Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

I’m honestly not surprised they came up with this considering MS’ track record on security since the internet exists.

One more reason to resist their extend embrace extinguish strategy and not use their tools (vs code etc), this won’t end well and Microsoft will always be Microsoft.



sort by: page size:

MS did it on purpose for security reasons

If this is true, Microsoft should be completely embarrassed and the leads on this piece of softwar who made that decision, all the at up through to senior management, should be fired.

For Microsoft to build such a product without basic security in mind is beyond belief in 2020. There is no level of “technical debt” excuse that can make up for a lazy, anti—user decision like this.


microsoft-internet-security.com

This is Microsoft we are talking about. "embrace, extend, and exterminate".

Why would anyone trust anything Microsoft says is beyond me.

Their own internal security is like Swiss cheese, hardly reassuring.


Why not even?

Security was never a strong part of Microsoft.


I'm perplexed that anybody thinks Microsoft were being dumb. They know exactly what they are doing and putting the pieces in place to violate users' security is the point.

Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.

This can be used to make them a shedload of money one day.


Not that I distrust this particular code, Microsoft has had some serious blunders in the past. Like chopping off any password over 8 characters.

exactly.

I wouldn't touch any code contributed by microsoft with a 10 foot pole. There is bound to be some catch or strategic trick here.


Apparently security software giants have motives other than security these days.

This really makes me put more faith into microsofts own defender.


Knowing Microsoft it's probably for some malicious purposes

That nuts. MS has known about this bug for 20 years!

Example.com exists for a reason.

How could anyone trust MS for security anything?


Though this is bad for Microsoft, does it make the situation substantially worse from a security perspective? Assuming they’re following good practices like not storing access keys, passwords, etc, in their source control system(s), this seems like more of an IP protection issue.

I could be wrong about that, though, and I’d be curious to learn and understand more.


Cue the chorus of people saying this is because Microsoft sucks etc etc.

Ignore the fact that Microsoft has spent more time and resources than any technology company in the world focusing on web related security. Mind you that is not an endorsement of their track record, but a statement with respect to the reality on the ground.


So wait Microsoft provides a workaround to their own security feature?

Overall, I feel this is a good move by Microsoft. Admittedly from their side, they won't (or cannot) cover all security holes from their system. Asking help from external sources and rewarding them appropriately is also good, allowing them to patch their system. In turn, end users will (hopefully) get an OS that is secure. Win for everyone. Way to go MS!

Microsoft’s threat model operates on the idea that its source code is not protected.

It's amazing to me that, after all these years, people are surprised at how bad Microsoft is at security. I genuinely don't understand why companies use their products after decades of egregious security vulnerabilities.

Well, that sucks. What's worse is it is wankers in the "infosec" industry that pushed MS to do this (or at least, are taking credit for it).

Now your PC malware can infect your mobile device. Wheee!

Microsoft is usually pretty good at modeling security threats these days. I'm surprised they did this, it's a bad idea.

next

Legal | privacy