OT - MSFT

HB,

I have no IT credentials, but the idea that MSFT is going to come up with a revolutionary malware security program that actually works as adverised - well, to me it's a 'show me' proposition because:

1. Other MSFT 'protection' plans, such as 'User Accounts) have been horrific travesties  - I can't count how many times I've been, and still am, locked out of even changing a file name on my own Vista computer, because I don't have 'permission' despite the fact that I'm the only user, and the Administrator. The system is still incomprehensible in how it (doesn't?) work. And even if they could come up with a system that 'works', I'd want to see how many  'type 1' errors (false positives) it would come up with, denying access to programs which it (falsely) believes do not have valid certificates. (Hmm...monetize its 'brokeness' by having a 'fast lane' to issuing 'valid certifications' to companies that pony up? Nah, that's probably far too paranoid. But it doesn't rule out that MSFT doesn't screw it up to that effect.)

2. It's a lot esasier to play computer security 'offense' than it is 'defense'. Playing 'offense' involves finding only one instance of unauthorized entry or operation. Playing 'defense' involves correctly identifying *every* attempt to skirt security. It's why I think hackers will always have the advantage. The US/Israeli manufactured 'stuxnet' virus more than matched any security measures by Iran. Too bad that 1. The virus got out of control. and 2. Infecting Iranian centrifuges with a virus that ruined equipment has been described as "dropping an atomic bomb along with the plans" - i.e., Want to learn how to make a great virus? Now that you (Iran) has stuxnet, reverse-engineer it, learn from it, and revise to fit your needs. 

3. MSFT's track record on secure software hasn't exactly been stellar. Is there a reason at the end of the article that it says, Also see:  18 year old windows bug allows hackers to harvest credentials?

4. Trusting your computer security to MSFT seems to me kinda like asking Michael Jackson to babysit your kids.

I may be wrong.

(BTW, I notice that other people have 'cut and pasted' on this new board. Whatever I copy, it never lets me paste it. Is there some secret? Or is it just me and my Vista (no kidding) system?

 

 

Have to agree re MSFT security, it has never lived up to the promises, yet because of the cyber threats we currently live under, the optimist in me says: I will grab/take anything anyone can do to improve cyber security.

 

As to pasting on to the board, I somehow can do it from my home computer but cannot do anything from the office computer, truly baffling.  For example, if I post from office, it always tells me it is missing the message content, so I tipically do a back, and then a forward and post, if I am lucky the post takes, and sometimes it does not, so I give up.

OT - MSFT

HB,

I have no IT credentials, but the idea that MSFT is going to come up with a revolutionary malware security program that actually works as adverised - well, to me it's a 'show me' proposition because:

1. Other MSFT 'protection' plans, such as 'User Accounts) have been horrific travesties  - I can't count how many times I've been, and still am, locked out of even changing a file name on my own Vista computer, because I don't have 'permission' despite the fact that I'm the only user, and the Administrator. The system is still incomprehensible in how it (doesn't?) work. And even if they could come up with a system that 'works', I'd want to see how many  'type 1' errors (false positives) it would come up with, denying access to programs which it (falsely) believes do not have valid certificates. (Hmm...monetize its 'brokeness' by having a 'fast lane' to issuing 'valid certifications' to companies that pony up? Nah, that's probably far too paranoid. But it doesn't rule out that MSFT doesn't screw it up to similar effect. Can't count how many times my MSFT operating systems have warned me about programs that didn't have the proper certification, that were absolutely safe in practice.)

2. It's a lot esasier to play computer security 'offense' than it is 'defense'. Playing 'offense' involves finding only one instance of unauthorized entry or operation. Playing 'defense' involves correctly identifying *every* attempt to skirt security. It's why I think hackers will always have the advantage. The US/Israeli manufactured 'stuxnet' virus more than matched any security measures by Iran. Too bad that 1. The virus got out of control (it was never meant to be spread to other computers). and 2. Infecting Iranian centrifuges with a virus that ruined equipment has been described as "dropping an atomic bomb along with the plans" - i.e., Want to learn how to make a great virus? Now that you (Iran) have stuxnet, (the original purpose was to make a virus that couldn't be detected as a virus) reverse-engineer it, learn from it, and revise to fit your needs. 

3. MSFT's track record on secure software hasn't exactly been stellar. Is there a reason at the end of the article that it says, Also see:  18 year old windows bug allows hackers to harvest credentials?

4. Trusting your computer security to MSFT seems to me kinda like asking Michael Jackson to babysit your kids.

I may be wrong.

(BTW, I notice that other people have 'cut and pasted' on this new board. Whatever I copy, it never lets me paste it. Is there some secret? Or is it just me and my Vista (no kidding) system?