Microsoft a Weak Link In Possible Cyber War 371
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
Clark is all right (Score:5, Informative)
Re:He said what? (Score:4, Informative)
I guess the point of it is "Is Microsoft the weak link when it comes to security?" to which the only answer can be "Yes." Kudos to the White House team for telling it like it is!
Re:He said what? (Score:5, Informative)
Clarke is not on the "White House team". He retired a few years ago. Come on, people, would it hurt you to at least read the summary?
Windows, vs. LINUX, vs. MacOS X (security vulns) (Score:1, Informative)
"It's not as if people didn't already know about Microsoft's abysmal security record." - by StuartHankins (1020819) on Thursday June 10, @11:16AM (#32523878)
Ok, let's take a peek at that statements & it's "anti-Microsoft" implications, & we'll do so, by simply using the stats of the "latest/greatest" from the "big 3" OS vendors/OS types out there today, from a respected security vulnerabilities reporting website, in SECUNIA.COM:
---
Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]
Unpatched 5% (11 of 217 Secunia advisories)
(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (so, I.E.-> How much more would be added by diff. distros & their softwares/shells (KDE/Gnome), etc.- et al?))
---
APPLE MacOS X SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/96/?task=advisories [secunia.com]
Unpatched (approximately) 1% (8 of 1233 Secunia advisories)
(NOTE: I had to calculate the %, & I + others do NOT like how Apple & SECUNIA are reporting on the errors in security present in Apple's MacOS X there... see the comments below those stats, for an "example thereof"...)
---
MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
---
http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]
Unpatched 13% (2 of 16 Secunia advisories)
REMEMBER/AGAIN: This is the ENTIRETY of Windows 7 being analyzed - not just its kernel, as is the case with Linux 2.6x above... & ONLY 2 security problems are present!
Top that off with the fact that 1 of them IS EASILY "worked-around" no less, in the AERO problem, simply by selecting the "Windows Classic" theme, or, shutting off the "Themes" service!
The other only deals in SSL, for those that run an IIS 6/7 server (which is FAR from everyone, especially desktop users)... so, for example, from the system I am posting on now during lunchtime @ home? I have no IIS running, & thus, I am "proof to it".
----
(Sure, now I am certain I will also see repliers here to my post here say
"but the 2 security vulnerabilities in Windows are 'remote' in nature"
Well, newsflash - ANY OF THESE SECURITY VULNERABILITIES REALLY "BOIL DOWN" TO BEING LOCAL, IN THAT SOONER OR LATER, THEY HAVE TO "TOUCH" THE LOCAL SYSTEM ANYHOW IN ORDER TO EXPLOIT THEM PERIOD! Javascript exploits being the MOST "prevalent" of this type, and where do they ACTUALLY RUN? LOCALLY, inside a webbrowser program's javascript processing engines... turn off javascript (on "every site under the sun", & use it only where you HAVE TO and where you can trust the website)? Problem solved!)
---
So, can Windows be secured far better than it comes "out of the box/oem-stock"? Absolutely. Heck, any OS usually can be... such as is shown here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):
http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123 [theplanet.com]
(Much of what's in it "principles-wise" (uses the concept of "layered security") & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X (done via Apple's guide for this, no CIS Tool exists for MacOS X, sorry) + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also (again, except MacOS X, but Apple's got a GREAT GUIDE for this too
Re:Microsoft created this problem (Score:1, Informative)
All the same old ERRORS over and over again. Please, don't do that. It's all wrong.
1. MS helped popularize the PC: So did IBM, Compaq, Dell, Lotus, Wordperfect, Ashton-Tate, Activision, Id Software, and so on, and so on... How many of the early PCs were sold because of MS Software? Probably none. So saying MS helped "to a large extent" is just a joke.
2. MS software is weak because it is more prevalent: Simply false. The majority of servers on the Internet DO NOT run MS software. Yet, those who do have been reported the most vulnerable over and over again. The reason for the brokenes is not that it's a bigger target, it's because it's a WEAK target.
3. Without MS (or the PC) there would be no Linux. So wrong. There was UNIX and BSD looong before Linux. The GNU guys had a very complete toolset in place, also. And by the way, the PC had to fight to quite a lot of other contenders to become the de-facto platform. There was Amiga and Atari, for example.
Also, your final conclussion is just ridiculous. Locking Windows in any device doesn't make it more secure, but just the opposite. And remember that Intel, AMD, VIA, Dell, Oracle, IBM and many others, all back Linux today. Almost everybody except Apple and Microsoft, of course.
Re:Microsoft's Business (Score:4, Informative)
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. The level of complexity between Windows and OSX is incomparable. OSX works on like 5 hardware configurations, while windows will run on pretty much any hardware.
Uh, no. Windows runs on one, and only one platform, the x86 (x86-64 is still x86). OSX used to only run on RISC (PowerPC) but recently made the switch to x86 as well. It should be noted that Apple did a pretty good job making the old stuff written for RISC run on x86 for a time in order to complete the transition. The core of OSX also runs on a few different mobile platforms as well for i-phone/pod/pad devices.
Linux will run on just about anything. Sure, you can't download the latest Ubuntu and install it on an Alpha based machine, but you can find Linux distro's designed for just about any platform.
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
Linux is easier to set up or operate than either Windows or OSX. The problem is that 99% of all computers sold come with either Windows or MacOS installed, so it's what people learn. Once you learn a system, it is easy to you, even if it's some antiquated, console driven, remote accessible Unix app.
MS is having problems selling upgrades. Why do you think ~90% of businesses are still on XP? Because it was/is a useable, relatively stable OS that did what people wanted.
People are not upgrading because XP is good enough and it's cheaper to keep running XP than it is to upgrade. Even if the OS itself was free, you still have to pay your IT guys to create an image for every machine config in the office, install it, train your employees to use it, and pay for the downtime they experience backing up their old stuff and learning the new OS.
You can say what you want about MS, but the fact is, they are the best OS for Businesses, and most consumers
No. MS produces the OS used by most businesses and consumers, therefor, it is what most businesses and consumers choose when they upgrade. It's easier to make the upgrade from XP to 7 than it is to upgrade form XP to Ubuntu 10.4, just as it's easier to make the move from Ubuntu 9.10 to 10.04. When you upgrade to a newer version of your current OS, odds are that you lose nothing. If you switch OS's entirely, you have find replacements for every application you currently depend on and still convert all your files to the new format.
When Linux is usable by joe user, I'll take it seriously.
My three year old daughter runs Linux and she can't even read yet. Hopefully Joe User is more savvy than an illiterate three-year-old.
Re:Summary misdirected (Score:5, Informative)
While true, by the time MS became an expensive option it no longer mattered - millions of people were already locked in.
Back in the days, MS (and the cheap hardware they ran on) were a cheap option compared to Novell, Sun, DEC, SGI, IBM, Apple and all the other highend vendors... MS and x86 were massively inferior to everything else on the market, but with such a huge price differential they were able to make it up on volume...
Ford cars are clearly inferior to Rolls Royce or Ferrari, however you see a lot more Fords on the roads for the same reason. However, cars are standardised enough that its impossible to lock someone in, thus ensuring there is a healthy level of competition in the industry.
Re:Windows, vs. LINUX, vs. MacOS X (security vulns (Score:3, Informative)
Look at the severity of the advisories (They are rated from 1-5). Neither windows nor Linux has any unpatched vulnerability rated higher than "less critical" (i.e., neither has anything unpatched that is 3 or higher). So for vulnerabilities >2/5, they both have a 100% patch rate. The difference is in "less critical" advisories, (1 or 2).
Window's 7, in its short life, has had 8 advisories rated "less critical" or lower. Of these 2 are unpatched. That means the patch rate for less pressing vulnerabilities is 75% (a full 25% are unpatched).
Linux (if I counted right) has had 191 advisories that were rated 1 or 2, since 2003, of these 11 remain unpatched, or ~5.8%.
The difference in the overall patch rate is due to the fact that far more of Window's vulnerabilities have been critical, >3/5, (specifically 12 of the 20) than linux's (26 of 217).
Also note that linux has never had a vulnerability rated 4 or 5, it's highest vulnerability has been a 3. But eight of Window's 20 advisories have been 4's and one was a 5.
Re:Windows, vs. LINUX, vs. MacOS X (security vulns (Score:5, Informative)
It's a frequently used troll post. It has been completely debunked in the past several times. All of the critical bugs listed for the Linux kernel, for example, were local exploits only -- NONE were remote. In contrast, Microsoft's exploitable bugs are famously remote exploits meaning they can be done over a network connection. Mac OS X is another bag of worms... but thankfully, Apple controls and limits its users such that it will never be big or ubiquitous enough for large scale general use like Windows and will never likely get used in critical government or business operations.
Re:Windows is widely used where it matters (Score:3, Informative)
http://news.cnet.com/8301-1009_3-10413951-83.html [cnet.com]
they already have - seems like they did exactly what they did with other setups..
Re:Windows, vs. LINUX, vs. MacOS X (security vulns (Score:3, Informative)
That's not a troll post.
Even if his post is false,
It's a troll for one very simple reason. He's including 2.6 kernels from 2003 and comparing them to Windows 7 which uses the NT 6.1 kernel which is a derivative of the NT 6 kernel used in Vista. Intentionally distorting facts to support your argument is trolling. Furthermore, he's bringing up secunia stats as if that is the whole story without mentioning the relative severities. Of course, it's a red herring anyway as I've already pointed out.
Re:Debunked? Then do so now... lol, good luck! (Score:3, Informative)
I have checked various registries of accreditation and do not find Anonymous Coward in any of them. Perhaps you should start by revealing your identity and proving your assertions of credentials. Next, don't assume I have less experience and no accreditation. I have a degree. I have certifications and I have been in the industry since I was 16... I am 42 now. I have experience with everything from mainframes to the most obscure PCs and just about everything in between. I know the lay of the land. I know it too well. I was there for the birth of Unix (sort of... it coincides with my own birthday) and have followed the tech since then. It has been my life and obsession. Do not begin to believe that degrees and certifications even BEGIN to make someone qualified to understand what is really going on.
What you have is "product training" and little more.