This
Is my surprised face:
French security researcher firm Vupen claim to have already developed a reliable windows 8 exploit, just days after the launch of latest edition of Microsoft's flagship operating system. The sometimes controversial firm, which sells the exploits it develops to Western government agencies and deliberately avoids sharing …
I provided bugs to Microsoft, I sent them a Windows disc and said it was chocked full of them.
The problem that MS has, there are too many variants of Windows with different feature sets. Dump 32-bit, make one 64-bit version and call it a day. You don't need a "home", a "business" or an "ultimate" version either. Make one and call it a day. Development is less, QA, patching, etc is all all less resource intensive. Also they need to quit re-coding everything between major releases. Look at UNIX, BSD, Linus, etc. they don't re-do every package for every major release. If it is not broken, don't fix it. Microsoft tries to fix what they haven't broken.... yet.
The big problem is that MS lost track of their OS a while ago. Through the process you described there is no person in the whole wide world who can untangle it. So they are stuck with that mess and have no option but to just shoulder on. It'll get worse as they go along and try to take out aero and win32. That will give them a bucket full of regress bugs us endusers can beta test for them. After you paid the full price for the OS ofcourse.
the subtle thing would be to turn up at a government office, demonstrate the trick and say "how can I be of assistance?" .... Anonymous Coward Posted Thursday 1st November 2012 18:07 GMT
Or.... do something simiilar to what dodgy, intellectually bankrupt governments do whenever they have to buy their own toxic gilts with magic QE funds because foreign markets don't want anything to do with failed policies .... set up a plausibly deniable clandestine and covert network with MIcrosoft to attack its own vulnerabilities, and make fortunes for the company in the process, to provide future security facilities to ensure vulnerabilities are not found and exploited remotely by rogue independent and rennaissant renegade parties