Good thing he didn't double-dog dare
Posted February 12, 2007
By The Macalope
Because then this would be really embarrassing.
Cringely on Gates famous challenge to break Windows every month:
According to US-CERT, some 812 Windows vulnerabilities were discovered in 2005 alone — an average of one per month … for 67 years.
The Macalope, his antlers dripping with sarcasm, is sure that won’t happen to Vista (trolls can read a more detailed version of the Macalope’s opinion on Vista security here).
And, speaking of trolls, some of the Macalope’s friends who happen to be trolls may find this amusing (tip o’ the dripping antlers to Wil Wheaton).
Comments
Leave a Comment
This won’t happen to Vista.
Why? Because one of the things Microsoft has done much better this time is add many security features specifically to make it harder for hackers. Vista users now have a system that is ‘secure by design’ to a greater degree than Mac OSX. Of course that design was implemented by Microsoft and Vista is now the biggest target around so something is bound to happen, just … not the same thing that happened to XP.
And if Microsoft has managed to improve security by 67 times (!) then they might get close to Gate’s boast. I wouldn’t go that far but I do expect Vista to be significantly better.
Wil Wheaton? THE Wil Wheaton?
The one and only, yes.
No, no, the other one.
No, not the other one. It actually was the one and only one.
I think that the biggest publicly announced security hack was something that was done first on a PC then done as a proof of concept on a Mac using everything third party.
Microsoft’s software is the biggest ssecurity threat on an Apple computer, either in the form of Office for Mac or the potential disaster of installing the dreaded XP or Vista on an Intel Mac.
Daniel “This won’t happen to Vista.”
Didn’t they say that about XP, comparing it to the security of earlier Windows versions?
“Secure by design” is only as good as: 1) the design, 2) the implementation, 3) the way people use it. If users end up turning off the security features, then it doesn’t matter one bit that it’s secure by design. The human element is the hardest to control for.
“Vista users now have a system that is ’secure by design’ to a greater degree than Mac OSX.”
I am pretty clueless when it comes to Vista. Can you explain that further? Provide citations?
Vista is certainly more secure than XP, but the important question is whether it is secure *enough*.
Personally, I find XP to be reasonably secure when using Firefox, so I would imagine that Vista + Sandboxed IE7 is probably good enough for most people. Other stuff, like moving some drivers to user-space, and not running as an admin in the default install, probably help too. There will be vulnerabilities, and there will be exploits, but hopefully they’ll be minor and easily-patched. I am an eternal optimist.
That said, saying stuff like “Vista users now have a system that is ’secure by design’ to a greater degree than Mac OSX.” is idiotic.
812 Windows vulnerabilities, huh? Including these?
Apple Darwin Streaming Server Denial of Service
Apple iTunes Arbitrary Code Execution
Apple QuickTime for Windows Denial of Service Vulnerability
Apple ‘quicktime.qts’ Error in Parsing ‘qtif’ Images Remote Denial of Service
US-CERT’s list is bogus, since it includes many non-Microsoft products that simply RUN on Windows. If you apply this logic, then you have to accept that every MOAB finding was an OS X vulnerability.
This looks interesting:
Hacker, Microsoft duke it out over Vista design flaw (ZDnet Zero Day blog)
http://blogs.zdnet.com/security/?p=29
“This won’t happen to Vista”
I have seen some people arguing this, the basis of their argument being UAC and Random Memory Management to make buffer overflow attacks more difficult or impossible.
However, it seems to me that the sheer size and complexity of Windows is now working against it. They may have patched some of the previous holes, but that does not mean that new holes won’t be found.
Let’s discuss this a year from now.
@HUXLEY–
From that article it looks like all some hacker has to do is program an installer for his attack and trick someone into installing it. 🙂