Page 2 of 4 FirstFirst 1234 LastLast
Results 17 to 32 of 50

Thread: Microsoft hits back after Google publicises Windows bug

  1. #17
    Token 'murican GuidoLS's Avatar
    Join Date
    Apr 2013
    Location
    North Carolina
    Posts
    806
    Thanks
    54
    Thanked
    110 times in 78 posts
    • GuidoLS's system
      • Motherboard:
      • Asus P5Q Pro
      • CPU:
      • C2Q 9550 stock
      • Memory:
      • 8gb Corsair
      • Storage:
      • 2x1tb Hitachi 7200's, WD Velociraptor 320gb primary
      • Graphics card(s):
      • nVidia 9800GT
      • PSU:
      • Corsair 750w
      • Case:
      • Antec 900
      • Operating System:
      • Win10/Slackware Linux dual box
      • Monitor(s):
      • Viewsonic 24" 1920x1080
      • Internet:
      • AT&T U-Verse 12mb

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by wasabi View Post
    Quote Originally Posted by GuidoLS View Post
    Meanwhile, Google is ignoring security flaws in Jelly Bean (Android 4.3)...

    http://blogs.wsj.com/digits/2015/01/12/google-not-fixing-some-old-android-bugs/

    Considering that Jelly Bean *still* powers roughly 2/3rds of all Android devices worldwide, you'd think they would take care of their business before calling out someone else - especially when they'd already been in contact with Microsoft, and had been given a repair date. So no, Google wasn't being honest, nor good guys. They were being hypocrites of the worst kind.

    Surely it is up to the phone manufacturers to update to KitKat? Google's own Nexus devices are, to the best of my knowledge, all up-to-date.
    Not all devices can be upgraded. And it's not all phones. It's just a fact of life in the Android world, and it seems to be by design. And 18 months is not an old product. I've got tablets that are restricted to Gingerbread - they literally will not upgrade to Ice Cream Sandwich - an OS that's barely 10 months newer. I'm not going to pretend like they're high dollar tablets, but you'd think that an item less than a year old could be upgraded to the next new thing...
    Esse Quam Videri
    Out on the road today I saw a Black Flag Sticker on a Cadillac...


  2. #18
    Senior Member this_is_gav's Avatar
    Join Date
    Dec 2005
    Posts
    4,854
    Thanks
    175
    Thanked
    254 times in 216 posts

    Re: Microsoft hits back after Google publicises Windows bug

    Without knowing the technical ins and outs, I'm inclined to side with Microsoft. I don't know how complex this patch needs to be, as patches can well fix what's needed while breaking many other things, so this may be this patch has been in development since soon after it was discovered. It's not like Microsoft don't have a regular patching programme.

    It does smack of politics first and foremost and is rather poor form from Google. Politics are fine (they are competing businesses after all), but when the consumer is needlessly put at risk it crosses a line.

    And don't get me wrong, I'm firmly a Google supporter and am heavily invested in many of their products, both at home and work.

  3. #19
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,232
    Thanked
    2,290 times in 1,873 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by this_is_gav View Post
    ... I'm inclined to side with Microsoft. I don't know how complex this patch needs to be ...
    This, tbh. The software I've worked on is WAY WAY simpler than a complete OS, and I still wouldn't be happy promising a 90 day turnaround on a serious bug fix. Sure, it *might* be a bug that could be fixed within a 90 day window, but I'd rather have a flaw patched right than patched quick. The project zero team have, with full knowledge, chosen to expose all Windows 8.1 users to a serious security threat. That's petulant at best, and downright malicious at worst.

  4. #20
    Senior Member
    Join Date
    Jun 2004
    Location
    Kingdom of Fife (Scotland)
    Posts
    4,991
    Thanks
    393
    Thanked
    220 times in 190 posts
    • crossy's system
      • Motherboard:
      • ASUS Sabertooth X99
      • CPU:
      • Intel 5830k / Noctua NH-D15
      • Memory:
      • 32GB Crucial Ballistix DDR4
      • Storage:
      • 500GB Samsung 850Pro NVMe, 1TB Samsung 850EVO SSD, 1TB Seagate SSHD, 2TB WD Green, 8TB Seagate
      • Graphics card(s):
      • Asus Strix GTX970OC
      • PSU:
      • Corsair AX750 (modular)
      • Case:
      • Coolermaster HAF932 (with wheels)
      • Operating System:
      • Windows 10 Pro 64bit, Ubuntu 16.04LTS
      • Monitor(s):
      • LG Flattron W2361V
      • Internet:
      • VirginMedia 200Mb

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by GuidoLS View Post
    Not all devices can be upgraded. And it's not all phones. It's just a fact of life in the Android world, and it seems to be by design. And 18 months is not an old product. I've got tablets that are restricted to Gingerbread - they literally will not upgrade to Ice Cream Sandwich - an OS that's barely 10 months newer. I'm not going to pretend like they're high dollar tablets, but you'd think that an item less than a year old could be upgraded to the next new thing...
    Totally agree. There's too much needless forced-upgrade going on. For example I've got the "2012" Note 10.1 which is JB'd, yet the almost identical "2014" Note 10.1 gets KitKat. Then there was Sony's "the Xperia X10 will not get ICS" which then did get it because of public pressure. And, like I said in my earlier post, the tinkerers on xda-devs seem to be able to upgrade these "obsolete" phones with not too much hassle, yet these huge companies with their development teams can't? It doesn't wash does it...
    Quote Originally Posted by this_is_gav View Post
    Without knowing the technical ins and outs, I'm inclined to side with Microsoft. I don't know how complex this patch needs to be, as patches can well fix what's needed while breaking many other things, so this may be this patch has been in development since soon after it was discovered.
    Good point there - if this is an issue that effects Windows 7 then I'd much prefer that whatever patch came out didn't break something else, (if it's Windows8 only then I don't care).

    Maybe the sensible thing is to blame both - Microsoft for being a bit slow to fix, and Google for being overly-prescriptive.

    Career status: still enjoying my new career in DevOps, but it's keeping me busy...

  5. #21
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by crossy View Post
    My problem with them is that while it's fine for them to stop support, the only official answer is "buy a new device and consign the old one to landfill" - how very environmentally friendly of them.
    Very true, it's one of the reasons i refuse to buy so called smart phones, being forced to throw away working hardware just because of the software is anything but smart if you ask me.

    Quote Originally Posted by GuidoLS View Post
    4.3 was announced on 24 July 2013.
    So no, it's not likely they stopped support when they announced the product And while it may be some form of demented fun to stand in queue for days on end every year to buy a new phone, 18 months for a major release of an OS is not a long span of time, even in today's gotta have the newest now society.
    Whoops, i kinda thought i had that wrong a while after i posted.
    Well they have to do something to get people buying more c**p.

  6. #22
    Long Time Lurker
    Join Date
    Sep 2006
    Location
    Dark Side of the Moon
    Posts
    396
    Thanks
    34
    Thanked
    23 times in 21 posts

    Re: Microsoft hits back after Google publicises Windows bug

    anyone bitching about old roms for phones? get yourself over to XDA Developers and flash a new rom. job done.

    (I have an old HTC Desire that now runs 4.4.4 and potentially may run 5.0 lollypop)

  7. #23
    Senior Member
    Join Date
    Jun 2004
    Location
    Kingdom of Fife (Scotland)
    Posts
    4,991
    Thanks
    393
    Thanked
    220 times in 190 posts
    • crossy's system
      • Motherboard:
      • ASUS Sabertooth X99
      • CPU:
      • Intel 5830k / Noctua NH-D15
      • Memory:
      • 32GB Crucial Ballistix DDR4
      • Storage:
      • 500GB Samsung 850Pro NVMe, 1TB Samsung 850EVO SSD, 1TB Seagate SSHD, 2TB WD Green, 8TB Seagate
      • Graphics card(s):
      • Asus Strix GTX970OC
      • PSU:
      • Corsair AX750 (modular)
      • Case:
      • Coolermaster HAF932 (with wheels)
      • Operating System:
      • Windows 10 Pro 64bit, Ubuntu 16.04LTS
      • Monitor(s):
      • LG Flattron W2361V
      • Internet:
      • VirginMedia 200Mb

    Re: Microsoft hits back after Google publicises Windows bug

    Maybe Microsoft can get their own back by pointing out "Google cuts back on Android security fixes". Looking at that I'm thinking that perhaps Google should be getting their own house in order before throwing eggs at other people's?
    Quote Originally Posted by mercyground View Post
    anyone bitching about old roms for phones? get yourself over to XDA Developers and flash a new rom. job done.
    (I have an old HTC Desire that now runs 4.4.4 and potentially may run 5.0 lollypop)
    And is your new KK ROM fully functional? Last time I checked the ROM's for my old Galaxy S3, all of them had one or more bits that were marked as either "non functional" or as "not entirely stable". Don't get me wrong, I'm not knocking what you're saying, just pointing out that anyone expecting to just wave the XDA-Devs "magic wand" over an orphan device and get the latest 'droid release on it as good as a manufacturer's ROM may be disappointed. Personally though, I'm amazed at what some of the XDA guys CAN achieve and, as I've said above, they do go a long way to embarrassing the better-resourced "official" teams.

    Career status: still enjoying my new career in DevOps, but it's keeping me busy...

  8. #24
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Microsoft hits back after Google publicises Windows bug

    Cards on table? I'm not exactly MS's Number 1 fan. In fact, I'm no fan at all, as anyone that's seen some of my comments on decisions over MUI, etc, will know. But I loathe, detest and despise Google. My opinion of them is broadly on a par with my level of 'affection' for the Third Reich. Seriously. When I say "detest", etc, I mean it.

    So my view is probably predictable, but here it is.
    Quote Originally Posted by Google
    Don't be evil. We believe strongly that in the long term, we will be better served-as shareholders and in all other ways-by a company that does good things for the world even if we forgo some short term gains. This is an important aspect of our culture and is broadly shared within the company.
    and as CEO Eric Schmidt said in explaining that,
    Quote Originally Posted by Schmidt
    "Don't be evil" is meant to provoke internal debate over what constitutes ethical corporate behavior, rather than representing an absolute moral position.
    So .... Google sets an arbitrary 90 day limit. It could equally well have been 75 days, 100 days, 3 calendar months, whatever, in it's reasonably laudable if self-appointed role as World Software QC judge. Then, despite knowing a a fix was 2 days out, and holding off for that, decides to put US, the public, at increased risk of exploitation for the sake of adhering to an arbitrary timetable. Way to go in "ethical corporate behaviour", Mr Schmidt.

    If MS said it'd be patched Tuesday 13th, and didn't, then fair enough. Publish. But given the imminent patch, ethical behaviour would be to hold off, check the patch is released and effective, give it a chance to propagate and the public to be protected, and then, by all means, publish.

    But no. For the sake of cheap publicity, just expose millions to risk, for the sake of 48 hours. Nice ethics, Google.

    Though, frankly, I'd expect nothing less than an arrogant bunch of self-interested bleeps that makes it's fortunes from exploiting invasion of other people's privacy without regard to whether they object or not. Do no evil, indeed. If Google ever needs another line of work, maybe comedian? Or the hind end of a donkey?

  9. #25
    Senior Member
    Join Date
    Aug 2006
    Posts
    2,207
    Thanks
    15
    Thanked
    114 times in 102 posts

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by mercyground View Post
    anyone bitching about old roms for phones? get yourself over to XDA Developers and flash a new rom. job done.

    (I have an old HTC Desire that now runs 4.4.4 and potentially may run 5.0 lollypop)
    The point isn't that we can't get roms (well those who know how) it's more the fact that we shouldn't NEED to go after a user developed rom to fix a, in my opinion, design flaw of android and lazy manufacturers.

  10. #26
    Registered+
    Join Date
    Oct 2014
    Posts
    21
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Microsoft hits back after Google publicises Windows bug

    I find this shocking, Google is indeed playing very dirty. Googles system have so many bugs and flaws some which are over 2 yrs old. Google is quick to point out but not quick to fix their own ****.

    To be honest this has affected Google reputation more than anything else.

  11. #27
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Microsoft hits back after Google publicises Windows bug

    This is stunningly bad behaviour.

    Yes if MS hadn't got the patch out, disclose, but realistically, getting a patch, that maintains binary compatibility, that is installed, often automatically on an almost inconceivable number of machines, with different config, uses etc. The QA (testing) for that alone will take weeks.

    Given the state of Googles own house, when it comes to Android, on this, I don't think it's remotely fair. Imagine if MS said it's the manufactures job to get you updates how bad the situation would be, manufacturers are not incentivised to push updates, it hurts their physical hardware sales, unless the updates makes the hardware run slower (iOS!). This is one of the main reasons I only use my Android tablet for un-important stuff. No android device, no will they under their current design, have my emails, work data etc.
    throw new ArgumentException (String, String, Exception)

  12. #28
    Seriously casual gamer KeyboardDemon's Avatar
    Join Date
    Feb 2012
    Location
    London
    Posts
    3,013
    Thanks
    774
    Thanked
    280 times in 242 posts
    • KeyboardDemon's system
      • Motherboard:
      • Asus Sabretooth Z77
      • CPU:
      • i7 3770k + Corsair H80 (Refurbed)
      • Memory:
      • 16gb (4x4gb) Corsair Vengence Red (1866mhz) - (Because it looks good in a black mobo)
      • Storage:
      • Crucial M550 SSD 1TB + 2x 500GB Seagate HDDs
      • Graphics card(s):
      • EVGA GTX 980 SC ACX 2.0 (Warranty replacement for 780Ti SC ACX)
      • PSU:
      • EVGA 750 watt SuperNova G2
      • Case:
      • Silverstone RV03
      • Operating System:
      • Windows 10 Pro 64 Bit
      • Monitor(s):
      • Asus Swift PG278Q
      • Internet:
      • BT Infinity (40mbs dl/10mbs ul)

    Re: Microsoft hits back after Google publicises Windows bug

    Neither Google nor Microsoft has our security interests in mind over this, the only thing they appear to care about is scoring points over each other. More could have been done by each side, I would have been more impressed with Google for holding back until the 14th and equally as impressed with Microsoft for releasing the patch two days earlier.

  13. #29
    Senior Member
    Join Date
    Jun 2004
    Location
    Kingdom of Fife (Scotland)
    Posts
    4,991
    Thanks
    393
    Thanked
    220 times in 190 posts
    • crossy's system
      • Motherboard:
      • ASUS Sabertooth X99
      • CPU:
      • Intel 5830k / Noctua NH-D15
      • Memory:
      • 32GB Crucial Ballistix DDR4
      • Storage:
      • 500GB Samsung 850Pro NVMe, 1TB Samsung 850EVO SSD, 1TB Seagate SSHD, 2TB WD Green, 8TB Seagate
      • Graphics card(s):
      • Asus Strix GTX970OC
      • PSU:
      • Corsair AX750 (modular)
      • Case:
      • Coolermaster HAF932 (with wheels)
      • Operating System:
      • Windows 10 Pro 64bit, Ubuntu 16.04LTS
      • Monitor(s):
      • LG Flattron W2361V
      • Internet:
      • VirginMedia 200Mb

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by TheAnimus View Post
    Imagine if MS said it's the manufactures job to get you updates how bad the situation would be, manufacturers are not incentivised to push updates, it hurts their physical hardware sales, unless the updates makes the hardware run slower (iOS!).
    Actually it seems to be a widespread view that Samsung's Android updates tend to make it's devices run slower. In this household we've got two Samsung phones and two Samsung tablets and all four seem to have developed a kind of "bit rot" where performance gets worse the older they get. And it's noticeable worse after a Samsung bundled app update.
    Both tablets are due for a hard reset shortly, one of the phones got junked and the other is heading that way. Needless to say I'm very wary about buying Samsung gear again, (eldest got a Lenovo-badged Intel-powered tablet for Christmas rather than going the Galaxy Tab route for this reason. And it's actually a pretty decent piece of kit).
    Anyone who says that Google is merely playing at mobile OS has probably got it right in my book. Then again, cynicism says that they don't give two hoots about Android anyway, except as a platform to get GApps on. And given that, perhaps they're not the best placed to be "policing" security.

    In my horribly biased opinion, what I'd like to see is a Project Zero type team made up of the leading software manufacturers, so that'd be Microsoft, IBM, Google, Adobe, Oracle (grr, Java, grr) and arguably Apple, (and I'm sure there's others out there). Even better if there were some non-commercial folks on there, e.g. FSF, Canonical or Mozilla. There's great PR mileage in being able to gang up on someone else and poke fun at their shoddily insecure apps, so there's an incentive. Why do this? Because security is everyone's responsibility - so the more eyes on the problem, the better.
    Quote Originally Posted by Saracen View Post
    Though, frankly, I'd expect nothing less than an arrogant bunch of self-interested bleeps that makes it's fortunes from exploiting invasion of other people's privacy without regard to whether they object or not. Do no evil, indeed. If Google ever needs another line of work, maybe comedian? Or the hind end of a donkey?
    I hear Fox News is looking for a new terrorism expert... rofl (#foxnewsfacts)
    Maybe there's a niche for a "Google Soundbite" product?
    Last edited by crossy; 14-01-2015 at 10:31 AM.

    Career status: still enjoying my new career in DevOps, but it's keeping me busy...

  14. #30
    Account closed at user request
    Join Date
    Aug 2003
    Location
    Elephant watch camp
    Posts
    2,150
    Thanks
    56
    Thanked
    115 times in 103 posts
    • wasabi's system
      • Motherboard:
      • MSI B85M-G43
      • CPU:
      • i3-4130
      • Memory:
      • 8 gig DDR3 Crucial Rendition 1333 - cheap!
      • Storage:
      • 128 gig Agility 3, 240GB Corsair Force 3
      • Graphics card(s):
      • Zotac GTX 750Ti
      • PSU:
      • Silver Power SP-S460FL
      • Case:
      • Lian Li T60 testbanch
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • First F301GD Live
      • Internet:
      • Virgin cable 100 meg

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by crossy View Post

    And is your new KK ROM fully functional? Last time I checked the ROM's for my old Galaxy S3, all of them had one or more bits that were marked as either "non functional" or as "not entirely stable". Don't get me wrong, I'm not knocking what you're saying, just pointing out that anyone expecting to just wave the XDA-Devs "magic wand" over an orphan device and get the latest 'droid release on it as good as a manufacturer's ROM may be disappointed. Personally though, I'm amazed at what some of the XDA guys CAN achieve and, as I've said above, they do go a long way to embarrassing the better-resourced "official" teams.
    I use Cyanogenmod KK on my S3 and it is very stable. Used Carbon before that which was good but not quite as stable. Much better than the official Samsung bloatware ever was, and since it is AOSP based there are other people who know what they're doing checking the code under the hood.

  15. Received thanks from:

    crossy (15-01-2015)

  16. #31
    Registered+
    Join Date
    Jan 2011
    Posts
    63
    Thanks
    0
    Thanked
    7 times in 4 posts

    Re: Microsoft hits back after Google publicises Windows bug

    I thought I'll have a go to argue in favour of Google here:

    Microsoft have already fixed this hole - but chose to keep an existing security vulnerability open longer for their own timetable - that is to do it on a Patch Thursday and not earlier.

    After all if Google found it, who's to say others haven't and is using it?

    Disclaimer: I'm more in favour of security updates as soon as it's fixed, any other bug fixes (non-security related) on a schedule so I'm not wholly in agreement with Microsoft for delaying a security fix.

    Microsoft also say they don't agree with the going public aspect of security patches. Here's a damn good recent reason why it's important: Moonpig UK - the cards company. They had a very very serious security issue with their website that exposed all customer details. It was reported to them repeat-ably and Moonpig did nothing about it until 17/18 months later when it was made public. Now they're doing something about it...maybe.

    A company had 17 months and didn't do anything. Another company had 3 months (90 days) and didn't release a patch (even though they had it all ready but was postponing it).

    Reasonable disclosure isn't always an easy thing to do though - what's the right timescale etc?

    http://www.ifc0nfig.com/moonpig-vulnerability/

  17. #32
    Senior Member
    Join Date
    Aug 2006
    Posts
    2,207
    Thanks
    15
    Thanked
    114 times in 102 posts

    Re: Microsoft hits back after Google publicises Windows bug

    Quote Originally Posted by JGJones View Post
    Microsoft also say they don't agree with the going public aspect of security patches. Here's a damn good recent reason why it's important: Moonpig UK - the cards company. They had a very very serious security issue with their website that exposed all customer details. It was reported to them repeat-ably and Moonpig did nothing about it until 17/18 months later when it was made public. Now they're doing something about it...maybe.

    A company had 17 months and didn't do anything. Another company had 3 months (90 days) and didn't release a patch (even though they had it all ready but was postponing it).

    Reasonable disclosure isn't always an easy thing to do though - what's the right timescale etc?

    http://www.ifc0nfig.com/moonpig-vulnerability/
    Difference in that argument is that MS were actually patching said security issue, they just weren't deploying it until the scheduled patch Tuesday (ie when companies expect the patches) a few days later, in this case Google waiting a couple of days wouldn't have hurt anyone except their attempt at getting one over MS, which it hasn't in my opinion, it's just lowered a lot of tech savvy people's opinion of google, because by announcing it before the patch they've only caused the end user potential issues.

    Most of us don't mind the usual a versus b company 'fighting', just look at android/iOS or Apple/Samung, it's when the companies put the consumer at risk just to try and get one over another company that people don't appreciate the approach.

    In the case of Moonpigs API security issue, making it public was necessary to get them to fix the issue, they didn't even attempt to patch it, MS were making the appropriate changes to fix the bug.

Page 2 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •