I have to admit it - I'm totally ashamed. Apparently, behind my sleeping back, our droog Bob Muglia over at Microsoft (huge picture of his head here) announced on Sunday that Microsoft's Vista operating system is the most secure platform on the planet. Wow. Now, those of you who follow this blog know that I'm forever criticizing Apple and Oracle when they stand up and make statements like this; it's my opinion that getting up on a soapbox like this opens up attacker interest. However, being that Microsoft is "Target #1" already, you'd think that they would have learned a lesson or two about why this isn't a good idea. But apparently not.
Look, this kind of statement - aside from being false - is dangerous. We know it's false because we know that this operating system can't be the most secure ever, and it's dangerous because it sets up anybody who believes the statement for an unexpected surprise when it turns out not to be true. Look, to disprove a universal statement like this one, all you need to do is find one case of untruth and you know the statement is false; to disprove that Vista is the most secure OS ever, all we need to do is find just one other OS that is more secure. And if we (as most folks do) define "security" as "likelihood of being compromised", wouldn't an OS that was developed before networking technology be less likely to be comprimised than Vista? Or one that works inside non-networked embedded devices? How about incredibly small special purpose operating systems like VxWorks (used in the Mars rover) - would that be more secure? So what is Microsoft doing this? From a PR perspective, it's a terrible idea because they'll just have to eat their words later. From a technical perspective, surely the folks at MSFT recognize that this isn't the case... What's the dealio over there?
In terms of the logic that he used to make the statement in question, Bob backs up his chest-beating growl of machismo by citing how Microsoft's Vista is the first operating system developed under their new full security regimin; he also points out the services offered within Vista like Windows Defender and kernel-level protection against rootkits. So, apparently we can all rest easy because Microsoft has us covered... Um, yeah. Needless to say, expect about a million new Vista vulnerabilities in the next week or so once word starts going around that Microsoft has this attitude...
Posted by Ed at June 16, 2006 08:18 AM | TrackBack