Joe you really are incredible !
What do you expect microsoft to do to protect users of their software?
At least they have tried which more than you could say for other software companies !
Why ?? Because you have not said what they CAN DO to protect their users !
Like you have said previously... offer something to the discussion.
So what have you offered .... NOTHING !

Joe you really love to make up "your own" articles don't you?
How many lines of code go into a Windows OS, I don't know bu it is a hell of a lot. And to get the software "just right" I feel is humanly impossible, so that their is no way hackers can get into our systems.
That's why we have "firewalls" and "Anti Virus" software.
Stop being so "high and mighty" about things and see things from the other side for a change.
Which software company does not issue programs which hackers can find weaknesses in? There are none, that's how many.
All you seem to do these days is go off about how bad microsoft is these days.

Neil and Peter.

First, you are both the same person. Stop trying to post as someone else neil, your style of writing is a give-a-way. That, and the timing of the post as well.

Also, you haven't even understood the article. It ISN'T knocking Microsoft. It is saying that the environment in which Windows Operates is completely different then when Windows was developed. And even if MS tries to increase security, the users dismiss it. I have been on forums, where the first thing people do is suggest turning off UAC.

You really are annoying Neil, really. I challenge you to make your own blog seeing as you know it all. Its easy to do, so go ahead and do it and let's hear what you have to say about the state of play. Where is your blog? We are waiting.

Dera Mr Joe,

It seems that you are running a blog to document and track Vista bug.

You don't "watch" , you are only doing some bug tracking

The Sad Truth About Mr Joe Wilcox's Neighborhood:

Joe wakes up and drink a cup of milk from the refrigerator powered by Linux.

Joe switch on the radio powered by MacOS

Joe cycles to work with the bicycle powered by Oracle

Joe takes a lift to his office powered by Sun

With all the anti-Microsoft neighborhood around him , please don't blame soley on Joe

It's just bad infleunce and bad neighborhood

Hah . . Hah

The main problem of Windows is, as it is with most of "big software": There can be only evolution, no revolution. To address all problems, especially the security problems, Windows has to be rewritten nearly from scratch. That's impossible. The other way, waiting for the evolution, takes too long. It would take decades to develop the current Windows kernel and surroundings to match the security requirements of today. But in decades we have complete different requirements...

There is a third alternative: Using Linux or MacOS. But - if one of these have the market share of Windows, they will have the same security problems. The bigger the market share the more interested are the hackers...especially with Linux and it's open source.

I agreed fully with Harald until the last paragraph. How can you suggest with a straight face that linux and MacOS would have the same security problems? This is a common fallacy that has been disproved over and over and over again.

For one, over 50% of internet servers run Linux. How exactly do you define 'half the world' as not a big enough market share to be a target for attacks?

The problem is exactly as Joe has stated it, Windows was made for a single-user, closed, trusted environment.
Unix was built as a multi-user, widely connected system from the very beginning.

There are many problems with Linux and MacOS, but security ain't one of them.

Open Source is not a hindrance for security it actually enhances security a great deal, because everyone with an internet connection can examine the code, find vulnerabilities and then report them.
And they do this.

Compare that to a single company that has perhaps 10-20 different products they have to maintain, upgrade and provide customer service for.
If it's not something that the marketing dept. deems detrimental for sales, you can rest assured it receives a low priority.

If you need more evidence, ask yourself why hackers only seem to exploit vulnerabilities in proprietary systems.
They don't go for the open source programs, and why? Because anyone can fix them.
With a proprietary program, only the creators can fix them and their response time is obviously much longer than that of several thousand developers around the globe.

I suggest you read the short article on a study dealing with exactly these myths:
http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/

There's a link to the full pdf text at the bottom.

Who's kidding who?

The only jungle out there is the one created by corporate managers who are bungling social climbers. In reality world, people still play by the rules and we don't house criminals in the corner offices.

Except for government, that is. ;)

"Open Source is not a hindrance for security it actually enhances security a great deal, because everyone with an internet connection can examine the code, find vulnerabilities and then report them.
"

Also hackers will find vulnerabilities and the not only DO NOT report them but also use it for their own purpouses. Why not?

I often find this kind of biased argumenations. The mantra some people say is "open source is beteer because enough eyes can find vulnerabilities". But, when some years ago part of the source code of Windows filtered to the Internet, same people say "now many hackers will find windows vulnerabilities". Nobody said "enough eyes watching the windows source code will help on finding vulnerabilities".

@textureglitch: You're right with roundabout 50% of server software. But why do hackers attack servers? Mainly they want to distribute their malicious software through the hacked servers to the endusers. In the enduser market, windows is currently the leader. That's why they are the target of so many hackers. If one of Linux or MacOS would be the market leader, they would be the main target for hackers. That's all what I want to say.

The problem I see with Linux or open source at all is, that the hackers can find their "doors" easier than with Windows or MacOS. Because they have the source. Perhaps the community is a bit faster in fixing those holes, in fact they are faster in fixing not so important holes. But the community would be prooven hardly in case Linux would be market leader in enduser OS and therefore be the main target of hackers. The lifecycle of malicious software would be very short and the frequency of distributing new versions of them will be very very high. In my opinion, it will be a question of who will be tired first...the hackers or the "fixers"... As we all know, hackers have a very good stamina...

Don't take me wrong! I don't have anything against MacOS, Linux or open source at all! In fact, I also use opens source software (who does not?). All I want to say is, that the situation would not be better if another OS has the market lead. If endusers, especially important endusers like administrations, celebrities, rich people or just you and me do their daily work with another OS, the hackers would also change to that OS. Because they do not target the OS. They want our data (passwords, credit card numbers, bank accounts, etc.).

For Tod O.:
Closed source and Open source are two entirely different worlds when you're looking at the hacker problem.
The point is that with open source it's not just hackers who are looking for vulnerabilities. It's everybody, simply because it's possible to do so, the code is right there.
You don't see a lot of companies spending precious software development resrouces on checking, rechecking and checking again their own code for vulnerabilities. That's just money out the window for a corporation. You try convincing a manager that they should tie up developers in going over their own code. No, they fix bugs and vulnerabilities when someone else finds out about them. If even then, because it still depends on the scope of the vulnerability and if it's financially sound to even spend time fixing it.

Your leaked Windows source argument makes no freakin' sense whatsoever. Why would anyone, ANYONE apart from hackers spend their time helping MS fix their operating system? What would you get out of it if you sat at home, looking through all the leaked Windows source code and helped MS fix their security holes?
The point is that open source is a community and you, yourself, directly benefit from fixing flaws in software you use, and you get credit.

For Harald:
You're still running around in circles. Hacking a server is not the same as hacking an enduser system. If you're hacking a server, you're talking about vulnerabilities in Apache, IIS, drupal, php, whatever software is on the server, the OS is fairly irrelevant in this context (although IIS only runs on Windows and is historically a lot more vulnerable than Apache. Also, some Apache exploits have only worked if it was running on Windows).
But that's not how the majority of malware and viruses spread. They are put on warez and porn websites by the people who run the sites themselves. Hacking a server is usually messy business unless you know the passwords needed, so there's a lot of dictionary or brute-forcing, which slows up pretty clearly in logs.

From there you still have to get through the user's browser before you're on the machine itself and we can start talking about end-user OS vulnerabilities.

So let's say you're at the point where you have successfully distributed malware to a user, now comes the OS thing. With Windows, your virus can do pretty much anything. You can hide yourself in a myriad of ways, you can use Outlook to distribute yourself, you can delete boot.ini to kill the system entirely.
What can you do on a linux box? You can delete all the files in the user's home folder and... that's pretty much it. You can't distribute yourself through mailing lists, because the linux mail programs do not allow stealthy execution of scripts like that ILoveYou virus. When you infect a linux PC, you don't even know what mail program the end-user has installed, where his address book is, or what program he's using to send email with. This all depends on what distro you're running, it's not monolithic like Windows where you (as a virus programmer) can be absolutely 100% certain of where the addressbook is so you can spread yourself, and you can be absolutely certain that Outlook Express is installed on the machine, because it's impossible to uninstall this program fully.

Windows is the target of all the ills of the internet because it is monolithic and because it is insecure.
In Microsoft's case they're much better off using security by obscurity to hide their code, because if anyone had the MS source code, hackers would force them to rewrite the entire thing from scratch. It's that bad. They couldn't possibly patch the whole thing the way they're doing now.
Now compare that to Linux. The source code of the entire operating system is out there, free for everyone to look at.
And yet, no viruses, no trojans, no malware, no spyware. With several hundred of these insidious programs popping up every year, don't you think at least ONE person in the entire world would like to shut up those arrogant linux geeks who claim their OS is completely virus free..?

If hackers can find their "doors" easier, then why haven't they? It's not a lack of market share, we've ruled that one out. The only thing you'd want to end up on a user's OS is adware and some spyware, that's where Windows is attractive as a target.

Okay, they want our passwords and credit card numbers, but that's either phishing or keylogging you're talking about. That's possible, regardless of the technology and you don't need to to infect a computer for that.

But saying that servers are somehow not an attractive target is just boloney of the highest order. Due to their higher bandwidth and processing power, servers would be vastly more interesting to infect with spyware and malware in order to monitor them and use them in botnets.
If you wanted to do a DDoS attack, what would you rather have in your botnet? A machine that can pump out messages with 200Mb bandwidth and four Itanium processors, or Joe's Best Buy Special on a dial-up?

"Why would anyone, ANYONE apart from hackers spend their time helping MS fix their operating system? "

You should know there are plenty of MS partners, customers and individual beta testers who willingly help MS fix their products. Know why? Because that organizations and individuals do their livings using and re-selling MS products and/or services. A clean, well-known business model (I dont´t like the 'ecosystem' analogy :-)). In fact MS has some shared-source licencing model to make it possible. If you feel inetrested just visit http://www.microsoft.com/resources/sharedsource/default.mspx.

My guesses to the question "If hackers can find their "doors" easier, then why haven't they?" are:

1. It's possible that crackers are mainly UNIX programmers and obviously are not interested on cracking their own operating system.

2. Maybe it's easy to do social engineering on Windows users. The general perception is that Windows users are more naive than UNIX users.

3. And yes, it's a market-share issue despite many opinions I often read in forums (many opinions, not true facts). There are lots of Windows out there and not-so-many MacOSes or UNIX-like OSes. Hey, why there are not viruses for OS/2... simply, it's a dead product :-)

If you think OS market share is the key factor in the number of exploits created per OS, one only has to look at the data to disprove this. In 2005, there were approximately 125,000 exploits attacking Microsoft Windows systems, which represent about 95% of the desktop OS market. Mac OS X is usually pegged at about 4% of the desktop OS market. Therefore, based on market share, there should have been around 4% of 125,000 or about 5,000 exploits for Mac OS X. There weren't. Its not about market share. Its about architecture of the operating system. Unix-based or Unix-like OS's are typically better architected for operating in a multi-user and networked environment that Windows. These systems had networking and security built in from the beginning as part of the foundation.

Windows on the other hand was created in the non-networked, single-user environment. Obviously it has been updated and now works in the multi-user, networked world. Unfortunately, it still has a lot of legacy, carry-forward architecture from its early days that is required for backward compatibility and this hurts its security.

Until Microsoft dumps the existing code base and starts over, it will continue to have more security problems than other OSes.

Apple's adventures with its OSes provide a pretty good roadmap of what is possible. Prior to Mac OS X, Apple had security issues and stability problems in its OS. Apple dumped its OS and created OS X on top of an existing BSD Unix distribution with elements of Next. Mac OS X is mainly just a pretty skin on an existing, fairly secure Unix base (which Apple open-sourced as Darwin) that people are willing to spend money on like they are willing to spend money on Windows.

Microsoft could do something similar, maintain the Aero look and feel, get much better security and be hailed in the press for doing it. Their main problem would be lack of backward compatibility with existing apps. Microsoft could include an emulation layer (i.e. "Classic Mode") to run legacy apps until the app vendors ported their products to the new OS architecture. Microsoft definitely has the engineering talent to make this possible. Unfortunately, they seem to lack the will.

Windows once lived in a happy place were all was peaceful and secure. Then villainous city dwellers descended upon poor little, defenseless Windows. Windows stubbornly refused to move from their safe little neighborhood home even though villains lurked everywhere. Did Windows place locks on the doors? Did Microsoft install bars over Windows? No, Microsoft passively allowed the bad guys to run roughshod all the time selling more and more homes without locks and bars. The end.

Joe, how’s that for an analogy?

For Tod O.:
I know MS has beta testers and partners, but that's for bug reporting, they don't get/need to see the source. MS does have some source-sharing licenses, but you'd have to be pretty influential and pretty credible to ever get near that sort of contract. It's for governments, multinational enterprises and some OEMs only.
And I thought we were talking about operating systems here? MS has a lot of other buggy products (about 100% of them they simply bought with a company) somebody has to maintain them.

For Uyke:
Your guesses:
1. Give me break. Unix is not a hacker OS, what a bunch of rubbish. I can assure you that the very first thing a hacker would break is the OS he uses, because that's how you gain knowledge about hacking. And the source is free and open so you can even see what you're doing when you're trying to make buffer overflows, it's not a black box like Windows. *nix would be the perfect OS to crack, because you can see everything that's going on and debug it all.
The points is that obscurity != security. Hiding the source code does not make it secure. By your, Microsoft's and everyone else's reasoning a program/OS cannot be secure if everyone has access to the source code and it's just not true. Any security expert will tell you you're wrong about this.
2. The only reason Windows users are more naive than *nix users is because there are so many more of them. It takes a substantial amount of willpower to change your OS and it's mostly IT people who do that, or who set it up for other 'normal' users. Human stupidity is a constant no matter what demographic you care to point at.
What's so paradoxical about it is that you don't have to know about firewalls, trojans and viruses if you're a linux user, whereas there is an entire campaign in the world right now trying to 'protect' users from all this nastiness, when in fact Microsoft et al. are just trying to make people accept that malware is a fact of life, when it really isn't something you should have to accept. You should be able to sue Microsoft every single time a virus infects your computers, because they have sold you a defect product that is insecure and ruins your work and steals your time. This concept works surprisingly well in every other aspect of life, but computer programs are somehow legally exempt from this.
3. Nice try wedging OS/2 into the conversation, but it is not a valid comparison in any way, shape or form. Linux has, what is it, 6-8% of the desktop marketshare right now? They surpassed Mac OSX a couple years ago. You're assuming that there is some magical point at which an OS reaches critical mass and hackers start writing viruses for it, but it's a fantasy. One that Microsoft is very interested in keeping alive, because if they can make everyone believe that switching to another OS will not help you get rid of malware, things are good for them.

The Michigan Court of Appeals recently held that documents exchanged by attorneys in negotiating a settlement agreement can become the settlement agreement itself-- based on the wording of the correspondence between the attorneys. Plaintiff sued defendant for personal injury protection (PIP) benefits. The parties reached a settlement figure and their attorneys were faxing documents back and forth, but no agreement had been signed. The court looked closely at the attorney' s faxes: in one, the defendant' s...

If your looking for even more information on PC security then I would head over here as they have plenty of stuff on identity theft, antivirus software etc.