Vista Post-SP2 Is the Safest OS On the Planet 1010
pkluss noted Kevin Turner, COO of Microsoft making the proclamation that "Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."
is the safest, most reliable OS we've ever built (Score:5, Insightful)
today.... (Score:5, Insightful)
It's the safest and most secure OS on the planet today
Until tomorrow when all those pesky exploits come out
Safest? (Score:5, Insightful)
Even if it is, it's too late. Vista is already perceived as the new Windows ME. With Windows 7 coming up soon, I doubt there will be much sales increase for MS.
ORLY? (Score:5, Insightful)
It's also the most secure OS on the planet
Trusted Solaris would like to have a word with you.
Re:I have a feeling.... (Score:2, Insightful)
Correct.
I commend Microsoft for doing an OS which no one uses (therefore it is the safest).
It is also a reason for wider Linux adoption (which is a very positive thing).
So, we all owe a big thanks to their developers for creating such a wonderful OS.
Waving red in front of the bull. (Score:5, Insightful)
Waving red in front of the bull. Always a good idea.
Pity that it will be MicroSofts' customers, not MS that will suffer when the hackers, script kiddies and miscellaneous ne'er-do-wells inevitably trash the security for their latest offering.
Re:HAHAHAHA (Score:3, Insightful)
I'm going to go out on a limb and guess that it'll be because they, just like nearly every other piece of malware out there, are only capable of running on a single platform -- regardless of the actual security of that platform.
Re:I have a feeling.... (Score:3, Insightful)
And if it's not, then I suppose you'll claim it's evidence that this site is biased... as opposed to the site the article [microsoft.com] is on, which is completely fair and balanced?
Re:I have a feeling.... (Score:5, Insightful)
That is a distinction without a difference. If you need those drivers to run Vista on your PC, then Vista has a problem. Users should not have to care who writes the drivers, unless you have some esoteric and unusual hardware in your PC.
Re:is the safest, most reliable OS we've ever buil (Score:3, Insightful)
No, he is probably right.
MacOS X isn't all that secure. Professional hackers have said that the implementation of ASLR/NX on Vista is far superior to Apples.
And as for Linux? Well, it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years. And then another high profile distro let attackers actually sign some rogue packages with their private key. I don't think anybody should be making smart comments about the security of Linux.
That leaves Vista, the result of many years of applying the Secure Development Lifecycle. Extensive fuzz testing on the APIs. Extensive security review of all features. IE uses a low privilege renderering engine like Chrome (and unlike any browser on Linux or MacOS).
This doesn't mean MacOS or Linux are bad. But Microsoft have been throwing enormous resources behind security for years now. Is it any surprise they are caught up and in many ways ahead?
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
That leaves Vista
...and all the security-designed systems. Do you really think Windows is safer than OpenBSD, let alone OpenVMS? Or whatever the NSA uses on their hardest systems? His quote is like saying that "the Ford Mustang is the fastest car on the planet".
The most secure OS would be... (Score:5, Insightful)
one that allows the user to decide not to install potentially insecure software during the initial OS install. This is the biggest problem with Microsoft Windows when it comes to security, the huge amount of crap that gets installed automatically without the ability to decide DURING the install what features you want or do not want.
Linux as a whole does provide the ability to make a very minimal install with only those applications that you want on the machine. Solaris used to have this ability as well, though I am not sure if you can go package by package during the initial install to decide what you want or do not want on the machine.
You hear about Linux problems, but then it only applies to a specific Apache version that comes with a "typical" RedHat install, or some other issue which only applies to a certain software package. When a problem can be traced to the kernel or some other core component, that is when it applies to the OS as a whole.
So, saying that Vista is the most secure after SP2 means nothing if garbage like Internet Explorer is still open to all the exploits that Microsoft doesn't like to talk about.
Re:I have a feeling.... (Score:1, Insightful)
of course its the safest. no one uses it, so no one wants to hack it.
Re:ORLY? (Score:1, Insightful)
No... (Score:4, Insightful)
Re:is the safest, most reliable OS we've ever buil (Score:3, Insightful)
Does BSD do everything that Vista does? Those systems are so locked down that it affects their capabilities. I'm not saying it's bad, but I don't think you can compare BSD to Vista without starting by saying that BSD doesn't do alot of the important things that Vista users take for granted.
Your comment is like saying that an Abrams Tank is more secure than a Mustang.
True, but can a tank get on the freeway without causing a traffic jam?
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
The reason why Vista, Mac OS X, and Linux have fewer exploits is simple. Windows XP is easier to exploit.
Just remember that the security of the newer OSes is only one factor in the availability of the exploits.
If you want to visualize a flawed analogy; when you're being chased by a hungry lion, it doesn't matter how fast you run as long as you run faster than the guy beside you.
In this analogy XP is the slowest runner who is still plentiful. When the XP prey dwindles away, the hungry blackhat lions will look for the next slowest runner.
Re:I have a feeling.... (Score:5, Insightful)
I think securing any OS is a good thing but I'm strangely reminded of the win2k security certification. Win2k was certified secure as long as it wasn't networked. As the saying goes, microsoft are now 4/5 of the way to reinventing unix... badly. Any OS security can be easily subverted by an administrator, but Myopicsoft make it a necessity. In my case I run Fax and Scan as administrator on some client machines as I refuse to set up an AD domain for 3 clients. Endless examples of this kind of braindamage... runas isn't a patch on SxID and they didn't even get sudo right.
Hopefully Microsoft will have a usable secure OS some time soon. In the mean time, there's unix.
Re:is the safest, most reliable OS we've ever buil (Score:4, Insightful)
"And as for Linux? Well, it wasn't that long ago that a certain high profile distribution accidentally disabled the pRNG in its core crypto libraries ... for two years. And then another high profile distro let attackers actually sign some rogue packages with their private key. I don't think anybody should be making smart comments about the security of Linux."
Let's get this straight. You think *all* Linux distributions are unsafe because of TWO vendors. Do you believe in eugenics as well?
You do realize that your comment glosses over the hundreds(thousands?) of holes and exploits that M$ is responsible for it every OS up to and including this one you're waxing poetically about, right?
I wonder why I haven't ever had a rootkit on my Linux installations but I fix M$ installations all the time(Vista included) that have been rootkitted. Once a week at least.
Re:Safest? (Score:5, Insightful)
People worship XP, even though it was released just after WinME.
Re:is the safest, most reliable OS we've ever buil (Score:1, Insightful)
it's always boggled my mind that IE is used for system update... so the most "dangerous" app on your computer to access the most untrusted content on the internet is also used to download and install system updates which require the highest levels of security?!
to my mind, that's like using the same brush to clean your toilet and your teeth... but it's ok because we ensure the brush is cleaned properly each time.
Funny that the tags mention OpenBSD (Score:4, Insightful)
... and not only because the article isn't about OpenBSD at all.
Anyway, yes, OpenBSD as an OS is probably pretty secure, but so are many others to, but the more crap you pile on top of it the more risk.
Anyway, the OpenBSD people count their "security" (marketing vise atleast) in years since the last remote root(?) exploit.
How likely is a remote root/administrator exploit vs Vista with a software firewall, no extra services and a user which don't do anything? ...
When it comes to exploits vs browsers, mail clients, IM clients, document viewers and such the OS isn't the issue.
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
Vista is arguably the most secure OS suitable for desktop use.
It is not the safest OS suitable for desktop use however.
What's the difference?
The President of the United States is arguably the most secured individual on the planet.
However, due to the large number of threats against him and his need to travel and be in the public eye often, he is not the safest individual on the planet.
Operating systems are the same. Vista has added many good defenses, but is still the OS with the target on its back.
I'm ok with Microsoft claiming to be the most secure OS for desktop use. OpenBSD and some hardened Linux distros might wish to disagree, but most people don't run hardened systems on desktops, they want more functional systems that are easier to support.
However, I'm not going to let MS get away with calling Vista the safest OS out there, because it just isn't.
Re:That's great... (Score:3, Insightful)
Would you rather that RAM sit there doing nothing? Windows Vista has many features that utilize RAM to its fullest extent. Any free RAM on my system is RAM that is sitting on its lazy ass doing nothing. Windows Vista is actually smart enough to user it (Super Prefetch comes to mind) when my applications are not.
I'm actually typing this in Internet Explorer 8 on Windows Vista Business SP1 32-bit on a Pentium M 1.4 GHz with 1 GB RAM, and it's actually quite snappy.
Any RAM on my system that's doing nothing on my System is at my beck and call anytime I want it. The OS never knows when I want to start up Eclipse and JBoss to do some development, or maybe digiKam and convert a couple of hundred RAW images to jpegs. And while that batch is running, I probably want to start doing some image post processing with Gimp.
Re:I have a feeling.... (Score:4, Insightful)
Re:I have a feeling.... (Score:4, Insightful)
Except when you try to use it.. (Score:1, Insightful)
Vista is secure if you do not install any 3rd party applications or connect it to a network. It helps to not use it either, just watch the screen saver and you will be safe.
Re:I have a feeling.... (Score:4, Insightful)
Well they may have been right, but only in the short term.
It takes some time for the bugs and exploits to be found. Even the best OS's will have them. And if not fixed the safest OS one year will be the wide open security hole the next.
That said I seriously doubt they did any real checking to see if what they were saying was true.
The best way to make a computer safe from hackers is to remove the power cord. The second best is to remove all network connections. But both of those are only if you are measuring purely from a safety from hackers and malicious use, as both also remove most all other use of the computer as well.
Re:is the safest, most reliable OS we've ever buil (Score:2, Insightful)
Locked down? In what way? Sure you can lock down both OpenBSD and Linux with additional patches and what not, but quite functional as is? The standard amount of applications and services may differ though, but then there is the question where you draw the line between OS and applications.
For comparison I'd like to draw it so that OS covers things various applications may use, whereas single applications which don't offer anything for other applications would be just that.
Re:I have a feeling.... (Score:4, Insightful)
There is more free software available for windows then there is for all other operating systems combined.
Re:I have a feeling.... (Score:3, Insightful)
That is a distinction without a difference. If you need those drivers to run Vista on your PC, then Vista has a problem. Users should not have to care who writes the drivers, unless you have some esoteric and unusual hardware in your PC.
Hey, I'm not trying to stir it up here, but I'm confused. Serious question here. Why is it Vista's fault if the hardware manufacturer releases crappy drivers, regardless of the nature of the hardware? Driver signing?
Re:I have a feeling.... (Score:5, Insightful)
Isn't that Red Hat's value proposition? Red Hat supplies and supports Linux, yet the components come from multiple sources. If a shitty driver in Red Hat Enterprise Linux is causing problems and I have a support contract, then I expect Red Hat to take ownership of the problem and not just blame it on the author of the device driver.
Re:I have a feeling.... (Score:1, Insightful)
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
Your comment is like saying that an Abrams Tank is more secure than a Mustang.
True, but can a tank get on the freeway without causing a traffic jam?
If the internet was a warzone, would you take the tank which is impervious to nearly everything they'll shoot at you with, or would you take the Mustang, paint a target on the back of your head, and relax, knowing you can have air conditioning while trying to dodge the bullets?
See all those wrecked Mustangs on the side of the road? They too can cause a traffic jam. It's called a botnet.
Re:I have a feeling.... (Score:2, Insightful)
You mean as in no cost and not open-source?
Though very much open-source software run on Windows, and I guess sorta almost all would be able to.
Re:Speaking as an ex-tester - he's right (Score:1, Insightful)
OS X and Linux developers ... are NOT doing anything as proactive as MS in fighting hackers.
Building the fucking OS right the first time isn't being proactive?
Re:I have a feeling.... (Score:5, Insightful)
You are confusing fault with who needs to own the problem. Imagine that I go into a restaurant and the food presented is off. Who is at fault: possibly the supplier of the food, but who am I going to complain to: the manager of the restaurant.
Microsoft continually talks about "experience" -- if a crappy driver spoils my experience, then Microsoft has a problem, even if MS is not at fault.
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
Heh, "since XP," because man, that was freakin' eons ago. Like back before marketshare fell from 63.76% to 63.67% [tgdaily.com].
Re:I have a feeling.... (Score:3, Insightful)
There are ways to make it next to impossible (if not impossible) for a driver to crash the whole OS. Also, it is entirely possible to make drivers marked as "trusted" only after they've got tested by Microsoft. Didn't Apple have something like this in the past ?
When a driver (and not the hardware) crashes the OS, it is because the OS allows it.
However, increasing quality control over those drivers will make most hardware pieces unavailable to Windows, which would hurt Microsoft. It would not be cheap to have a driver "certified by Microsoft Labs".
If I know that, you can be pretty sure people at Microsoft knows it too. It is not hard to figure it out. So, in that regard, Microsoft made a decision to allow that to happen. Was it the right decision FOR THEM ? The money they are making say it was. For the users ? Maybe. It does make hardware cheaper. How much cheaper, I really can't say, so I can't answer that question.
Re:Fail (Score:4, Insightful)
Re:I have a feeling.... (Score:3, Insightful)
Let's continue with your analogy. You take your meal home and add salt. It turns out your salt supplier failed to mention that its really sodium chromate instead of sodium chloride. Who is at fault? Who should "own" the problem?
Re:I have a feeling.... (Score:5, Insightful)
I can't believe that the GP was modded insightful.
Re:I have a feeling.... (Score:5, Insightful)
In the olden days, sometimes it was a loose SATA cable
SATA? Olden days? Come on, it's only been what, like 5 years?
Re:is the safest, most reliable OS we've ever buil (Score:5, Insightful)
Re:That's great... (Score:3, Insightful)
It really means you have to either turn prefetch off on general purpose desktop machines or spec machines to have the full 3GB or so no matter what their purpose is.
The problematic truth (Score:5, Insightful)
(Then there is the fun bit where MS counts every Vista license purchased as a downgrade to XP as a "Vista sale".)
Re:Funny that the tags mention OpenBSD (Score:3, Insightful)
When it comes to exploits vs browsers, mail clients, IM clients, document viewers and such the OS isn't the issue.
Once such an app is compromised, that's when the OS can make a difference...
Comment removed (Score:3, Insightful)
Re:is the safest, most reliable OS we've ever buil (Score:3, Insightful)
It's absurd pedanticism. If Apple says "MacOS X is the easiest to use operating system in the world" do people respond with, no, the operating system that runs my car is easier to use? No they don't because that's obviously comparing apples to oranges. Trying to make a marketing dude look bad by comparing a production desktop OS like Windows to OpenVMS is just time wasting.
Well, Turner is comparing Vista to "open source", which isn't even an operating system. If we decide to be kind and limit the statement to "all open source OSes", he has still opened up quite a can of worms. In either case, that statement isn't limited to "production desktop OSes" (and we aren't talking about technicalities here). I will be very surprised if Vista SP2 stacks up against OpenBSD and hardened Linux.
Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today.
That statement is very far-reaching, and Turner seems pretty confident about that. I'd say OpenVMS is a valid comparison, though a "tamer" one such as OpenBSD would be better. ;)
Of course, Turner is a businessman speaking to other businessmen, not a professor talking to other professors. I'm amused by the bragging, not angered at the inaccuracy.
Re:I have a feeling.... (Score:3, Insightful)
This doesn't translate to a number of software packages. It just means that there are more pages mentioning free Windows software, which is to expect, as you have to search for and download software manually in Windows.
Re:Funny that the tags mention OpenBSD (Score:1, Insightful)
It should be noted that according to your definition of safe the OS is not the issue (something I'll concede for the sake of argument but it actually does run a network stack so it can be the issue). Where the OS really adds danger is how easily privileges can be elevated when something is exploited, or how easy it is for macros to access sensitive parts of the OS, or how easy it is to secretly install software. Remote exploits aren't the end all be all of safety though they do have a place in the discussion.
Especially when MS weakened layered security (Score:1, Insightful)
"Pity that it will be MicroSofts' customers, not MS that will suffer when the hackers, script kiddies and miscellaneous ne'er-do-wells inevitably trash the security for their latest offering." - by m0nkyman (7101) on Tuesday April 14, @05:24PM (#27577555) Homepage
B.S. to this article, on 2 issues, as regards security (AND, bloat/inefficiency), & with 2 concrete examples thereof:
----
1.) THE REMOVAL OF THE PORT FILTERING GUI FRONT-END CONTROLS in VISTA &/or Windows 7, for one thing - Port filtering functions perfectly operating simultaneously alongside software firewalls, & IP Security Policies
(All 3 security "filters" for IP here, run FINE together, even w/ a NAT true stateful packet inspecting "firewalling" router, for example)
They do so in a layered security manner, just like door handle locks (firewall), deadbolt locks (port filters), & chain locks (IP Security policies) do...
(I.E.-> Take 1 of those 3 layers down (which is what many malware seek to do, right away)? The others are STILL IN THE WAY, since they all operate via diff. drivers & on DIFF. LEVELS of the IP stack...!)
AND, FOR ANOTHER?
2.) The issue with HOSTS files involves EFFICIENCY more than security though!
See - in removing (after the 12/2009 Patch Tuesday update) 0 as a valid blocking IP address (vs. the larger & slower 0.0.0.0, & worse still the default 127.0.0.1 loopback adapter address)? MS made a blunder on disk, & made things less efficient in HOSTS files, since the filemass is now larger & WILL be slower to read thru, as well as not being able to 'pack' as many entries into a tinier filespace to read them up from.
(Contributing to inefficiency & yes, "bloat", in doing this latter one... I merely note this, because HOSTS files do have a tremendous security benefit as well - blocking out KNOWN BAD SITES, & making THAT less efficient, is rather dumb!)
----
AND, before I see another "raging/foaming @ the mouth" name tossing reply, like I had here (& set him straight on his misunderstanding) -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27579551 [slashdot.org]
?
Take a read all, & the quote of "ComputersHack"'s there:
"Utter fucking bullshit. Point 1. Port filtering is still there. Control Panel, Administrative Tools, Windows Firewall with Advanced Security. Just because you're too fucking stupid to find it doesn't mean it doesn't exist." - by Computershack (1143409) on Tuesday April 14, @06:37PM (#27578863)
Ok:
It sounds as if you're talking about Windows' Firewall, & its ability to "filter ports" (by known services/ports)? That's NOT THE SAME...
(AND, the one you're talking about operates via Windows' own firewall driver level, NOT the same driver used for PORT FILTERING (or IPSec either, not even same listener ports, like IPSec uses 445 iirc) in earlier models of Windows, unless YOU can prove otherwise... I don't think you will be able to either & I think your understanding of this is limited to be honest...)
SO - Before you go tossing anymore names in the uncouth manner in which you do this?
Take a read here, & realize a few things:
http://technet.microsoft.com/en-us/library/bb878072.aspx [microsoft.com]
----
TCP/IP filtering Allows you to specify by IP protocol, TCP port, or UDP port, the types of traffic that are acceptable for incoming local host traffic (packets destined for the host). You can configure TCP/IP filtering on the Options tab from the advanced properties of the Internet Protocol (TCP/IP) component in the Network Connections folder.
Filter-hook driver A Windows component that uses the filter-hook API to filt
Re:I have a feeling.... (Score:2, Insightful)
Just to expand on what the parent said: Not only is it true for MS, but also true for everyone else. Despite the fact that hardware lacking Linux drivers is more the fault of hardware manufactures than, say, Red Hat, it is Red Hat that take the blame and Red Hat that need to get the hardware working if the manufacturer does not care to.
This is a large part of why Apple has such strict control over what hardware you can use its OS on. Apple makes sure the hardware it sells works with the software it sells.
The parent wasn't using round logic to pick on MS - it applies to both Linux boxen and Macs. Its just that Apple takes control over what hardware you run and Linux companies go out of their way to get the hardware working (eventually) while MS sits back and blames hardware manufacturers.
Re:The problematic truth (Score:3, Insightful)
But not for the OS being unstable. They come in because they can't get their ten year old printer to work. Or, because their friend told them that the Vista is bad. Or, because they're so afraid of computers that they can't handle change.
Look, I'm not saying that Vista is all flowers and puppies, but I only have two issues with it. 1. x64 adoption and support is not nearly wide enough to support the resource requirements. 2. GNS3 / Dynamips doesn't play nice with the UAC and that made for a long afternoon trying to do my Cisco lab for the first time after I installed Vista.
But then the second issue could have been solved if the GNS3 developers had taken a little more time to test it with Vista.
Oh, and 'the rest of us' is not the majority.
Re:I have a feeling.... (Score:4, Insightful)
Don't forget the upgrade from Mac OS 9 to OS X, and the massive lags when just dragging windows around the screen! OS X has been getting faster because there has been so much room for improvement.
Re:That's great... (Score:3, Insightful)
Would you rather that RAM sit there doing nothing?
No, I'd prefer that as I'm using my foreground application, the disk sit there idle waiting for me to ask it to do something, and when I do ask, it carries out that action immediately, rather than finishing the unnecessary swapping it had decided to do for no reason.
An OS has absolutely no clue which app I'm going to switch to next, because often I don't know myself. For all it knows, the memory pages it just swapped out for no reason, I'm going to want swapped back in half a second later. So I have to share my disk accesses with a totally unnecessary swap, and then wait for it to be unswapped. No thanks. Even if the cost of swapping out could be reduced to zero, it's still stupid. There's just no benefit, and at the very least puts more wear and tear on your drive, and on laptops, uses more power.
Re:I have a feeling.... (Score:3, Insightful)
OS X in particular has gotten snappier and more featureful with each point
While I agree with you and have been using Macs since 1993, I feel the need to point out that OSX was so freaking slow upon introduction that there was no way to slow it down any further. I'll give them credit for improving performance with each release, but the responsiveness of OSX 10.0 vs OS9 was truly dreadful.
Re:I have a feeling.... (Score:5, Insightful)
Chinese manufacturers, not Chinese suppliers. There's a difference. Almost no companies run their own manufacturing or fabrication facilities. They're expensive as hell. We're talking in the range of a billion dollars for a facility that can meet international demands. You need to produce an obscene amount of a product just to meet the operating costs of a facility.
Logitech, a company that you can't seriously suggest just "sells some nice stuff", outsources half of their production to third party contractors. What you're basically saying is that Microsoft's hardware division is somehow different because they outsource 100%? How is this right?
And one more thing ... (Score:4, Insightful)
Re:I have a feeling.... (Score:5, Insightful)
When Microsoft controls the "vista capable" logo, the fact that a piece of hardware is branded "vista capable" means Microsoft has reviewed the driver and approved it. So absolutely, they should be responsible.
If they don't want to be responsible for a shitty drivers, they shouldn't hand out the logo to shitty drivers.
safest OS on the planet != safest OS MS build (Score:3, Insightful)
I'm quite disappointed.
The quote says that Vista SP2 "the safest, most reliable OS we've ever built". "we" as in Microsoft.
Since when is Microsoft "the world"?
Re:I have a feeling.... (Score:3, Insightful)
You know what? Wake me up when the antivirus and generally the anti-malware industry goes out of business. THEN we'll know for sure we got a safe Windows OS.
In the meantime, all Microsoft's claims are just more marketing bullshit to me.
Sorry. No. (Score:3, Insightful)
If I can't understand how it does things, and if I can't explicitly enable/disable components as needed, then no, it is not the most secure OS on the planet. Not even close. And as for functionality? Please.
Hint: I can easily build a linux box to be a hardened gateway/firewall/ipsec device out of the box. I don't think windows can do that, nor will it ever with Microsoft's past and current philosophy.
Does windows include a flexible SPI firewall at the level of iptables yet? Can I disable all services that listen on network sockets yet without breaking *something* in the OS?