Results 1 to 9 of 9

Thread: Microsoft and Renewable Income

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171

    Microsoft and Renewable Income

    If you were to create the perfect unexploitable operating system then you would, in effect, be putting yourself out of business...having eliminated any reason for repeat or justified business.

    Now...I'm not suggesting that Microsoft could create a perfect operating system...what I'm suggesting is that they don't even try to...exploits like the one below not only justify their existence but give cause to spend the money to upgrade thus creating the good business practice of repeat income.
    Microsoft late Wednesday warned Windows users that proof-of-concept code was in circulation that could be remotely and anonymously exploited on Windows 2000 machines. Windows XP SP1 is somewhat less vulnerable, said Microsoft. The security advisory gave out few details of the vulnerability, only saying that it was a flaw in the RPC (Remote Procedure Call) component, and could result in a denial-of-service attack that would crash affected computers. "On Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability," Microsoft said in the advisory. Windows 2000, however, can be attacked remotely. That aged operating system has been victimized by several vulnerabilities which have singled it out for attack since mid-year, including August's Zotob campaign. Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1 are immune to attack. As far as Microsoft knows, there have been no attacks of the exploit, but the whole matter is under investigation. It may release a security update to fix the flaw in the future, the company said, though like always it wouldn't commit to doing so.
    http://www.hackinthebox.org/modules....icle&sid=18525
    Microsoft Warns Of New Windows 2000 Exploit :: Hack In The Box :: Keeping Knowledge Free

    By creating an unexploitable system you in effect kill any security-related reason to upgrade...you may still be prompted to upgrade for better/newer software upgrades, etc...but the main focus to upgrade would no longer be viable.

    This all begs the question : does Microsoft purposely. in veiw of it's own future, create exploitable systems, or even, as the authors of, create the exploits themselves, to justify itself, and ensure upgrades and renewable income?

    Eg

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    No, I don't think so. MS have admitted that their development model and methodologies are flawed. Basically they are using 8 bit techniques in a 32/64 bit World.

    Requirements and technology are developing, so operating systems are being developed to meet these expectations.

    This is not the GMC/Ford syndrome of a new model every year...................multiprocessors, 64Bit, PCIe etc. etc...............................I have mentioned before that at the moment I think hardware development has outstripped software, and the software guys are playing catch up.

    Incidentally, I make a big distinction between upgrade and patch or fix. You upgrade for additional functionality, not security? sort of makes sense in a way, as the new OS is likely to be just as weak and flawed as the one it replaces, they will just be different ones

  3. #3
    I don't think they build OS to be flawed on purpose. But I do think they spen 80% of time, money, and effort on other aspects of there OS rather than security. I also think that no matter how secure MS makes an OS somebody will brake it..
    why?

  4. #4
    Senior Member Cope57's Avatar
    Join Date
    Nov 2003
    Posts
    195
    It has been over 10 years of them perfecting the Windows Operating System.
    Bill Gates being the richest man in the world should be able to create the best OS in the world.
    You would think they would have the hang of it by now?
    Computers do not have problems, they have users.
    ~Cope57

  5. #5
    Banned
    Join Date
    May 2003
    Posts
    1,004
    People don't pay for security fixes, but they will changes systems without them.

    People do pay for functionality increases.

    An insecure OS costs them money and a secure one loses them none.

    cheers,

    catch

  6. #6
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    RPC is one of my biggest problems with Windows. It HAS to be running for the most part. It's stupid because RPC has been a problem with things like this since I can remember using Windows and knowing something else existed yet they make it a default service you need for Windows to function, and it's insecure as hell as this pretty much points out.

    when I do an OS installation I turn that off if I even install it to begin with. NFS is the only thing I know of in my LAN that needs it and I don't use that either.

    They need to redesign Windows to not need RPC.

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    Originally posted here by gore
    RPC is one of my biggest problems with Windows. It HAS to be running for the most part. It's stupid because RPC has been a problem with things like this since I can remember using Windows and knowing something else existed yet they make it a default service you need for Windows to function, and it's insecure as hell as this pretty much points out.

    when I do an OS installation I turn that off if I even install it to begin with. NFS is the only thing I know of in my LAN that needs it and I don't use that either.

    They need to redesign Windows to not need RPC.
    Absolutely agry with that one.

    So, when I lend my job at Microsoft I'll get them to change their strategies
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  8. #8
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    You won't need/want to upgrade your OS if you have good security? What kind of crack are you smoking?
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Juridian old chap, you were possibly a little too brief :

    You won't need/want to upgrade your OS if you have good security? What kind of crack are you smoking?
    It isn't a question of "security" per se, more one of "functionality" (which might include security?)

    Now, I run quite a few systems with no security at all.................old operating systems, games machines, "laboratory rats"..............unless someone invades my premises there is no risk involved.

    However, if I have a machine that I use "for real" I would probably put greater emphasis on functionality than security, and weigh cost above both?

    I really have to agree with catch on this one:

    People don't pay for security fixes, but they will change systems without them................People do pay for functionality increases.
    OK, I am aware that there are exceptions, but that fits at least 90% of the real World in my experience.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •