Select a language to translate this page!
Powered by Microsoft® Translator
There’s been some coverage overnight about the security of Windows and whether or not one particular company is reducing its use of Windows. We thought this was a good opportunity to set the record straight.
There is some irony here that is hard to overlook. For starters, check out this story from Mashable a few months ago where it was reported that Yale University had halted their move to Gmail (and their move to Google’s Google Apps for Education package) citing both security and privacy concerns.
The Financial Times article states that:
Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.
Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.
The facts don’t support the assertion.
When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.
An article today by InfoWorld discusses how Macs are under attack by high-risk malware – the article goes on to ask if this is a future sign of things to come for Apple and security. Microsoft makes the security of our customers a huge priority. Here are some examples of the things we are focused on to help make our customers more secure:
For more on Microsoft and our investment in security, I suggest reading the Microsoft Security Development Lifecycle Blog.
Wow, blaming a 9 year old web browser for your poor mistakes in Security Administration. If this had happened to a 9 year old version of Netscape running on Windows, would they still blame Microsoft for their laziness? Even recent versions of Chrome have been discovered to contain security flaws. Does that mean they should stop using their own software too? Lets see, there are things called IE 7, 8, Firefox, Opera, your own web browser named Chrome, using security software (both free and commercial).
Also, what about choice, openness and freedom? I thought this was Googles mantra of using what you want. Next they will stop allowing Mac's because its not open enough. Then they will say, we already have our own Linux, its called Chrome. Steve Jobs is right, this Company is telling untruths about Do No Evil.
I wonder what its gonna be like developing for 20,000 machines running a combination of Linux, OS X versus 1.3 billion Windows systems. Talk about shooting yourself in the foot. I think this is nothing more than a PR Stunt intended to rev up the engines for Chrome OS. And it has back fired too, a major flaw has been discovered in OS X that can allow an attacker to spy on users who visit popular website or download popular OS X software programs.
"When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else."
Which hackers are telling you this? Quotes please. I want to know the name of the hacker who told you this so they can be criticised for saying it.
The only hackers who would have told you Windows is more secure is the ones who did irresponsible disclosures and want people to believe in their own minds that Windows is more secure now because of those irresponsible disclosures.
They, people like HD Moore want to make people think they made Windows more secure, its not more secure and your irresponsible disclosures did nothing to help security, Windows is still as insecure as it was 10 years ago.
Get me the names of the hackers who told you this I can guarantee its the ones who all seem to live in Austin, TX and all seem to work on the Metasploit project.
They aren't the only hackers in the world, but they are the ones who do the irresponsible disclosures and want to kid on to people that the irresponsible disclosures they made have made Windows more secure.
They are kidding you on if they told you Windows is more secure if only to try and get a name for themselves, and to make it look like their irresponsible disclosures have worked.
They know deep down the irresponsible disclosures didn't work and only helped out the bad guys, and they know deep down Windows is as insecure as it was 10 years ago.
If they tell you otherwise they are BS'ing the security industry to self serve their own self interests, to get a name for themselves and to try and legitimize their irresponsible disclosures.
A lot of people are gullible in the security industry and seem to believe what is being told to them, the fact is Windows is as insecure as it was 10 years ago.
Anybody who tells you otherwise is lying for their own agendas.
For starters, check out this story from Mashable a few months ago where it was reported that Yale University had halted their move to Gmail [...]
I clicked the provided link, read the article: it does not say "halted" but "delayed". Big difference. More so as it appears that since then, the Yale IT people got now closer to clinching the deal on Gmail. Here is the latest update on this story:
Incidentally, in this last article, one reads this interesting quote (which neutralizes the whole point of this blog post as it relates to Gmail or Google Apps):
A survey released in fall 2009 by the Campus Computing Project revealed that more than 80 percent of American universities were either using or considering using cloud computing e-mail providers such as Gmail, which store data in many geographically scattered servers, rather than centralized locations. Of these schools, the survey found, 65 percent of private research universities eventually chose Gmail, with another 32 percent opting for Microsoft’s services.
n3td3v, are you still running Windows ME? Why else would you say Windows security has not changed in 10 years? I think you are due for an upgrade. Windows security is not perfect, but it sure has had major improvements in the last 10 years.
n3td3v: If you aren't smart enough to follow the hyperlink and read the linked article for yourself, I doubt your smart enough to find any real hackers. Your obviuosly just a h8ter who loves to spout off. Go away and learn how to use the web. Look at how many security vulnerabilities have been patched by Apple and Google compared to how many have had to have been patched by Microsoft, you'll find that Apple and Google (along with Adobe) are leading the industry in number security vulnerabilities they've had to patch.
csemaan: There are just as many, actually more, cases of people leaving Goole technology, either Google Apps, or GMail, than there are cases where they have switched from Microsoft technology to Google technology, www.misaustralia.com/viewer.aspx is one example.
I'm not a Microsoft fanboi for the sake of it. I'm a realist. The facts are that Microsoft has more investment and experience in implementing actual security measures that work than Google and Apple and most other industry leaders combined. Look I use Slackware, SUSE, Ubuntu, and I've used Chrome etc. And I've always discovered that Windows just works better. There is a reason that it still holds more than 90% of the market. I admit that I don't use a Mac but that's because they are way overpriced and they are more of a fashion statement than a real computing device unless you bootcamp them. :-) (yeah that was just a stab).
@n3td3v - please see above post which links to CNET article of an interview of Marc Maiffret. I am also forced to completely disagree with you that the state of security in Windows is in the same state as it was 10 years ago. That is simply not true. The security features in Windows 7 (which I posted about above) are good examples as to how this isn't true.
@csemaan - I see "halted" as the same "delayed - at least in this situation. The Mashable article included no date for which Yale intends to actually go forward with the move to Google's services and only states that Yale's Information Technology Services (ITS) division intends to gather more feedback from the community before moving forward with plans to move to Google if at all. So based on the article - to me it seems plans have halted even if for the short term. The article you included in your comment about Yale doing a committee isn't anything different than what the Mashable article included about them gathering more feedback from the community. To me, it doesn't look like they are any further along than simply continuing to gather feedback and research before moving forward with any move (to Google or otherwise).
It doesn't matter what buzz features you have in your product, the fact is Windows computers are still being compromised at the end of the day and nothing has changed. A leading web company has lost confidence in Windows now and is discontinuing its use of Microsoft products. When you haven't got a Patch Tuesday every month where multiple vulnerabilities are being addressed, get back to me. In the mean time, we are still exactly where we were ten years ago. Vulnerabilities still exist, and Windows is still being compromised, thats the bottom line. The first indication that Windows is more secure is when there is no need for monthly patch releases and I don't see hackers handing in vulnerabilities anymore to iDefense, eEye, ZDI et all or randomly disclosing 0-day vulnerabilities on a mailing list. It's been happening for the last ten years and its still happening today, so what's *really* changed in the last ten years? Apart from buzz features which make the consumer "feel" more secure, but in real terms aren't more secure.
@n3td3v as much as you want to consider the features I listed above as "buzz features" - they really aren't. They are features designed to protect Window users and just look at the success shown with IE8's SmartScreen Filter alone. You talk about Windows PCs being compromised and Macs getting compromised are on the rise (see InfoWorld article I link to above). And we are not where we were 10 years ago. What's really changed in the last 10 years is Microsoft has invested quite a bit on less "buzz features" and more on security. If you recall back with Windows XP SP2 - we stopped everything to focus on security in Windows. And then Windows Vista introduced UAC which we streamlined for Windows 7. UAC is certainly not a "buzz feature" - nor is ASLR. Or SmartScreen Filter. We've done a lot in the last 10 years to make sure Windows users are more protected than ever before from attacks. And your statement about when Windows will be "more secure" is when there is no more monthly patches - how does that work with Apple is routinely shipping security patches (sporadically instead of predictably as we do with Patch Tuesday) to their own customers as well to keep them safe (which is good Apple is doing this)?
Here is some more about MAC OS X being vulnerable:
The sheer omniprescene of Windows, makes it an attractive target for malware writers & hackers! That does not mean a Mac OS X or a Linux is necessarily more secure than the Windows operating system! I wonder how long a Mac or a Linux would survive if they were to face the same barrage of attacks which Windows is subjected to.
I was pretty shocked when this Company made this announcement, especially since that at Blackhat or any other Hacker convention, Windows tends to be the last one standing while OSX and Safari tend to be the first. Another thing is that Windows and this Company's web browser took the longest to hack (a few days if I recall), so why didn't this company use their own web browser to protect themselves.
@n3td3v I think the point is that Microsoft is trying to put across is that they way more experienced in dealing with security problems in Windows. If Apple were to be in Microsoft's shoes then you would see this kind of things happening:
Windows is often the one left standing after many hours or days. Imagine if Google used Mac OS with a vulnerability left unpatched for months, Google will definitely loose out.
@n3td3v your argument is completely stupid.
Look at real life, crime is worse than 10 years ago and unless we get chips in our brains that can control our actions and is made mandatory by governmant and enforced by military there will always be crime.
The same analogy can be said for computers and any OS (including Mac and im guessing will happen to googles android and chrome). Once adoption is high enough then the hackers/crime guys will come.
MS are doing a great job doing what there doing, its the stupid admins and ordinary consumers that dont know how to protect there internet actions that are the problem.
Get a clue n3td3v
The biggest security problem with windows is it's popularity: Using Linux or MacOS might be less secure when someone is attacking them directly (i.e. infiltrate a company's network) but there *are* more known attacks/viruses for windows than there are for Linux and MacOS. IMHO the security of a computer system depends highly on it's configuration and the used software versions. Using an outdated and/or bady configured version of any os is dangerous simply using Linux and MacOS instead of Windows won't do the trick.
This security talk seems a bit fuzzy to me, Brandon. Security is about who can or cannot access my system, and consequently mess it up, abuse it or steal data. Windows still has this basic flaw of giving others too many permissions -- as opposed to *NIX based systems, the likes of UNIX, Linux or BSD, which fundamentally and persistently differentiate between root ('administrator') and users. No root permissions = no executable rights.
How secure web-based email, like GMail, is, is not exactly the same. That's about networking, which is a far more complicated business than having your OS up to scratch. Disc encryption is about security, sure, but on a secondary level. It can cover up, but not compensate for basic flaws as mentioned before. Parental control is hardly about security, I would say. It's a kind of security by obscurity, a filter far away from the layers where security seriously matters. The same for filters in browsers -- any browser, from IE to Firefox or Safari.
Don't get me wrong. I'm totally convinced of Microsoft's No. 1 priority for security, at least since Windows 7 (however definitely not in 9x or even XP times). But the fundamentals haven't changed. I guess -- though I'm not willing to test -- that Windows 7 is reasonably safe, but I don't believe is comes near *NIX on that part. Helping out others on their brand new Windows machines makes me stumble over the same old flaws: executable rights enabled for others, sloppy handling of network connections and firewall, slow response regarding security vulnerabilities etcetera. Automatic Update is a useful feature, but it doesn't help if patches come out months after the damage was revealed. To say that Windows has greatly improved its security is true, but not good enough.
Of course *NIX systems, including the OS X derivative, have security leaks. Of course they can be hacked and compromised. What counts is the secure basics and the speed with which leaks and vulnerabilities are dealt with by the programming community. Sorry, Linux still beats Windows on that. These things -- security and stability, as well as configurability and transparency -- were the main reason for German and French governments to migrate most of their servers to Linux, almost a decade ago now. Last year the German foreign office even migrated all of their workstations world-wide to Linux/FOSS (FOSS because of saving costs too).
To mention one hacker (well, he was, a dozen years ago) to underpin Windows' security is not really convincing. Linux is written by a community of whom no few actually are hackers. Trying to hack someone else's code is kind of sport. Security flaws will be found pretty fast that way -- and immediately dealt with. So, when will Microsoft dare to change its fundamentals, both in system architecture and in community structure?
There a few (in my opinion valid) reasons why one would feel more secure using an Apple Mac then Windows.
Apple's Mac OS X is an solid UNIX, based on NextStep and BSD. From the start BSD has been an multi-user OS expecting an hostile environment (college students) and has been refined over 40 years, mostly in open source. Even now the core of Apples Mac OS X can been seen at www.opensource.apple.com
Apple will always have a low install base. Apple is a premium system-builder. Unlike Microsoft Apple does not want to have its products on every desk. Apple loathes the very idea of building a commodity. Apple wants to build unique, insanely great tools for an premium market. Apple's products are and will always be aimed at the high-end of the market, with a lesser version for the top of the middle of the market. Apple will never make something for the average man. This is not a problem for Google. Any system which is rare will be less likely the focus of an attack which in practical terms makes it a more secure system.
Lastly. Unlike Microsoft Apple does not seem to believe in backward compatibility. Most software that runs under Windows 95 still work under Windows 7. Not so on a Mac. Apple believes more in revolution then evolution: Apple introduces new APIs, dumps older APIs, changes software libraries, and even changes the hardware whenever then want. Naturally Apple make these transitions easy for the developers, normal applications written according to the guidelines will often only need to be recompiled to run. Malware however, by its very nature, are not normal applications. Malware can not be written according to the guidelines. Such a quickly changing environment is hostile towards malware (and all older software) which therefor very quickly stops working.
Together these factors seem to make Apple's Mac platform more secure.
The actual problem is that MS focusses completely on its own products and blaming users and other companies for not updating the software. Linux-update updates software of all vendors for years now; why doesn't MS want to have a service which updates Java, Flash, Acrobat, etc? So Windows get insecure, once you use non-MS software.
Bitlocker doesn't make the system more secure against attacks, but secures private data so it does not get in the wrong hands. A good thing, but please don't mix up data-security and OS-security. Same for Parental Control: that's protection against children which most times are not hackers. It is the same as with the iPad: you can do less, so it's secure.
IE8's security is tested by NSS Labs, which has been paid by MS. The article is blasted away in many forums. The truth is that IE is better with this filter, but is not secure in many other fields because of ActiveX. To have the claimed security said in your words: it just isn't true.
ASLR is a great thing though! It has prevented many potential hacks. Bravo! One bummer: Windows is the last in row to have ASLR.
My actual problem with this kind of articles, is that they say the same for about 10 years: "Yes, the previous Windows had problems, but now everything is fixed and better. Trust me.", over and over again. Competitors just show that their products just work instead of telling that it will work. That's the difference between showing off and market a product.
Great Article Brandon. I'm, for one, delighted that the vast majority of users out there could be happy and dependent on a world-class operating system, developed by pros and that puts my security needs first. I would ask all the linux-heads and Mac-bois here to think clearly about what it means to run the world's most OS securely. It's easy to get security by obscurity when no-one wants to attack a platform that not many folks use.
I agree that Microsoft has put a huge effort into defending Windows against the various nasty forces that are at large on the internet like spam-bots, viruses and the like. The only question I continue to ask is why? What makes Windows such a popular platform to attack?
Well first, it's cheap as corn chips and about as stable too. That's why so many folks use it. I suppose a bit like the '70s when cars had four wheels, sort of locks and easy to break components - but cheap. Maybe a bit like kids toys today - very cheap, but highly consumable and made by very questionable ethics (a bit like your Microsoft-branded hardware (keyboards, mice, the like). And probably best described by your retrospective attitude to security which is not explained at all well in your post.
What you are describing are security features that account for an un-stable and in-secure platform. You place the emphasis of being secure on the user and not on the platform itself. this is simply quality control where 'quality' in itself is the smallest triad in the pie. If Windows retailed at twice the price, your business could support and provide a secure OS and profit - it's just the chosen way.
Moving to the Google references, I would love to be in their place where I don't have to buy into the security blanket that you spawn on a regular basis. Yes, there are security updates for other platforms, but not the exploits in such abundance. Google is simply investing inwards and let's face it, dog-fooding is exactly what MSFT does internally, so why should they be any different than you? Any plans to roll out Apache next week in corp?
So this really is a rather immature (if amusing) rant at your sworn enemy and once again (like the Simon Aldous episode) puts you at the centre of ridicule on the blogoshpere. I've bookmarked your blogs under 'amusement' and am enjoying the feeds with my work colleagues (one of them loves you hat...btw).
Continue to miss the point and 'Windows....of course!'
Microsoft is doing a fine job in improving security. Most of the bashers here don't appear to understand security, or licensing agreements, such as some vendors won't allow 3rd party patching. Oh, and since Vista, you don't run as administrators anymore, remember UAC? Anyone who touts security by obscurity is naive at best. You may make some minuscule argument that it could be layer in the defense in depth model, but I've watched many of my fellow security geeks eat crow because they touted the virtues of Solaris, or some magically invulnerable OS. The fact is that it only takes one carless user, or one un-patched vulnerability, to bring down any system. And MS has one of the fastest flaw to fix ratios, and unlike some other companies, they rate how severe the patch is. Buy and use products because you like them, not because of misconceived security notions.
" Unlike Microsoft Apple does not want to have its products on every desk. Apple loathes the very idea of building a commodity. Apple wants to build unique, insanely great tools for an premium market."
Right. Please, step down from that cloud. iPod anyone? Do you think the sea of white earbuds you see around you is because Apple didn't want everyone to buy their products?
Apple is not unlike any other company, they want to sell, and they want to sell a lot.
@aucontraire, First, Windows doesn't support against virusses, that's done by anti-virus software for years now. What do you say? If they had more money then Windows would be more secure? I'm glad you said Windows is cheap, while it's not free. And they fail, because they're cheap... ok, you made me thinking. ¶ @darthling, I completely agree with you that MS is doing a *fine* job. They don't do a *good* job. UAC has been marked the most annoying feature of Vista, so it's not an improvement since it is turned off by many. And actually it is super-user-access in Linux/Unix, but then implemented the wrong way. It is correct that they evaluate security risks, just like *most* companies, but don't claim they are faster than the majority; they just aren't. And as you don't know who you're talking to, don't claim I just don't understand! I bet you can't explain why MS doesn't provide update-services for products from i.e. Adobe ¶ MS is 3 years behind on OSX and has hold back internet with their IE6. Those are just facts which are only protested to with "But MS brought product X meanwhile". MS was lagging behind with security too and while there is improvement, they still have a lot to do. Now every version of Windows resembles more of the formal model for operating systems (used by Unix, BSD and Linux for decades), you make me smile.
@TheMarketeer - so you're suggesting that we open up Windows Update/Microsoft Update to third parties so we can help our partners making Windows software also keep people safe and secure - correct?
@naz Sure, the iPod is populair. But the last time I checked in the shop each iPod is still the most expensive option in each of their respective markets. Apple makes the most expensive mp3 player with flash ram, the most expensive player with HDD and for the Ipod touch there is just no alternative. Like I said: "Apple wants to build unique, insanely great tools for an premium market." Sometimes, when the whole market is able and willing to pay Apple's premium this can turn out to be a great succes for Apple -- this is however rather the unusual.
@Brandon. Really opening up is not necessary, just providing a centralised service. Windows-update can be used by certified partners such as Adobe, Samsung and McAfee, and Microsoft can check and certify the updates before issuing them. Then Windows users get rid of all those updaters in the taskbar which keep nagging, and Microsoft can test the update on their test-environment with latest patches. Inexperienced users won't search the internet for that latest driver any more.
All I know is that this... g-laurent.blogspot.com/.../windows-vista7-smb20-negotiate-protocol.html
...was the most fun I've had at work in a LOOOONG time. The "Vista guys" at work stopped talking trash about my iMac after that. I bet that's quite an interesting side to be on...knowing that your co-worker's Mac that you've trashed for months is the machine responsible for trashing your PC.
Vulnerabilities like this should never exist. Even worse, Microsoft IGNORED the dude. He was being responsible by reporting the vulnerability and they blew him off. I don't blame him for posting exploit code.
If you read Marc Maiffret's interview in detail, he says that MS has a great process, in theory, but that it doesn't always work out that great in practice.
On a side point, netdev is an obsessive/schizophrenic from the full-disclosure list; it's a waste of time attempting to be rational with him.
If I was a Mac user and I thought that Safari had too many vulnerabilities and therefore a threat, I could simply uninstall it. With Windows, I cannot do the same thing with IE. If you have Windows, then you have IE and the hackers know this. IE has quite a large attack surface with technologies such as VB Script, ActiveX etc, and I don't know of any plugins available for IE so that users that can block ads and use script blocking technology .
I'm curious, what was that InfoWorld article supposed to demonstrate? It talks about a piece of spyware that comes bundled with some applications that the user would download himself, and which then prompts the user for his administrator password. How does that kind of malware demonstrate ANY kind of security or lack there of, for any desktop OS? The only way to prevent something like this is to either 1) run an antivirus package that can identify this specific spyware app, 2) simply not allow the user to run anything as administrator, or 3) upgrade all users brains. Neither of which is either Mac OS X or Windows related.
As a vehicle to somehow claim that Mac OS X is insecure (regardless of whether it actually is or not), it's pretty laughable.
Does Windows have MAC (mandatory access control)? It can protect against 0 day security problems. Linux has SELinux, AppArmor, and TOMOYO Linux. I know Windows 7 has mandatory integrity controls, but that is far less secure. RedHat Linux ships with SELinux enabled by default.
Does Windows have tcp-wrappers?
I fear that Windows is the least secure OS, not the most secure OS.
I realize that as a corporate blog, Microsoft has to put it's best face forward, but claiming to do a better job than everyone else at security is a bit hard to swallow. I'd bet almost every spam I get comes from a Windows box somewhere in a botnet. Yes, biggest surface area, granted, but really that claim is a bit grandiose. Google ANNOUNCING that they're ditching Windows was a cheap PR stunt, and MS needn't have responded to that childishness. However I hardly blame Google for making the change. In this age of web/cloud apps, actually getting to choose your operating system is something we get to do now, since binary compatibility with local apps is less of an issue. If I was a CIO, I'd be likely ditching desktop OS licensing too in favor of FOSS, where feasible. And realistically, security would certainly not suffer for it.
There are a lot of good comments here but one ongoing theme is completely wrong. That theme is security through obscurity.
Security through obscurity is just a fancy way of saying not secure at all. You shouldn't consider Linux or OS X more secure because they are a minority Operating System (OS).
What's important is Linux is secured through science (much of OS X as well). The source code is available for public scrutiny. The same hackers that find a security hole are empowered to fix it.
If you want to make wild clams that Linux is more insecure than Windows show me the lines of code that are broken and I'll find a developer that is willing to fix them.
The problem with Microsoft's security clams is just that, their Microsoft's security clams. Posts like this come across to me as "Windows is secure. You can trust us we are Microsoft."
Mean while I see News articles like this one
which scares the daylights out of me. This says to me there are security problems Microsoft isn't telling anyone about and they are not fixing right away.
At the end of the day Windows is still one big black box. Only Microsoft can truly review Windows for security problems because only Microsoft can see the source code. If Windows is so secure Microsoft should put their money where their mouth is and release the source for Windows so that the public can review it.
Now about the Google Announcement if you can call it that.
All I have seen so far is an article with a handful of inside employees saying that Google is phasing out Microsoft Windows with those employees stating their own speculations as to why this is happening.
Personally I think security is a poor excuse to phase out Windows. A properly secured network should be able to house any OS securely.
There are however some good reason why Google might phase out Windows. One of those reasons could be to better support the minority platforms they claim to care about.
For example if Google can force their house full of developers to stop using Windows as their primary platform those developers are likely to start improving features in Linux or OS X where they might be lacking.
Google is a smart company. I'm sure if the claims of them phasing out Windows is true they have more reasons for doing so than just security.
I'm having trouble understanding the reasoning behind this post – we who read this post already know that the Windows team has made some great strides in terms of securing Windows. Defending your own product by pointing out flaws in a competitor's products seems petty and serves only to weaken your own point.
I seriously doubt people who may be swayed by this line of reasoning (non-techies) will ever read it.
You guys are doing an admirable job – don't let the media decide when you should/shouldn't defend your work :-)
I have read through all the posts. Can anybody give some real facts why Windows is still insecure?
Security is primarily what the user does. But the basic security which Windows provides is cool – in my opinion. So my question is: Mark Russinovich has nice chapters about security in his "Windows Internals" book. Are the facts not true? MS Research does very nice research on improving dev cycles and ways to improve software security (and it seems that this stuff is successfully applied to Windows products). Are they doing wrong?
Please some facts (and not opinions from blogs) – I want to learn :-)
@damike, Since the article only quotes partners and other articles on this blog, we can stick to the opinions. Here are my two cents... First there is the security-issues of third party software. MS has now made their own software more secure, but step two is taking third parties serious and not blaming them. Second there is the cannot-find-driver-problem; MS needs to provide all drivers through one channel so the user won't need to go to obscure sites. Third Windows needs to stop trying to sell their products on how much people can afford but on other factors. That way different types of people can be helped with their security-issues the best way. Give the technical user extensive scanning-tools and the internet-office-mail-noob less rights. The user is not to blame in most circumstances - like Windows XP user were not to blame because it did not have UAC. Fourth MS needs to get rid of older software aggressively, or must keep supporting it. Like IE6, Office '97 and Windows ME/2000. That's the garbage you get when the goal is to have Windows on every desktop, and it's Microsoft's reponsibily. --- it is not about "facts", since most times they are not true. For example a white paper about Windows Server + Intel hardware replacing 4 year old Sun-hardware with Solaris As you know the rule of Moore, it is more than logical that recent hardware is faster, but the conclusion was: "Windows+Intel is faster than Sun+Solaris. A fact." ("Bing" the whitepaper and others; be surprised about the nonsense-facts scattered around). --- It is all about what still has to be done, because software is *never* finished. Also innovation is driven by needs, not by these "It is the most secure platform" claims. It's good you want to learn.
Yes - 3rd party software is a big weakness of Windows. And I agree with you that it’s MS responsibility to take care of 3rd party stuff (provide them a way to apply patches simple). I wonder why I can’t add other repositories to windows update sources :-( [It’s possible in all modern OS – I’m not an expert – but I think in Windows it isn’t as simple as in *NIX OS – but ok – MS has done so much cool stuff – they would find a solution if they want]. It’s just nasty – Adobe updates pop up daily, Firefox wants to update twice a hour, Java updates are also nasty – what’s happening? People disable updates. (between: I’m not sure if WSUS is able to update 3rd party by now?). From my apple time i know Mac OS X provides 3rd party updates too. Hmm. The driver problem is – as far my experience is – gone. Since Windows 7 is out there, I haven’t seen a machine, which wasn’t able to get all drivers from the update service. And if people trust non signed drivers – that’s like load “hack_my_system.ko" in BSD. Agree with the XP-UAC problem – that will be a very-long-problem (I know lots of environments running high privileged XP machines – even in critical environments). But thanks – I like (most) of your perspectives :-)
But back to the roots – I can’t understand X claims “Windows is insecure” – the problem scope is different …
@damike "From my apple time i know Mac OS X provides 3rd party updates too." Sorry, but Apple does absolutely not provide an interface for 3rd party updates (Adobe, Microsoft, etc.) through its built-in "Software Update..." system. The only thing remotely resembling that are drivers that come bundled with OS X.
I still hear some driver-search-problems with 7, but I agree MS already did a good job so far.
If you say "Windows" in 2010, you talk about Windows XP, XP-SP1, XP-SP2, XP-SP3, Vista, Vista SP1, Vista SP2 or 7. See marketshare.hitslink.com/operating-system-market-share.aspx for the enourmous market share of XP. The response I hear too often is "Windows XP SP2 and earlier are not supported anymore. It's the user's fault they don't upgrade", while car-manufacturers get sued for the same action. Windows 7 has the same problem as Linux: it is safer, better and easier to work with, but nobody wants to switch from what they know. Same with older versions of IE. Most people don't want to have the latest and greatest, but something that just works: "If it ain't broken, don't fix it". So I'm not saying Windows 7 is insecure (I'd call it "pretty secure, but still work to do - the notes I made"), but I mainly say Windows is insecure because of the large market-share of XP. We can blame Apple and Canonical too, because their future users don't upgrade from XP to OSX or Ubuntu - you get my drift? If we look at it that way the market-share is about 1% for Linux, 5% OSX, 28% Windows Vista/7, 3% others and 63% unsupported. Small problem too is that most users don't want a new computer, but do know SP3 slows down their computer enormously and therefore stick to XP-SP2 with their pretty fast Pentium 4.
I really disagree about all this.
First, the hacker said :
"they do more to secure their software than anyone"
which is very different. This does not mean your security is good, but that you are doing your best to improve it. And you should say "hacker", and not "hackers".
For the second link, there is not much to say. Microsoft appears once, and they don't say much.
If I hear someone saying my name in the street, I won't assume this person think that I am his god. But you are free to do so.
Then, you talk about a spyware that attacks MacOS. How many exist ? 1, 10 ? Comparing to the billions of virus, spyware and others that threaten windows, that is nothing. And certainly not a good argument.
For your list then...
- updates : the 3rd party updates has already been discussed, so I won't repeat. Let's just say that Windows way of managing software is the worst I know.
- Disk encryption... Why not. It exists, and can be usefull, I don't know yours but I suppose it is ok. But I don't think that companies switch from windows because of such functions. Same for the firewall, as it is very rarely used in companies. There are dedicated aplliances for this, or custom systems.
- Parental Control... wait ? I tough this was a serious post ? How can you talk about it speaking of OS security ?
- SmartScreen... OK, I have to admit it seems cool. Not really OS security, but well...
So, no, I won't say that Windows is a good system if we talk about security.
And most of your arguments are not related to OS security.
I tried to read all of the comments to get a gist of what everyone has said already, so I don't hash out anything that someone has said umpteen-times. But, some comments are so...moronic, I guess is the best word, that I couldn't finish reading them. Google stepping away from Microsoft software is fine - do whatever is right for you. However, there is a reason Windows is the #1 OS - and it may not have anything to do with security. But, seriously, we have already started seeing more attacks on Mac OS X, because of widespread adoption. And is Apple so proactive about their security as MS is? Not at all. They're ostriches. *nix people can talk and talk and talk about their security - that is fine, right now. Get a little more market share - like 4-5% of the total market share, and guess what? You'll be amazed at how cunning hackers can be. Are *nix providers as proactive as MS is? Not at all - there are too many distributions, too much community input, too little caring in the general public. However, I think some MS' problem is this: they are so big (not just in market share - I mean in terms of the OS) - they have to support everything - from old programs to new. Apple just kills everything after 2-3 years, and says: you have to move up. MS does the right thing: keeping all your programs running, for years. Heck - what is XP Mode even for if not for this? MS tries to make people move up to more secure products (ahem, IE9 when it comes out), and they are lambasted for it.
@jbrigance. In the server market Linux is the biggest. In the HPC world Linux really dominates. Embedded devices like your wireless router, media-streamer and hard-disc recorder are Linux (with some exceptions). The only market Linux is small, is the desktop-market. Therefore the claim which most Windows-fanatics make, "Linux will be attacked when larger", simply isn't true; it's what we in the non-MS world call FUD (Bing this word!). ¶ The reason MS has the largest market share in desktops is because MS did a great job in the 90's. If MS still was that good and innovative, I wasn't in this discussion and still used Windows. ¶ All software that's not maintained any more, is not guaranteed to work in the latest version of Windows, OSX or Linux - as Gideon pointed out this is a very good thing security-wise. So if you say your 10 year old software still works under Windows 7, then you just put a security hole in your system.
@themarketeer exactly right. 10 year old software shouldn't be run, but it is. And *nix is big - in very tiny circles (the examples you listed are big in their own right, but really tiny in the scheme of things). Now, about the FUD thing: I didn't have to Bing it (well, I did 2 years ago), but it is not FUD that when *nix gets bigger, it will be attacked. It's true - anything that gets a big enough following in the technology world, gets hacked. Sadly, it's just the way it is. So, yes, Linux has a great system set up to try to guard against bad things happening, but that doesn't mean it won't be overrun. I just don't think any system's failproof - even Windows. But, I do think in relation to how large Windows has gotten, the malware/virus/ignorant (not necessarily stupid) users are not as bad as they could be. And thank Goodness for Microsoft's Security initiative back in 2002/3 because, otherwise, we wouldn't be having this conversation.
I don't think security has anything to do with it. After all, if it were, Google should have dropped NT ages ago. I think it's because Windows' heyday is over and the world is moving on. People have been fooled by Microsoft long enough, consumers don't believe Redmond's lies anymore and are fed up with being cheated time and again by Microsoft.
In this post: "even hackers admit we’re doing a better job making our products more secure than anyone else"
In the article quoted as a source : "But they are definitely doing more than anybody else in the industry, I would say."
Doing more work != doing better
There is a HUGE difference, i would say, mostly when it comes to Microsoft (and ever-patching products that are based on years-old issues, which does take some extra time by itself)
I have to use Windows for work, but I use Linux for myself.
This is an old article, but it brings up some important points
Number of vulnerabilities is less important as how critical they are. In the past, MS has had many more critical security vulnerabilities than Linux (and I presume OS X). I'm sure it is likely to have improved, but it pales in comparison to *NIX systems.
With security in mind, these are the principles to consider:
1) Damage potential
How badly can it hurt the system - can it just take out the users files, or the whole filesystem (advantage *NIX)
2) Exploitation potential
How difficult would it be to exploit the security flaw? Can any boob do it, or does it require an upper-tier hacker (one that wouldn't waste time on my computer, anyway, they are after bigger fish). Not all hackers are created equal.
3) Exposure potential
Can they do it through the net, or do they have to be physically at the computer (the latter as more often the case on a *NIX system).
Security vulnerabilities in Linux tend to be low-tier modest potential. The one's I'm updating for Windows always seem to be "critical" by their measures. Also, by other parties, the "criticallity" is more problematic for Windows than *NIX systems.
The sad thing is, no OS is as secure as we like and Windows has gotten better, but it is nowhere near the security of a multi-user-OS-from-the-beginning system.
Also, most of the net is on Apache *NIX servers. That is a hugely exploitable base, so don't use that as an excuse why *NIX isn't hacked against as much. The biggest fish are large corps with a net presence a lot of which are behind Apache servers, yet little success against them because of *NIX security.
Let's just all agree that Microsoft is the most evil and stupid corporation to ever grace this planet. That Steve Jobs just might be a God, and that Apple makes no mistakes, only accidental features do to their superior intellect. As for Linux, what’s there to say? It’s so secure and user friendly that the average Joe can almost get it to do what he wants it to do. I mean, who doesn’t love the command prompt? If only Microsoft could make something magical and without flaws like those guys…You know, something thats secure and not very affordable. Oh, and release their code to multiple vendors so they can make multiple versions of Windows where no two flavors are exaclty alike. Customers will flock then!
@darthling : A prompt under Linux !! Haha ! Looks like you know what you're talking about ! Dude, don't you know there is a HUGE amount of Linux based system ? I've been using Ubuntu for some years : I NEVER opened the prompt. NEVER. I've been using Archlinux : I opened it every day. Just because it's easier running Ubuntu not to use the prompt, and it's easier running Archlinux to use it.
Besides, I would add that a system without any graphical interface is definitely more secure. And definitely easier to administrate (I mean when it's your job, not when you're a regular user. Although I used to run MS-Dos, by the time I was 3 years old, and I enjoyed it a lot).
Now back to the main topic : it's right to say Windows Seven is a huge step forward in security. It's wrong to say that it is the most secure system ever. And it's not bad : security is not Microsoft's priority, it never was and it doesn't has to be. Security always sacrifice usability. Right now some Linux distributions are becoming easier to use than Windows : some already are. Microsoft should focus on that. Unfortunately they'll probably not make it so... most of the genius developers are working for Google, or Apple, or at least not for Microsoft... knowing that all Microsoft has been doing for the past few years was getting Windows to the level of other OS in security or efficiency... I don't believe Microsoft will keep being the biggest OS provider in the world for long.
<a href=www.acuvue-contact-lenses.co.cc/>Acuvue contact lenses</a>