Scientists discover security vulnerability that allows them to bypass all of Windows' security syste
44 replies, posted
[QUOTE=TheCreeper;47135371]At least im not using one of those freetard operating systems. I will take Windows over that crap any day despite this security bug. Security through obscurity is just a another layer of security for software and not just anyone can see all those bugs in the source code otherwise Windows really would be a dangerous platform to be using.[/QUOTE]
Bitch did you just call Linux a freetard OS
[QUOTE=GoDong-DK;47139743]Microsoft has to test patches fairly extensively, though, and they need to give businesses time to do the same. I don't know how you'd fix this kind of stuff, but if the exploit isn't easily uncovered and held under wraps for 90 days, why risk breaking thousands of users' installations?[/QUOTE]
Would you rather risk breaking a user's installation or leave them vulerable to attackers?
[editline]14th February 2015[/editline]
[QUOTE=subenji99;47137460]Closed source does require a level of trust, but don't forget that this level of exploit can still happen with Open Source software; as the Shellshock exploit proved.[/QUOTE]
My point isn't so much that buggy code is harder to add, but that purposely buggy code is harder to add. The kinds of people who work on opensource projects are people who feel a great loyalty to their users and their project. I'd trust them over Windows developers to keep me safe.
[QUOTE=Van-man;47135202]Security through obscurity should always be last resort.[/QUOTE]
That's the first line of defense for the US nuclear arsenal, the launch software is on 7" floppy disks and fed into 50 year old electronics. There's not even enough room to put a virus on there even assuming you can somehow switch one of the top secret disks for a replacement
[QUOTE=GoDong-DK;47139743]Microsoft has to test patches fairly extensively, though, and they need to give businesses time to do the same.[/QUOTE]
Did I stutter? I said [B][I]3 months.[/I][/B]
Microsoft rolls updates out once a month on a minimum, on the second Tuesday of each month.
That means they jerked off for a minimum of 2 months, doing absolutely nothing.
[QUOTE=GoDong-DK;47139743]I don't know how you'd fix this kind of stuff, but if the exploit isn't easily uncovered and held under wraps for 90 days, why risk breaking thousands of users' installations?[/QUOTE]
It's not held under wraps, [I]someone found it.[/I]
If someone found it, in the security ecosystem, that means you also have to assume others have found it.
3 months is a particularly generous timeframe, most responsible disclosures are 2 months max. And Microsoft dared to bitch about it being released after they hadn't done shit after 3 months.
Maximum incompetence. That behavior is so bad, you have to start assuming they're not actually that stupid, and that they're somehow being forced to act like that.
[QUOTE=Sableye;47140633]That's the first line of defense for the US nuclear arsenal, the launch software is on 7" floppy disks and fed into 50 year old electronics. There's not even enough room to put a virus on there even assuming you can somehow switch one of the top secret disks for a replacement[/QUOTE]
I remember seeing that video you're referring to, and I think it's safe to say that missile silo was borderline obsolete. Though if they all do run DOS, their security is probably through not being connected to the internet.
[QUOTE=Sableye;47140633]That's the first line of defense for the US nuclear arsenal, the launch software is on 7" floppy disks and fed into 50 year old electronics. There's not even enough room to put a virus on there even assuming you can somehow switch one of the top secret disks for a replacement[/QUOTE]
Security through obscurity was never their intention.
They stuck with what they knew of and had spent a god chunk of time developing.
So it's more of a "if it ain't broke, don't fix it"
Though in the 21st century that's beyond obsolete, but then again, firing a nuclear weapon as part of a attack will have a high chance of starting a nuclear Armageddon, so maybe that's for the best.
[QUOTE=nikomo;47140679]Did I stutter? I said [B][I]3 months.[/I][/B]
Microsoft rolls updates out once a month on a minimum, on the second Tuesday of each month.
That means they jerked off for a minimum of 2 months, doing absolutely nothing.[/QUOTE]
Why are you assuming it was a fix that would take only one month? The one they knew about for three months before releasing a fix could very well have been in-depth enough that it legitimately took them that long to finish it. Especially seeing as the fix was released right around the time they kept saying it would be released.
[QUOTE=Van-man;47143985]Security through obscurity was never their intention.
They stuck with what they knew of and had spent a god chunk of time developing.
So it's more of a "if it ain't broke, don't fix it"
Though in the 21st century that's beyond obsolete, but then again, firing a nuclear weapon as part of a attack will have a high chance of starting a nuclear Armageddon, so maybe that's for the best.[/QUOTE]
To be fair security through obscurity is a thing, and should be used, but that usually doesn't pertain to just one layer like an OS.
[QUOTE=Levelog;47144185]To be fair security through obscurity is a thing, and should be used, but that usually doesn't pertain to just one layer like an OS.[/QUOTE]
It works better with embedded appliances and hardware.
For example with firewalls for secure computer networks where it isn't uncommon to use two firewalls from two vastly different manufacturers in order to establish the DMZ and the secure zone.
A full blown OS where this is the security measure is begging for trouble, since it can give a false sense of security.
Oh, that explains the updates I got especially this week.
Guess this is one of those reasons why I don't disable Windows Update.
Maybe if they didnt skip Windows 9 this issue wouldnt have come up
[editline]15th February 2015[/editline]
[QUOTE=Map in a box;47136718]Remember that good ol gdi exploit that ran pre-98 to win 8.1[/QUOTE]
Remember being able to login to a computer without password by simply pressing cancel
Son of a bitch, this was the update that shut my computer down while I was in the middle of watching the ending to Mass Effect 3. Computer was quiet about alerting me about the auto-restart and just turned all my shit off and rebooted after 10 minutes.
[QUOTE=TheCreeper;47135371]At least im not using one of those freetard operating systems. I will take Windows over that crap any day despite this security bug. Security through obscurity is just a another layer of security for software and not just anyone can see all those bugs in the source code otherwise Windows really would be a dangerous platform to be using.[/QUOTE]
This isn't security trough obscurity. What you're thinking off is security trough obfuscation.
nix based desktop and OSx have security trough obscurity.
[QUOTE=Alice3173;47144168]Why are you assuming it was a fix that would take only one month? The one they knew about for three months before releasing a fix could very well have been in-depth enough that it legitimately took them that long to finish it. Especially seeing as the fix was released right around the time they kept saying it would be released.[/QUOTE]
I'm not talking about one individual problem here, I'm talking about systematic incompetence.
They've been fucking up with fixing stuff for a long time now.
The one in the OP was handled according to rules, the one I'm talking about was not, and neither were many others.
Complex systems always have small flaws which bring down years of development work.
Sorry, you need to Log In to post a reply to this thread.