Microsoft exec: Internet still not safe enough

SAN FRANCISCO--Microsoft's operating systems are still vulnerable to attacks, but more often than not it's older versions that are taking the big hits.

That was the message from Scott Charney, corporate vice president in Microsoft's Trustworthy Computing group, when he sat down with me on Tuesday. We chatted about the latest threats, including Conficker. The much-maligned Windows Vista, he noted, wasn't hit in the way that older versions of the operating system were.

"Some of those widespread exploits take advantage of older platforms," Charney said in an interview, following his keynote speech at the RSA 2009 conference here.

With Windows 7, Microsoft is trying to take security into a few more areas, such as extending encryption to removable devices.

Charney also noted that, as a whole, the Internet still should be safer than it is.

"There is still a sense that it is not safe enough," Charney said. "It was not built for the uses that we currently use it for, all these commercial transactions."

One of the answers, he said, is adding more security features into the PC hardware.

"In a nutshell, software is malleable and hardware is harder to tamper with," he said.

For my complete interview with Charney, check out the video below:

[Angmarr]

damn Trolling hasn't begun ... YET! = )

[slickuser]

internet is not safe enough... because of Windows Vista 7. You may have better luck with
Windows 7.

That's what he wanted to say...

[Maccess]

Usual marketing plan again. Nothing to get excited about. Didn't we hear this before with Vista? I guess this means they won't fix the bugs in that one.

The Internet is pretty safe, just use another operating system. Any other operating system will do. It's just not safe for Windows.

[Mark_Anderson]

Is that why there is a Mac botnet now?

Woops!

[Random_Walk]

Mac botnet? ooookay, where?

[Random_Walk]

ah - I poked around and know which URL you'll point at... the one where a pack of idiots P2P'd and installed copies of trojaned iLife and Photoshop CS4 packages.

[monkeyfun14]

@Random_Walk

Thats how most malware is spread my friend.

[pithenumber]

@Random
never under estimate the human element
the human is the weakest link in the fence that protect against virii, trojans, and spyware

@Maccess
They said this when Vista was coming out, but in this case, we have thousands Beta testers to confirm that the hype is true
heard of security by obscurity, as soon as Mac OS hits a good percentage. like 20, hackers will start attacking it more intensely

[Vegaman_Dan]

Nobody is safe with those Mac botnets running around....

Just kidding folks, don't get your tails in a knot. it's a joke, son. :)

[hoocares]

Nah, it's a troll and you only got one measly response. Better luck next time.

[topgunb2]

it was a good comment, he gets another comment

[Dalkorian]

You're the second one to mention that Mac botnet caused by a trojan horse. Dare I ask how many winblows botnets there are against this one Mac botnet? Dare I ask how those winblows botnets got their foot in the door, were they also trojan horses or were they worms, viruses, drive by downloads, ActiveX exploits and the like?

Naw, I probably shouldn't. I wouldn't want to ruin the joke. ;)

[Mark_Anderson]

@Dalkorian

It doesn't matter - it proves the theory that Macs don't get malware is bollocks and validates what everyone already knows: Macs are safer because nobody really cares about them.

[RompStar_420]

I recommend LINUX, lol

Linux is one of the most efficient and motivated development efforts ever employed. The entire Linux kernel was written from scratch, without employing any code from any sources, that mean you Microsoft!!! LOL :- ) just joking

Lots of work was done to write Libraries, filesystem, hardware drivers.

You either get on the Linux bandwagon, or you will eventually die. The only exception will be I think in the long run apple and anything open-source.

Linux should be used to make Internet SAFER!!! is what I mean.

[monkeyfun14]

At the expense of ease of use and it can still be affected by malware through social engineering attacks.

[folsco]

@monkeyfun14

"(Linux) can still be affected by malware through social engineering". You got the point. Picture this:

An attacker requested for your root password over the line pretending to be a support desk engineer wearing a Mr. FixIt cap. You supplied it and eagerly wait for him to *fix* things up for ya. what happens next: total exposure! Your box can be brought down in a second, except if you have proper firewall settings in place and explicitly deny access to some sensitive operations.

In summary, Security has more to do with YOU and less do with the OS. Don't misquote me, OS security is the first, then yours. If you fail to play your part of the game, then you're doom and you fail altogether. I used XP for 2 1/2 years without an Antivirus. The secret? Riding my PC wagon with Least Priviledge Account! Unix does this from inception, then Linux follows suit. Windows ignored this from inception, and since Vista release, it not only showed it can also do it, but it does it better (remember User Access Control [UAC]).

According to that exec, Windows 7 is pushing this further with Adjstable UAC, more organized Security Center, etc.

Vista is good, but Windows 7 will definitely be better!

[Dalkorian]

*vomits profusely after being reminded of the Frankenstein hackish UAC nightmare that winblows infests their users with*

Thanks folsco. It's hard to appreciate the beauty of a rose (*nix permissions) without occasionally having to force your gaze at a stinking pool of diarrhea (UAC).

[RompStar_420]

Have you guys seen the latest version of Ubuntu 9.04 ? it offers to encrypt disk space by default when you do the install, it has improved exponentially. At this speed, Commercial Systems that release major updates, will be left in dust.

[Mark_Anderson]

Yes. Nobody cares.

[topgunb2]

Sure Mark_Anderson, you are a nobody

[folsco]

"Commercial Systems that releaes major updates, will be left in dust". Yes, you might be right! But look at this,

1) Opera as being leading the innovative part of web browser since its inception; but where is it on the list of browsers?

2) Unix servers are the pillar of the internet, some decades back, even before company like M$ knows what a server OS means (b4 NT); but are they still like that today?

What's do these have in common? Simple: they don't attend to what people really need! As such, as a software vendor, you develop your product to evolve with your users (consumers) as opposed to leaving the users of your product in the dust by doing something (that's really useful) but will take them time before they perceive its real benefit!

Adding features to a product is cool. But tailoring the introduction of such features to the knowledge and the technical level of the consumer of such product IS BETTER!

Cases:
1. OS/2 Vs. Windows [Vista is a lot better than 3.1, or even DOS]
2. Netscape Vs. IE [IE8 is extremely better than IE 4.x]
3. Unix (Linux) Vs. Windows Server [Server 08 is extremely and shockingly better than NT 4.0].

The bottom line? "Evolve with your User"!

[`WarpKat]

@folsco: I'm sorry. I take issue with the fact that you think Windows qualifies in any way, shape or form, as a server OS. And I'll leave it at that.

[zelrik]

@Mark, I do

[Mark_Anderson]

@topgunb2

As indeed are 99% of the computer using population apparently.

But don't let that spoil your dreams.

[BtmnHatesRbn]

Pot calling kettle black.

[sargess25]

"Microsoft exec: Internet still not safe enough" -- lol change the word internet with IE (any edition) and you're nearer the mark.

It's really that simple for you Windows aficionados; go back to school, better your education and get a good job, which in turn will afford you to buy a proper computer. Ditch Windows and IE. Enjoy surfing the net.

[monkeyfun14]

And turn into a pompous elitist FUD spreader?

Mac fanboys should stop fapping to Steve Jobs for one day and get out of the basement.

[Dalkorian]

Monkeys should get out of the trees and stop flinging feces around. Maybe then they would learn not only to read but to COMPREHEND what they have read. Only then do they have a chance to understand the difference between "don't use X" and "use Y". Hint: the original poster didn't mention Macs or Steve Jobs in any way (ok, that's a pretty big hint, but we ARE dealing with a monkey brain here!)

That said, ditching winblows won't magically make the internet "safe" (safer yes, but not safe by any stretch of the imagination). Trojans still exist and will for the foreseeable future and can affect any platform. It's like playing outside - if you're stupid enough to dance out into freeway traffic you're going to get hit.

[Inconnux]

Vista doesn't need to be hit by Conficker... Vista is Malware all on its own

[monkeyfun14]

Useless FUD how does it feel to be uninformed?

Funny thing is that there is not one Mac available that can outperform my vista box.

[Inconnux]

Tell that to all the people I have calling me to fix their 'damn computers'.
Xp downgrading is as popular as ever.

[Dalkorian]

Irony is hearing a monkey ask someone how it feels to be uninformed, then rattle off an ignorant comment in the same breath.

[RompStar_420]

folsco: Been using MS products since they first were setup, and Linux is moving fast, now major updates every 5 years, more like every 5 months. MS needs to be releasing updated every year to stay relevant and then there is the issue of cost! Even Enterprise version of Ubuntu is free and will always be.

Not sure, I threw Vista into the trash can when I got it, haven't used Windows 7 yet, but I see more stuff borrowed from OS X.

MS is Shameless, but then again Jills usually are.

[Dalkorian]

Look into "WGA" and rejoice in the proper decision you have already made!

The internet will never be "safe", but if we were to banish all M$ "technology" from any and all public networks it would be a considerable step in the right direction. More irony?

[monkeyfun14]

@dalkorian

You really think OSX would feel any need to compete if they had a monopoly?

[cevantroes]

o_O;; Man you guys are silly. Take into account Causality for a minute. Cause and effect all that. O_o; If everyone stop using Microsoft products, and say, Ubuntu for the fun of it, became the most common OS in the world.... Uhm, people would just write more malware for it instead. I think it's a lil silly to let fandomness of any of the companies keep you from knowing in the long run, that people can write software for any system. All code can be reversed engineered. So there's a lot of bickering about "I love my company more!" and not enough about coming up with valid solutions. Don't shoot me.

[Gambit642]

I have always enjoyed how people attribute the the lack of wild-threats for non-Window$ OS's as being an issue of superior security. Ignorance is bliss.
The worm writers, like advertisers, know it is a game of numbers. Target the largest group of people to increase your rate of success. How many of the self proclaimed security guru's have actually read the published white-papers from the last 5 years? The days of IIS and RPC over-flows, ActiveX and browser based exploits are far in between.
A PC's biggest threat is a NEW Conficker worm which utilizes a 6 year OLD well-known RPC overflow fixed back in February of 2003? No originality...no skill...and nothing new. Either the hacker community has grown unmotivated and lazy or there is significantly less attack surface. M$ does have the burden of overseeing the most ignorant client base, a fundamental handicap. Consequently, it is hard to find a Linux user who can't understand why his mouse won't work. The title of "least secure" will always go to the platform with the least technical users.

pithenumber put it very eloquently.
Despite the platform, never under estimate the human element.