News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Microsoft security’s unseemly jab at Google

    Home Forums AskWoody blog Microsoft security’s unseemly jab at Google

    Viewing 6 reply threads
    • Author
      Posts
      • #138906
        woody
        Manager

        In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Rese
        [See the full post at: Microsoft security’s unseemly jab at Google]

      • #138908
        MrJimPhelps
        AskWoody MVP

        Google might actually appreciate the jab – now they know a few things they need to fix. Of course, as Cimpanu points out, Google was the one who started it.

        That is a pretty funny name: “Microsoft Offensive Security Research team”. Amazing how Microsoft is making misstep after misstep these days, and losing their dominant position in the process. Just like they did to so many other companies in days gone by.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        • #138919
          anonymous
          Guest

          @ MrJimPhelps

          Of course, as Cimpanu points out, Google was the one who started it.

          People often criticize others and each other, eg you, me, etc. I like to criticize over-greedy M$ for making Win 10 unpalatable.
          … The point here is, whose criticism is constructive, has basis and whose intentions are for good, ie Google’s or M$’s.?
          … Seems, M$ are hitting back at Google like an angry sore loser. Google then “hit back” at M$ with a bug bounty of about US$45,000.

          “Microsoft Offensive Security Research team” says a lot about M$’s intentions = ie, to offend others ?

      • #138917
        Noel Carboni
        AskWoody_MVP

        Offensive security indeed!

        Microsoft does not have any business writing about security, when they could (but DON’T) build decent managed blacklist-based security into their systems (and yes, I know about SmartScreen, which IMO is ineffective AND intrusive).

        It could be something like UBlock Origin – or an even better, more integrated solution that runs at the OS level and keeps the entire system away from the bad parts of the web. These things ALREADY EXIST and do wonders for security. Little guys like me and others have such things working – and they ARE effective! Ask yourself why they’re just not provided as a cornerstone of managed security by the browser/OS makers.

        No, they deliver software to you TODAY that freely downloads malware, that snoops on you, removes user control, that allows outgoing connections by default, and that carries a constant string of vulnerabilities – old and NEW – that constantly NEED to be patched.

        When have we ever known a software package that’s had SO many terrible bugs for SO many years? When would such poor software have ever been acceptable for sale?

        They have the cloud infrastructure, the auto-update process, and knowledge of what’s bad out there (besides the fact that anyone can download lists that others have compiled)… Imagine how good such a subsystem could be if a company with real funding backed it.

        Also imagine how careful web operators would become if hosting malware would just cause their sites to stop being visited by giant numbers of people running Windows.

        My suggestion: Ignore Microsoft’s talk about sandbox this and vulnerability that and what Google does here or there and use common sense. What these big companies keep shoveling on us is quite offensive.

        -Noel

        5 users thanked author for this post.
        • #138935
          MrJimPhelps
          AskWoody MVP

          Noel:

          I actually first came to realize this in the Windows 3.1 days. I noticed that Windows was constructed in such a way as to make it very easy for malicious people to do their mischief. The thing that caught my attention was all of the different “temp” folders everywhere. Only one of these folders was actually called “temp”; but all of them were places that websites, software, etc., could tuck things away, making them hard to find for all but the most expert of Windows techs.

          I often wondered if Windows was purposely constructed in that way. Maybe Microsoft had secret deals with software companies?

          I agree with you — why does Microsoft leave these vulnerabilities in place?

          Jim

          Group "L" (Linux Mint)
          with Windows 8.1 running in a VM
          2 users thanked author for this post.
      • #138918
        EyesOnWindows
        AskWoody Lounger

        HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 20H2
        Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
        EyesOnWindows

      • #138936
        lurks about
        AskWoody Plus

        So MS is complaining about Google when they have done far worse and sat on bugs until shamed into fixing them (maybe).

      • #138944
        anonymous
        Guest

        Tavis Ormandy had a responsive idea.

      • #139034
        b
        AskWoody MVP

        Thurrott misquotes the Microsoft blog (by conflating two different bugs/fixes).

        Woody fails to notice that Bleepingcomputer says the fix for the bug discovered by Microsoft was made public by Google three days before being pushed to Chrome but Thurrott says a month.

        Microsoft: “to Google’s credit, their turnaround was impressive”
        Thurrott: “Calling Google out like that seems petty to me.”

        Bleepingcomputer: “Microsoft had no reason to detail a bug in a Chrome version that’s not even current.”
        This was a research project; should its security recommendations have been kept secret?
        What’s wrong with discussing the nature of a flaw after it’s been fixed? It happens all the time.

        Windows 10 Pro version 21H1 build 19043.985 + Microsoft 365 (group ASAP)

    Viewing 6 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Microsoft security’s unseemly jab at Google

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.