Re: Does Microsoft take Security Seriously? - Internet Bank hacked - it could happen to you!



It is my experience as a system administrator that it is the users who don't
take security seriously. I have used Microsoft products for year without
ever having a security compromise that led to data loss, but that, like your
own experience, is anecdotal. The fact that Microsoft releases product
security updates on a monthly basis is evidence that they take security
seriously. Moreover, if they did not as you seem to believe, they would
very soon be out of business. How long do you think a shopping mall would
be in business if packs of armed thugs roamed the midway randomly harassing
customers? They would hire security just as Microsoft does in their own
way.

It appears from your post that there are key security measures that you
overlooked. In particular, you make no mention about having a firewall. If
you were running a good firewall, you would not have to worry about attacks
while downloading those updates. Moreover, if you are not running a
firewall, those updates are only of limited usefulness. In other words, you
must take responsibility for your own security.

So the question should come back to you:

Do YOU take security seriously?

BTW: I seriously doubt that Microsoft had anything to do with the security
compromise at the bank. Remember that Microsoft does not run every computer
on earth, and most large business applications run on variations of UNIX.
If your bank was hacked to the point that money was lost from your account,
the bank would be responsible and not you. They would replace your losses
immediately.

Opus

<rajeshk4u@xxxxxxxxxxx> wrote in message
news:1147905789.207673.241080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Does Microsoft take Security seriously? We are constantly being told to
keep your PC up-to-date and to run Windows Update.... yet what happened
to me could happen to anyone.

I had to rebuilt my PC from scratch. I installed Win XP and then
installed SP2 (from disk rather then Windows Update, which would have
put my PC at disk). I also installed Norton Anti-Virus 2006. I was very
careful, everything up to this point was done off-line.

As soon as I connected to the Internet, I did a Windows Update - I
found 45 HIGH PRIORITY updates. But I was NOT allowed to download
because it was pending Windows Activation. This was a hassle because I
had to activate by telephone. After all that I could finally do a
Windows Update. I was worried about security hacks. Because it did take
a while to download & install those 45 updates.

I am furious at Microsoft. If there are 45 HIGH PRIORITY UPDATES after
SP2, I don't understand why Microsoft don't make them available as a
SINGLE DOWNLOADABLE UPDATE or provide customers with a CD. This is the
only safe way to build a new PC. It is madness to take an out-of-date
PC and put it on the Internet, but this is exactly what Microsoft
expects users to do!. Microsoft wants users to use Windows Update so
that they can check they you are using a Genuine version of Windows.
This is all good for them, but what about the poor user?. Sadly, I was
unlucky!.

A couple of weeks later my Internet bank had been hacked.. money was
taken without my knowledge. It is nice that Microsoft can think of
wonderful ways to protect its revenues without thinking of their
customer's pockets or the time wasted in me having to re-install this
PC.

I found a similar issue with Norton. Even though I had Norton 2006,
they don't have a single downloadable update. I had to reboot a couple
few time before I got the all the updates using LiveUpdate.




.