUI with no automation would create an even bigger divide between those with the tools to create works of authorship and those who can only view works created by others. This divide chills speech.
Re: (Score:2)
Re: (Score:2)
. . . .is not what **I** would call a selling point. Sticking to Win7 on my Windoze gaming box, and Ubuntu for my main box. . .
Is an iPhone secure, then?
Re: (Score:2)
Windows ? Secure ? (Score:2)
Windows ? Secure ? lol.
Windows 10 ? Secure ? no way.
Re:Security that the USER cannot control. . . (Score:5, Insightful)
And what of small businesses ? Medical practices ? Only the Enterprise Edition of Win10 gives any real control over security. Not controlling your own security will make things like, oh, HIPAA and PCI compliance problematical.
Claiming security controls for the public is like handling firearms without training ? Well, there goes Linux as a replacement for Windows, by your argument. . .
Re: (Score:3)
> Not controlling your own security will make things like, oh, HIPAA and PCI compliance problematical.
Add Sarbanes-Oxley (SOX) Compliance to the list as well.
My wife just dealt with this at her Fortune 500 company. Microsoft will not disclose completely what the telemetry in SQL Server 2016 is phoning home. They have no choice with respect to compliance , and have made the decision to migrate their older reporting from SQL server (older versions) to Oracle.
She wishes she had a recording of their MS sal
Re: (Score:3)
Because on desktop and laptop computers sold in the United States, Windows is used as a substitute for an operating system far more often than a real OS such as FreeBSD or GNU/Linux is. One can walk into a Staples or a Best Buy store in the United States, and virtually every desktop or conventional laptop computer for sale will come with Windows. There are three categories of exceptions:
Comment removed (Score:5, Insightful)
Re:Security that the USER cannot control. . . (Score:4, Insightful)
Consistency is the hobgoblin of little minds, eh?
Re: (Score:2)
You can turn it off by setting the Windows Update service to manual and turning it off. If I had to put only on thing on my hate list for Win10 it would be the automatic updates and worse yet the automatic reboot. I constantly run with 10-15 open apps at any given time most as source references to my main app. Nothing worse then coming in in the morning, or even walking down to the kitchen to get water and finding you computer has rebooted.
FYBG
Re: (Score:2)
The issue is that you can't turn it off.
Actually there are a couple of things I have heard (not personally tested) that you can do:
1. Set local GP to assign your WAN connection to a metered connection - This works by telling Windows that your WAN connection is metered so that downloading anything will cost money. Updates will not be auto downloaded in this case.
2. Set WU to profile 2 (notify before downloading and installing any updates) - This works by telling Windows not to download the updates until authorized. If the update is not downloaded,
Re: (Score:2)
Well - I am having a bunch of problems, both with my remaining Windows 7 install (I have some software there which does not run under later levels) and with my Windows 10 machine.
Re: (Score:2)
I spent the extra $100 to get Windows 10 Pro for my home laptop. That gives me the ability to delay, but not prevent, WIndows updates.
Re: (Score:2)
Upgrade to Windows 7 if you want more power over your computer.
Re: (Score:2)
IIRC, 10 Pro did come with upgrade rights to 7. There was a typo in the official literature, where it said "downgrade".
How to tell if your compiler is backdoored: DDC (Score:2)
gcc, which they trust, and shouldn't really, as it could have been compromised and no one could tell
If there exist multiple C compilers, one of which is available to the public as source code, one can use David A. Wheeler's diverse double-compiling procedure [dwheeler.com] to make the probability of a backdoor negligible.
Re: (Score:2)
The important part of the statement is "most secure Windows ever". It's relative only to earlier versions of Windows. It doesn't mean that Windows is no longer riddled with security issues, or is not actively being exploited by zero-day hacks.
Re:Security that the USER cannot control. . . (Score:5, Interesting)
Comment removed (Score:5, Informative)
Re: (Score:2)
Let's see. . . most of Corporate America. Pretty much, every Federal, Military, and State desktop. Most small businesses. . . .
Re:Security that the USER cannot control. . . (Score:5, Insightful)
Are you new to the industry?
If you work for a company that lives in Windows you should be living in Windows as well. It forces you to live like your users. After all, you're the technical expertise and you will see opportunities for improvement that users many not see.
My 2 cents.
Re: (Score:2)
Um i think that more applies to crApple then microsoft since they can't do barely anything without something telling you no or keeping you locked in.
Examples?
Re: (Score:2)
^^^ This, and Apple agrees. Anyone else remember the Mac commercials ripping Windows for asking a million indecipherable security questions (as MS phased in UAC)? The "invisible to user, hard for malware" security on a Mac was EXACTLY the selling point Jobs' team was marketing then.
You know... (Score:2)
Just curbing the competition.
Wow. (Score:2)
Re: (Score:2)
I mean the spyware competition.
So, if they're aware of all these flaws in Win7... (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Funny)
Edge... that's Microsoft new Chrome installer right?
Except (Score:1)
Except for the direct pipeline to Microsoft servers that is.
Infinity - 58% (Score:2)
...is still infinity.
OK, that's funny on it's own, but... (Score:2)
Re:OK, that's funny on it's own, but... (Score:4, Funny)
...now say it in Donald Trump's voice.
We have a big beautiful firewall. That's goin to block websites. Because websites have drugs, pornography, crime ... and some I believe may be good sites.
Re: (Score:2)
Re: (Score:3)
Something something about Mexico paying for our firewall.
That's only because (Score:5, Insightful)
That's only because it won't boot. That way, the machine can't get infected.
This is like Samsung saying... (Score:5, Funny)
... that the Galaxy Note 7 is the hottest phone of the year!
Re: (Score:2)
Is this news? (Score:2)
It's not secure at all (Score:5, Insightful)
If it was secure, I could control which outside servers the operating system contacts and what information it sends to them. An operating system for which you cannot even control where it connects to is insecure by definition.
It connects to more than a hundred outside servers Microsoft refuses to publish a complete list of these places and what data it exactly transmits, so it is also practically impossible for the end user to reliably distinguish Microsoft traffic from trojan horses and malware. It's ridiculous to call that secure.
Re: (Score:2)
If it was secure, I could control which outside servers the operating system contacts and what information it sends to them. An operating system for which you cannot even control where it connects to is insecure by definition.
It connects to more than a hundred outside servers Microsoft refuses to publish a complete list of these places and what data it exactly transmits, so it is also practically impossible for the end user to reliably distinguish Microsoft traffic from trojan horses and malware. It's ridiculous to call that secure.
Annnnd argument over! This needs to be at +5 everything moderators.
Re: (Score:2)
Wait. Wait. It depends on what your definition of "is" is.
What is, is. What is not, is not. That which is, is, and what is not, is not. Therefore, that which is not, is not that which is, nor is that which is, that which is not.
Re: (Score:2)
Yes secure is a yes no question. There's no sliding scale at all. Nosireee none what so ever.
Re: (Score:2)
What makes you think you can't control what windows can connect to?
I love it at work when Linux nerds get a hold of windows - they automatically assume that nothing is configurable because it's made for idiots. I don't assume things about Linux and I've got no problem moving between the two.
Re: (Score:2)
I personally love this extract "automatic sample submission feature".
We'll make you totally secure by downloading all your data!
Security is an historical function, not marketing (Score:2)
How secure this version of Windows is can only be determined after-the-fact.
Once a year goes by, and security researchers have sunk in their teeth, can we really determine how good the initial threat model was.
"The most secure version of windows" has been claimed for every release since Windows 98... and we know how that turned out.
Comment removed (Score:5, Insightful)
More secure than Windows 1, 2 or 3? (Score:2)
Are they really claiming that the networked Windows 10 is more secure than the non-networked versions prior to Windows 3.11 and Windows for Workgroups? In the "old" versions the only realistic attack vector was floppy disk based viruses, which only caused the systems to misbehave, not "leak" data.
Re: (Score:2)
"Most secure Windows" (Score:3)
Isn't that something like "Best Mexican wine"?
Kernel Security Check Failure... (Score:2)
When I ran Linux (mint) on the same box, it never crashed. I have to run Windows 10 because of my HTC Vive Virtual Reality kit, otherwise I'd say bye to that flawed system by now.
So, not that secure? (Score:5, Funny)
Saying something is "the most secure Windows ever" is roughly the equivalent of being the finest outdoor ice hockey player in Ecuador. That is to say, something which is only impressive out of context.
Re: (Score:2)
Re: (Score:2)
There's an ice rink in Quito, if you can deal with the 2850m elevation.
Well, the general has a different opinion ... (Score:2)
The general speaks with Bill Gates. [youtube.com]
Wow, the most secure Windows ever! (Score:2)
I'll add the most secure Windows ever to my collection. Let's see:
1. Most Secure Windows Evah!!!
2. World's tallest midget
3. Most pleasant smelling turd
4. Most beautiful day for Rosie O'Donnell
Sieve (Score:2)
Ransomeware Only (Score:2)
Re: (Score:2)
Re: (Score:2)
Why are these overnight activities not partitioned into multiple short-running processes so that they can pick up right where they left off after a reboot?
Re: (Score:2)
Could you have used Enterprise? (Score:2)
In short: Your insurance agency had long-running interactive processes because use of volatile memory was a legal requirement and overnight storage was a marketing requirement. How big was your insurance agency? Was it large enough for use of Windows Enterprise to make sense?
Some progress, but nothing game-changing (Score:2)
I like the container/sandbox work in Edge. I don't use the browser myself, but I like that there's better security in the OS default browser.
The efforts on Windows Defender are OK. Enterprise already has its own host protection, as do expert users. Any improvement is good for the masses though.
Overall, this doesn't really make Windows 10 much more appealing, but it's a step in the right direction.
It's true (Score:2)
Windows 10 is so secure that I haven't had any security problems with it and don't expect to until Windows 7 won't run.
So fucking what (Score:2)
"Microsoft Says Windows 10 Version 1607 is The Most Secure Windows Ever"
Yeah, and and they should be able to say this about version 1608, and 1609, and 1610....so what? Every later version SHOULD be more secure than the previous versions.
It's like saying that "on my next birthday I'll be older than I was on my last birthday".
Yeah right (Score:2)
>> "devices running Windows 10 are 58% less likely to encounter ransomware"
In other news, 78.647% of all statistics are made-up.
Most secure windows version is like saying (Score:2)
Most water resistant screen door.
When every version has been a sieve before, even blocking one hole in the sieve makes it the most secure version. Totally insecure, but not technically lying.
Painful to watch (Score:2)
People in this industry never seem to learn any lessons from previous failures. It is always double down and throw resources at unwinnable problems until your blue in the face.
Hey look this ransomware iterates sequentially through all directories reads files and writes encrypted versions of the files all we need to do is check for that heuristic and we win...
Next week ransomware iterates randomly through all directories and overwrites portions of files randomly at a time.
Time well spent?
What if instead the
Most Secure? (Score:2)
Given their past security issues, Windows 10 might be insecure. It's all relative.
Be careful, what you say (Score:2)
Be careful, what you say.
MS said XP is the best windows ever. Then nobody wanted any further windows, because everyone already had the best windows ever.
When this win 10 build is the most secure ever, you should never upgrade after you got it, if you want to be secure.
Re: (Score:2, Insightful)
You'll be modded down, but in all honesty I get about as much useful information from your post as I get from what Microsoft says about Microsoft's Windows security.
Re: (Score:2)
... and the USB ports ... and ...
Re: (Score:2)
After years of being told that the only secure windows PC is one that is turned off, they listened.
They released a update that broke the boot system.
Wait! Is this insightful? Or funny? Or informative?
Yes.
Re: (Score:2)
Re: Too bad for Windows users that... (Score:2)
Honestly, I wonder if a single Windows release has been made in the last two decades that Microsoft hasn't bragged about the security of the then-current release of Windows. I remember a lot of bragging, right in their advertising material, bullshit like "The most secure Windows yet!" Whatever, Microsoft... we know you're full of shit already, just shut the fuck up alredy. Repeating it for all eternit will not make it true.