Microsoft exec grilled by high school students

ROFL. When do execs realize how little there is to be gained from PR events with children. Business is like showbiz....never work with kids or animals.....

First off...Paul seems to be taking MS to task a lot today. Show him some support, OS X zealots!!! Secondly...what is a 20 year old "super-senior"? And C...Our schools seem to be lacking in the teaching of the 3 Rs lately. --tayme

Proud owner of a double RROD 360, turned into a media streaming device from my iMac home server via Connect 360. I dont know which I loath more, my WM phone, Vista or my 360.

Haha, I thought "super-senior" was something my class had come up with. A "super-senior" is someone who continuously fails to graduate high school, so they're not just a senior, they're an experienced "super" senior.

I'm surprised no one asked him, "What's a Zune?" That would've been funny.

Why are you so obsessed with me?

Paul needs a vacation for sure. He's been on the warpath lately. However, let me give him and the rest of us something juicy to sink our teeths into. If anything that young man and the rest on this blog should be reading this. http://www-935.ibm.com/services/us/iss/xforce/trendreports//xforce-2008-... Not that IBM gives a damn how Linux, Windows, or Mac OS-X does. However, this part of the report should be particular concern for Windows users. However, Mac OS-X and Linux users should really be concerned about these two facts. For vulnerable operating systems, operating systems from Apple and the base Linux kernel have dominated the top spots for vulnerability disclosures over the past three years. Of all the vulnerabilities disclosed in 2008, only 47 percent can be corrected through vendor patches. Vendors do not always go back to patch previous year’s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008. Like I was saying, the NVD and now IBM has verified that Linux and Mac OS-X are the top two most vulnerable OSes on the planet. NOT WINDOWS. How much more proof do you need? Table 7: Operating Systems with the Most Vulnerability Disclosures, 2008 Apple Mac OS X Server 14.3% Apple Mac OS X 14.3% Linux Kernel 10.9% Sun Solaris 7.3% Microsoft Windows XP 5.5% Microsoft Windows 2003 Server 5.2% Microsoft Windows Vista 5.1% Microsoft Windows 2000 4.8% Microsoft Windows 2008 4.1% IBM AIX 3.7% Others 24.9% • Apple Mac OS X • Apple Mac OS X Server • Linux Kernel • Microsoft Windows XP (with one exception in 2007) Ouch. So much for robertsjoe's insistence that the Macs are totally invulnerable to threats. "Is Windows 7 going to be better than Vista, because Vista is a lot crashing right now?" asked 16-year-old David Moseley, a junior at Graham-Kapowsin High School in Graham. Someone get this kid this report and tell him not to make such general false assumptions. Because assumptions just make an @$$ of everyone. Mr. Moseley needs a computer literacy class like Paul needs a vacation. ;)

Paul: Robbie Bach seemed to be addressing the RROD, yet your link points to an article of yours which talks about disc scratching... huh? Where does it show that MS knew of these 'reliability' problems?

@robertsjoe - How many OS X vulnerabilities have there been since the inception of OS X? How many Windows vulnerabilities have there been since that same date? Now...concentrate here; in that same time frame how many copies of each OS is running worldwide? How many pieces of actual malware of any type have there been on each of these OSes in that same timeframe? If you were a blackhat, would you go after the easier to hack OS or the OS with more instances globally? Be honest...take of your Cupertino-Koolaid colored glasses before answering that(like tht is going to happen). --tayme

And people wonder why Microsoft and other tech companies want to hire technical people from abroad?

@tayme: You're talking nonsense. In the end, there are ZERO viruses attacking OS X and thousands, upon thousands attacking Windows. You lose. But then again, you lost when you bought Windows. How can you not understand that. OS X == ZERO viruses. Windows == many, many thousands.

ZERO VIRUSES! Quick search on Google http://louisgray.com/live/2008/08/i-got-mac-os-x-virus-and-infected.html :/ There are very few OSs that are completely invulnerable. Yes, OSX doesn't have a lot, especially against Windows, but "ZERO" is completely false.

"Hopefully home users will upgrade to 7 if its as good as I think it will be, keep UAC on, download the FREE OneCare, have a home router of some sort to dump most junk, and A PASSWORD that is semi complex" Wishful thinking. Cripes, I work with corporate end users who can't come up with passwords any more clever than "password123"

@Lindy, You stated.... "Until then OS X patched with no AV is 1000x safer than XP any day of the week." In a word, BULL$%@%!!!! OS-X has been in the top 3 most vulnerable OSes on the planet. TOP 3. How much more data do you need to really tell you that you're making up this stuff. You'd be safer on a Windows XP with SP 3, fully updated, Defender, and anti-virus than OS-X. Thanks for proving your complete Mac bias and utter disregard for the truth. If XP was really that horrible, then why is OS-X for the last 3 years number one at the top of the list? Then its followed by previous versions of OS-X? Then the Linux kernel. You may wish and believe its safer, but that ugly little thing called facts and the truth ring louder than your deception. Belief and wishing doesn't change statistical data and documented facts. The point I was making is that OS-X is not safe. You are a fool if you are to believe otherwise. The data which I have presented from IBM, National Vulnerability Database, Secunia, PC World, iThreats, Swiss Federal Institute of Technology, and other sources prove that OS-X is a walking timebomb waiting to happen. All of these companies don't really give a damn what happens to Microsoft. However, they are doing the due diligence to honest people who want the honest truth even if it hurts. So if you want to keep your rose colored glasses on along with robertsjoe and the gang, thats your business. But don't come in here calling me names and lying. I'll always find data to back things up. In your own words, where's your proof that OS-X is more secure? Government agencies? Security organizations? Simple. You don't have any. Its an inconvienent truth to the Mac fanboy talking points that OS-X is "superior" and "doesn't need anti-virus." The more you speak, the more you sound like your pal robertsjoe. The first part of coming to grips with a hard situation is to admit reality. Apple has a security problem. Still don't believe me? Check this out. You guys want to believe you are safer. The facts, the data, the proof is otherwise. The reason why OS-X attack are not as prominent as Windows attacks is numbers. Estimated Windows Base - over 1,000,000,000 PC's Estimated Apple Mac OS-X Base - 25,000,000 PC's. Twenty five million Mac's versus over 1 Billion Windows machines. That means approximately there are 975,000,000 more opportunites to strike at a Windows machine. Since 2008 infections are still being counted the number will be coming. However, in 2009, between OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, there have been approximately 25,000 Macs in infected in January 2009. Its February 14th, and still many more months to go. Lindy, if you were a real IT professional you'd take this more seriously. Your reaction on this subject seriously makes me question your credentials and your professionalism. Just hearing you on here make's me pretty sure I wouldn't want you on my IT staff.

"Through a known [unpatched] hole in the OS." The problem is WHO exactly knows about the holes. For all security holes in a piece of software, they would fall under 1 of 3 different categories: 1) Holes that are known to the software vendor and are patched. 2) Holes that are known only to someone other than the software vendor. 3) Holes that are known to the software vendor and are unpatched. I'd argue that any security holes that fall under category 2 should be deemed the most dangerous, but any holes that fall under category 3 can be potentially just as dangerous if someone else knows about them also, and they just indicate the vendor's ignorance should they not address them publicly with options for user mitigation.

"Ummm yeah 1 million PC in 24 hours, and Vista/2008 cant stop it either. This is so bad that MS has put a bounty out..." Well, MS can't help it if people don't patch their systems. If, like robertsjoe, you believe that unpatched Macs are secure, I don't know what to say.

Shark, please show me one time I have ever said you should not patch any OS, including OS X?? You cant...and you wont. On Windows you should in this order....(home users) 1. Have automatic updates on. 2. Have a router (Linksys/Netgear/whatever) between your modem and your PC, that has stateful packet inspection and is set to drop anything you dont want BY DEFAULT. 3. Have a complex password. 4. If on Vista/7 have UAC turned on. I would save have it prompt for a password for all users, which can be done via the registry, at the same time turn off that stupid diming crap it does as well. 5. Practice safe computing. 6. As insurance (from non safe computing) run some sort of Anti-everything software, hopefully free. I know lots of Windows users that do 1-5 and dont need 6 and dont have problems. On a Mac do the same except I you can skip #6 because the "real threat" is not there......yet. As a backup to AV, there are vendors that will do a online scan of your Mac, so do it twice a year, or if you think you have a problem. In Subzero's lame attempt to try to show that Mac's get malware, he show us 25,000 macs hit by people trying to steal software and got malware. They deserved it. Following rule #5 "Practice Safe Computing" they would not have been downloading pirated software and therefore NOT got that particular piece of malware.

@Lindy First, Ars isn't exactly an unbiased source of information. They slant to Mac that even AeroXP.org doesn't want any more post from them. You failed to source one credible government agency that has tested or give security measures. You've failed to source one security organization that test and secure things. The U.S. military is a very poor bar for making your case, as hackers and cracker's have been breaking their defenses for years. Remember the 16 year old from Italy that stole the F-22 plans. So, if the U.S. military is your best case, you might as well hand over your credentials and retire. Second, I was talking about actual malware infections. You think OSX.Trojan.iServices.B and OSX.Trojan.iServices.A were just fake viruses? What more do you want? I could go on and list all the ones in 2008. You can go read them on this website. http://ithreats.wordpress.com Article after article on actual real world OS-X threats that happened. Krowis, rogue software, DNS changers, and other realistic threats. So you think the known threats to OS-X are so low? Wow. Talk about hubris. Sorry to embarass you, but here's some crow for ya straight from Microsoft. http://blogs.technet.com/security/attachment/3140955.ashx From Security Director in Microsoft’s Trustworthy Computing group, Jeff Jones annual security report for the 1st half of 2008. For desktop OS vulnerabilities, Windows Vista had the fewest vulnerabilities in 1H08 at 21. The next lowest number was Windows XP SP2 at 26. The four vendors fixed a total 585 vulnerabilities in 1H08. 26.8% affected multiple vendors and of those, only 8 were fixed on the same day – the rest had an average 35 day delay between the first available fix and the last available fix.. Microsoft had the lowest average Days of Risk (DoR)for all vulnerabilities fixed at 24.22 days, with the next closest vendor at 72 days. Across all products, Apple released 15 advisories during 13 Patch Events addressing 222 vulnerabilities in H1 2008. The 222 security vulnerabilities addressed by Apple in the period had an average DoR of 97.95 days and the median DoR windows was 17 days. Other key DoR data points are summarized in Table 4. Apple's avg DoR 97.95 days average for 222 vulnerabilities. Longest DoR window was 1001 days for CVE-2005-3164, a Low severity issue in Mac OS X Tiger. During the period from January to June 2008, Apple released 13 advisories during 11 Patch Events addressing 138 vulnerabilities. 45 of the 138 were rated High severity. Apple average patch rate is an aerage of 95 days. WHAT A JOKE! You got to be kidding me. That is absolutely inexcuseable! 138 vulnerabilities in 6 months? Vista had 21. 21 FOR GOD'S SAKE. You want people to trust Apple with these embarassing statistics? Oh and as far as Conflicker goes, the vulnerability was patched on October 15th 2008. How is it Microsoft's fault for people and lazy IT admins not patching their machines? None of my machines both XP or Vista was ever effected by Conflicker. NONE. Microsoft can patch vulnerabilities all day long. It ultimately falls on users and IT Admins to quicly test and patch. If people were that stupid or lazy not to update, then they deserve the infection. So is it really Microsoft's fault when they already patched this flaw much faster than Apple gets around to them? Windows gets the most press because of the over a billion users, but Apple's sloppy security response is flat embarassing. With the threats evolving, you want Mac users to continue to run without defenses on OS-X? No thanks. I'll stay with Vista and Windows 7. Based on the information I've been dispensing, you can have all the defenses. If your attitude is any indication of your security preparation, as both a customer and as a professional, you leave a lousy taste and I'd still choose someone more qualified than you. Enjoy the crow, Lindy. Have a good weekend everyone.

@Subzero so its OK for you to quote "From Security Director in Microsoft’s Trustworthy Computing group" and then tell me Ars is biased??????????????? Frak that is hilarious. If that guy does not spin MS in a positive light, especially these days with MS, he will loose his job. Ars quotes MS people as well as others in those links and they cover all OS'es not just Apple. So who is biased? No matter what you spew, I can sum it up simply with.... FACT - percentage of actual successful attacks, is lower on OS X than Windows. If you dont think that is a fact, please link me to some of your government studies that prove me wrong. Not some what if possibilities, actual successful attacks. As you said "Its February 14th, and still many more months to go." at 1 million per 24 hours....well yes there are many more months to go and even more days to go. Good luck with your Security blog.