Vertical Computer Systems Inc (BB: VCSY)
VCSY Quote | VCSY Msg Board | VCSY LiveCharts | VCSY Chart | VCSY News | VCSY Company Info | VCSY Insider | VCSY Analyst Recs | VCSY Top Holders


« VCSY Message list | Reply to msg. | Post new msg. « Older | Newer »
By: yo-eleven
21 Jun 2007, 10:39 PM EDT
Msg. 188038 of 188039
Jump to msg. #
Wake up everybody. Microsoft put the clamps on a project underway by outside Microsoft developers intended to build what Microsoft took out of Longhorn.

The fact Microsoft is enforcing their patent IP tells me they are on a solid IP footing. They would be doing many other things than this if they were going to get into a patent war.

why dont you change this blog name from Microsoft-watch.com to Microsoft-Critiziser? Why do I always see posts that point problems (which really are not..) or some negative stuff about Microsoft? Are you bought by Apple as well? You should post a mix of both positive/negative material. I dont see any post talking about new techs developed by microsoft. GROW UP JOE!!!

Yes Microsoft kind of "cooks" the numbers in it's favor. Other's do the the same. HOWEVER, any way you read these numbers, does Microsoft's OS's (XP and Vista) have more vulnerabilities than other Vendor's OS? Even if we set aside, the fact that scrutinity other Vendor's OS receive pale in front of that received by Microsoft, the answer is that number of security vunlerabilities is at least comparable...

I think malware should be included in the reports. How much malware affects Windows vs Apple vs Linux for the average user?

And when was the last time a Linux email server, or an Apple box, was used to spread millions of emails as it was taken over by a worm? Anyone remember Melissa or Iloveyou infecting the linux and apple boxes out there?

There is a new kind of threat: malware. Let's see how Vista does against it as their numbers grow....

It's Good to See Some Objectivity...
...as I must admit that I thought this was a MS cheerleading BLog at first. The company where I'm consulting has your article links in our division home-page. Interesting stuff in a good assortment of topics. Keep up the good work.

--Doug Hettinger

This is a good report and good information to know. I would ignore the "your picking on MS bo ho ho ho folks" If they want constant nothing but positive MS reporting the should just stay connected to www.microsoft.com and they will be sure not to hear anything bad about Microsoft.

Question for the great analyzer: How many secruity vulnerabilities over the last 6 months were "critical" for XP, but "not-critical" for Vista? I seem to remember several occasions where this was the case.

Many posters here are not happy for Joe not setting a balance between praise and criticism of Microsoft's actions. But Joe can't help it nor can Microsoft.

A decade ago, Microsoft gave up on software quality when it decided to overlook software engineering principles to maintain the artificial incompatibility of Windows with all other existing OSs. That was very serious: MS programmers had to write millions of lines of source code in order to make Windows NT and 2000 to appear pretty, musical and better than Unix. Had it done it with a clean redesign to produce the desired effects through an implementation of less than 10 mlsc (million lines of source code) built around an understandable, lean, source code tree, then programmers would be able to debug that tree incrementally. However, MS chose to ADD more than 20 mlsc of PATCHES around the existing code in Windows NT 4.0, which was not well debugged yet.
Because Windows 2000 was not user-friendly enough, MS programmers had to add another 15 mlsc to create Windows XP. To obtain Windows Vista, MS programmers had to rewrite a significant portion of the XP source tree, including DRM support among other things. The estimated size of the Vista tree is 50 mlsc.
According to software engineering, the probability of bugs grows exponentially (positive exponent) with the size of source code, regardless of the quality of programmers. That is why the size of source code should be maintained as small as possible by merging and substituting instead of adding. It is safe to say that no other software project has allowed the source code size grow to a monolith as huge as Windows 2000 and its successors. It is no longer large complexity as some analysts refer to, it is sheer stupidity. Once it gets to this point, no amount of money thrown into the problem is capable of resolving the conflicts. Maintenance programmers are unable to pinpoint the reported bugs within the source code. There is no earlier case history to even suggest engineering solutions for the Vista problem.

Consequently, Windows Vista has an uncontrollable accumulation of bugs visually undetectable and hidden from the beta testing, because the conditions for the majority of bugs to manifest themselves are impossible to create. Many of the bugs have well known effects, such as memory leaks and resource allocation deadlocks, which can be catastrophic when one runs mission-critical functions: health care, car-driving, jet-piloting, steel-making, ship-piloting, defense-monitoring, stock-market transactions, super-computer operation, etc. This means that no operating system derived from the Windows NT source code tree is reliable for mission-critical applications.

I think that the Vista source code tree attained a saturation point in terms of patches and bugs. It is an impossible mission to write a service pack that can solve the problems that have been reported by users so far. Sorry to disappoint the Windows advocates, but these are not speculations around a temporary weakness of your preferred platform, they reflect the truth of the matter. The reason why these assessments are not being refuted by Microsoft engineers is because they are so close to the truth, that in the refutation process they necessarily would have to touch the truth, which is too painful for MS marketing to admit. That forces MS to rely on juridical and marketing releases that are not even tangential to the central issue. Windows Vista is the last OS of the current source tree. Microsoft does not have operating system development capabilities. The last member of the MS upper management with that capability was James Allchin, who conveniently retired before the launching of Windows Vista. And no sane OS developer will accept that post.

Joe is really unable to find anything positive to say about Microsoft. Anybody who can is lying.

M. Miyojim, have you hit the nail on the head or what. Total agreement here.

Windows main and perhaps only real strength is its backward compatibility with older windows software. This is also one of its main weakness, as many of those programs require administrative rights to install and run. This makes it a little harder to code windows as a secure OS for the web, not that I really think MS is trying that hard.

MS actually made XP better than I think they intended to. MS only makes things usually slightly better in the next greatest Windows. There is always something left out, or broken, or needs to be done better, so MS can sell the Next Greatest version of Windows. Ask yourself this, would you buy Vista or Viennia if XP was perfect? Of course not, you cannot improve on perfection.

Linux and BSD however, do not follow the same sales models as Windows, most are free. Therefore they have no problems trying to make a "perfect" OS as free of bugs as possible. You will never see that with MS. I do believe that MS could make a version of Windows that would be backward compatiable with most software and be secure on the internet without the problems of the User Account Controls in Vista, but I really don't think they want to do this. It comes too close to the perfection model, and that means no future sales.

Now MS is using its patents (FUD?) to try to kill off or stall Linux. This is a mistake, as instead of this MS should be looking at what they did back the the windows 98 and Windows NT4 days, release two OS linesn at the same times. Or even 3 for that matter. MS will never be able to convince linux users to use a MS Linux. But, they can go the same route that Mac OSX did. Build their own BSD/Darwin/Unix/MS as only MS can screw it up, err I mean make it good. LOL Why MS overlooks this source of revenue I do not know.

Good job calling Microsoft on this.

With all the actual viruses on Windows -- and the need of a multi-billion dollar industry to prevent them -- it was clear Microsoft had to invent a new way to define security:

http://thesmallwave.blogspot.com/2007/06/microsoft-building-better-security.html

Chip, many are blind to what has happened for Microsoft in the last month. They have obviously settled and signed licensing agreements with VCSY and now have access to their patents. Today VCSY is a penny stock(.025 pps) but will be a blue chip stock within a year. Mark this post, it's not spam but FACT!Oh yeah, Google is next on VCSY's list of infringers!

• Vertical Computer Systems, Inc. Files Patent Infringement Lawsuit Against Microsoft Corporation
PR Newswire (Fri, Apr 20)
• Now Solutions Successfully Resolves Its Lawsuit Against Ross Systems
PrimeNewswire (Wed, Apr 18)

We heard all about windows source code, even as early as wind95. Of course somewhere along the way you forgot that Microsoft has made at least 2 magor refactoring of the source code producing the same code base for all windows versions. Sure, code of this magnitude does suffer from the problems that you mention, unless you have written the perfect source code, something that's nearly impossible.
Let's say, however, everything you write is true for Windows OS and that other Vendor OS's do not suffer the same kind of problems.
Then how come Windows (with all the backward compatibility code that has to be maintained) and other OS's essentially exhibit the same if not more number of vulnerabilities? If somebody can not write a secure OS and that is not Microsoft.
And don't make me count security bugs on Linux and Mac OS X. Windows vulnerabilites are magnified, because of market share.

Sorry Evans, but the question should be made inversely: why did Ms, with 8,000 employed, 5 years and $6 billion, produce an OS *that* buggy? (fact.) For example Ubuntu, with a LOT less resources produced an impressive-better-product (bang for buck-imagine this inversion in Ubuntu!!-) and that's a fact as well. Are MS's employees stupid? I don't think so (maybe they're a bit disillusioned.) Something has to explain this and the explication about the code is logic and rational- furthermore everybody knows that in the area of complexities, the addition of variables causes a geometrical augmentation of the complications.

evan :
Quoting you here;
"And don't make me count security bugs on Linux and Mac OS X. Windows vulnerabilites are magnified, because of market share."
--------------------------------------------------
Thats really counting the Way MS wants you to count, which is basically what Joe is written the article about.

Vulnerabilites are not a true measure as a way to count how secure an OS is. Simply because Linux users, the vast majority of them, usually run as a limited user, where as Windows users, almost all, run as administrator. Running as an administrator with full administrator rights, also will give malware the same rights, but not so running in Linux as a normal user, Therefore, the vulnerabilites in Linux, are only if you are running incorrectly as the administrator (root) account.

Also, I might point out, that for a vulnerabilites to be exploited, someone would have to right a The true measure of a secure OS is not the count of the vulnerabilites, but in fact the number of programs (virus, trojan, worm, malware, spyware, scumware, etc.) writen to take advanatage of such vulnerabilites. Count that number and you will get the true number and picture.

And here is where you find almost none, or none in the wild, for Linux, BSD, Unix, and Mac OSX (which is based on BSD/Darwin). Last count of Viri, there was over 500 thousand programs written to take advantage of windows vulnerabilites. You will never hear this from MS, as they can't really tell the truth. Who will keep buying windows if every knows the truth?

We all use windows, and spend endless hours scanning and updating our virus and trojan scanners. Sadly Windows is the tyhpoid Mary of Operating Systems when comes to Viruses.

With linux I can surf anywhere on the web (used probably as a limited user) without fear. I can open any piece of email without fear. There are many easy to use, easy to install linux distros out there, SimplyMepis, PCLinuxOS, LinuxMint, to name a few. The free download are available for them through distrowatch.com So set yourself free, and give some a try, you don't have to give up windows either, just set up a dual boot system.
I recommend live cd, that work from the live cd without installing anything, as you can test out first to see if all your hardware is supported.

Now Windows can be run as a limited user. Very few will do so, as you almost got to be a rocket sciencetist to know how to do that. Also it very restrictive, more so than linux, which makes it so hard to run windows as a limited user. Which is why few do so.

Malroy,
I have said in my first post, that I can admit that Microsoft kind of cooks the numbers in it's favor. As somebody wisely once said ..."there are lies, damn lies and statistics". No argument there. However, still the severity level and number of vulnerabilities exposed by other OS's, are similar to Windows.

The administrator privilegdes that you mention is a problem. However, this is not a problem with the OS per se, but rather it a matter of user culture and perception. I am developer and I login to Windows (from version 2000 ) using a normal account with no problems. Don't forget here the background computer knowlegde of the average Linux user (who is a least a Power user with some unix background and culture) and the average Windows home casual user. I did not even have to tweak the OS, for this to work for normal operations (write documents, read email, browse the internet) and very little to do debugging.So, this problem is really a culture problem. Microsoft of course in the early versions of Windows, when there was no internet etc, made the problem worse by encouraging Administrative accounts and ease of use, instead of security.

Finnaly, the reason why there are so many virouses, and malware for Windows, is for the most part because of market share, not bc windows is easier to exploit.The other part of course being that is generally easier to write programs in Windows. Nobody wants to write a virus for an OS with 3% market share.If Mac or Linux ever reach 10% market share, the number of virus and malware as well as vulnerabilities will skyrocket...Take for example Firefox. The moment it got some significant market share, the security bugs skyrocketed....

Microsoft seems to have an interesting security and marketing strategy. Instead of actually coming up with better security than its competitors, the company instead chooses to simply make people think that it has. "Security through deception" should be their new slogan.

It doesn’t take a genius so realize that the number of bugs is not a very accurate indicator of operating system security, as many of you have pointed out. Even qualifying their severity isn’t enough. There are a great number of factors that determine the significance of a security flaw, including how they can be exploited, how much damage an exploit can wreak, how soon the bugs are fixed, and so on.

One also has to consider the method used to define a security flaw. How does one, for example, classify vulnerability to viruses? Does one count the number of viruses that can infect a workstation (in which case Windows XP would have a huge number)? How would one rate the severity and significance of the fact that the operating system is so easily infected by viruses at all? A simple number won’t tell you much.

More stuff about this issue at:
http://www.infoweapons.com/blog/?p=27

Again, windows get affected by virous because 99% of the virouses are written for windows, bc windows has 90% of the market share. I am sick and tired of hearing these arguments again and again and again. If any other OS reaches a market share 'worth infecting', they will get more virouses too.

And please 'define easily infected by virus'.
I haven't had a virous on my windows system that last 8 years and guess what, I am not running any anti-virous programs. Most of them are piece of cruppy programs that slows down your system and won't protect you anyway on latest virouses. Common sense is enough anti-virous for any virous out there...

I really think that MS would rather sell OneCare each year than fix the problems with Windows sercurity. You know, instead of fixing the problem they created, MS would know like to make money off the problems of its users.

Evan; Making the UAC a pain to use in Vista was not a good idea, and I see posts all over the internet about turning it off, and how to turn it off. Cultural or not, its what most Windows users are doing. And if MS would do a better job on the UAC, the internet would become a safer place for everyone.

As far as the 10% figure, you could be correct. I can't see into the future. But while I am not a Mac user, I do believe that Mac is at 6.5% now of the total computer user market, without any viruses. Vunerabilities yes. Lets see, Windows at over 500 thousands pieces of viri, and Mac at 6.5% of that, would be something like 32,500 viri, but yet none. The math dosn't add up so far. Then again, it could be what most of the Mac and Linux users have been saying all along, the way Windows is set up is wrong from a sercurity standpoint.

@manny.

sadly, no. i imagine the total install base of unix systems is comparable to windows. you find linux all over the place from abs systems to supercomputers. of course, the majority of internet servers run a unix version. the desktop market is not even the largest computer market and the servers are the main target of virus and malware developers.
however, windows servers are many hundreds of times more likely to be cracked than unix servers.

my moneys on the apple geeks.

those ms geeks would get mowed over easily, the apple geeks are rabid.

and i laff at people like kitto..

he's covering a blogger paid by microsoft (and quoted all over the web) to say vista is more secure than fort knox.

no OS is secure, retards. As we all shit to the web, as our common platform, exploits will become crossplatform, so it won't matter anyway. Flash is available for Macs AND PC's, so is java, safari, IE, FireFox, opera, photoshop etc.

For those who like to fall back to the old canard of "more usage, better target", you apparently don't realize the falseness and double edged nature of your claim.

The number of installations of ANY OS has absolutely nothing to do with the number of vulnerabilities in the code. The underlying code does not suddenly morph more vulnerabilities because the number of users increases. So to claim it has more problems because of it's installed base is to make a false claim.

And yet whenever exploits are trotted out, or vulnerabilities, MS and it's apologists trot out t e installed base fallacy.

As to the malware issue, this is a combination of falseness and double edged nature. MS Windows and it's MS brothers in code are easier to crack open. Most of the developers of malware do it for MS software because it is easier - the availability of machines is actually secondary.

The depth of that knowledge should send shivers down people's spines. With OSS you have what should be the easiest crack possible: you have the source.

But here's my opinion on why that has not parlayed into greater problems for OSS. I've seen people expose and crack a Windows host without knowledge of coding. Basic scripting abilities has allowed people to do it. To do that with Linux or BSD pretty much requires an ability to read hard code to find the vulnerabilities. Most "crackers" do not have that ability. Ponder the meaning of that.

Now, consider the assertion that MS machines outnumber UNIX and/or Linux machines (an unproven assertion, btw: Desktop share is not the same as total share). For sake of discussion assume it to be true.

In this case, MS has an obligation to it's market and stakeholders to make it *more* secure - as secure as they possibly can. It's elementary: the bigger target you are the more precautions you must take.

Yet at best we see the arguments that it is no worse than Linux. Talk about damning with faint praise! With all of the resources and the obligation (It's a moral imperative!) to provide a more secure system they fail to do so. Why?

There are three reasonable possibilities.
1) They did the best they could
2) Both platforms are at the pinnacle of current knowledge and methods
3) They did "good enough"

I don't give #2 any credence whatsoever. Zip, zilch, nada.

How about #1? What would it say that they could not outperform the Linux guys? Pretty sad IMO. It would spell the end of something, and Linux is not it.

So what about #3? That may be the worst of 1 & 3. I can respect a team or developer who did the best they literally could. But a team or company that just did the minimum they could to get away with it is a sad sad company. If it didn't change it's mentality it would be destined for a fading shrinking existence.

Really, none of those three options is a good thing for MS, yet they represent the only realistic options when you present the argument that MS has bigger numbers due to installed base.
That is the back side of your sword.

Could you tell me if this article is simply incompetence on your part or is in actual fact an intentional try to use misinformation to discredit the report?

Won't bother to go into all your lies.

but we could start with you using as your evidence vulnerabilities which are outside of the the 6 month period studied! come on man if you are going to lie and bullshit at least don't make it so obvious

The "Windows is more popular" doesn't really hold up... What is the server market share for IIS, compared to Apache? Apache has more than half (ok, let's say 45%, when not counting Apache/Windows), IIS has 31%.

Still, there's 10-20 times as many worms for IIS as for Apache

You're spot-on with your comment, TheD.

MS's market share is not the sole reason it's vulnerabilities are more severe, more wide-ranging and more common that other OSes.

Scroll towards the bottom of this link:
http://news.netcraft.com/

Note the market share of apache vs. MS web servers. Yet it's MS web servers that are hacked more often than Apache. So what's the reason for this other than that MS's security is inferior to those of Apache?

When talking about web servers the often-used argument about non-MS boxes being hacked less often because of the relative level of it's users becomes invalid as well. After all, if one is running a server and making it available on the internet, one is either competent or a fool, regardless of the OS.

TheD You may want to check your stats a little better, IIS 6 currently has a better security record than Apache and is currently probably the most secure web server on the market and has been for 4 years now. Don't take my word for it, go look it up on secunia or any other vulnerability database you care to mention.

Grom: I've seen you tactic repeatedly, you specify IIS 6 has few vulnerabilities than Apache.

Which version of Apache? You don't tell us. Are you counting security issues from ALL versions of apache? Hardly a valid comparison.

Plus, from secunia's own site:

"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

So your basis for comparing IIS 6 vs. Apacha (?) is not only unverifiable by someone looking to do independent research on it, it's also based on flawed numerics that are disclaimed for comparison uses by the very source you got them from.

Try again, use logic and openly-verifiable metrics.

Flak

Er. . . Scott. .

YOU ARE A MORON!

A large point made in this article is that the 6 month statistic they used was bogus. Hence why he suggested multiple other candidates.

I did notice one comment missed in this report though.

It only covers "disclosed vulnerabilities."

Has it been considered that Microsoft may be intentionally not disclosing their bugs, and silently repairing them, or that the bugs are just not being reported to Microsoft!?

Any open-source platform, and to a certain extent Mac OS X is somewhat backed into a corner on this issue. Their source code is available. Thus, it's reasonable to assume that 3rd party developers who use the code for their own programs will find bugs, and disclose them themselves. Therefore, any "silent running" will be noticed and bring bad press for the company or group. Microsoft does not have this problem, and bugs can only be identified by effect and not by cause.

Our home security alarm went off at 0340 this morning blaring. I jump up off the bed and went to grab my huge Mag Lite flashlight to use as a weapon that I keep in the bedroom. Too keep a long story short the cops came but found nothing and I couldn' t go back to sleep. So my plan to do my intervals at 0500 did not happen because I was too tired. I did some deadlifts in the evening going up to 270lbs. Then walked down the block where there is a hilly walkway at the shopping center. I did sprints up the hill,...