As a rush of cybercriminals, state-backed hackers, and scammers continue to flood the zone with digital attacks and aggressive campaigns worldwide, it’s no surprise that the maker of the ubiquitous Windows operating system is focused on security defense. Microsoft’s Patch Tuesday update releases frequently contain fixes for critical vulnerabilities, including those that are actively being exploited by attackers out in the world.
The company already has the requisite groups to hunt for weaknesses in its code (the “red team”) and develop mitigations (the “blue team”). But recently, that format evolved again to promote more collaboration and interdisciplinary work in the hopes of catching even more mistakes and flaws before things start to spiral. Known as Microsoft Offensive Research & Security Engineering, or Morse, the department combines the red team, blue team, and so-called green team, which focuses on finding flaws or taking weaknesses the red team has found and fixing them more systemically through changes to how things are done within an organization.
Cheap jokes from the Windows XP era aside, I feel like there haven’t really been any massive security problems with Windows that we used to see in the XP days. Working for any of Microsoft’s security teams can’t be an easy job, and it’s always interesting to get an insight into how they operate.
I don’t know if the conclusion is all that realistic. More likely there is a false sense of security involved. As we don’t discuss security all that much today. General public. One reason might be as we live in surveillance state and surveillance capitalism. The side effect of this likely is, psychologically, well i use spyware anyway. And i share everything with others. Because i am addicted to that. So why should i care. A whole lot of people use other people computers. So called cloud computers. An army of engineers behind them and still we often read about massive unauthorized access incidents and beyond that. Metrics on things such as detected zero-day vulnerabilities are increasing. Concluding you are any safer using Windows 11 compared to Windows XP. A bit naive conclusion in my opinion. Or that we shouldn’t joke about it anymore. And to take it seriously. That is to believe you are any safer in regards to potential exploits using Windows today then you were a couple of years back. You are really not.
I’m more worried about the azure platform bugs, than any in windows at this point. There have been a number of really bad ones, that reflect poor security engineering that allows from a single bug in a single service to allowing access to other customers services and data. Its like windows back in the xp era, very poor privilege separation.
“I feel like there haven’t really been any massive security problems with Windows that we used to see in the XP days.”
The only explanation I can come up with for that is that the folks who write viruses and worms have gotten better at it, and they simply don’t break user’s systems as much any more. It’s true that those things were highly visible in the XP days, but that was only because of bugs in their implementations, or the specific ways they targeted the user (to install dumb stuff like banners in IE, etc.).
I find it hard to believe that much has changed in Windows world, given their execution model still requires elevated privileges for basically everything, and their UI is still awful at communicating exactly why it’s bothering you with yet another security prompt for the third time in an hour, and given how often Windows Updates are likely ignored by users, because of how often they occur, and how long they take to install (due to the largely inept anti-virus software you HAVE to run, because Windows.)