Hacker News new | past | comments | ask | show | jobs | submit login

[flagged]



That's like judging the Blue Angles pilots to be the worst in the world, based upon the fact that they have the highest death rate per flight hour. The judgement should be a bit more nuanced than that.


It's fair to say Microsoft doesn't have a great track record over the last several decades with security of their flagship OS. A lot of the nightmares customers have suffered are a direct result of this, either inherent bugs or failing to nudge developers on their platform in the right direction with well thought out, friction-free best practices and tooling.

For sure they have a lot of insight to share but it would be nice to see them address before touting their laurels. (Yes they've gotten a lot better, but in my opinion still nowhere near as bulletproof as it should be).


A few points to address in what you're saying.

> It's fair to say Microsoft doesn't have a great track record over the last several decades with security of their flagship OS.

Nope, not fair or accurate at all. Their track record has been great, and it's likely you are judging them for transparency mixed with a reputation from >20 years ago. They have a good record of patching security holes; if we all assumed that more patches = worse security, it would only incentivize companies to be quiet.

As for development, again over the past decade, they've been completely different from the past, and are fully embracing and pushing best practices. As other commenters like to point out, this is not your grandpa's microsoft.

> but in my opinion still nowhere near as bulletproof as it should be).

Assuming that security should be bulletproof is a misunderstanding of how security works.


This feels like a take from someone frozen in 2004. Your description doesn't match my impression of present day Microsoft.


Here are few big ones from the past 12 months.

https://www.wiz.io/blog/bingbang

https://www.theverge.com/2023/7/12/23792371/security-breach-...

https://www.wiz.io/blog/midnight-blizzard-microsoft-breach-a...

I would agree, the Windows OS has really matured since XP, from a security perspective at least.

I would definitely expect better than this from a tech giant like MS. When was the last time Google, Meta, or Apple got breached like this?

Edited to add, I think them open sourcing some security training is good, it benefits everyone whether or not MS themselves are a great example of a secure company.


Another perspective is if you haven't failed and analyzed the failure, you don't really know why your current processes might be succeeding.

Or if your processes are good at all, and it's not just luck, or being less of a target, that means the holes haven't been exploited yet.


The slingshot penetrating your tank armor is not a helpful failure. Except for telling you that your processes are so wildly off base that you need to start over.

People who claim this kind of failure is useful are clueless. Failures are interesting in exploratory processes and useful when occurring within a predicted failure regime (i.e testing to failure). Unexpected failures in predicted success regimes just indicate process weaknesses. Repeated and continuous failures in similar fashions do not indicate strength, they indicate structural process deficiencies despite what cybersecurity bozos would like you to believe.


Hasn't Azure been root level compromised twice in the last 12 months?

Once involving signing keys so critical that (from rough memory) they had to restore them silently after initially deleting them?


Yes, but people forget faster than they blink. And all the ransomware putting down utilities is attributed to user error, not to the OS happily running every URL from the internet.


If only we were back to 2004...

Look at the number of vulnerabilities introduced by Windows version. It's good that they're fixing them frequently, but the fact that they need to do so in the first place (and there's more and more of them with each new version) is itself a problem.


Can you even link to a single technically competent offensive specialist that states a Microsoft system would be difficult to break into? Just to make it concrete, let’s go with a really low bar like one skilled person over one year.

For that matter, can you link to anybody technically competent at Microsoft who would dare to make a claim like that and then actually back it up with experimental evidence? No point listening to the blather of the Microsoft PR team when the silence of the technical team tells you all you need to know.


They've probably also fixed more security problems than most, and as Fred Brooks said,

"Good judgement is the result of experience. Experience is the result of bad judgement"


their flagship OS has an administrative culture of "ClickOps" and effective security is built around practices that are antithetical to that sort of culture.


Microsoft does take security pretty seriously with windows. There have been times they make mistakes, but historically, they are doing better now than they were in the early 2000s before Bill Gates sent a memo noting that they needed to take security seriously. You could argue they take security as serious as any major play like apple and google, seeing they touch a lot of private user data.

[1] https://news.microsoft.com/2000/12/07/gates-offers-new-techn...


And whats the best way to handle private user data? The thing that Microsoft have been headed away from for the last 10 years?


Not only Microsoft. Nobody cares about user data. They all take it and sell it. Permission: Storage. Not folder or file. Storage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: