News Microsoft responds to Google's security concerns

http://www.bit-tech.net/news/2010/06/03/microsoft-responds-to-google-s-security-con/1

 

The infoworld link links to the wrong place... back to the same link as the yale one.

 

It didn't take them long. It just goes to show that MS are (and will continue) to find it difficult to get this 'monkey' off their back given their poor track record on security.

With every new release of MS software they trumpet how it's 'more secure', yet exploits continue to pop up. And they continue the ever-increasingly-bizarre practice of monthly updating (allowing a "Windows" of opportunity for competent crackers).

This latest 'response' from MS smacks of the old fable about the boy who cried wolf.

 

I feel safer on Windows than I would on OSX

 

The funny thing here is that they aren't replacing it with their own OS, what's up with that?

Anyway, back on topic. So with switching to OSX they will have to change their hardware as well as their software, since you can't have OSX without crapple gear.

So this is going to cost the company millions, just to pick a fight (which they can't win) with Microsoft.

If I was a shareholder of Google, I'd be asking some pretty hard questions as to this very bad business decision.

I don't believe for one second that ANY OS is safe and secure. Windows gets the bad press because 95% of the planet are using it. This reason stated by Google just doesn't hold up and stinks of anti-microsoft bias. No other way to explain it.

 

Amen to that

 

Well said crazyceo (and awesome custom title!), I agree. Google runs Chrome, but Chrome can't run Google. If all the hackers today decided to start messing around with Macs, then what? Nothing because not enough people use them to make a difference.

Whats next? iGoogle and iChrome?

 

A company that "improved" Vista by making it easier to turn off UAC in 7 talking up their security?

Hmm...

 

How long does it take Apple to update or fix anything though? How long does it take them just to admit something NEEDS fixing, like the problem people were having with Macbook Pro touch pads??

I have this debate with a music playing friend once a month and it pisses me right off!!! Macs are the be-all and end-all of the computing world, they are piss poor. Ever tried to upgrade the RAM on a Macbook? Well its a pain in the ass as the damn things are so badly designed!

These is only one reason Windows has security problems, and thats because its the most popular OS in the world by a very long way. MS have alot of very skilled programmers designing and securing their software, byt the INTERNET has 1000 times as many breaking it!!

DAMN YOU INTERNET!!!!

 

Personally, I think there is no such thing as a secure OS. Windows is more vulnerable to malware from dodgy emails and websites simply because it's the major player in the OS world.

The Mac OS is only more secure in the same way people living in Britain are immune to malaria. If the climate changes, and OS X becomes bigger than Windows, Mac users are going to get bitten.

I know very little about administering a large group of computers, but I would imagine most of the security issues are not any real threat to the company as a whole, instead just crippling one machine at a time when a less-than-savvy user downloads a dodgy attachment. Using the Mac OS will probably protect them from most of this, though educating their users a little would probably have the same effect. As Symantec says, almost all modern security threats are aimed at tricking the user, not exploiting security flaws.

For the sort of security Google is probably worrying about though, the kind where a hacker attacks your system directly, I don't think OS X will serve them any better than Windows. From what I understand they may well be worse off. Microsoft has a much healthier approach to security, it seems, rather than just pretending it doesn't exist because it's not targeting them right now.

 

UAC isn't all that useful, as far as I can see. My mother runs vista on her laptop and despite UAC asking her to confirm every decision it's still riddled with malware. By contrast I've had zero problems in 5 years running XP.

If a user is going to download a dodgy attachment and open it, they're probably going to ignore the UAC message anyway: if they got that far without worrying about security, why is one message from Windows (that they see all the time for everything they do) going to make them stop and think?

I run 7 without UAC on. If I run into trouble I'll deal with it. If not I get a more streamlined experience. UAC could do with some tweaks, then I'd consider using it all the time. The main issues I have with it are the fact that it regards some software I use all the time as a threat just because it requires access to low-level settings (rivatuner etc) and there is no way to add this to a whitelist as far as I can tell. Also, there are some things that prompt a warning from windows AND a UAC message - surely if UAC is on the warnings should be disabled, otherwise we just have to click twice?

I do like the various levels of UAC in 7 though, that's a step forward.

 

I continue to be surprised by those who believe in the bizarre idea that if you don't have market share your OS is not as secure. That is an insult to developers. C is C and C++ is C++.

Security is a process, not a product - but some products prevent you from performing 'the process' because they do not allow you to change the underlying source code. Instead, you are constrained to letting that product's developers making those changes for you. And this is where the economics of code changes comes into play.

Security is (in part) by design and market share has absolutely nothing to do with it. OpenBSD is proof in point.

The idea that a kernel developer is either (a) stupid, or (b) indifferent to security issues, quite frankly, speaks more about the intelligence of those who make the claim rather than the kernel developers.

 

one PR stunt in rebutal of another PR stunt...


nothing to see here, folks. move along.

 

lol for one thing, MS has been one of the fastest when dealing with patches on their system. If the day comes that the OSX share has increased and virii writers target said system. I would LOL really hard on how apple will handle their mighty OSX. I wont be suprised even on the reactions of the fan boys on how to fix their systems. really google? if you think the OS is a problem, you should have made your own. with the resources you have.

 

Must admit, I would find it very ironic if google's move makes it so that more malware is created for Macs due to the added publicity and possibility that people will look at google and think that they must know what they are doing and therefore blindly following them and go out to buy a mac.

 

ChromeOS

 

Google are shady.

 

From the article:
"including monitoring the usage patterns of some 200 Chrome OS machines used by Google employees"
As robot said quite well:

From viewpoint strictly regarding the PR and 'personality' of companies, Google kinda creep me out. It's strange thinking that this is a company with roots in advertisement, and now we're getting social networks (Buzz and Talk) and browsers (Chrome and Chromium) and operating systems (Andriod and Google OS) along with the myriad of other services which have branched off from the original search, such as aquiring Youtube, working with Myspace, creating Google Maps and Earth to search locations, etc. There comes a point where it gets odd thinking of just all they do, and that's true for just about every large company. Kinda scary when thinking that an innocent little search engine now holds such sway that it starts a PR war just for changing operating systems.

 

This logic is flawed. First of all, servers are a far more important attack targets. Security companies would like you to think that your home pc is a target that every hacker on earth would love to hack (and only their product will prevent that), but that's just marketing. Servers are attacked constantly, and they don't fall mostly because they run OSes that were built with security in mind from the beginning.

Hacking MS Windows is easy, every a script kiddie armed with Google and primitive exploits can do it, even if you use firewalls and so on - because Windows was originally built without any security measures at all. They were sticked to it in the process of developing, but in order to retain backward compatibility they can't make Windows really secure - that would mean completely rewriting most of the system (starting from the kernel) and MS decided that backward compatibility is more important than security.

*NIX systems were built for server security right from the start, that's why they are less "user-friendly" and require a lot more knowledge - they were never intended to be used by the general (ignorant) public. You can't actually hack BSD or GNU/Linux, they're completely bombproof. Only way to hack those systems is to exploit bugs in installed software, but even that won't give you root access.

And the popular belief that "more hackers are targeting Windows because of it's popularity" is far from true. There are many Windows exploits because they're so easy, I've seen a 15-year-old with a one year experience in C++ write an exploit that brought a small Windows network to it's knees.

Aside from creating botnets and farming passwords (and that doesn't need an OS to be hacked) there isn't much to gain from hacking Windows. Most viruses are made for fun, to ruin someone's day and to prove that the author can do it. Servers are where the money is and where the serious hackers are - and even then we don't hear about many servers hacked, do we?