Sign in with
Sign up | Sign in
Your question
Closed

Hack Expert Says Windows 7 is Hard to Hack

Last response: in News comments
Share
March 2, 2010 5:56:38 PM

I thought macs never got virus...
Score
26
March 2, 2010 6:05:45 PM

mrmoo500I thought macs never got virus...

No no, Macs never get any problems at all ever. Any issue is the users fault, or the fault of a 3rd party software developer. Nothing Apple makes ever has problems.
Score
26
Related resources
March 2, 2010 6:14:14 PM

The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.
Score
23
March 2, 2010 6:16:12 PM

We will soon see the reason why Steve Jobs wears the black shirt. He is half ninja. I am sure this guy will be dead for saying Windows 7 was harder to hack.

Ninja Steve.
Score
5
March 2, 2010 6:16:29 PM

skit75The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.

But in all the commercials they tell me they don't!!!
Score
6
March 2, 2010 6:19:26 PM

What is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!
Score
-14
March 2, 2010 6:20:32 PM

...other than not default install the offending application.
Score
0
March 2, 2010 6:29:03 PM

Seriously, Flash sucks. It is like IE; take the market leading position and sit on it. Go HTML5! I rather use Silverlight than Flash.
Score
9
Anonymous
a b $ Windows 7
March 2, 2010 6:33:14 PM

Viruses are a non-issue from a security standpoint. No one should EVER get a virus, especially not in a business. If you get hit with a virus or worm, you should line up your IT staff and fire pink slips at them, then hire people who actually know how to properly build & manage IT systems.

If security isn't an issue for Macs, then why is there a 50,000 strong mac botnet?

Proper security is an issue for every platform. Security isn't a product, it's a process.
Score
7
March 2, 2010 6:34:49 PM

officeguyWhat is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!

Well, of course, there is the whole monetary reason to get information as a pretty big point (even if it is illegal). But, one of the really good reasons to hack and have these hacking conferences is they expose the weaknesses in the OS or browser and allow the manufacturers a chance to fix them.

That said, I'm not surprised flash is a major troublemaker. The only problem I've had in the last 4 years was a result of a flash advert installing a Trojan (and it wasn't even a porn site!). NoScript and ABP are just great.
Score
5
March 2, 2010 6:34:52 PM

AbrahmNo no, Macs never get any problems at all ever. Any issue is the users fault, or the fault of a 3rd party software developer. Nothing Apple makes ever has problems.

lol. Sorry, I just had to laugh out loud. Good one.
Score
11
March 2, 2010 6:35:02 PM

i really don't know about the guy...opera has always been rated one of the top, if not the top, when it comes to security. but yet he mentions IE8 and chrome?
Score
-3
March 2, 2010 6:40:51 PM

Well Flash is pretty much a standard add-on and if you use OpenOffice so is Java. I guess it's a balance between features and security. Typewriters can't be hacked (well maybe with a sword or something) but we still use computers and most of us use Windows.
Score
6
March 2, 2010 6:44:10 PM

Just wait 'til all the HTML5 security issues crop up. Web interactivity is gonna kill us all.
Score
1
March 2, 2010 7:20:10 PM

"He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7"

Didn't think I'd ever hear that IE8 was one of the safest browsers to use.
Score
5
March 2, 2010 7:22:25 PM

What I don't get is the headline. In the article it says older versions of Windows were harder to hack because they didn't come pre-installed with Flash or Java. Why does the headline say Windows 7 is hard to hack? It's supposed to make it EASIER according to the article. Weird.
Score
0
March 2, 2010 7:22:26 PM

I wish he would have mentioned something about Firefox using Flashblock.
Score
4
March 2, 2010 7:29:25 PM

killerclickWell Flash is pretty much a standard add-on and if you use OpenOffice so is Java. I guess it's a balance between features and security. Typewriters can't be hacked (well maybe with a sword or something) but we still use computers and most of us use Windows.


Thats it I need to try and hack a typewriter... anyone happen to know where one still exists outside a museum?
Score
4
March 2, 2010 7:37:54 PM

Well Chrome use encapsulation and IE 8 do "some" kind of encapsulation.
From my own experience I think Chrome is safer but it take a lot of memory.
HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??
Score
-1
March 2, 2010 7:43:55 PM

Yes, IE8 has been proven again and again to be the most secure browser by far. It's hands down the most secure from what I'm read. You only hear about it more because of the domination of market share. Few people use Chrome, Opera, safari and even FF has low usage in comparison. IE is a larger target in other words.
Score
2
March 2, 2010 8:10:56 PM

I think he's no longer a hacking expert...

(although, maybe Windows finally is secure...LOLSUP)
Score
-5
a b $ Windows 7
March 2, 2010 8:14:18 PM

officeguyWhat is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!

Hmm.... howmany hackers (crackers) have actually been caught?

On the other hand, considering how many 360s are modded for playing pirated games I would not be surprised if some one finds an exploit for it soon.
Score
1
March 2, 2010 8:22:32 PM

Eventually with time exploits will be found, but kudos to MS for making a more secure OS. As for Apple i hope jobs thanks the GNU Unix guys they take all their technology from:) 
Score
2
March 2, 2010 8:33:11 PM

ebattleonEventually with time exploits will be found, but kudos to MS for making a more secure OS. As for Apple i hope jobs thanks the GNU Unix guys they take all their technology from

apple is bsd, not unix, it is a of branch of unix, don't compare unix, linux and osx, the former two are way more secure then osx.
Score
2
March 2, 2010 8:36:38 PM

" But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer."

What was he on? What is the point of running a browser without Flash? Until HTML5 becomes a usable standard Flash is a must. A piece of advice Charlie Miller, use any car you want but never put any gas in it.
Score
1
March 2, 2010 8:42:01 PM

PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.
Score
-1
Anonymous
a b $ Windows 7
March 2, 2010 9:05:01 PM

How pathetic

Winwows is not secure.. no root priv needed to run any virus to pawn that system.
Score
-6
March 2, 2010 9:26:38 PM

This is probably not quite on topic, but win server 2008 r2 doesn't have any activation protection lol, plus the way it installs and tries to intermingle all the roles - it's just asking to be assaulted. If anyone's ever used it firsthand they'd see how jumbled everything gets. That miller guy is a noob - all consoles have been hacked. If the guy that did the ps3 wanted windows 7 hacked, i'm sure he would do it before this miller dufus could. and "hard" is a relative term. Hard for him, but not hard once you find the answer. It's just like debugging - you're busy ripping your hair out for a good couple of hours before someone looks over your shoulder and goes, why don't you insert a debug statement here? Ah, there it is.
Score
0
Anonymous
March 2, 2010 9:58:51 PM

Mac's are not good targets because except for the US Mac's account for only a very small percentage of computer user's worldwide. Living in the US you get a false sense of how popular Mac's are. PC's are obviously the target and will be for as long as reasonable predictions can be. Linux is only safe because it has even fewer user's. Why target a group under 5% of user's when Windows has 92%???
Score
4
March 2, 2010 10:14:30 PM

unless these hackers are working for the companies and letting them know of vulnerablities wihout making the exploits known to malicious hackers, these guys should be in jail
Score
-7
March 2, 2010 10:21:52 PM

what can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...
Score
0
March 2, 2010 10:42:18 PM

But...but... Flash is used almost everywhere! D=
Score
1
March 2, 2010 11:36:41 PM

maybe hackers will start making an effort on Macs to shut up all those Mac fanatics and their pseudo security
Score
1
March 2, 2010 11:57:35 PM

dogofwarsWell Chrome use encapsulation and IE 8 do "some" kind of encapsulation.From my own experience I think Chrome is safer but it take a lot of memory.HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??


My Mother have one in her room.
Score
0
March 3, 2010 2:49:37 AM

tomtompiperPS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.


Does your computer come with some type of magical protection that keeps you from being vulnerable to 0-day exploits? Don't know if you realize this or not but there are and have been viruses and worms that spread with absolutely no user interaction, the computer simply needs to be on, connected to the internet, and running vulnerable software.

And to the people talking about hacking consoles, he's not talking about running pirated games, he's talking about running arbitrary code from a remote location that either steals personal data, turns the console into a bot, or damages it. Much like the code that was intentionally bricking PSP's a few years back.

Score
0
March 3, 2010 3:10:20 AM

skit75The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.

Well, they did call him a "hack" expert right in the headline...
Score
0
March 3, 2010 10:54:06 AM

shawn4242Viruses are a non-issue from a security standpoint. No one should EVER get a virus, especially not in a business. If you get hit with a virus or worm, you should line up your IT staff and fire pink slips at them, then hire people who actually know how to properly build & manage IT systems.If security isn't an issue for Macs, then why is there a 50,000 strong mac botnet?Proper security is an issue for every platform. Security isn't a product, it's a process.


Sorry to burst your bubble but here in the real world users especially IT folks who should know better work their darndest to make it impossible to keep the computers on your network 100% safe. In the end it is all about balancing security and usability while maintaining vigilance. For instance I would love to yank Java, Flash, and Acrobat from all of my systems but you know what I can't too many internal and external systems rely on those pieces of crap. So that means we must rely on Antivirus software guess what... none of them protect you 100% sorry.. I don't care what kind of fancy behavior systems or detection engines they use the virus writers eventualy find a way around them or you encounter applications important to your business that just won't work without poking holes in your antivirus defenses.
Score
2
March 3, 2010 1:58:54 PM

Parsianwhat can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...


maybe not. think about the possibility of using that many consoles (like it or not, in the future, more consoles will need to be Online) as zombies. the processing power of future consoles may be just enough to run the game and a trojan in paralel.
Score
0
March 3, 2010 2:41:42 PM

skit75The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.


Good to know someone is thinking this way. Although the last article clearly stated that the biggest vulnerability in a computer is the nut sitting in the chair.
Score
1
March 3, 2010 4:03:04 PM

The biggest vulnerability in a computer is social networking sites they account for most of the worms, trojans and fake av's out there.

I clean machines for a living most people using facebook or myspace have a fake av vs people who don't surf places like that.

Saying ie8 is more secure than say firefox is also not true if your run an exe from ie8 it will run it if your run it from firefox with adblock plus and noscript it will block it and the link, firefox plugs exploits faster than ie8, firefox+adblock plus+noscript = safest way to surf period.
Score
1
March 3, 2010 5:05:50 PM

Whats wrong with flash? What about flash is "unsecure"?
Score
-1
Anonymous
a b $ Windows 7
March 3, 2010 5:47:58 PM

@ koga73:

Flash has been around a long time and is extremely widespread. This means that it is a prime target for hackers and that they have had ample time to figure out how to circumvent its security.

Since the people making it are not that concerned with security as they could be...
Score
1
March 3, 2010 7:15:07 PM

Parsianwhat can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...


you've obviously never used a modern console... at least on the xbox 360, there would be a generous helping of credit card info and/or user account info that would allow gold level access or points... these might not be important to you, but they are to a great many...
Score
0
March 3, 2010 10:25:47 PM

wait, Snow Leopard installs Flash by default? But I thought Apple hates flash! That's why they banned it from iPhone/iPads. So do they not care about their customers on SL? But that would mean Apple is being hypocritical, but that's impossible because Apple is never wrong, right?? RIGHT??? *Head explodes*
Score
0
March 4, 2010 7:47:20 AM


TOM'S HARDWARE GUIDE > News > Solutions > Software > Hack Expert Says Windows 7 is Hard to Hack
Hack Expert Says Windows 7 is Hard to Hack
Next news
12:00 PM - March 2, 2010 by Kevin Parrish
X
Send link to this page by email :
Your email address *
Your name *
Recipient address *
Send
* The email addresses collected via this form are not recorded on our servers and are only used for the sending request

* Email |
* Print |
* Comments (44) |
* Share

Windows 7 is harder to hack than Apple's Snow Leopard--mainly due to Flash being installed by default on SL.

Zoom

Security expert Charlie Miller has participated in the Pwn2Own contest over the last two years, and has won both times. Held in the CansecWest Conference in Vancouver, British Columbia, Canada, the contest challenges contestants to find "big bugs" in web browsers, operating systems, and even in mobile devices. With the 2010 conference just around the corner (March 24), oneITsecurity conducted an interview with the champ and asked Miller which was harder to crack: Windows 7 or Snow Leopard?

"Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default)," he said. "Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."

He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7, however he said that there isn't enough difference between the two browsers to "get worked up about." But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer.

The interview also covered exploits on game consoles. As the interviewer points out, the devices are in our living rooms, in our dens and offices, yet there are still few exploits and vulnerabilities discovered. Why aren't security researchers working on finding exploits on these devices? Because there are more PCs, and game consoles don't need to be connected to the Internet.

"I’ve had Wii for a year or so and its never been on the Internet," Miller said. "Its hard to remotely attack the box when you can’t get packets to it :)  Also, computers, and phones to a lesser extent, are designed to be customized, to download and use/render content from the Internet. This is where vulnerabilities exist and exploits are created. Game consoles don’t do this as much so the attack surface is much smaller. The final reason, is it is hard to do research on them. Its not easy to get a debugger running on an Xbox, for example."

To catch the full interview, head here.

Source : Tom's Hardware US
Related news
Patches Released for Critical Security Issues for Microsoft Windows
Trojan attacks via unpatched vulnerability in Word
Windows Vista security flaw uncovered
Hacker: Windows More Secure Than Mac OS X
Hacker uncovers Internet Explorer 7 phishing hole

* Previous
Leading Intel Executive Suffers Stroke
* Next
Windows 7 Tablet Gets CPU Upgrade, More

Topics being discussed on the forums

* i got spammed by bill gates!!!! [Old Man/Woman's Club]
* How to prevent malware from running on your PC [General Networking]
* Why a software firewall? [General Networking]
* Microsoft Phasing Out Win98 !? [Windows 95/98/ME]
* Is the MAC dead? [Audio]

See more topics
Questions? Ask Tom's community!
Talkback
Add your comment
Read the comments on the forums

* First
* Previous
* 2 / 2
* Next
* Last


Gin Fushicho 03/03/2010 1:42 AM
Hide
Insert quote. Report -1+

But...but... Flash is used almost everywhere! D=
TheDuke 03/03/2010 2:36 AM
Hide
Insert quote. Report -1+

maybe hackers will start making an effort on Macs to shut up all those Mac fanatics and their pseudo security
llemm 03/03/2010 2:57 AM
Hide
Insert quote. Report -0+

dogofwars :
Well Chrome use encapsulation and IE 8 do "some" kind of encapsulation.From my own experience I think Chrome is safer but it take a lot of memory.HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??



My Mother have one in her room.
idlerp 03/03/2010 5:49 AM
Hide
Insert quote. Report -0+

tomtompiper :
PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.



Does your computer come with some type of magical protection that keeps you from being vulnerable to 0-day exploits? Don't know if you realize this or not but there are and have been viruses and worms that spread with absolutely no user interaction, the computer simply needs to be on, connected to the internet, and running vulnerable software.

And to the people talking about hacking consoles, he's not talking about running pirated games, he's talking about running arbitrary code from a remote location that either steals personal data, turns the console into a bot, or damages it. Much like the code that was intentionally bricking PSP's a few years back.



This magical protection is called Linux. I surf the web using it, I only switch to Windoze for games. As I said if you take reasonable precautions there is nothing to worry about. Dualbooting is easy, try a live CD first to check your system and find a distro to suit you then install. My Distro of choice at the moment is PCLinuxOS, great hardware detection and installs in 20 mins.
Score
0
!