Vista 7 Vulnerable to Latest “Critical” Flaws

Dr. Roy Schestowitz

2009-08-13 12:43:41 UTC
Modified: 2009-08-13 12:43:41 UTC

Patches integrated quickly before RTM

Summary: Microsoft uses a familiar stunt to pretend that Vista 7 is more secure and then makes a lot of noise about it

NOTHING will change when it comes to computer security once Vista 7 is finally released. We wrote about the subject in:

Using what Ryan has called a "sneaky" trick, Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.

In his own words: "There's articles describing Windows 7 RTM as safe from the Patch Tuesday vulnerabilities that have been fixed in Vista and XP this month, but that's why Microsoft made 7600.16385 the RTM, they integrated those patches right before they declared it final, then said it was safe from the bugs that affected XP and Vista. 7600.16384 was almost the RTM, but they made a new build just for these."

“Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.”In short, he argues: "They applied all the patches, called that build the RTM, then said the RTM was unaffected. Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too. You wouldn't notice this unless you had been following the Windows 7 build process pretty closely.

"Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can't declare RTM again.

"They're still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you'd expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." ⬆

“Great talker, great liar.”

--French Proverb

Comments

aeshna23

2009-08-13 14:50:53

I'm having trouble following this argument. Isn't our argument that Linux has far few vulnerabilities than Windows, and not that any operating system is going to have zero vulnerabilities for quite a while?

Roy Schestowitz

2009-08-13 15:59:01

I was pointing out Microsoft's dishonesty. GNU/Linux does not play those PR games. It is upfront about deficiencies and there's rarely a question about what's good for shareholders; it's about what's good for users.

Yuhong Bao

2009-08-13 17:12:35

Well, all this means is that 7600.16384 is affected by these security bugs, but the real RTM, 7600.16385, is not. So MS is right in claiming that the RTM is not affected. Normal, I think. "Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can’t declare RTM again." Normal, I think, too. I remember the first patches released for XP RTM right on it's launch on October 25: http://support.microsoft.com/kb/309521 And not just for XP itself. Windows Movie Maker 1.1 and Windows Messenger 4.0 was shipped with XP, but by the time of the launch on October 25, Windows Movie Maker 1.2 and Windows Messenger 4.5 was already available. Here is a list: http://forums.windrivers.com/archive/index.php/t-39574.html http://news.cnet.com/2100-1001-274987.html
Yuhong Bao

2009-08-13 17:36:47

"Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too." That is where the trick probably is.
Yuhong Bao

2009-08-13 17:38:52

"They’re still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you’d expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." That is I think normal too. Sometimes new features introduce new security holes, but this isn't always the case.

Roy Schestowitz

2009-08-13 17:54:01
Sometimes new features introduce new security holes, but this isn’t always the case.

GNU/Linux receives many patches, but:
1. Patches are distributed to all software from the repositories, not just the core O/S and core applications.
2. GNU/Linux distributions are often released once or twice a year. If you look at LTS releases (over time), then your comparison becomes more valid.
Windows XP hardly changes and the number of holes found in it so far is amazing. It was touted as very secure when it was released.

Vista 7 Vulnerable to Latest “Critical” Flaws

Comments

Recent Techrights' Posts