Vista Post-SP2 Is the Safest OS On the Planet 1010
pkluss noted Kevin Turner, COO of Microsoft making the proclamation that "Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
Fail (Score:3, Informative)
EVERY release is the safest... (Score:1, Informative)
And didn't they spend a massive amount of capital marketing the security benefits and lower TCO of having Windows Server 2003-based servers as opposed to Linux-based servers?
I can't wait until the black hats get a hold of this one.
The winner of Pwn2Own seems to agree (Score:5, Informative)
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-4.html [tomshardware.com]
'The NX bit is very powerful.When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.'
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
This seems to be a pretty powerful statement, from someone who would stand a chance of knowing.
My only question is, where is Vista SP2? Last I checked, it was not yet released.
Re:I have a feeling.... (Score:5, Informative)
Flight Simulator is now grounded [gizmodo.com].
Re:The winner of Pwn2Own seems to agree (Score:5, Informative)
Linux, and the BSDs have, at least optionally, had them for some years now. I'm not sure about OSX.
There is a very large difference between saying "most secure MS OS ever" and "most secure OS".
For a given value of "safe"... (Score:1, Informative)
Oh well...
The safest MS "operating system" is probably DOS 6.2 on a stand-alone 286. Just don't share floppies with anyone!
Re:The winner of Pwn2Own seems to agree (Score:3, Informative)
What I've heared is, the people who do that work, like any hobbiest or professional for that matter, doesn't want to use Vista.
Re:I have a feeling.... (Score:5, Informative)
People are always saying this on here (from NT 4.0 onwards) but how does the average user determine whether their hardware is faulty, their drivers are buggy or their OS is just a load of bloated crap? Vista is ok but I don't see any specific advantage over XP Home apart from being able to alter ACLs with a GUI instead of CACLS, and despite what apologists say, it is slower than XP.
Comment removed (Score:5, Informative)
Re:ORLY? (Score:1, Informative)
Or this:
http://opensource.dyc.edu/tinhat [dyc.edu]
Re:The winner of Pwn2Own seems to agree (Score:4, Informative)
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
Wow with Vista SP1?!??!?! Gee that totally beats out the fact that the Linux, FreeBSD, NetBSD kernels had support for that back in 2004 with OpenBSD having support in 2003 and Solaris having NX support as early as 1997 in Solaris 2.6, right?
Re:is the safest, most reliable OS we've ever buil (Score:3, Informative)
it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years.
Umm, no.
A certain high-profile distro accidentally disabled the pRNG in it's sshd initialization scripts.
another high profile distro let attackers actually sign some rogue packages with their private key.
again, no. The key was suspected to have been compromised, and as soon as it was discovered, the key was revoked, they performed a complete audit of all packages, and everything checked out.
I don't think anybody should be making smart comments about the security of Linux.
Least of all you... of course the fact that the only two incidents that you could come up with are entirely in your head actually speaks volumes.
Re:HAHAHAHA (Score:1, Informative)
That's not a limb, that's a leaf.
The fact that MacOS is not Windows is not the problem.
The problem is that MacOS is not full of holes like swiss cheese.
Microsoft's problems have nothing to do with the fact they have
the most used products and everything to do with the fact that
the pull stupid sh*t that no one else does.
Then they build on top of that.
Re:The winner of Pwn2Own seems to agree (Score:5, Informative)
NX alone doesn't do it. Ask Linus.
As mentioned in the article, without adding stuff to the kernel that is not in the default on distros, you aren't getting the same protection as Vista has.
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
http://en.wikipedia.org/wiki/Address_space_layout_randomization [wikipedia.org]
You don't believe me? I provided a link from a security expert. He seems to be somewhat impressed.
Before you try to throw it in my face, I think Linux survived pwn2own unscathed, but Charlie says that's because the equipment you get if you pwn Linux (remember, it's pwn to own) wasn't worth the effort.
Re:is the safest, most reliable OS we've ever buil (Score:5, Informative)
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Re:is the safest, most reliable OS we've ever buil (Score:3, Informative)
IE is only used for Windows 2003/XP and earlier systems. Vista/2008 has its own separate updating program.
Re:is the safest, most reliable OS we've ever buil (Score:4, Informative)
Windows Update does not use IE and hasn't since XP. You need to get information that isn't many years out of date.
Where are my mod points when I need them? Mod parent up informative please!
He is correct.. Vista and beyond use an interface in the Control Panel which is vastly superior to the IE Windows Update. Read up here: Windows Update [wikipedia.org]
Re:They removed the PORT FILTERING GUI, & said (Score:3, Informative)
Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist.
Point 2. IE 7 runs in a sandbox. IE8 does as well as well as having inbuilt checking of known bad sites (Smartscreen filter), anti-phishing, popup blocker, blocking of add-ons etc. SO YOU DON'T NEED ANY OF THAT SHIT YOU'RE ON ABOUT which actually causes MORE trouble than its worth.
Re:HAHAHAHA (Score:2, Informative)
Re:is the safest, most reliable OS we've ever buil (Score:5, Informative)
The pRNG was disabled in the openssl library, thus compromising any system using keys generated by that library. That is a major, major hole and has nothing to do with sshd initialization scripts (where did you get that from anyway?)
Re:That's great... (Score:4, Informative)
You don't understand. Which is normal: You're about the sixtieth person I've had to correct on this issue.
In synopsis: you're wrong.
Here's why:
RAM that is sitting there holding stuff you might need, sometime (ala Superfetch) is just as ready to be utilized as RAM which is doing nothing at all. Superfetch is a read caching system, and any RAM it has in use for itself can be used by other programs IMMEDIATELY if they need it instead. Nothing has to wait buffers to get pushed out to disk, there's no longstanding delay. It just gets repurposed, and overwritten with other stuff. It doesn't need zeroed first. It's RAM, ie Random Access Memory, ferfuck'ssake.
In other words:
A system with a gigabyte of free RAM is a system with a gigabyte of RAM that it's failed to use. An optimized system does not have unused RAM.
Linux systems also eventually use all available RAM for caching. Your UID is low enough that you've probably even seen discussions of this "problem" in *nix years and years ago, and you should understand by now that it's not a problem at all, for all of the same reasons (listed above) that it's not a problem with Windows.
Re:That's great... (Score:3, Informative)
Re:The winner of Pwn2Own seems to agree (Score:3, Informative)
> As mentioned in the article, without adding stuff to the kernel that is not in the default on distros, you aren't getting the same protection as Vista has.
I don't know when it was added to Linux, but OpenBSD had all of this (and more) ages ago (about 2003 [wikipedia.org], according to Wikipedia). Fact is, this was old hat by the time Microsoft announced support for it.
I'm not buying any Vista/Win7 marketing hype. It's good that they're adding more security, but they're not doing anything other people haven't done long before them. They're playing catch-up, and they're quite a ways behind.
Anyhow, I don't think your premise (that Microsoft's stuff is the latest and greatest) is supported by that link. You're misreading it. He's saying that the implementation is new (so people haven't had time to explore it yet), not that the technique is new (as previously documented, NX bits and ASLR have been around for years now, in various kernels, even by default).
I'm not saying that Microsoft doesn't have a credible implementation (I haven't seen enough research yet to make a determination), but whatever they have is built off of ideas that were created independently by the security community long before Microsoft even thought about implementing them.
P.S. Just in case you want to play "but he's a security expert," I'm one, too, and I remember thinking "it's about damn time" when I heard Microsoft announce support for them.
Re:I have a feeling.... (Score:3, Informative)
Google - Free Linux software - 1 - 10 of about 32,700,000
Google - free OS X Software - 1 - 10 of about 24,100,000
Google - Free unix software - Results 1 - 10 of about 12,800,000
Google free amiga os software - 1 - 10 of about 454,000
Hmm, he was pretty damn close. I probably missed a few, but not many.
Re:I have a feeling.... (Score:4, Informative)
Yes, they do make peripherals. No, they aren't re-branded.
Re:Safest? (Score:5, Informative)
Windows XP was not a continuation of the 95-98-98SE-ME hybrid 16/32bit product line. It is a continuation of Windows NT->2K line, which was 32-bit pure and already very stable in comparison. Apples and oranges.
Re:I have a feeling.... (Score:5, Informative)
And XP is slower than 2k.
And 2k is slower than NT4.
More functionality means less performance. Doesn't matter much
Not to feed the troll, but really? In my experience new, feature-rich releases of OSs tend to be much faster than their predecessor. My experience is mostly with OS X and a bit of Ubuntu. OS X in particular has gotten snappier and more featureful with each point release.
Re:I have a feeling.... (Score:3, Informative)
This is true, optimizations in GCC have lead to the newer OS's becoming faster on new hardware when doing the same things.
So the above note about the latest version *always* being slower.. that actually only applies to Windows.
Re:That's great... (Score:4, Informative)
Except that the RAM used for prefetch isn't paged out, ever. If an application needs it, it's immediately released to the application. All modern OS's that I know of do this, including Linux, OS X, and Windows. Don't talk about things that you don't understand.
Re:I have a feeling.... (Score:2, Informative)
Re:Funny that the tags mention OpenBSD (Score:3, Informative)
OpenBSD is consistently impervious to network service attacks which are exploitable on other platforms. Generally an exploit will lead to a service crash in the worst case.
Wrong (Score:3, Informative)
Wrong. They broke the entire OpenSSL library, not just some initialization scripts.
Re:is the safest, most reliable OS we've ever buil (Score:3, Informative)
Wrong. Not only did they break the entire OpenSSL library - they broke it in such a way that every damn certificate created using that distro was one of a "limited series" of around a thousand certs.
They broke the seeding of the PRNG such that the only seed was the PID.
It was, in laymans terms, a fucking disaster. They may have well enforced everyones root password to be 'password***', pick your three numbers.
Re:I have a feeling.... (Score:5, Informative)
Why is it Vista's fault if the hardware manufacturer releases crappy drivers
It's not. If you buy the machine from - say Dell - and it is flaky due to some hardware or driver issue, then Vista shouldn't be blamed - Dell should.
However, that is a very naive view of human nature. In fact, MS plasters their branding all over the place within Vista - so no wonder you are much more likely to be aware that it is a Windows machine rather than a Dell machine. If they wanted to keep a premium image they needed to pursue a different marketing strategy. Their reputation for instability is a marketing problem, not a technical one.
Re:I have a feeling.... (Score:5, Informative)
And for those of us who want something usable there's X-Plane. Nothing against Flightgear but last time I checked it still needed a fair bit of work.
Re:That's great... (Score:5, Informative)
However, note that the SuperFetch service runs at a very low priority, and will yield system resources to effectively any other process that requests system resources. Further, in the event of a program requesting memory that isn't available, SuperFetch will just dump from its cache a large enough portion of memory to accomodate the program. By your own admission, and correctly, RAM is _FAST_. The process of re-allocating a segment of memory from SuperFetch to your new program is negligible. SuperFetch will also never page to disk memory in use by an actually running program in order to fill the cache. I'm not saying that running programs won't be cached to disk, but it isn't SuperFetch that is the culprit. There are many other mechanisms in place that can result in this occuring, and SuperFetch isn't the only code on the system that plays around with the cache.
Suffice to say, if you dislike SuperFetch, it's easy to disable it. Just go into Windows Services and change the SuperFetch service startup from Automatic to Disabled, and stop the service. You've now disabled the aggressive pre-caching, no harder than any other tweak for any other operating system.
They design them (Score:3, Informative)
As someone who spent many long hours performing patent searches while working for a consultant to MS Hardware, I can assure you that yes, they do their own hardware design. They are subject to counterfeiting and "third shift" IP theft* just like many other companies who manufacture overseas, and the keyboard you saw was no doubt one or the other. In parts of Asia it is just as easy to find counterfeit or copycat Logitech stuff too. I know because my company bought them to study.
* Third shift theft is when a company (often Chinese) signs a legitimate manufacturing deal with a U.S. company but purposefully overproduces. So say Company X does a deal to manufacture 2 million MS keyboards. They produce 2.5 million and do another deal on the side to slap a no-name label on the extra 500,000.
As someone else said (Score:1, Informative)
Windows prefers to cache IO. Makes loading an application faster if you have a demo machine (since you won't be demoing with too little ram or too many open apps) but kind of sucks for real use.