| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
How Microsoft missed the boat on zero-day threats | |
|
||
| Time: 00:38 EST/05:38 GMT | News Source: ComputerWorld | Posted By: Kenneth van Surksum | ||
|
On Jan. 15, 2002, Microsoft Corp. Chairman Bill Gates issued a jaw-dropping memo with the subject line "Trustworthy Computing." To stem rising hacker attacks, Gates ordered all Windows development halted and directed his company's full attention to shoring up security.
| ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 302 Last | Next |
The time now is
12:58:38 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (76.19.64.137) at 5/26/2008 10:15:41 AM |
|
This article is horrible. The entire premise is that SDL doesn't work because there are still Zero-Day exploits and because attacks on Office are on the rise.
This is a completely false premise. First, SDL is dramatically decreased the overall number of exploits for Windows and other software that has undergone SDL. Vista, Windows 2003, Windows 2008... all have experienced FAR fewer exploits than their non-SDL predecessors. Second, the fact that are still zero-day exploits says nothing about SDL. There will ALWAYS be exploits, and at one point or another, ALL exploits are zero-day. Third, the fact that Office exploits are on the rise is not surprising at all. Indeed, it shows that SDL in fact has worked. Previously, the bad guys had targeted Windows (both directly, and via included software like IE and Outlook Express) because it was the most direct and easy route into the machine. Now that Windows and most of the included software has been hardened by SDL, they turn to other software that hasn't had a long history of attack attempts. It's simply more fertile ground. Office 2007 was the first version of Office to undergo SDL, and while there have been exploits for it, it's not really fair to say this shows SDL doesn't work. Since hackers weren't paying much attention to Office in the past, any new attention would result in an "increase" in attacks. This does NOT mean there has been an decrease in code quality or security as a result of SDL. So, in summary, this is a bunch of crap. Anybody who flat out denies that Microsoft's SDL practices have dramatically increased their security is either ignorant or lying. I suspect it's a bit of both in this case. |
| #2 By 8556 (12.210.39.82) at 5/26/2008 12:17:21 PM |
| Exploits are on the rise because most computers still boot to Windows XP. |
| #3 By 82766 (202.154.80.82) at 5/26/2008 5:22:27 PM |
|
I agree with you RMD. The other aspect that wasn't really touched on too much are the various social engineering exploits. Just ringing up, pretending to be someone and getting a user's password is still easy. Heck, even the "I saw you naked on the internet" spam is unfortunately very successful.
NO OS can protect against these types of attacks and these types of attacks are where the hackers are aiming at. SDL *has* dramatically improved Microsoft code. One could argue that they should have always done this but come'on, this is reality... its not like they're the only ones that made bad code! Bobsireno... surely you are not inferring if they booted to Linux or OSX that none of these problems would exist? If you are, then, sorry similar problems would still exist - sure not as many but they would still exist. If you are inferring they should boot to Vista (to bring us back to the intent of this site :-) then yes, the amount of problems would be far less than XP but the situation would still exist. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 302 Last | Next |
The time now is
12:58:38 PM
ET.
Any comment problems? E-mail us |
