Symantec/EU succeed in making Vista insecure

By maash
in Back Page News

 Share

Recommended Posts

Grand Master

hagjohn

Posted
Posted

"Oh, Vista is going to be so insecure because of Symantec." Does anyone actually have evidence that this PatchGuard move will actually reduce overall security?

As a rule, anything you open, can be used in an attack of some sort. Maybe it will be a big deal and may be it will not. Time will tell.

Of course, IMHO, there is no secure OS.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
But I have a hard time believing all of your whining: "Oh, Vista is going to be so insecure because of Symantec." Does anyone actually have evidence that this PatchGuard move will actually reduce overall security? It doesn't sound like MS is just opening up the kernel to every 16-year-old with VBS knowledge. Don't be so critical until you know exactly what technical changes are being made and what the implications of those changes are.
I have tried making this point before. Few listen, because it is fashionable to bash Symantec.
Grand Master

Brandon Live Veteran

Posted
  • Veteran
Posted

Brandon, I know you work for Microsoft, and they supply your paycheck and all. But you are quite wrong on your points. Until SP2, XP security was a complete joke! All those ports open for automated worms to exploit. The default XP install still leaves the home user running as admin, fer-cryin'-out-loud! Compare Windows XP SP2 to, say, Ubuntu (perhaps the most popular distro, and weighing in at 1-CD, probably most comparable to a typical home user's XP install). Tell me, exactly, how you would compromize this so much easier than Windows?

You can compare default installs, if you like (would be an interesting for people with XP SP0 CDs!), or you can compare 'hardened' versions of each. Either way, you won't find XP coming out on top. At least with Vista, Windows is coming out with a comparable product...

Some quick points before bed...

Saying "this OS is more secure" means nothing. This is a far more nuanced discussion than that. Better questions are - which OS is more securable? Which OS is more commonly used in such a way as to be secure?

Some arguments I would make are:

-Windows (even XP Gold or 2000), Linux, and FreeBSD can all be made very, very secure.

-The standard desktop use of Linux / FreeBSD is far more secure than that of Windows 2000/XP.

-The standard desktop use of Linux / FreeBSD is also far less useful and user-friendly, partly because of its security measures.

-It's easier to discover holes in Open Source software.

-It's far more productive (for a malicious person) to spend their time discovering holes in Windows.

-The number of exploits or discovered vulnerabilites is absolutely no indication at all of how many total vulnerabilities exist in said codebase. Unless of course you believe that the same amount of effort has been exerted over the same period of time by the same people toward discovering those vulnerabilities.

-There are certain roles (like Web Server) where Windows (+ IIS 6) is leaps and bounds more secure than the most common OSS competitors (Linux+Apache). I would not doubt this for a second.

Finally, Windows Vista is taking risks in useability and compatibility in the name of security. You can very easily argue that steps Microsoft took when building Windows 2000 and XP later became detrimental to its security proposition for the average user. They certainly weren't taken lightly - but were taken in the name of useability and compatibility. Especially when it came to replacing DOS / 9x with an NT-based system on desktops as quickly as possible. However, I do not think you have any ground to argue that these choices were wrong. Why? Because now 5 years later Windows XP is more successful than ever. And what's more, it was undeniably a huge step forward in robustness, reliability, and even security - from the hugely successful Windows releases that came before (particularly those from the DOS / 9x line).

Nowadays we live in a different world, and customers have new and different demands. Microsoft responded to those demands while developing Server 2003, IIS 6, and most of all XP SP2. No software will ever be perfect - but I think the investment Microsoft has put into security over the last several years is really starting to pay off. And as I said before, I believe Vista is more secure than anything out there.

Grand Master

FloatingFatMan

Posted
Posted

OK.. With all this arguing over PatchGuard in Vista x64 (I disagree that MS should open it up btw), I have to ask the question of WHY PatchGuard isn't in the x86 version of Vista? All I've found is something to do with backwards compatability, but what about people who aren't on x64 processors yet, but don't give a <bleep!> about older software? Can someone point me at a decent article explaining why, please?

I want PatchGuard on Vista x86 goddammit!

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted

Some quick points before bed...

Saying "this OS is more secure" means nothing. This is a far more nuanced discussion than that. Better questions are - which OS is more securable? Which OS is more commonly used in such a way as to be secure?

So saying it means nothing, except when you say it, like in your earlier post:

... claiming Windows XP is inherently less secure than Linux is a load of crap - I can't think of any OS that's easier to compromise than Linux...

...But in every technical way, I believe Vista is more secure than anything comparable (OS X, desktop Linux, etc).

...

You never did say how you would compromize that Linux box, since it seems you believe it to be trivial.

You other points:

-Windows (even XP Gold or 2000), Linux, and FreeBSD can all be made very, very secure. I agree and have made the same comments here on Neowin in the past. Even XP SP0 can be made secure.

-The standard desktop use of Linux / FreeBSD is far more secure than that of Windows 2000/XP. I agree, since you seem to be indicating the "default" standard installation (fresh from CD).

-The standard desktop use of Linux / FreeBSD is also far less useful and user-friendly, partly because of its security measures. That is a matter of opinion. My kids can use my Linux box without problem or special training. Less useful? Less user-friendly? Not to a user. There is some learning that must be done to administer it, and if you grew up on Windows, then Linux will seem more difficult to learn.

-It's easier to discover holes in Open Source software. True. Which is why so many get repaired. Looking at Secunia (for example) shows many more advisories opened and closed for Open Source projects such as Red Hat, Apache, etc. And it hasn't been too tough for malicious crackers to find holes in Microsoft's software, even though the source is not available to them. What is the conclusion to your "easier to discover holes" statement? Do you intend to plant seeds of Fear, Uncertainty and Doubt, or did you have a statement to make that Open Source was less secure because the source was available?

-It's far more productive (for a malicious person) to spend their time discovering holes in Windows. True. As owner of 90-95% of desktops, Windows is a prime target. Being a target, of itself, does not make the software any more or less secure. The code is the same, regardless of how many people try to attack it.

-The number of exploits or discovered vulnerabilites is absolutely no indication at all of how many total vulnerabilities exist in said codebase. Unless of course you believe that the same amount of effort has been exerted over the same period of time by the same people toward discovering those vulnerabilities. Agreed. People who merely compare the number of Linux vulnerabilities reported to the number of Windows vulnerabilities reported are looking at a very small part of the larger picture. Just in that data alone, there is also the "time to fix" metric and the "severity" (privelege escalation/code execution) and "vector" (remote/local) that ought to be looked at. Factor in poor infrastructure/administration and bad users... Well, it becomes a mess.

-There are certain roles (like Web Server) where Windows (+ IIS 6) is leaps and bounds more secure than the most common OSS competitors (Linux+Apache). I would not doubt this for a second. Here you go again, making that "more secure" claim that you just stated "means nothing". Now, IIS6, is a great product, and is well-maintained. Apache still has some open items that are not closed. IIS runs on the Windows platform only. And Windows has open items that are not closed. Compare to Red Hat (or SUSE, or look up your own enterprise-grade Linux) which shows that it is well-maintained for security issues and has no open advisories. I would call it much more even than you see it. Maybe Vista will come around and turn the Windows platform around a bit and we can all look forward to long periods where Windows has no open advisories on it...

Experienced

grik

Posted
Posted

thefonz,

you cant imagine how wrong you are, many use Norton os Symantec products. Of course few are on forums like this one, but we are talking about MILLIONS of regular users, that dont really care about all this stuff, they use computer for work ou fun but they dont really like to know whats behind the scenes!!!

That kind of user...

PS: i dont use it, and never will, cause i was using it till i installed kav, and then i realized that i had a virus nest inside LOOL

Mentor

thefonz

Posted
Posted

Really?

Oh.

I honestly thought that anyone with a minutae of websense would realise quickly how rubbish those two products are and move onto something better (nod32 or kaspersky).

I myself have managed to convert two people i work with to get rid of their installs.

Ah well, i guess until that glorious day happens where everyone becomes enlightened to the internet (past amazon and ebay) and what it has to offer the rest of us will have to suffer.

Saying that, i have no intention of upgrading to vista until microsoft completley stops supporting XP; which will be at least 2 years from now i guess.

Grand Master

jwjw1

Posted
Posted

I laugh at Symantec and Mcafee whining about Microsoft...I just saw this download:

Symantec AntiVirus Corporate Edition v.10.1.5 Build 5000 ISO 394,4Mb

wtf!..why don't they just hire an army to protect your computer..or...whats the next product goal..to be on a DVD.

Grand Master

revvo

Posted
Posted

In all honesty anyway; does anyone here USE macafee and symantec products?

No...

No? Try thousands of companies who trust big renown names like Norton antivirus despite the available competitors. You can't argue against the one who decided at a company to go with Norton. They get the license and you deal with their software and can't change their mind unless you can prove to them that it will be better, cost-effective and that the company will provide support as good or better than what they are currently using.

Such a thing will not make them switch.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.