Hacker Read

ornornor · 2024-06-08 06:06:12

I’m honestly not surprised they came up with this considering MS’ track record on security since the internet exists.

One more reason to resist their extend embrace extinguish strategy and not use their tools (vs code etc), this won’t end well and Microsoft will always be Microsoft.

reply

croes | karma 17146 | avg karma 3.11 · | 2024-05-07 00:02:23

MS did it on purpose for security reasons

remote_phone | karma 2527 | avg karma 3.29 · | 2020-10-27 16:45:37+00:00

If this is true, Microsoft should be completely embarrassed and the leads on this piece of softwar who made that decision, all the at up through to senior management, should be fired.

For Microsoft to build such a product without basic security in mind is beyond belief in 2020. There is no level of “technical debt” excuse that can make up for a lazy, anti—user decision like this.

reply

NotYourLawyer | karma 2967 | avg karma 2.68 · | 2022-11-18 21:48:23

microsoft-internet-security.com

Citizen_Lame | karma 13 | avg karma 0.27 · | 2024-06-07 17:28:48

This is Microsoft we are talking about. "embrace, extend, and exterminate".

Why would anyone trust anything Microsoft says is beyond me.

Their own internal security is like Swiss cheese, hardly reassuring.

reply

croes | karma 17146 | avg karma 3.11 · | 2023-09-18 11:36:29

Why not even?

Security was never a strong part of Microsoft.

reply

pydry | karma 11003 | avg karma 2.18 · | 2024-06-07 19:06:44

I'm perplexed that anybody thinks Microsoft were being dumb. They know exactly what they are doing and putting the pieces in place to violate users' security is the point.

Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.

This can be used to make them a shedload of money one day.

reply

paulie_a | karma 1667 | avg karma 0.68 · | 2018-12-03 22:18:23+00:00

Not that I distrust this particular code, Microsoft has had some serious blunders in the past. Like chopping off any password over 8 characters.

jacquesm | karma 227883 | avg karma 3.76 · | 2009-07-20 18:23:30+00:00

exactly.

I wouldn't touch any code contributed by microsoft with a 10 foot pole. There is bound to be some catch or strategic trick here.

reply

cordite | karma 1769 | avg karma 1.76 · | 2015-02-23 02:04:31+00:00

Apparently security software giants have motives other than security these days.

This really makes me put more faith into microsofts own defender.

reply

probably_satan | karma -15 | avg karma -0.21 · | 2024-02-24 16:49:17

Knowing Microsoft it's probably for some malicious purposes

lonelappde | karma 1602 | avg karma 0.51 · | 2020-04-07 16:55:21

That nuts. MS has known about this bug for 20 years!

Example.com exists for a reason.

How could anyone trust MS for security anything?

reply

thatsamonad | karma 1727 | avg karma 22.14 · | 2020-12-31 18:41:31

Though this is bad for Microsoft, does it make the situation substantially worse from a security perspective? Assuming they’re following good practices like not storing access keys, passwords, etc, in their source control system(s), this seems like more of an IP protection issue.

I could be wrong about that, though, and I’d be curious to learn and understand more.

reply

keithwarren | karma 3079 | avg karma 7.6 · | 2011-06-16 19:27:03+00:00

Cue the chorus of people saying this is because Microsoft sucks etc etc.

Ignore the fact that Microsoft has spent more time and resources than any technology company in the world focusing on web related security. Mind you that is not an endorsement of their track record, but a statement with respect to the reality on the ground.

reply

whatever1 | karma 4185 | avg karma 3.18 · | 2023-12-22 08:51:42

So wait Microsoft provides a workaround to their own security feature?

AngeloAnolin | karma 579 | avg karma 1.59 · | 2017-07-26 20:38:43+00:00

Overall, I feel this is a good move by Microsoft. Admittedly from their side, they won't (or cannot) cover all security holes from their system. Asking help from external sources and rewarding them appropriately is also good, allowing them to patch their system. In turn, end users will (hopefully) get an OS that is secure. Win for everyone. Way to go MS!

nojito | karma 3538 | avg karma 1.98 · | 2022-03-20 08:26:16

Microsoft’s threat model operates on the idea that its source code is not protected.

Zelphyr | karma 5226 | avg karma 4.1 · | 2023-08-28 09:11:13

It's amazing to me that, after all these years, people are surprised at how bad Microsoft is at security. I genuinely don't understand why companies use their products after decades of egregious security vulnerabilities.

nibbleshifter | karma 1825 | avg karma 2.32 · | 2022-11-12 07:50:53

Well, that sucks. What's worse is it is wankers in the "infosec" industry that pushed MS to do this (or at least, are taking credit for it).

kabdib | karma 15100 | avg karma 5.39 · | 2016-04-12 13:51:36+00:00

Now your PC malware can infect your mobile device. Wheee!

Microsoft is usually pretty good at modeling security threats these days. I'm surprised they did this, it's a bad idea.

reply