Microsoft Defends Win 7 Security After Pwn2Own

Interesting. Security really is a continual work in progress as Hackers will continue to find new exploits and they will continually be in the process of being fixed. Nothing is perfect and more and new ways to attack will continue to be developed.

My defense for Microsoft is:

It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.

Wasn't that hard? At least 6-7 days to overcome?
Doesn't sound too easy to me.
A little confusing there, Kevin.

Thats why I use chrome. The sandbox environment in Chrome makes it next to impossible to crack. But of course, someone will develop a hack for it. Its inevitable.

yawn ... hehe.. secure.. not.

When you hear that Windows 7 is the most secure OS ever, they don't mention that this is only when compared to the previous Windows version, not any other OS. I've heard this line from Microsoft with every release since Windows 95 (before that they didn't care about security at all and I've used Windows since version 2.0). Just slap some firewalls and anti-malware apps on it and everything will be wonderful, just like the advertisements claim.

ASLR is like building a maze around your house. It may delay entry for a bit but if you built a proper security fence you wouldn't need it in the first place.

They can but usually don't. You can't just deploy patches without testing. They've had patches break apps in the past.

All of you who talk crap about Microsoft and how their OS security sucks, do you know how hard it is to write software? When you have to write 100,000s lines of code (I doubt it's that little to be honest), do you think every line would be perfect?

Every kind of defense/security can be broken given time and effort. Nothing is unbreakable. It's just that either technology hasn't catch up yet OR the return is not worth the reward.

^ Unfortunately, I agree with you. But the important thing is that those loopholes should be fixed immediately as soon as it is discovered to minimize the damage. Hacking events would help improve security of softwares involved.

Actually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.

By who?

And thats why I will keep buying Microsoft products. Not because they have less exploits in their programs, but because they are so concerned about patching them. I will support any company who is that concerned with my post purchase experience.

Because the small portion of people that use Linux aren't worth hacking. Hackers will always focus on the largest market share which is Microsoft. Unix(like Linux) and Unix-like(like OSX) OS's are NOT invulnerable.

Actually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.

OX10 is actually pretty weak in the security department. Win7 is a lot more secure. Not enough money is made from hacking them since they are such a low % of the computer population which results in all the hackers going after windows.

These so called experts......

http://www.tomshardware.com/news/p [...] osx&xtcr=1

In either case, my personal option, if it's made by 1 person, another person can crack that person codes. It may take time but any software can be broken.

I hope to god you are kidding about this.

Only on the desktop. On Internet servers *nix is much more popular. Even Tom's Hardware uses it.

Desktops are an easier target, not a more valuable one. If a desktop gets hacked only the users of that desktop are subject to identity theft. It takes a lot of them to be useful as bots. If an Internet server gets hacked then the accounts of every user of that server are targets, SSL or not, and even the connecting client PCs can be compromised. If a web store is breached then the credit card numbers or bank account info of every customer is in jeopardy.

MSFT hamstrings itself, justifibly so IMO, by continuing to give backward compatability. Sure, a more modern from-the-ground-up OS or an OS that completely scraps prevous versions can be tougher to crack because they don't have to carry that baggage. But by offering such support MSFT allows enterprise or personal investments in software to not be flushed down the toilet whenever and upgrade is required. I'll take the trade off in security over functionality any day. Of course, I don't think it is THAT much of a trade off in Win7 .

Well...if you were a hacker spending hundreds of hours trying to utilize an exploit would you have it hit 90% or 10%?

I'm with Microsoft. Those anti-MS people keeps yapping about Linux and MACOSX....Hello, independent test has shown Mac OSX is actually less secure than Windows. And Linux isn't hack proof either. It just that nobody wants to waste time attacking < 10% of the world, when they can attack 90% of the rest of the world!!!

So far, i'm very happy with my Windows 7!

Nothing about this screams worry or anything to me.... 6-7 days to develop an attack.... that is a lot of time and sounds like it may or may not have to do with certain modules being loaded.... some IE 8 extensions or whatever.

We already know that there is not one O/S that is not 100% hack proof.... Even you linux boy's can be subjected to hacks and it has been shown...

You just love to jump for joy when someone comes out and says that Windows 7 which has been shown to be the most secure Windows yet, has a fault... yet didn't it last the longest of the O/S's at a recent event??

The only 100% secure O/S is one that isn't written.

If you think any machine is stable, remember that 2 things control your PC.... it having power, and its CPU having clock cycles... done correctly and altering these in combined ways can open access to any system... just ask directTV... As the software grows better, hardware hacks will be the next wave in...

about what? you actualy think for one second these things dont effect linux? or that by some act of god someone coded linux so good that no viruses could effect it? perhaps the gods them self made linux to fend off the evil viruses. or perhaps its used by so little people that no one gives a damn about it.. The second option seems alot more resonable.

In the scheme of things, a week of work isn't very much if you can steal hundreds of thousands of dollars through identity theft.

It's obviously not "easy," but I'd say it's not *that* hard for what's at stake.

Nothing is un-hackable, it is only making them harder to do that's all. Windows, Linux, Unix, Mac OS, etc etc, all can be hacked with enough time.

How can software and hardware made by imperfect creatures such as humans be perfect, it doesn't make a sense.

Imperfect creators will always create imperfect creations, that's the law of the universe.

6 or 7 days to get past it?
Is that 6 or 7 days constantly battering the machine? What if the user switches their machine off in the meantime? Do they have to start again?

A Linux box is not invulnerable. If it has not been properly configured it can be broken in to. One of the primary reasons it is harder than on Windows is because permissions are always the lowest required by default and require a password to elevate (which users may not know, and should not know if they don't need to), making the user think for slightly longer than just clicking "Yes" on a UAC prompt like on Windows 7 (users are the weakest link, don't let them do things without thinking and don't let them do things they don't need to do). On XP and older you didn't even need this, and malware had Administrator permissions on the default account to start with. Very poor design. Luckily MS worked around that with Vista and at least lowered the default user privileges.

A Linux box properly configured with Mandatory Access Control is very secure, because even if a person manages to get access to an Administrative account they still may be limited to what they can do. I don't think (correct me if I'm wrong) that Windows 7 has anything along the lines of MAC, so it relies on simple file system permissions like many default Linux configurations do. I doubt they will implement anything like this any time soon either, as it will create a "hassle" for users who find them selves not privileged enough to perform some tasks, and would prefer insecurity if it meant simpler usability.

funny, that exact link talks mainly about windows and mac, almost no linux related issue, only two guys have mentioned linux, the first one is Ross Anderson which states that if you don't want to have malware, get a mac or install linux on your pc.
the second is Dino Dai Zovi which states that one should run iphone or chromeos as there are more secure then linux or mac.
now that dude should get a new job as iphone is based on osx and chromeos is a linux distribution.

this article may say that windows 7 is more secure then osx, but it certainly doesn't say it is more secure then linux.
so I ask again "says Who?"

I tend agree with the notion that a system is as secured as it is configured. but naturally(mainly due to design issues), linux is the most secure of all three.

as no system is invulnerable,just take a look at the percentage of the isp companies and supercomputers in the world that are using linux.

My words for Microsoft. "Keep up the good work! Im enjoying my pirated copy of microsoft office "

In my experence users are tards, you could give them a link to install a program like "LogMeIn" with admin rights for the entire world, tell them thats what it is for, and tell them not to click it. Guess what THEY WILL CLICK IT!!!!

It is so sad that so many commenters here can't see past their own monitors. The Internet is much bigger place then the desktop market. So every time you say that Linux has only 1% of the market and not worthed cracking you are talking about 1% of the desktop market. The reality, the Linux is running on most of the servers on the Internet. And if you have been Sys Admin as long as I have been you will know that hackers first target server and if they fail to succeed they will move to the desktop. Linux Servers was under attack longer then any MS desktop. Only when security of the Linux server was raised above the knowledge of the average hacker the Windows desktops become really valuable target. This happen around 2003/2004.
So the argument that hackers don't target yet MAC OS X because the small market share is quite valid, but when you make this comment about Linux it shows you really have no idea what you talking about.
Good desktop Linux distribution has all the security features and default settings as any Linux server. It has to be configured correctly and most Linux users know how to. This is valid for latest OSes from MS and I am glad to see it. Well configured Windows 7/Vista/2008 are secured, but they have too much legacy code and bad design decisions from the past that still causing problems. The biggest one is the integration the IE into the OS. If the IE to become normal application the security of the Windows OS will be raised significantly.

...but only on Tuesdays