Results 1 to 7 of 7

Thread: Microsoft? Security? Oxymoron???

  1. #1
    Join Date
    Apr 2005

    Microsoft? Security? Oxymoron???

    Security experts unconcerned by Microsoft’s entry into the computer security market
    Security experts were quick to play down the impact of Microsoft’s newest foray into the antispyware and antivirus market. Although they acknowledged that Microsoft had the ability to grow and develop quickly, they also mentioned that Microsoft needs years to establish itself in this competitive market.
    Is it realistic to believe that MS will become a force in the securities world??

    Theres no doubt that they have the funds and the clout to bully their way to the top, but could they ever actually earn their way there?

    Personally I don't trust MicroSoft enough to use any of their future security software (at the time of writing this, anyway) and it seems that at the initial stages of their coup into the security world many would consider them 'Mickey Mouse' in the security field.

    Just my thoughts, Sorry to Big Bill if he happens to be a member

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    I will quote a Slashdot post which basically gives my opinion:
    Yes, I find Microsoft security comes in handy whenever I forget the punchline to a joke.

    Knock knock.
    Who's there?
    Uhhh... Microsoft Security!

    See? It's automatically funny, no matter what the context.

    I'm not saying it's entirely MS's fault. Granted, they hold a huge percentage of the market share, so thus they would be the most targetted. However, a think a good deal of it is their fault because they make they OS easy to use and conveinient and does not prompt the user to make it more secure in any way. (i.e. it doesn't prompt for an admin password on XP Home.) I also feel that their code is just poorly written in places too, so it's a conbination of these three factors.

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    Join Date
    Apr 2005

    Point in hand Xierox ...

    They (Microsoft) invented their own authentication protocol, their own hash functions, and their own key-generation algorithm. Every one of these items was badly flawed. they used a known encryption algorithm, but they used it in such a way as to negate its security. They made implementation mistakes that weakened the system even further. But since they did all this work internally, no one knew that their PPTP was weak.
    Schneier, 1998 <----- as in Bruce

    I have come to trust most of what Schneier has to say over the years, and to be honest - I never knew that MS was mucking about with stand-alone encryption. Obviously they didn't make it that far (unless I missed something).

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002

    Is that a personal comment.. or was your quote from another site?
    If it is form another site, COULD YOU BE SO POLITE AS TO GIVE US A LINK.. this is to give credit to the originator and so WE can read the whole artical in case you have just quoted something completly our of context..

    Oxymoron: Microsoft Works
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Senior Member
    Join Date
    Oct 2002

    Jesus christ, when will people ever get it into their heads that horses don't win races?

    It makes no difference which operating system I run when I consider how vulnerable I am. There are two main factors: how often I update any software which may become vulnerable, and how many services I have with a public profile.

    When considering how vulnerable an operating system is in general, consider the technical expertise of the user base. I can say with ceartainty that the average technical expertise of Windows users is far below that of any other operating system. We cannot blame Microsoft for the ignorance of its users. They can lock down thier system out of the box like a snare drum, but Joe User can still be duped into installing a trojan which opens a mailserver for spammers. They cannot account for all future vulnerabilities and virus attacks.

    Furthermore, anyone with malicious intent when writing a virus designed to target machines at large is sure to target Windows systems, simply due to the sheer number of them. A virus targeted at any other OS would simply not recieve the same exposure. A Windows virus affects everyone with a computer (nearly), and therefore makes the evening news. A Linux (or Solaris, VMS, AS/400, or any other OS) virus means something to IT, but nobody else notices since the hundreds of millions of home PC's remain unaffected.

    They could make Windows more secure by disabling file sharing, all but a few well known ports, and installing a strong firewall. But this would break much of the functionality that users want. They could require a password to log on by default, but this is not what users want. They exist to make money, and to do this, they design products according to the end user's demands. When they actually do take steps to make their system more secure, everybody cries foul. Case in point -- disabling raw sockets with SP2 to prevent compromised hosts from being used as portscan proxies.

    My server requires an update of some kind on nearly a weekly basis, just to keep up with security updates. Ceartainly no less than if it were a Windows box. In either case, however, if I were to ignore these updates, I would quickly become a target. The operating system I choose is irrelevant.

    Horses don't win races - jockeys do.
    Software doesn't secure computers - users do.

    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  6. #6
    Join Date
    Apr 2005
    Und3rtak3r -

    No that is not my personal quote - sorry I should have put the "Schneier, 1998 <----- as in Bruce"
    in the 'Quote' statement.

    That is from Bruce Schneier - almost an icon in the securities world.
    Its not from a website either, its from a book entitled "Internet security, what Hackers dont want you to know" and its on page 245.

    I would never put anything in a quote statement that was my own.

    Iwill try to use some keywords from the quote to find the article on the net (if it exists) and get back to you on this - a bit enibriated now (been drinking tequila) so check back here in a day or 2.

    OH!!! and by the way - I wrote it verbatim, exactly like it was quoted in the book.

    I will try and find out more ................

    same bat site, same bat forum

    OH and BTW, und3rtak3r, you may call me 'memy' - haha
    They can steal all my property and belongings, curtail all my rights and privileges, incarcerate me, beat me and even kill me. They then, will only have my dead body, NOT my obedience.

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    ****... 7 yearold information..

    Bruce Schneier seems to be a very good spin doctor...or a great media whore.. seems an impossable person.. 20 pages of google links (so far) and all are either His self Proclimations or media iterations of his self proclimations.. Strkes me more as Honest John the the used car salesman..

    That said: I dont trust ppl who sprog their talents, skills and knowledge.. all I read is:
    an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
    He has a skill of putting complex concepts into simpltons english... but like media/show biz critics..he is a critic..

    and memyshukis you can call me Und3rtak3r..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts