Windows Exploit Leak

[Demon_Skeith]

Microsoft has hit back following Google’s decision to publicly disclose a Windows 8.1 flaw ahead of it being fixed.

Back in September of 2014, Google gave Microsoft the deadline of 90 days to fix a Window Kernal exploit. After the 90 days passed, Google went ahead and published the specifics of the exploit to its Project Zero website.

Now, Microsoft’s Chris Betz has responded to the decision, saying it “unduly pressures an already complicated technical environment.”
“With all that is going on, this is a time for security researchers and software companies to come together and not stand divided over important protection strategies, such as the disclosure of vulnerabilities and the remediation of them," says Betz.

Betz goes on to mention that while forcing a company’s hand by outing their problematic code may appear like a good idea, it’s not one he’s in favor of, and releasing the information has the potential to lead to further attacks, thus leaving consumers vulnerable.

“Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves. We disagree. Releasing information absent context or a stated path to further protections, unduly pressures an already complicated technical environment. It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a ‘fix’ before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack. We are in this latter camp.”

What should have happened? According to Betz, Google should have contacted Microsoft researchers first, and worked with them. As Betz puts it, it’s a “zero sum game where all parties end up injured.”

“To arrive at a place where important security strategies protect customers, we must work together. We appreciate and recognize the positive collaboration, information sharing and results-orientation underway with many security players today. We ask that researchers privately disclose vulnerabilities to software providers, working with them until a fix is made available before sharing any details publically. It is in that partnership that customers benefit the most.”

source

Hmm 90 days may not be enough time for some problems.

 

[froggyboy604]

Maybe Google expose MS security problems, so more people would buy a Google Chromebook because less tech savvy users think their Windows computer is hacked, and is no longer safe to use, so less tech savvy users would go out to buy a Google Chromebook, Linux PC, or an Apple PC.

I think Apple also used to put out a lot of TV commercials which claim Windows easily gets infected by virus, malware, and spyware, and you needed a lot of virus protection to protect yourself from virus programs.

https://www.youtube.com/watch?v=FxOIebkmrqs

 

[Demon_Skeith]

indeed you do, my system is packed to the teeth to keep it safe.

 

[froggyboy604]

Same for me, I got a lot of antispyware, antimalware,WinPatrol, and a real-time antivirus program to keep me safe. I think some people also use a third-party firewall like ZoneAlarm, Comodo, and Bitdefender firewall along with a hardware firewall for more protection.

 

[Demon_Skeith]

I use winpatrol, but don't seem to do much.