back to article Security? We've heard of it: How Microsoft plans to better defend Windows

The sound of cyber security professionals spraying their screens with coffee could be heard this week as Microsoft claimed, "security is our top priority," as it talked up its Secure Future Initiative (SFI) once again and explained how Windows could be secured. In a post that did not mention the word "CrowdStrike" and instead …

  1. Mentat74
    Linux

    "Hotpatch ®"...

    Sounds familiar... I think there was this other operating system that already implemented that years ago.... If I could only remember the name...

    1. TReko Silver badge

      Re: "Hotpatch ®"...

      There used to be a Syantec product called GoBack, that could rewind your system to a certain point in time.

      MS copied it and used to let you to boot up to previous restore points, a "last known good" scenario.

      I guess neither of these is still around? I tend not to use Windows much anymore.

      1. steviebuk Silver badge

        Re: "Hotpatch ®"...

        Last known good still around. Used it recently when fixing someones PC and it actually worked.

    2. collinsl Silver badge

      Re: "Hotpatch ®"...

      Live patching hallelujah (whoo)

      Live patching hallelujah (whoo)

      Live patching hallelujah (whoo)

      ‘Cause Uptime Funk gon’ give it to ya

      ‘Cause Uptime Funk gon’ give it to ya

      ‘Cause Uptime Funk gon’ give it to ya

      Saturday night and servers alright

      Don’t reboot it just patch (come on)

      Don’t reboot it just patch

      Don’t reboot it just patch

      Don’t reboot it just patch

      Don’t reboot it just patch

      Don’t reboot it just patch

      Hey, hey, hey, oh

      From SUSE's Uptime Funk

  2. Paul Herber Silver badge

    Hotpatch Desiato: spending a year dead for tax reasons until someone comes along and presses the reset switch.

  3. Eclectic Man Silver badge
    Unhappy

    "security is our top priority,"

    Where have I heard that one before?*

    I do wonder how many 'top priorities' there are, and how swiftly they get replaced by the one next in line. Time was when having an empowered workforce was a 'top priority', oh, and 'safety is our top priority' is another one I recall from a while ago. Then, of course 'Customers are our top priority' usually comes around after a data breach.

    It would be really nice if some company actually admitted that there are lots of essential things they should be doing, like: security, safety, honesty, anti-bullying, anti-sexual harassment, anti-bribery, equality, (add to the list as you wish), and that they all matter. But I'll not be holding my breath.

    *Rhetorical question, no answer required.

    1. sarusa Silver badge
      Devil

      Re: "security is our top priority,"

      The extra spit-take thing about this is that their crazy-ass AI push REQUIRES security to be tossed out the window, bathwater, baby, the entire damn tub. 'Empowered workforce' is just an eyerolling 'uh huh', but MS going 'security is our top priority' is the guy who rents machine guns to Florida Man saying 'gun safety is our top priority'.

    2. OhForF' Silver badge
      Facepalm

      Re: "security is our top priority,"

      If security is a top priority and SFI is more than a marketing gag i'd have expected some design documents for public review before 34k engineers start on the implementation.

      Oh, i forgot Micros~1 is the industry leader and knows security by obscurity is best practice. /s

    3. Homo.Sapien.Floridanus

      Re: "security is our top priority,"

      Implementing alternatives is my top priority.

    4. StewartWhite
      Thumb Up

      Re: "security is our top priority,"

      In a previous job I was asked to do 10 x projects by a given department within a year and told them that it would only be possible to do three of them in that timeframe given resources available and other constraints.

      I asked them to prioritise them from 1 to 10 with 10 being the highest priority. List comes back with them all marked as 10. I return the list with them all marked as 1. "You can't do that, they're all equally high priority" was the blustery response. My retort was, if they're all of an equal "priority" then 1 is as meaningful as 10. I asked for them to try again, they refused and I arbitrarily decided to do the three that made most sense to me.

      1. John Robson Silver badge

        Re: "security is our top priority,"

        I've done similar to managers before, only incompetent ones though.

        Good managers... they'll get you started on one and then go and figure out a) if that was a good one to start on and b) what the next item will be.

        1. Eclectic Man Silver badge

          Re: "security is our top priority,"

          The real test of any manager is how they react to being told by an underling that they are wrong about something important. (Note: it can often be beneficial to your personal health and career prospects if the first person to find out is someone else.)*

          I have had managers who were really not very, sympathetic, to being informed of their mistakes. Strangely, the ones I could trust rarely needed telling.**

          *Not very friendly, but practical. Of course, being a kind manager may not be compatible with experimenting on your co-workers.

          **Hmm maybe there is an actual correlation here, someone could do a Business Studies Ph.D. on not being a complete gobsh*te of a manager and correlating that with productivity.

          1. ColinPa Silver badge

            A manager who thinks they know more than they do.

            I had a manager who used to be in Tech sales, and used to go to customers for work engagements on Windows. I said we had a problem on the mainframe and described it in one sentence. He said "tell me more, as I have a technical background" so I did. He was lost on the second sentence, as he didn't know about the mainframe hardware environment. He thought I was being deliberately obtuse, so later he asked my colleague, who gave an even more complex response. From then on I was doomed because I had shown him how little he actually knew, and he never asked me again.

            My next boss was great. She trusted us to get on with things, and would ask for a 1 sentence description of a problem so she could tell her boss about if needed. I would pop my head round her door and say "You need to know there is a problem at customer xxxx. We are working on it, I'll give you an update before your meeting with your boss". She said this was great - if her boss asked her she could say "we know about it - we are working on it"

        2. jdiebdhidbsusbvwbsidnsoskebid Silver badge

          Re: "security is our top priority,"

          A good manager would prioritise the list themselves before giving it to you to give back.

          Years ago, my employer went through a big priority refresh, asking all our "customers" to list their priorities. Some did it properly. Others, realising their priorities would be set against others, just returned their wish list with everything set to top priority.

          1. John Robson Silver badge

            Re: "security is our top priority,"

            "just returned their wish list with everything set to top priority."

            And therefore had them all reduced to bottom priority on the combined sheet?

    5. druck Silver badge

      Re: "security is our top priority,"

      I do wonder how many 'top priorities' there are, and how swiftly they get replaced by the one next in line.

      This is Microsoft whose slogan a few years ago was "Mobile first, cloud first".

      Showing they are as unaware of the meaning of the word 'first' as they are of the word 'security'.

    6. nijam Silver badge

      Re: "security is our top priority,"

      > I do wonder how many 'top priorities' there are, and how swiftly they get replaced by the one next in line

      There can be only one (as somebody once said). It lasts only until the end of that PR presentation.

  4. Alien Doctor 1.1

    FFS

    If only they could've realised this and done something about it 30+ years ago. The MS attitude towards security and users would've killed off other businesses decades ago, now, and for many years, we've all been treated as idiots and well and truly tucked over.

    1. ecofeco Silver badge
      Childcatcher

      Re: FFS

      To be fair, the customers acted like idiots, so... self pwned?

  5. PCScreenOnly

    Stop apps in %appdata%

    Would be a good starting point

    1. Stuart Castle

      Re: Stop apps in %appdata%

      I'm certain I read somewhere int he MS Developer documentation years back that you weren't suppose to put any apps in %appdata%, yet it is allowed, and several MS apps do it by default. I suppose the advantage of doing it this way is that the user can install their own apps without needed admin rights, but how many apps truly need installing? Things like config files and registry entries CAN be created by the apps themselves on first run. Make the app portable, that way the user can run it from whereever they want, and can create any icons they want.

  6. Anonymous Coward
    Anonymous Coward

    Microsoft in July: We're promising that security is our top priority.

    Microsoft in November: We've kept our promise, we've released Recall!

  7. ecarlseen

    One wonders how many new security holes will be created by these hastily designed, implemented, and deployed features.

    1. UnknownUnknown Silver badge

      A whole new world of pain.

  8. herberts ghost

    Has Microsoft fired its marketting department

    You are unlikely to see better security without blood in marketing isles.

    1. drand

      Re: Has Microsoft fired its marketting department

      Marketing isles is a great idea! Preferably somewhere volcanic, with deadly wildlife, and surrounded by sharks.

  9. Locomotion69 Bronze badge
    Facepalm

    Wow

    34000 fulltime engineers to correct eachothers failures. Impressive.

  10. jj_0
    Linux

    Wouldn't it be easier to rewrite everything in Rust?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like