back to article Microsoft picks over Google's Windows exit strategy

Microsoft responded to yesterday’s report that Google was internally ditching the company’s operating system in favour of Linux, Mac OS X Chrome OS by telling anyone that would listen that the Mountain View Chocolate Factory wasn’t exactly immune to occasional security gaffes. Redmond blogger Brandon LeBlanc felt obliged to, …

COMMENTS

This topic is closed for new posts.

Page:

  1. petur
    FAIL

    What a joke...

    Does anybody dare to connect a fully patched windows install to the internet, without it running

    1) a firewall

    2) antivirus

    3) antispyware

    ?

    Nope, because it would be owned within 15 minutes.

    When I switched to linux last year I was happy not to install any of the above...

    That' s irony, M$!

    1. Matthew Anderson

      15 mins...

      You would be so lucky. It was about 30 seconds last time I tried that nonsense. Considering there are only so many IP ranges you may possibly be on and there are hundreds of thousands of pwned units scanning the "known ranges" on a constant basis, 15 minutes would be an over exaggeration :-/

    2. Dr. Mouse
      WTF?

      Sorry...

      ...but that's just retarded.

      I am a Linux man myself, but no system is invulnerable. It is insane not to use the firewall system provided to secure your PC. There are security vulnerabilities discovered regularly for all pieces of software, including FOSS.

      I admit that their are few Linux virii in the wild, but they do exist. Also, you could potentially forward on an email containing an infected attachment to one of your mates unknowingly. When a free AV (such as Clam) could scan your email, and use very few resources doing so, I don't see why you would not do it. In adition, Linux virii will likely become more commonplace as it gains more of a following, so as time goes on your chances of infection will increase (and they are not zero right now).

      Anti-spyware, I'll grant you, is not as big a deal. But the others... I must point out the huge FAIL in your decision.

      Don't get me wrong, I agree with the argument that Linux is "more secure"* than Windows, but only providing you use the security facilities available.

      * "more secure" in quotes because it isn't the right phrase to use, but ICBA, it'll do, take it with a pinch of salt

      1. Anonymous Coward
        Anonymous Coward

        Re: Sorry...

        > I admit that their are few Linux virii in the wild, but they do exist

        Really? Got a link to information on one?

        1. Dr. Mouse

          Not in the wild...

          but I had a friend 10-15yrs ago who wrote one. It did no damage, was never released into the wild and was just a bit of fun for him, but it existed.

          I have also heard stories of them. I could be wrong, but as there is no technical reason they could not exist, I beleive they do.

          I know for a fact that at least one exists, if not in the wild, hence my comment is almost correct. The rest of my argument, I believe, would still be valid even if no Linux virii exist.

          1. Ben Tasker
            FAIL

            F*CK SAKE

            I hate to be pedantic here, but I don't think virii means quite what you think it does.

            Virii roughly translates to Man

            The plural of Virus, belive it or not is Viruses

            Sorry, but it's a bug bear

            1. bbuchholtz

              Virii is correct plural form

              Umm... Actually, "virii" *is* the correct plural form of "virus". Back in the DOS days, this was the common spelling. Just like "radii" is the plural form of "radius".

              1. Steven Knox
                Stop

                No.

                See http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us#Virus

              2. Ben Tasker
                FAIL

                Erm.... No

                You're correct about Radius, but not Virus.

                Wikipedia probably isnt the best reference to use, but I'm short of time

                http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us

                You'll aslo find the same in an epsiode of QI, various forums and notice a distinct lack of the term virii on etymology sites!

              3. David Simpson 1
                Grenade

                Fail!

                Mass noun in Latin

                Virus comes to English from Latin. The Latin word vīrus (the ī indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek ἰός (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".[2]

                Since vīrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as air, rice, and helpfulness in English — pluralize only under special circumstances, hence the non-existence of plural forms in the texts.[3]

                It is unclear how a plural might have been formed under Latin grammar if the word had acquired a meaning requiring a plural form. In Latin vīrus is generally regarded as a neuter of the second declension, but neuter second declension nouns ending in -us (rather than -um) are so rare that there are no recorded plurals. Neuter nouns of other declensions always end in -a (in the nominative, accusative and vocative), but even if we were to apply this rule to vīrus, it would be conjecture to guess whether this should give us vīra, vīrua, or something else. There simply is no known plural for this word in Classical Latin.

                In Neo-Latin, a plural form is necessary, in order to express the modern concept of ‘viruses’. Dictionaries such as Whitaker's Words therefore treat it as a second-declension noun with the following fairly ordinary forms:

                singular plural

                nominative vīrus vīra

                vocative vīrus/vīre vīra

                accusative vīrus vīra

                genitive vīrī vīrōrum

                dative vīrō vīrīs

                ablative vīrō vīrīs

            2. Poor Coco
              Thumb Up

              If 'virii'=='man':

              Then we have exactly described the problem.

          2. AndrueC Silver badge
            Thumb Up

            I'll see your Linux virus and I'll raise you..

            ..a CP/M virus.

            Yup. Written by me (no payload just the infection bit) for CP/M 3 on the Amstrad CPC range of computers. Not sure about the exact date but presumably late 1980s.

            Since most machines only had 3" floppy drives and most people rebooted when they wanted to switch applications it probably never would have been much of a threat to world civilisation :)

            Tbh most of what I remember is the sheer hell of trapping BDOS calls then the excitement of updating allocation information to patch in my code changes. Ah - the happy carefree days of student life :D

        2. Anonymous Coward
          Anonymous Coward

          RST.B

          http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99

          RST.B to name but one ? Ive disinfected quite a few machine when I worked for a large colo.

          Its manly spread by skrit kiddies who dont know they are using infected binaries.

          1. TimeMaster T
            Linux

            Virus/Trojan

            If it requires the user to run a binary its a Trojan, not a virus.

            The weakness of Windows over the years is it could be compromised from outside with no user action.

            Linux and FOSS may have privilege or remote code execution fails but all the ones I've heard of require a local user with an account on the system to run some dodgy binary or click a link to a malicious site that uses a script or Flash to mess with your system.

            No OS/App is perfect, just some are way closer than others.

        3. NumptyScrub

          Linux viruses in the wild

          http://en.wikipedia.org/wiki/Linux_malware

          There is more than one linux / posix virus out there, I'd recommend ditching the attitude that *any* operating system is immune to viruses because they all have at least one. The more popular linux distros get, the more viruses will be written for them, too ;)

          1. Anonymous Coward
            Anonymous Coward

            Re: Linux viruses in the wild and RST.B

            Malware is not the same as a virus. The thing about a virus is that it has a way of spreading itself, normally via email.

            To the best of my knowledge no Linux email system will allow automatic execution of received code, so viruses can't spread themselves. I don't think there are any Linux email clients which will just blindly execute received code even if someone clicks on it. It doesn't matter how popular the OS gets, if viruses can't spread, there are no viruses. Built in security via good design is a tricky concept for a lot of people to understand...

            RST.B is a proof of concept of how to infect an ELF executable. It has no way of spreading itself so is harmless unless someone is daft enough to run it. If I send someone "sudo rm -rf /" and the recipient is daft enough to make it executable then execute it there's not much hope, but it's hardly a security issue to pin on the OS.

            1. Anonymous Coward
              Anonymous Coward

              Re: Linux viruses in the wild and RST.B

              seriously I can keep pulling them out ???

              http://www.sophos.com/security/analyses/viruses-and-spyware/linuxslappera.html

              There have been in the past and there is nothing to stop them in the future. Bruteforce viruses exist for ssh etc. As a security expert said if you unplug your machine from every wire encase it in concrete and dump it in the middle of the Atlantic then it might just might be secure.

              1. Chemist

                Re : Linux viruses in the wild and RST.B →

                Best of luck with the brute force ssh attempts !

      2. Goat Jam
        Linux

        Hmmmm

        "It is insane not to use the firewall system provided to secure your PC"

        Here is a quick question for you. How many ports does a desktop oriented linux distro have open and listening for connections in a default install?

        If the answer is less than 1 then there is no urgent need to run a firewall at all.

        Don't assume that becauseWindows *desktops* listen on an insane number of ports by default that Linux ones do to.

    3. Annihilator
      Stop

      re: petur

      Yes, I do. Granted it sits behind a NAT, but what's your point? How many Windows PCs are actually directly connected to the internet these days anyway?

      Had you not said FULLY PATCHED, I'd give you some credit. Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to.

      1. Matthew Anderson

        @ Annihilator

        Windows firewall is easy enough to bypass so i really would not be putting any trust in their level of security. Granted it renders you immune to most "in the wild" worms that are circulating but if you have anything worth protecting on your PC then a slightly more robust firewall is in order.

        1. JohnG

          @Matthew Anderson

          "Windows firewall is easy enough to bypass...."

          How? Asking the user to switch it off and ignore the ensuing messages in red doesn't count.

      2. Anonymous Coward
        Stop

        RE: re: petur

        "Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to."

        Windows.

        I wouldn't trust any security package from MS. If their other software is anything to go by, their firewall is probably about as hard to get through as a wet paper bag.

        "How many Windows PCs are actually directly connected to the internet these days anyway?"

        Err, lots. Granny gets the little box from BT and plugs one end into the wall and the computer into the other end...

        1. Dr. Mouse

          OK, my appologies

          I am not infullable*, I made an assumption about the plural of virus.

          If it's not virii, then it's a common mistake to make. I'll look into it.

          * you may notice the Red Dwarf reference... then again you may not. :)

          1. Ben Tasker
            Happy

            Indeed

            I did notice the Dwarf reference, and believe it or not it shed some light on a dark day! So my thanks to you :-D

        2. Rob
          Headmaster

          Pedantic

          Granny isn't technically directly connected to the net then, the box from BT will have NAT on it which isn't the best defence but it's still a 'layer', although wide spread use of IPv6 will make NAT pretty useless in terms of defence.

      3. umop apisdn
        Linux

        re: invincible Windows

        http://seclists.org/fulldisclosure/2010/Jun/243

        (note the date!)

        Any questions?

        Yup, that's an XP exploit, but I wouldn't doubt even one second that Mafia$oft's security practices regarding Windows 7 aren't fundamentally better, since it's the _behaviour_ and the security _process_ not so much the _system implementation_ that counts.

    4. Anonymous Coward
      Jobs Halo

      I dare

      I have done so for over 10 years without being penetrated. I don't use software firewalls on computers, or anti-virus or any anti-spyware. Never had any need for them. But then I know how to spot a risk and either avoid it or sandbox it if it cannot be avoided.

      Software firewalls and anti-malware tools are for folks who need that extra comfort blanket.

      1. John 104
        Thumb Down

        Gosh

        You're so awesome. I think I'll apply your principals to my production systems. After all, you apparently have it all figured out.

        Layered security is the proven method of securing ANY machine/network. So why poo poo a software firewall if it is part of a wider security platform? Oh, thats right, because you know it all....

    5. Nightkiller

      Yep, You're right

      Evidently Google doesn't do it either.

    6. dave 46
      Pint

      Fully patched windows?

      Well apart from the difficulty in fully patching windows before you expose it to the internet - yeah sure.

      If it's fully patched up I would (and have) popped it on the DMZ with the firewall off - I wouldn't advise anyone do it full time (like I wouldn't advise a linux user to run as root with all services running as root and no firewall) but if you want to test something for a few hours, it's fine.

    7. Anonymous Coward
      Anonymous Coward

      @petur

      FYI, Windows 7 and Vista come with an integral firewall (enabled by default) and an anti-malware package (Defender). Strangely, Microsoft Security Essentials is not included but is available by download for free. Results from VirusTotal suggest the MSE is quicker to recognise new threats than several popular AV programs.

      It is unwise to run any system connected to the Internet without a local firewall, regardless of the O/S concerned. Whilst many people may feel safe because their broadband routers have integral firewalls, few people check the logs regularly or have logs forwarded to their system. My previous router, like many popular broadband routers, was running a version of Busybox with such a firewall but fell victim to an exploit in which someone gained access and then altered the router's firewall policy and routing....

    8. Anonymous Coward
      FAIL

      ... on you...

      Post your IP address, and put your money where your mouth / arse is...

  2. Naich
    Linux

    This is a title

    Petur - you are best off having some sort of firewall, even with Linux. It's easy to forget services you have running. Just being behind a NAT box is better than nothing, but if your PC is connected directly to the interwebs, it's safest to use a firewall - https://help.ubuntu.com/10.04/keeping-safe/C/firewall.html

    2 and 3 are right though.

  3. Anonymous Coward
    Pint

    Errrm...

    “Windows is known for being vulnerable to attacks by hackers and more susceptible to computer viruses than other operating system” could not be supported by the facts.

    I think you will find that it does, if nothing more than sheer market saturation making it a worthwhile target.

    Don't get me wrong, nothing wrong with Windows fine desktop O/S. However just like the shitty little padlocks you get with your new suitcase, you wouldn't use them as is, you'd get something a little stronger to make sure, like cable ties and decent locks. Same with Windows, everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package.

    1. Daniel Harris 1

      Not everybody

      I don't ever leave a shop via the security stand. I think the free alternatives are mostly better than a lot of the stuff you need to pay for.

      Or atleast cheaper, and use less resources. Just my experience as in the UK the only AV etc shops seem to sell is Norton, and in PC world the main price they show for a machine includes Norton, with the "stand alone" price in smaller text below.

      Guess buying it in store makes it easier for somebody with little computer knowledge like somebodies Nan or something.

      1. SilverWave
        Happy

        Use MS Security Essentials - does the job.

        There saved £30.

    2. Anonymous Coward
      Stop

      RE: Errrm...

      "Don't get me wrong, nothing wrong with Windows fine desktop O/S. However ... everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package."

      So, you've pinpointed something that's wrong with Windows almost immediately - "Security".

      Do you want me to tell you a few other things? (The most obvious one is that when you want to "stop" the system you first have to click on "start". A usability analysts nightmare!)

      1. AndrueC Silver badge
        Thumb Down

        $TITLE

        Huh? You think Linux is easy to shutdown?

        If you were Windows a user wanting to shutdown your box I could tell you over the phone with no hesitation. I'd also suggest that while clicking 'start' to stop is a bit odd everyone knows that everything is on that menu anyway.

        If you are a Linux user I have to ask you twenty questions first before I could work out how to do it.

  4. Martin Owens

    In Linux...

    petur: You didn't need to install them because

    1) Built into the linux kernel (if the distro sets it up right)

    2) Don't open ports, don't allow random code to act as services running as root

    3) Have a nice secure SELinux config setup.

    Assume you've got your security in line and you may even be able to reflect a targeted attack. Of course the confusion over targeted vs blanket continues to spread, everything is simply 'security', not running random crap on untrusted devices/websites is a good way to be blanket secure and is probably where Microsoft still falls down.

  5. Anonymous Coward
    Anonymous Coward

    can't agree

    I tried to cancel my Xbox live subscription recently - and the veins are still pulsating on my forehead. Much as MS piss me off, I have to point out that it's not Windows' inferiority as a product that causes it to be universally targeted by hackers. It's the fact it's so ubiquitous. What hacker is going to waste his time causing grief for users of Black Hat Arse Edition v1.45458372 with its user base of seven? You'll have noticed a couple of stories about Mac-focused attacks in the tech news recently. This will be down to Apple's recent success drawing attention to the platform. The reality is that Windows is titanium armour plated compared to less popular OSs.

    Jeez I feel dirty now. I'm off to shit in my xbox. I'll show you a ring of death, you bastard.

    1. Adam Salisbury
      Grenade

      Finally

      Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity). How about all the linux folk who've posted here telling us that you don't need added protection for your uber-OS come and post again once ChromeOS has been released and started gaining traction?

      As a linux varint (IIRC?) it's only a matter of time before the hordes fleeing to Google from MS, and subsequently all Linux users, find themselves the objects of affection of a new generation of black hats coding not for Windoze but for OSX ChromeOS and Linux.

      1. Mostor Astrakan

        Bollocks.

        "Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity)."

        What a load of old rubbish. The security risk to any operating system is *inversely* proportional to the amount of Clue applied to the subject by those who make it. You're assuming that every programmer is as stupid as the MS ones.

        There's a few people at MS who know what they're doing.

        If there were a LOT of people at MS who knew what they're doing then Windows wouldn't top the pwned charts quite so reliably.

      2. Random_Walk
        Thumb Down

        Really?

        "...coding not for Windoze but for OSX ChromeOS and Linux."

        So, which distro? Which patch level(s)? Which browser?

        Some of it can be guessed at (esp. in OSX), but stop and think about this for a moment... popping a *nix box isn't as simple, nor is it as straightforward.

        As for the marketshare claptrap, will someone kindly explain why MacOS 9,8,7, etc had a rather decent pile of viruses floating about for them, but OSX blackhats are forced to rely on trojans and extremely stupid users to get their wares installed?

        ( g'wan, say the same for Windows, but read this first: http://news.cnet.com/8301-27080_3-20006478-245.html )

        As for this bit:

        "the security risk to ANY OS is directly proportional to market share (ubiquity). "

        If that were true, then 5-10% of all malware out right now should be OSX-related... instead the number is (roughly) 0.001% (give or take a decimal place).

        --

        Now - all that said... the truth lies somewhere in-between. Yes there are market-share factors, but anyone who claims it to be the end-all be-all is a fool. Likewise for anyone who claims that any OS is infallible.

      3. Fred Flintstone Gold badge

        Umm, no. Not true.

        "The security risk to ANY OS is directly proportional to market share (ubiquity)"

        I think you forgot to add ".. and system design". The reason MS has such a massive problem is that the OS wasn't built from the ground up for process and user separation, they only started working on that since about Win NT 4. The "others" share the Unix heritage of default user and process segregation, so don't have to start from scratch.

        Sure, other OS can suffer malware - no OS will ever fix a room temperature user IQ - but it's much harder to hose the box by accident, even if it's fresh out of the box*. I'm writing this from a Windows desktop, left is the new Macbook Pro, on my right is a laptop with OpenSuSE and virtual box to run suspect Windows files, so I'm fairly familiar with most platforms..

        (*) Amusing fact: just bought a Macbook, and guess what was the first thing it did? Patching -- and asking for a reboot..

      4. Peter 39
        WTF?

        codswallop

        So market share is the only factor?

        You think that OS architecture and careful implementation have nothing to do with it, then? Cosdwallop! All OS's are NOT created equal. Some are better than others. Most are better than WIndows.

        Of course some of the black hats will target Linux and Mac OS X. And there will certainly be some issues. But nothing like the disaster that MS has left us with - millions of zombies worldwide.

    2. Anonymous Coward
      Coffee/keyboard

      @radiet

      "The reality is that Windows is titanium armour plated compared to less popular OSs."

      You forgot to select the "Joke Alert" icon there mate.

      Have you read El Reg before? About once per week (sometimes more) there is an article about how Windows systems are now able to be compromised in a new and exciting way. Hardly "titanium armour plated".

  6. Anonymous Coward
    Thumb Up

    "That type of self-defeating behaviour..."

    Then why does Google leave a choice for mac OS X? Isn't that defeat?

    Chrome OS is for netbooks. I would be seriously amazed if it could be used to compile code or do anything else than access Google's online products. It's a kind of Andriod on steroids.

    Google wants to be independent of any technology from another company. One can see that, because all the technology Google uses, is open source. Using mac OS X, that uses open standards to connect to the outside world, or Linux which offers complete control, Google's IT infrastructure becomes 100% vendor independent.

    Their desktop client was the last piece of vendor lock-in they had. Removing that makes a lot of business sense. because it drives down costs. And also generates more knowledge about open source. Which can then be used to offer more advertisements (<-Google's core business remember?).

    So the whole security thing is a smoke screen. Some of it is true of course, all of Microsoft products are insecure by design, but it's mostly a nice phun towards Microsoft. An easy score.

    1. Daleos

      Chrome < Android

      >"Chrome OS is for netbooks".

      It's a thin client OS. It's perfect for a huge business. It just sits there and lets big servers do all the work. You don't store apps on it and you don't leave data on it.

      > "It's a kind of Andriod on steroids"

      No it's not. It's more like an anorexic Android stripped to it's bra and knickers.

      1. Robert E A Harvey
        Thumb Up

        Mmmm

        Bra and knickers. Mmmm

Page:

This topic is closed for new posts.

Other stories you might like