08.13.09
Vista 7 Vulnerable to Latest “Critical” Flaws
Patches integrated quickly before RTM
Summary: Microsoft uses a familiar stunt to pretend that Vista 7 is more secure and then makes a lot of noise about it
NOTHING will change when it comes to computer security once Vista 7 is finally released. We wrote about the subject in:
- Cybercrime Rises and Vista 7 is Already Open to Hijackers
- Vista 7: Broken Apart Before Arrival
- Department of Homeland Security ‘Poisoned’ by Microsoft; Vista 7 is Open to Hijackers Again
- Vista 7 Security “Cannot be Fixed. It’s a Design Problem.”
- Why Vista 7 Could be the Least Secure Operating System Ever
- Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
Using what Ryan has called a “sneaky” trick, Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.
In his own words: “There’s articles describing Windows 7 RTM as safe from the Patch Tuesday vulnerabilities that have been fixed in Vista and XP this month, but that’s why Microsoft made 7600.16385 the RTM, they integrated those patches right before they declared it final, then said it was safe from the bugs that affected XP and Vista. 7600.16384 was almost the RTM, but they made a new build just for these.”
“Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of “critical” patches.”In short, he argues: “They applied all the patches, called that build the RTM, then said the RTM was unaffected. Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too. You wouldn’t notice this unless you had been following the Windows 7 build process pretty closely.
“Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can’t declare RTM again.
“They’re still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you’d expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely.” █
“Great talker, great liar.”
–French Proverb
aeshna23 said,
August 13, 2009 at 9:50 am
I’m having trouble following this argument. Isn’t our argument that Linux has far few vulnerabilities than Windows, and not that any operating system is going to have zero vulnerabilities for quite a while?
Roy Schestowitz Reply:
August 13th, 2009 at 10:59 am
I was pointing out Microsoft’s dishonesty. GNU/Linux does not play those PR games. It is upfront about deficiencies and there’s rarely a question about what’s good for shareholders; it’s about what’s good for users.
Yuhong Bao said,
August 13, 2009 at 12:12 pm
Well, all this means is that 7600.16384 is affected by these security bugs, but the real RTM, 7600.16385, is not. So MS is right in claiming that the RTM is not affected. Normal, I think.
“Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can’t declare RTM again.”
Normal, I think, too. I remember the first patches released for XP RTM right on it’s launch on October 25:
http://support.microsoft.com/kb/309521
And not just for XP itself. Windows Movie Maker 1.1 and Windows Messenger 4.0 was shipped with XP, but by the time of the launch on October 25, Windows Movie Maker 1.2 and Windows Messenger 4.5 was already available.
Here is a list:
http://forums.windrivers.com/archive/index.php/t-39574.html
http://news.cnet.com/2100-1001-274987.html
Yuhong Bao said,
August 13, 2009 at 12:36 pm
“Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too.”
That is where the trick probably is.
Yuhong Bao said,
August 13, 2009 at 12:38 pm
“They’re still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you’d expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely.”
That is I think normal too. Sometimes new features introduce new security holes, but this isn’t always the case.
Roy Schestowitz Reply:
August 13th, 2009 at 12:54 pm
GNU/Linux receives many patches, but:
Windows XP hardly changes and the number of holes found in it so far is amazing. It was touted as very secure when it was released.