According to a notation tucked into the DOJ’s joint statement with Microsoft regarding continued compliance with various agreed-upon standards and remedies, Microsoft expects Service Pack 1 for Vista to be in beta by the end of the year. In addition, a Microsoft security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP.
This report is full of contradictions.
Another part of the study also says that Vista is safer than XP, Ubuntu, Mac OS X and RHEL 4! (After the first 6 months) – see here: http://www.betanews.com/article/Vista_Security_Report_Raises_More_D…
So… I’m naturally confused. Vista cannot be better than and worse than XP at the same time in terms of security. So which is it?
(Never mind that the graphs are stacked against open source distributions b/c of more packages installed).
The Aristotelic Principle of Non-Contradiction says that a thing can’t be and not be at the same time and at the same way: a man can’t be at the same time and way “young” and “old”; Windows Vista can’t be at the same time and way “secure” and “not secure”.
This article is a in contradiction and (Aristotles said) when you are in contradiction you don’t say anything.
In fact, Aristotles is the moral father of modern computing: “non-contradiction” and “third-not-given” are the principles of Aristotelic logic, dialectic, metaphysic and even Pascalian programmation and binary mathematic.
It would appear that :
a) you did not read the entire article
b) did not read the article at all
what ever the case may be, the article does not state that :
a) Vista is secure. nor
b) Vista is not secure
It just states the number of unpatched publicly known vulnerabilities end compares the same with XP. Nothing more and nothing less.
From Shkaba:
It would appear that :
a) you did not read the entire article
b) did not read the article at all
what ever the case may be, the article does not state that :
a) Vista is secure. nor
b) Vista is not secure
Actually.. the article says more – hence my question of
“better and worse at the same time” and I quote:
The data was published by Jeff Jones, a Microsoft security strategy director, who said that overall, Vista was doing better than XP. “Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to its predecessor product, Windows XP,” he wrote.
Edited 2007-06-23 00:09
Weren’t we told Vista has WOW factor?
BTW Aristotelic Principle of Non-Contradiction doesn’t apply to quantum physics.
Actually, technically non-contradiction does apply to quantum physics.
Not in the sense of “is something” or “is another” (at least is what I understood from the original post).
“BTW Aristotelic Principle of Non-Contradiction doesn’t apply to quantum physics.”
And so in Einstein, too: “all is relative” is contradiction; all is an absolute and an absolute can’t be relative. Non-Contradiction is a metaphysical principle, “meta ta physika”, after(last for us)/over(first by nature) the physic. Physic is not perfect ’cause is becoming, not the “causa prima”, pure act.
Actually, if you read the PC World article (I don’t know why you’re linking to betanews given that it isn’t the article in question), it actually states (be it terribly done) that in raw numbers Microsoft has left more security holes open than with Windows XP.
However, if you look further down, it actually depends on how you categorise them – hence the ‘contradictory statement’ (put in quotations for a reason) because of the way they actually classify whether they’re a threat.
Now, why this; because of the ‘new security model’ used in Windows Vista, it makes security vulnerabilities in Windows XP that would have been devastating, rather benign. For example with the ‘sand boxing’ of Internet Explorer, security exploits relating to the said application won’t have the same level of security elevation on Windows Vista where as in Windows XP.
Now, with that being said, how they classify it doesn’t change the fact that it is a security issue; and its unfortunate to say that it seems that Microsoft has become more lazy since adding those ‘security features’ to Windows – there is no longer a push to actually address issues in an expedited manner rather than the how-hum way they’re approaching the vulnerabilities still left open.
Welcome to 6 months ago.
As a PC Tech that handles XP, Vista, Linux and OSX the only real problems arise on a copy of XP without current updates (seems clicking on the update icon in the tray it too much for most users to do) I have never ran across a OSX, Linux or Vista security issue (Virus, Rootkit, ext) also I have seen 1 virus infection in all Windows computers that I have worked on since Win 3.11 “Ripper Virus on a local BBS” (I have worked on over 10,000 PC’s since then. The biggest issue I have had was with XP due to users downloading porn from file sharing apps which has been taken care of by the UAC that everyone hates so much (To be honest one very large portion of my business cleaning spyware & rootkits has stopped dead since Vista’s launch and I am glad of it) The users still do the same thing but UAC at least makes them think about what they are doing better than any AV app on the market (and cheaper too)
Which is why I believe that statistic is from PC World is completly false. PC World which just happens to be very bias against Vista. I would Love to see how much revenue they make from Microsoft vs Apple in terms of advertising. If you read at least 3 articles you can tell their the target reader is a young Mac user with bootcamp who loves a flame war kinda like a Fox News for pc’s
At least when a Linux or a Mac user posts something negative on this board about Vista most of the time it turns into a informative debate but, if you watch the article’s comment over at PC World they will most always all be the same type of comments like “Get A Mac” “Mac Rulez”
“I have seen 1 virus infection in all Windows computers that I have worked on since Win 3.11 “Ripper Virus on a local BBS” (I have worked on over 10,000 PC’s since then.”
You live is Utopia, or Never Neverland?
I’m not sure it’s possible for me to go a week without seeing a Windows system infected with a virus(s), and I’ve worked on a hell of a lot more than 10,000 pc’s over the past 22 years.
To say you’ve seen only one virus since Windows 3.1 totally destroyed yer credibility. Ain’t a PC tech on the planet could make that claim.
Why would not exaggerating a my experiances managing computers hurt my credibility?
What I was stating was that there was a ton of spyware, pop ups and every other problem you can think of but never viruses I own a IT group with 21 employees under me and still to this day I have only detected one virus (every workstation or home pc that comes through our door to be analyzed or at the job site depending on the contract gets scanned by 3 major AV venders software)
one thing we stress in our business to teach our clients is prevention. I personally believe that with proper prevention such as what documents are more likely to have viruses when recieved by email whenever there is a new worm (most of our employee’s and myself are news junkies including myself)we first find a temp solution or the patch required and have it deployed in each business or email each home user and make sure the fix is deployed that day. The difference is the home users usually are lax with their security which is why I made my statement about the unpatched systems with spyware.
We do use server based virus scanning (Web,SharePoint,Exchange) but there is no reason with a properly designed infrastructure to have client installed A\V
Edited 2007-06-23 00:40
I think you’re perfectly fair in your assertion. A well looked after Windows install can remain perfectly virus free given the users have been properly clued up on the basics of being security concious.
The announcement of Vista SP1 is good news, esp. since a number of reviewers have been saying “stave it off until SP1”.
That hits the nail on the head.
Reviews are telling people not to touch Vista until at least SP1, then Microsoft gets SP1 rushed out the door.
Increased sales of Vista after SP1 ?
I think not. There is more apathy towards Vista than there has been for any operating system. Even OS/2 had people salivating over new releases. Windows users were like this up to XP, now, they just do not care.
Vista has problems, but most of them aren’t with the OS.
Five years of hype didn’t helped it. After a while people just get tired of hearing about something they can’t buy.
Following a great act like XP hasn’t helped either. XP is a very competent operating system, and has been honed for years. This isn’t ME to XP or NT to 2000. This is 2000 to XP. There really wasn’t any compelling reason to switch from 2000 to XP at first either. I can remember some one writing off XP when it first came out as 2000 with an ugly default theme.
A lot of people are taking this opportunity to really push alternative operating systems. And why not? The alternative are competent, so why not see if they can hook a few people. I’m working on my laptop which has Ubuntu on it right now.
And finally it’s really hard to get people excited about kernel enhancements. I get excited, but I’m weird.
I’m running Vista as my MS OS right now, and it has grown on me since I first installed it. There are still things that I don’t like about it, it’s heavy, but for the most part it’s a good evolution of the Windows line.
I don’t like SPs, they turn the computer slow, but hey, it’s more secure at least!
Service packs don’t usually make computers slow. sometimes they add new functionality, but they are mostly just bugfixes. Anybody who just dismisses SPs is asking for trouble
“
”
I wouldn’t go that far. XP SP2 was famous for completely c*cking up digital studio desktops. I lost count of the number of electronic music producers that had problems with the core function of thier machines (to engineer electronic music) since upgrading from SP1. Systems like these are usually dedicated systems without an internet connection so the bugfixes were mostly unessissary.
Also one of my colleagues webserver went down for half a day after he installed a service pack (though the update was vital, it’s another example of how windows updates aren’t as reliable as you seem to suggest).
“Also one of my colleagues webserver went down for half a day after he installed a service pack (though the update was vital, it’s another example of how windows updates aren’t as reliable as you seem to suggest).”
I never said that there isn’t the occasional problem with updates, however, the opposite is true, neglect your updates on an internet connected system, and you’ll eventually pay.
There is a difference between dismissing a service pack outright (which I have seen hundreds of times, people who had an XP SP1 box owned to hell and back because some idiot told them SP2 sucked) and doing some testing, making sure that everything works, or can be fixed if it doesn’t. If it breaks an important app, you may have to wait, but otherwise, on standard computers, running standard office and web apps, applying those bugfixes is better than the alternative.
Sounds like a whole lot of damn work.
The only way we got our virus levels down is to take all admin rights and ability to install programs from users.
Then we had to spend weeks (Still do) and months to make GPO’s for our network to get 100’s of applications to run without admin privileges.
What a mess. But we have lowered the amount of worms and viruses (Even though we have spent almost as much downtime making GPO’s)
It just sounds to me like you guys don’t do a great job at your work. Maybe if you learned about how to do it the right and efficient way instead of just complaining, you wouldn’t have to spend so much time with your “100”s of GPOs.
Why the heck were your users admins in the first place anyway????
Please be my guest super admin. You tell me how to get applications like Visual Studio.net with IIS to run on Windows XP without admin privlages in an enterprise without using GPO’s?
(This I have to see)
Also please tell me how you get those same applications to run without a user having some form of admin privlages? How to you stop and start the IIS service without being an admin etc. (Remember this is in an enterprise with 1000 users needing the same access)
It’s funny how people get on and blast you for not doing it the right and effcient way but yet don’t tell you want that right and effcient way is! LOL!
Why the heck are you even bothering to admin dev boxes? If your devs are expected to write code for and administer IIS, the access they need is easy to elevate to full admin. There’s no reason to try restricting them. Would you trust them to program your front line web applications if you can’t trust them to administer their own boxes??
If you really must lock it down, following this whitepaper (http://download.microsoft.com/download/f/f/8/ff8c8040-d1a7-4402-90d…) should not take more than 30 minutes of implementation and a few days of deployment testing (which may take an hour or two to set up and a couple hours to process the feedback).
I think if you start with a “Windows Sucks” attitude, you’re not doing yourself or your employer any favors because you assume things can’t be done simply. If you have questions on how to do something that you’re stuck on, “NT Mojo” on the Ars Technica board has some pretty good advice usually. It’s really not that hard.
LOL! I see you didn’t fully read my first posting that you were so quick to jump on..
The subject was how to make sure your Windows machines do not get viruses and worms. To make sure in an enterprise setting your best bet is to lock the machine down. (Also if you want to pass IG, State Department and NSA Windows security policies then 98% of your machines on your production network have to be locked down.)
Now I know you are saying “Why would you have any of your developers on your production network?”
There are several reasons for this, one being that a lot of the servers the devs work on are in production and they can’t be reached properly from the dev network (As the two networks are firewalled off from each other) Also we have a lot of mix use servers that got jumbled together when we migrated from Banyan to NT to 2000 to 2003 etc, etc, etc.
Also it has nothing to do with “trusting” your users, in any environment it only takes one user to infect the whole network. And ANY one on here who works in an enterprise knows you ALWAYS have that one user who likes to try and tinker with everything. (He is usually your best developer as he knows the ins and outs of everything and how to use the most obscure applications.)
And I have read that white paper. And as I said two postings before HOW do you implement that in an enterprise? You can’t touch 1000 machines by hand. You would have to create a GPO for that so it will apply to all 1000 machines. You also verified the other thing I said: “should not take more than 30 minutes of implementation and a few days of deployment testing (which may take an hour or two to set up and a couple hours to process the feedback).” Right and then you apply that ratio to all your applications (100’s of them in my case, most of which have no white papers) and you are talking about weeks of time spent.
Oh and I am not sure if you work in an enterprise but most (If not all) large Microsoft shops don’t leave this stuff to me or other in house staff to come up with. They call in MS consultants who tell us what and how to do and then we implement what they give us. I don’t assume anything.
Anyway my point of view is not coming from how hard it is to do these tasks, it’s coming from having done them and knowing what it takes.
But I am not trying to fuss at you or put you down. What I find here most of the time are people who come at me and others, yet have not worked in an enterprise. I work for the US federal government (Woopy dooo) and the agency I work for has about 5000 plus employees in the US alone (With 100’s of others in almost every country in the world)
One time I got on here and was talking about how our agency has about 150 domains and about 160 (If not more) exchange servers. Man some guy jumped on me (That is stupid, you guys don’t know how to set up an enterprise, why would you have 160 exchange servers) And my question was: โ How do you guarantee local messaging at the remote site(The ability to message to your office mates and others)if the link between the remote site and the HQ (Where all the exchange servers would be if we wanted to have less servers) goes down, without having an exchange server at each remote site?โ
Still waiting for my answer on that.
Edited 2007-06-25 13:24
Yeah, not too many people got away from the blaster worm or Sasser.
I have worked with 1000’s of Windows machines also and at the government agency I work at when the blaster worm came out some of our machines got hit. (Not all)
But the DMV for the state of MD went down (5000 plus PC’s and servers)
I mean Windows is more secure now then it has ever been but Windows has been exploited more then any other OS.
The thing that is funny is that the Internet runs on Unix and Linux yet the internet hummmmms along with very few problems. (There are some) But if the net was mostly Windows we would have ALL kinds of issues.
Uptime issues, patch issues, worm and virus issues.
That’s an assumption.
It’s a safe assumption. Seriously.
Microsoft does a good job on the desktop, and a fair enough job in the server room. But let’s keep things in perspective.
“The thing that is funny is that the Internet runs on Unix and Linux yet the internet hummmmms along with very few problems. (There are some) But if the net was mostly Windows we would have ALL kinds of issues.
Uptime issues, patch issues, worm and virus issues.”
Because “Windows” PCs do participate on the Internet, we actually do have these issues. Why do you think the majority of mail service loads is spam (more than 90%)? What makes DOS attacks successful? How do criminals gain subnet and server informations en masse that easy today?
Of course, the “innermost” parts of the Internet, such essential services as routing, ARP et al. are usually not done by “Windows” PCs. I won’t try to imagine how the Internet would look today if it would… but remember, kids, MICROS~1 invented the Internet… ๐
I hope (!) that “Vista” and its successors will be a less important threat to the Internet as its predecessors were. But if I’m honest, mostly it’s not the OS that is the main problem, it’s the users that do not care leaving their PC easily accessible to criminals. Maybe reducing the responsibility for users is a way here, because educating them and trying to make them aware about the danger they are to theirselves and to others does not work, sadly. So I hope MICROS~1 will be able to stuff the majority of security holes and OS problems with this early service pack, furthermore I hope OEM traders will have it already preinstalled if they need to sell their PCs with “Vista”.
Its good that windows aint on 99% of cell phones or people would try to create worms or other disasterous programs by exploiting the mobile windows system even more than ever , i myself cannot say im too happy with my
cell phone SE k750i since it has no real OS no WIFI no wavetable soundchip(jar games run with crappy sound a la adlib quality) like the much older and cheaper model t610 which had wavetable but was limited to free space.
I got the k750i as a gift from a friend if i bought a new phone i would choose a quality product with wifi and wavetable unfortunately celphones have very bad specifications when it comes to wavetable and sound quality if it has mp3 function its ok for sound to suck
so my point is:
Windows has the virus enthusiast incluiding scripting kiddies support, celphones has lacking sound and non technical people never complaining about that .
Nintendo was an 8bit platform most of us loved but became in time too child-oriented(no sequels to kid icarus, ice climber or bionic commando) and lost a good fanbase. Amiga died and fanboy platform amiga.inc is only making it worse by mixing up judges and lawsuits against its flashy new amigaos4(the new flashy os nobody can get the computer for) which has nothing to do with the OS developers
So:
Windows = exploit researchers, script kiddies viruses, malware/adware/bloatware/overactive desktops
Sony Ericsson = back to the crappy soundchip past 1990
Nintendo = Thinks every gamer is an infant
Amiga = Lawsuits fixes everything just as long as we get cash f–k open source movement
Edited 2007-06-24 01:29
To say you’ve seen only one virus since Windows 3.1 totally destroyed yer credibility. Ain’t a PC tech on the planet could make that claim.
Why? It’s really not a big deal to secure Windows boxes from NT on. All that you have to do is …
1. Make sure that your users run as non-Admins.
2. Keep the software updated.
3. Use a decent firewall.
Done. The general problem is that many organizations don’t do these things and, hence, they suffer the consequences.
I follow these simple principles and I’ve never been burned by a virus, spyware, etc. Am I atypical? Sure, I am. But suggesting that it isn’t possible to do this is ridiculous, unless you simply don’t know what you’re doing.
Over 10k computers? wow, if we say you have been working on computers since that virus day in, what? 1993? then thats 2 computers a day, 365 days a year for 14 years roughly
It’s not impossible. I’ve build and fixed 10+ computers a day in my previous job, effectively every day of the working week. Believe it or not, some jobs are that busy.
Edited 2007-06-23 02:54
wow Well, I’ve done 30-50 in one day at work a few times. when we did systme upgrades, all machines running at once, doing updates and stuff. but im almost nEVER that busy. MAYBE 1 a day, 5 days a week. if im lucky.
I have a very cushy job
Yes, you do grrrrrrr
Now, us normal techs, 100000 is no problem, but we never complain about it, do we ?
I envy those people who only work on one machine every couple of days
lol
You guys are soft. When I was young, I only got paid if I built 4,000 computers a day. We worked 70 hour weeks in an underground bunker without air-conditioning. The lighting was broken so we worked solely by screen glare, and the 1/2 hour lunchbreak we were allowed, included a 3 mile walk to the cafeteria.
Luxury.
When I was younger, we used to work in a shoebox, in the middle of the road.
We worked 135 hours a day, starting 10 hours before we went to bed.
We had to lick the road clean with our tongues before we started work.
After 3 weeks we were allowed a mouldy sandwich and a cup of cold tea.
We did not have a union.
My issue with Windows has never been Viruses etc. I’m a OS X user, but also run XP all day (both work and home from time to time). Another user at home has an XP machine that has been riddled with every known thing known to XP (not sure how she did it, but within 2 weeks, she had 100’s of them).
I cleaned up her machine (well, OK, reinstalled it) and gave her a few simple rules, now like me, she runs virus and spy free AND had no virus checker. If you follow a few simple rules, you won’t get viruses or spyware etc, even on XP ๐
There are myths about Macs I hate to hear over and over. Thing is though, us Mac users always give PC guys grief over viruses etc… If we educate people, they will stop too…
I’m calling BS on this one too. Nearly every pre-SP2 XP machine that ever came to me for cleaning over the past few years had several viruses, along with the usual spyware and rootkits. In almost every case, it was a guy, and when I asked him to be honest about his browsing habits he would invariably say “yeah I went to a couple of porn sites”.
Another interesting thing to note is that in every case, these machines either had no antivirus installed, or they had Norton or McAfee. On those that had Norton or McAfee, either the subscription was expired or the user had at some point turned off the protection (probably so they could get to the aforementioned porn sites without a warning or block).
After giving them a short education on the necessity for running a current antivirus on XP, along with an update to SP2 and an installation of Avast or AVG when necessary, I almost never got a subsequent call from that customer. When I did, it was usually something like “my son installed some game and now my computer is frozen” or some variant, but never a call for virus removal.
There’s no contradiction. Bugs do not necessarilly mean security holes you know. Vista is full of little UI bugs for example, but I believe it’s more secure than XP.
When I worked as a bench tech I saw ALOT of XP machines with viri and spyware daily. BUT…. they all had things in common….
1. Norton AV, McAfee AV, or no AV installed.
2. Software firewall missing or not installed.
3. No patches AT ALL… no SP2… No hotfixes…
4. All had P2P software installed.
5. When asked, all said they do not use a DSL/Cable Router at home.
6. No spyware protection.
I’ve used XP since 2001 and I have NOT ever had a virus infection, I may have had some spyware, but nothing I had to reinstall from. All things above can be fixed for about $70US and that’s for the router.
Windows XP can be somewhat secure WITH user knowledge. the problem is that most users don’t have the knowledge.
Yes and a car can be driven more carefully with a good driver, it’s not really the point is it.
The fact is that Windows is sold for the new user which is where Microsoft get most their money from, it’s not done a good job at all upto now. Vista seems to be better apart from the much higher specs and bugs.
what you do isnt secure windows, and windows doesent get a shitpoint more secure from it, what you do is HIDE windows, so it wont see the “nasty” internet.
oh btw, i dont need to hide MY box, and these things still do not happen.
The end effect of what he does is the same isn’t it?
And running without any kind of firewall (as in “not hiding your box”) it’s not very wise either regardless of what OS you use…
You seem to have missed most of the point of his post. The router is only one fix; he implied that that is the only one you’ll spend money on. Running antivirus/antispyware, keeping up with security patches and updates (including SP2), not running P2P software (my personal opinion here: Use bittorrent instead and be extremely careful of what you download from torrent sites), and overall just being vigilant will all go towards having a secure Windows-based system.
Oh, and I guess you’ve never heard the term “security by obscurity”? It’s not the be-all-end-all of security by a long shot, but it’s better than nothing.
…but is it any good?
Sorry, can’t resist a pun ๐ Mod away!