Microsoft has lashed out at Google for making a Windows 8.1 vulnerability public. Chris Betz, heading up the Microsoft Security Response Center (MSRC), published a new blog post over on TechNet talking about security and how tech companies should work together to better protect consumers against threats from exploits in software, something the company feels Google disregarded.
The blog post touches on preventing the full public disclosure of security vulnerabilities in software, which Microsoft believes is best kept under wraps.
Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves. We disagree. Releasing information absent context or a stated path to further protections, unduly pressures an already complicated technical environment. It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a "fix" before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack. We are in this latter camp.
Betz then highlights how Google has released information about the vulnerability in Windows 8.1, just two days before a planned patch was set to be published on Patch Tuesday. Betz also states Microsoft requested Google to avoid releasing said details before January 13.
Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a "gotcha", with customers the ones who may suffer as a result. What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.
The blog post closes by reaffirming that software is by no means perfect. It is indeed made by humans after all, and we've continuously displayed strong signs of imperfection throughout our history. Here's hoping the giants behind our favorite devices band together to keep everyone safe from attacks and cyber crime.
Source: TechNet
Reader comments
Microsoft hits back at Google for publishing Windows 8.1 vulnerability before being fixed
Pages
Google does not emphasize on chromebooks. There is no competition there. They clearly win mobile fight, search, maps and so on. The only thing that Microsoft will dominate is pc. The only reason why is because Google doesn't care as much about it. PC world is almost done. It's all about mobile now and has been for past 5 years. Once mobile gaming advances to console quality gaming, PCs are done. Earlier comment about here maps being better than Google maps is a joke. I'm a truck driver and I use nav constantly. The only advantage here maps had , was offline maps. They still do in countries where service coverage is not as good as it is in US. Google is not pissed. Windows phone vs android is no competition, later one clearly dominates. I had windows phones since lumia 720, after that I tried really hard to stick to windows, lumia 820, 900, 920, 1020, 635, 1520. Microsoft deserves what they got from Google because of their stupidity and lack of being able to make right decisions. Look what happened to Nokia. Microsoft removes well known name from handsets and software and makes low end smartphones with their branding on it. Where are new flagship now? Microsoft is trying to keep their customers shut with crappy updates, like faster camera start time and hey cortana. What's new in Great Windows 10? Old start button? Cortana integration? I understand use of voice commands on phone, for example when driving. It's sad how Microsoft is treating their customers, because there are some really dedicated people here who hate everything but Microsoft .
I think google is pissed at MS for windows 10... It's gonna decimate its chromebook market.
I'm with Google on this. If 'second Tuesday of every month' is not arbitrary, then what is? Why didn't Microsoft release early if it was so important?
Ahhhh maybe cuz Microsoft is writing a new operating system which takes time and resources? Could be wrong.
I don’t know why anyone (Microsoft or consumers) are surprised. Google does petty stuff like this all the time, especially where Microsoft is concerned.
Damn Microsoft didn't cry as bad as you Windows fans. Shame on you. 90 % of you use YouTube 70% Google Chrome. 40% own android phones or tablets. And 95% use Google as search engine on PC cause bing is useless.
Don't use google search, Bing has less porn show up, don't use google maps, here is more accurate, only use Gmail for spam emails, I have a android tablet Galaxy Tab 3 which is rubbish but I got it free.... Google can kiss this Canadians a**.
Google should worry about their own. Lollipop is horrible and only used on 1% of dervices.
So? Android still has the biggest market share till date. Eventually, Lollipop will catch up. On the other hand, I have yet to receive Denim on my 1520 and MS is already talking about WP10. Well done there MS!
Market share dont mean jack.... Milli Vanilli sold lots of record and they were crap... Popularity is only market driven.
I think is a dirty game from google but dont surprise any one, all we know how google works, they force you to use only their own products (apps, OS, etc). They dont let the customers to decide which option is better. Thats why now days I try not using any google product, because their uggly way to work. I think google is scared about Microsoft, cause the market share in pc OS belongs to Microsoft and now that Microsoft is trying to make the best mobile OS based in the pc OS, Google wants to discredit the stronger part of Microsoft. Dirty game from Google hate. If Google wants competition Microsoft is the best, if would be a site like youtube from Microsoft, then google wouldnt be that strong in this way. I think Microsoft is doing the right things, if not Google wouldnt be that scared!!! Regards from Mexico
Another reason to stay far away from Google.
considering the Size of the install base for companies like Microsoft, apple, adobe perhaps Google should put these mega corporations in a seperate category when it comes to publicly releasing velunerabilities. Sure put a time limit on it but the amount of time that it takes for Microsoft to test and debug a vulnerability patch is much longer than most applications and rightly so.
Google is stupid and aggressive
http://www.neowin.net/news/after-throwing-microsoft-under-the-bus-google...
"The flaw, which exists in WebView (a core component used to render web pages on an Android device) impacts nearly 1 billion users, when using Google's own numbers as a base along with Gartner figures. Industry reports say that there are roughly 1.56 billion phones with Android on them, and if 60% are running the now non-supported version of Android, that means roughly 930 million phones are now vulnerable."
Dick move Google. This is what we expect from you now.
Google is really "EVIL".
Yet Google announced it won't patch WebView flaw that exists in Android 4.3. OEMs can develop a patch or update to 4.4, however 4.3 devices are still being sold. Google estimate is 1 billion devices will go unpatched.
Posted via the Windows Phone Central App for Android
I think, rather than both companies bitching at each other for who does what wrong, they should come to terms and find solution.
In my opinion both Companies are wrong with their guidlines. Google should not simply fully disclose a vulnerability after this arbitrary 90days deadline and Microsoft should not keep a vulnurbility behind closed doors until a patch is ready.
They should rather meet in the middle and after 90 days very basic information get published and then every 7 days later more information gets released until the whole thing is out in the open. This way the average Joe knows about the vulnerability and the Company of the product affected gets under pressure.
The way it happens now is just reckless.
Microsoft has the same opportunity to do the exact thing with "Lagdroid" OS. It's the payback time.
Google gets more petty by the day.
I'm love MS but google is right on that one, next time MS will pull it together and submit a fix on time. With so many backdoor speculation, Google decision to publish the vulnerability was what is for users. I don't get why some people are blaming google for MS incompetence.
I am not sure I would go as far as to call it incompetence. I've been managing Windows and Exchange servers for 15 years. In that time I have been bitten countless times by updates that contain crippling bugs that got missed in QA. Microsoft has gotten a lot of heat over these and rightfully so, but they have made improvements. I side with them here, that if a patch is not truly ready, don't release it. Historically that does more harm than good.
"Google is right on that one."
Right on what? On endangering those users all over the world for bringing the vulnerabilities in public? Micrtosoft is already working on the fix. Google's concern is to destroy the credibility of MS, regardless endangering people's computer, hopefully not yours.
Me thinks its time to break Chrome support in Windows - maybe patch tuesday does something to make chrome not work......lets see how Google responds to that.
If Microsoft decided to leak the flaws in android...
The vindictive part of me would love to see that, but at the same time I hope MS does not stoop to Google's level.
Me neither.
Google is good.
I dont know why Google hates soo much Microsoft. Microsoft needs to wakeup and see them as a enemy. They will do everything to trouble MS.
Microsoft should patch W10 to slow Chrome. Changing the OS API every month like they do breaking the 3rd party Youtube apps all the time.
That would only hurt the consumer and not Google, is it really worth it being dragged down to Googles level? I don't think it is, Microsoft need to just stay as they are to prove that they are better than that.
more the windows phone sell lesser the google services should be used. for u tube u have great alternatives.
It is hurting only microsoft now
How? No it's not. Google is in trouble, people are going to realize that ChromeOS is a piece of crap.
rekt
I despise Google. "Don't be evil" my a$$.
Wow. What a bunch of twats.
I always knew I had a reason as to why I dislike Google so much...
Was the 90 days up? Read somewhere that the guy from Google gave Microsoft 90 days to fix the problem, if nothing was done within the timeframe the vulnerability would be made public!
They asked the 90 day period to be extended by two days, so while it was technically "up", Google puts millions at risk when it could've waited two days.
Nothing new just google being a dick
Microsoft should do the same in return & give em a taste of their own medicine
By releasing their list of every hole in the Chromebook.
The press of course jumped on this as though Google was keeping consumers' best interests at heart. Microsoft took a beating and one of course wonders if publishing any vulnerability smacks of throwing caution to the wind. Google is hardly transparent about any of their vulnerabilities in Chrome and Apple is similarly closed mouthed about it, leading to the myth that they are never subject to any vulnerabilities.
As I mentioned further up, Microsoft have also stopped publicly publishing vulnerability details as well. Only premier partners get those details.
I'm baffled that Google would call out anybody for exploits, since when it comes to every one of their products and services, they ARE the exploit of their consumers. It's right there in the terms of service and data mining policies that hardly anybody takes the time to read.
"Terms of Service and Dating Mining Policies"
LOL made my day
and that's why i never use google anymore, except youtube, ms should make it's own youtube alternative
Bing video is getting better all the time. Don't get me wrong, it's nowhere near as good as Youtube, but I searched for some videos the other day and was pleasantly surprised.
"Don't Be Evil... Unless it imparts a business advantage."
In this case what business advantage do Scroogle gain?
Destroys MS credibility and endangering Windows users all over the world.
I'm so sorry for google for such a ridicules act... every one with Windows OS is safe... and the best software company will help us in any situation... Windows = Update - Windows Defender = Update there is nothing to be worry about!
this no firing back this just crying we want Microsoft to find sum hole in chrome books and release it to the public or sum thing like that
Funny how I still cannot get my Chrome bookmarks to sync cross-devices. Have had this issue for more than 90 days. Think it's time I published it.
You just did publish it lol
But that issue do not pose any security to users. You can make it public from the very beginning, LOL.
I would feel insecure using Chrome if I knew that one of it's most basic features was not working. So, hence, security flaw.
Fuck google mafia most evil company on the planet
The Agent Carter ad was very well placed. This is what I saw when I came to this article.
Edit: I should have figured I wouldn't be able to post a link. :P i.imgur.com/oRhZqbb.png
Offtopic, I can't find Phone Insider app in store. Is it removed?
So go find an Android zero day?
Even a monkey could find a zero day exploit in Android.
It's not like Google doesn't have it's own spyware and vulnerability issues - namely Android itself.
Regarding the comments on 90 days, sometimes it looks achievable, but may not be practical enough when on the job. To find fault in code is lengthy enough of a job, and then comes rectifying it. As I said, OS's weren't written in a few days, so to address a security flaw, they need to go through a large percentage of coding in the said OS which could take days or weeks. At this juncture, Google cannot convince me enough that Microsoft doesn't care.
If Google releases a fix of some sort for the bug (ie. instructions to customers on how to block or stop using vulnerable software), I wouldn't mind it if they released the bug right away.
Google don't care about their own customers security so why would they care about the security of Microsofts customers?
Microsoft themselves have stopped publicly publishing vulnerability information for one simple reason, to stop them being exploited.
They don't care about MS customers, even those who use Google systems everyday. This was not about helping customers. It was about sticking it to the competition.
Exactly, there was no business advantage for them to do this just trying to stick it to the competition but unfortunately it's us customers that suffer in the end.
MS will have their turn when Windows 10 is ready. There'll be lots of videos comparing the new and improved Windows to stale Android which has been the same since forever.
They've got resources to innovate, made the OS free for many devices (conditions apply which is obvious) and through channels like Windows central, listen to the customers. They're following the right path to gain traction. For those who question market share, keep in mind that Microsoft has kept new product roll out and advertising to the minimum so that they can completely concentrate on W10, when they'll come out with a bang! The Lumia 535 is only a teaser for things to come. It's to tell people if this is how Microsoft defines low end, high end will be pure awesomeness. It's a hard wait, but I know I need to wait as OS's aren't written in just a few days.
Ignore Google, keep Microsoft Windows defender or any other anti virus / anti malware up to date and relax! :)
About 3 months ago I switched to using Bing on every device and I have not looked back.
About the only thing that's not quite as good is the image search. For example when ripping my CDs to computer I go and find a decent quality cover pic and sometimes with bing it won't find the correct one or a decent enough quality whereas on Googles image search it would find both the correct one and more of them - HOWEVER - this was only sometimes not everytime.
On Bing just choose what quality of pic do you search and *tatataaa* you will find what you looking for.
When I search for images on Bing I get relevant information, on google I get some relevant information and porn... F*ck google.
Google u will see ur dawn..coming soon,.....
i can tell from the comments that you guys really hates google, but you know what, in my country ,we are not allowed to use it,the website was blocked by a cutting-edge firewall which is improving every day....
Where?
I'm going to say China seeing as he mentions the "cutting-edge firewall".
Yep,and I'm using vpn to reply your comments
Well you're not missing out on anything
Funny how the only time I have been knowingly hacked is through a Google account from an Android device.
We should blow up every Google building
Seriously, get a life.
One of the best desicions in my tech life was to stop using Googles services. It's been more than a year, and I cannot be happier. (Youtube is the only one I sometimes use, but I try to use Vimeo as much as possible, hopefully Twitters video service will be a good alternative)
Nice I stopped using them years ago
I stopped using "google" for almost a year. Everytime when I search something I accidentally press google.com. But now I'm used to typing Bing.com
Using google 25% vs Bing 75%
Bing getting close to my main browser
I'm in peace after changed to WP,outlook and Bing...!! Peace of mind guaranteed!
I don't know. I find google search results better and more relevant than Bing's.
True, but it's a price I'm willing to pay.
Unfortunately Bing is very bad in India... No good alternate for duckduckgo ;-)
i like only u tube thst to even i use mytube application. i gave up google services when i bought windows phone.
The sandstorm rages on.
They did it on purpose
Google, go to hell
But, they do no evil :/s
Google spelt backwards is Elgoog and we all know that is the same as saying Evil.
I always referred to this demon as geGool
Scroogle. You boys started a war you can't win. Seems forgotten when once MS saved your sorry asses.
Nobody cares about Microsoft. They know MS has money and power and they want to do everything to diminish that. MS is a threat and competition
Microsoft should add some code to Windows treating Chrome as spyware and block it from running.
That isn't far from the truth, Chrome IS spyware.
Google should make their findings public by making a statement, and tell Microsoft in detail what its findings are, this could help Microsoft to fix the bug and also inviting public pressure over Microsoft, and the consumers' interests are protected.
It is evil for Google to have what they did.
Microsoft already have a fix for this, it was just going through testing. Hence the reason why they asked Google not to publish details of the vulnerability.
Google are pieces of shit then they find you then nobody can... *tips tinfoil hat
Google sucks
Sucks up all your data through it's Android and Chrome software!
"Sucks up all your data through it's Android and Chrome spyware!"
Fixed it for you ;-)
Google software = Google spyware. True!
And that's why I prefer MSFT. So insecure GOOGLE
I think this shows just how much Google cares about it's customers and their security.
http://www.forbes.com/sites/thomasbrewster/2015/01/12/google-webview-upd...
Google you have to BURN, worst company e v e r. Crap software and totally lack of class.
Maybe so , but Android has close to 80% market share in phones and Microsoft less then 5% globally . .. And no sign of picking up . Never mind , enjoying my Lumia 925 while it last and doing my searches on Bing.
Times change, look at Nokia, Blackberry and Kodak for proof.
Yeah...wait for the end of droid!
That's because they're cheap, not because it's a good experience.
Reasons why we will never see any google app on WP.
Lucky us :D
Lol!! That was a good one ;)
Yet ms puts its videos on youtube..
The third party youtube apps are superior to what scroogle offers.
Whew, I thought for a minute that it might actually happen.
What happened to "Do No Evil"?
That's a completely misunderstood slogan from Google.... What they meant was that no one should be evil towards Google...
That's a thought of past. Even in the past, it was just a thought.
Well said, I like that.
You misread it. It's"Do know evil".
Replaced by "Pay Me"
I agree whole heartily on ask points. Instead of Google worrying so much about Neener Neener I got you..., they should worry about their own issues. Sadly, the post missed the point about what Google is, they are not there to protect their customers and never will be.
MS did start the Scroogle thing two years ago. No wonder they're pissed off. Don't be MS apologists over this people. I love Microsoft but this just looks like karma.
How is this comparable to the scroogle campaign? Microsoft screwed over Google. Here Google screwed over the customer.
Screwing the customer over is something that Google is extremely good at doing.
I agree with you, neo158, Google does do that a lot. But Microsoft has done it too. People on this site are way too blind to the negative stuff Microsoft does. Downvote me to hell for this, but it is true.
Isn't a lot of their negative stuff due to their business practices, IP litigation, software piracy and marketing campaigns though? It's one thing to be a bully in the industry and another to directly hurry is to show the other guy...i prefer they keep their jabs at each other and not have us suffer as collateral damage. =/
That's true but that was the old Microsoft, you know, the one from the 90s that thought they could do what they wanted and could get away with it.
Come now, it's not always 'eye for an eye' when it comes to tech giants. Google obviously doesn't have any dirt over Microsoft, since MS doesn't involve itself in selling it's consumer's data to gain more ad revenue. MS does this a whole lot differently (and ethically). They even brought their services to Android, and don't tell me that they HAD to, because MS revenues have been great for years now even if they didn't offer their software on iOS and Android.
Google may have hurt the customer, but they will chalk it off to collateral damage if their conscience bothers them about it. They were trying to defame MS with this exploit, and that it's a petty way to get back at them.
And that is EXACTLY what my beef is Google since Android has momentum. They're turning into 90s Microsoft, just bullying people and not playing for the tech industry's best interest. Proprietary code, pulling 3rd Party APIs (from Microsoft's YouTube app and the Google Voice apps), and just leaking into EVERYTHING. I'd honestly say with their AdSense and AdWord stake still being so damn big, they've got the seeds planted to be a much worse version of a 90s Microsoft.
Hopefully, people get tired of Google's moves and the competitive field gets more level between Apple, Google, Microsoft, and Amazon (they are making moves in the tech world). Do people REALLY want Google and Apple to be their ONLY realistic options like the Mac and PC fight that came before it?
Google thinks by doing this they will give MS a bad rep, what they are only doing is advertising the fact that they really do not care about people at all.
There clicked in my mind ......google apps :P
Screw Google....Beatches
beatles
Screw + Google = Scroogle!
Go and patent it ,otherwise someone will rob it
Pretty sure MS beat me to it, lol! They had a Scroogle campaign running that only stopped last year outlining what Google does with your data!!! ;)
All MS has to do is publicize an exploit in a Google product in return. Here's two as an example, just to make MS's life easier:
* Chrome is a spyware
* Android is a spyware
Easy, isn't it?
That's not news; everybody knows it already. And, almost nobody cares. For the most part, users don't care about security. If we did, Windows wouldn't have a 90% market share.
Microsoft should also do the same thing with google. And Increase android patents fee.
As far as I know Microsoft had 90 days to correct the bug then if they had done it in time there would have been no problem ... and we aren't talking about 2 days ... and we can imagine that Google is maybe not the only one to have discovered it so there is always an hurry to solve. Even 90 days delays is too long. Imagine the back door opened in your garden while it's freezing outside. The quickest u close it the best u will feel inside ...
You've never built an application and looked at code apparently. And don't let Google fool you, they did that only to rub it in Microsoft's face which is 100% why they have people at Google who do nothing all day but try to find vulnerabilities in others products. Has nothing to do with helping anyone but themselves so they can look like some hero. Don't ever think it is done to help you or I.
On the user side I don't ask about help. Just to have bugs corrected quickly enough before it turns into a problem, whoever the editor is and I think that 90 days is yet a long period of time for big companies like Microsoft or Google. It would be a car with a risk to crash, people would try to repair much quicklier ...
If a car has a defect, it had it from the beginning and it can sometimes take years before the defect is noticed and can take some time for a fix to be created. The same is true with software. That vulnerability has been there from the start and was just recently noticed. It doesn't matter how big a company is. You can only throw a certain number of people at a problem before they start getting in each other's way. Releasing details about a vulnerability before it is fixed puts everyone at a greater risk. What are companies going to do with that information? They are still going to sit there and wait for a fix and in the mean time hackers have detailed information they can use to exploit the vulnerability.
Just because your back door is open, doesn't mean you publish in the newspaper that your back door is open
What Google has done here is purely for the sake of popularity and revenge against Microsoft
Nope but it doesn'ttake 90 days to be repaired and it's just my door with no rid for millions of other users, what I mean is whatever editor u are (Microsoft, Google or others) it would be fine to stop bullshitting users and move their ass to activate corrections in a reasonable delay and 90 days is already too long !
Be better if Google fixed their Crome and Android spyware. In fact its been there for longer than 90 days.
How would you know how long it takes to fix? An OS is a massive program and many interdependant parts. Fixing one problem can easily break another part or open other vulnerabilities. They have to fix and then test the software.
90 days is too short to do whole process of programming. After all it's not just coding, every time you do some change in the code of the Windows you have to do checks for side effects and so on.
They already did much quicker. All is a question of pressure ...As far as there is no impact on their money, they take their time ... But when needed they can be extremely efficient ...
Shits gettin too complicated...and I have a fuckin Ph.D.
Lol, the value of a Ph.D just plummeted...
It's a joke limp dick, and I do have a Ph.D., just not in computer science, but id still beat your ass academically in any subject. Go ahead, you pick.
Hahaha. I was also joking! I refuse your challenge as I don't give a rat's ass about academics!
I'm playing too. Ok, were done here.
What, you don't wanna talk about my dick anymore? I do have a Ph.D on that topic. I tatood my dissertation on it! (though you can only read it when it's fully erect... Hahah)
I mistook your name for limp dick. Lippidp...it can happen
Yeah and look at the crapshoot that happend when Microsoft released a quick patch that stopped people's computers working - they were getting called out from all sides. Microsoft has thousands of business users it has to protect that they have to fully ensure that a patch doesn't cause more problems than it solves.
I understand Google's stance of a time limit trying to pressure companies to get the software patched rather than ignore it, but there is a still a moral reason not to publically release vulnerabilities into the wild. It could have been an internal conversation - G:"Hey hows that patch coming along?" MS: "Yeah, it took more time than we would have liked but it will be out on our patch tuesday". G: "Great! No need for us to announce this one. Was great working with you."
It oozes from the walls at Google; they just like to stick it to Microsoft, plain and simple.
This is more like your neighbour found that there is a under ground path through your basement and says that boss you fix it within 90 days even if it means rebuilding your house. If it is not fixed, I will tell the path to every one by 91st day. I am sure it is acceptable by you :-)
Personally i consider that delays are delays and better than waiting for the last day to see if it works it's better to be efficient, be ready quickly to have time to test it before the deadline ... The problem right now is that people spend their time asking for more time rather than managing correctly the time they have.
You're a project manager some place.... Aren't you?!
You talk like Microsoft hadn't developed a solution in 90 days, when, in fact, they had a fix for the vulnerability. The two extra days was to allow them to release it with their standard patch Tuesday (second Tuesday of the month). There is nothing unreasonable about that request. Had Microsoft asked for weeks or months, I could understand it, but two days? Come on! You know damn well why Google chose not to give them the 2 days, and it has nothing to do with pressuring Microsoft into being more proactive with developing fixes.
Is it really any of Google's fuckin business? No, mother fuckers.
You should not use such language... Especially in the internet. It will make you look like something you are not.
I think it is pretty clear I'm talking about Google but I respect your opinion, and yes, someone can easily misinterpret language.
It is pretty clear... At least to me :-) but words are words :-)
I am talking like some one who knows that all fixes/patches cannot be finished and pushed within 90 days... If you think different, I am fine with that too. By the way, I honestly don't understand why Google did not give Microsoft those two days. Not for arguing, but can you explain? I am thinking along the lines that it is not a show stopper and it can definitely Wai 2 more days. Am I missing something here???
If everyone who has accreditation in their workplace thought like you, dear gods, we would be so far ahead.
@Thierry JAUNAY I sincerely hope you aren't being this thick-headed on purpose. It's good to want a problem to be fixed but pushing out a fix without testing it when you have millions of computers owned by consumers, businesses and governments is irresponsible. You used an analogy of closing a door in your home, it's not even remotely similar but I'll humor you. It's more like having a home with millions of doors and some doors have the potential to explode if you don't close the open door properly. At the end of the day though, unless you actually work for Microsoft and code for them, you are in no position to make the statements you have about how long it should take to fix anything.
It's why being a locksmith is a job and u have not just one for all the doors, the same way u have good ones and bad ones ... Some working correctly and quickly ... others not ... The problem with stock holders is that they run for profit on sales at the expense of maintenance considered as costs
Okay, lets add corporate psychology to the list of things you don't understand in addition to coding. Microsoft is not going to risk it's bottom line by allowing a known vulnerability to exist longer than it's capable of. It makes no business sense to hit your bottom-line in that manner.
In fact I don't understand many things except that when a door is open, if Google found it others also have in less than 90 days ... And when I buy a door it's not to give the keys. That means having an efficient after sales ... Would u wait 90 days until your future Google car have a crash ?
I'm glad we can agree you don't understand. I'll leave you with one last thought, sometimes there is no fast fix for a problem, especially in coding. Sometimes fixing things things is more tedious than hard.
And if u want a good WF app to manage tasks (I manage 4000 items and 140 partners on it) and knowing that it will have soon a mini PowerPoint integrated etc. Then use GTD Flux on the WF store ... Just to say that even with a phone u can do a lot ...
You generally don't find out about a defect in a car until a crash or a large number of cars have the same part breakdown. This vulnerability has been there much longer than 90 days. What benefit do you get from publishing the vulnerability? The fix is still not available and now your computer is at risk. The only time I would publish is if the company is ignoring the vulnerability. I would warn the company first to get their act together and then if they ignore it, I would warn the public. Since the fix was already made, publishing early accomplishes no purpose other than to make the threat worse and fulfill Google's need to make MS look bad.
The difference with google cars is that it will not be just parts breaking but potential high risk real time systems ... And drivers are not the specialists from Apollo ... It's why I gave this example ... Knowing too that a car can be embossed etc. which changes driving parameters and we will not be playing an XBox or PS race car but moving real human beings ...
Microsoft maintains their software longer than any company I know. Google and Apple give you free update to the latest software. However, Apple makes their money from the hardware sales and pushing new updates tends to make older hardware slower and will get people to upgrade the hardware sooner. Google just cares that users will their OS so they can push ads to them and data mine user info to sell to advertisers. Both companies abandon the previous version as soon as the update is released. Microsoft maintains the previous versions and the current versions of their software for years.
I totally agree on old software and it's why I'm happy with the new free update model that will force users to evolve in spite of keeping alive shit old programs of an other age ... There is also a time when programs need to be updated with OS ... On that, 10 will help a lot ... The age when u were thinking u would have the same job all your life is out of date !
You're a shoot them in the knee or shoot the gun out of their hand guy aren't you...
Google does this with it's own products as well, they've hosted contests offering people thousands of dollars to find exploits with Chrome OS. Google as a company does care about security.
And the fact that they released an exploit after the 90 day period(if I am not wrong) isn't unfair, that is the policy of Google's security research and you can sure as hell bet that Google won't extend the time especially for one of its biggest competitor.
Also last I checked Samsung was the only OEM paying for Android royalties, and even Samsung refused recently after Microsoft acquired Nokia and now they are working out a deal, Samsung makes Windows Phones in return for less(or no) royalties fees. Microsoft isn't in a position to increase the royalties, it is barely standing in a position where it is fighting to get it.
Posted via the Windows Central App for Android
Google is currently fighting against the European Courts for their sharp practices. Basically, they only care about keeping their spyware working and making money. Time for anti trust action?
You checked wrong. For one, HTC is also paying royalties. And you expect anyone to fix and release a patch for an OS with millions of lines of code in 90 days??? Seriously? Besides, even in Pwn2own, whatever the vulnerability is, only the basic details are given out and not an application that exploits the behavior.
False all android OEMs pay, details all hidden, this includes Motorola both new and older division. You can see their dealings info online.
@salmanahmad And in the end of the first paragraph you came...
You didn't get the whole picture do you?
First, Google is DELIBERATELY releasing security hole information, even though they already contacted by Microsoft that the patch is ready and will be released 'next tuesday' which is only 2 damn days. Trying to be strict when their own OS is full of vulnerabilities without any available update is really something (most of old Android devices, those in 4.1.x era didn't get any update by now).
Second, disclosing a vulnerability WITH a tool to exploit it? Come on. That's not the way to disclose vulnerability. So if some criminal know about this vulnerability from Google's announcement, they can use it right away to exploit it since Google already give them the tools.
My conclusion: Google is indeed being a d*ck on this case.
You need to see that this vulnerability isn't a massive one, not one which could affect millions of PCs.
Patch Tuesday or not, Project Zero has a 90 day limit and just because Microsoft said it wants a day or two extra doesn't mean Google, or anyone for that matter, will grant it.
Posted via the Windows Central App for Android
Did they publish those vulnerabilities as they were discovered? How long did it take them to fix those vulnerabilities? By the way, Microsoft also has hosted similar contests.
Maybe Microsoft should hire people to look for exploits in android and start publishing them. I guarantee that android has plenty of exploits. I doubt android users would be happy about that, especially since there are many android users stuck on older versions that aren't being updated anymore.
I guarantee that Windows Phone has tons of security issues as well, but not many serious attempts have ever been made to find them, apart from one Pwn2own event that I heard of.
And finding exploits in Android isn't a huge issue really, it'll help make Android more secure. By all mean Microsoft should do a similar project, if it wants.
Posted via the Windows Central App for Android
Finding issues with Android is not a huge issue. I agree. But fixing them and pushing them to the users is. Just imagine... Microsoft find one such exploit in ICS or Jelly bean and publishes it with a tool. Is Google going to be affected? No. It is those millions of users that uses the previous versions are. Microsoft can say that Google should actively push updates and close the case.
Google actually supports older versions of Android quite actively, using the Google Play Services.
The only thing that has been abandoned is the old AOSP browser, which has a number of security flaws, but Google recommends using Chrome instead for older most users.
If Microsoft started a similar initiative it would just make Android a bigger threat to Microsoft.
Posted via the Windows Central App for Android
You do realize that we are talking about Android as in Android OS and not in just the Google apps right? Google published a flaw in the part of OS and not on something like Internet Explorer or media player or file explorer. If microsoft is to pulish a vulnerability that affects the Android OS that is even used in JellyBean, it will be users who are going to be affected.
If Microsoft takes such an initiative, it is more for taking revenge and I would not stand and say that Microsoft is OK to do that.
"We urge Google to make protection of customers our collective primary goal."
BURN.
Burn...like genital warts (do they burn, idk)
THEY ALREADY BURNIN' CUS THEY IN HELL....
Given how google have yet to develop any app other than a search one for any windows device shows how much they despise Microsoft... It's also shocking given how dominant android is, that this is not seen as an anti trust issue. If it was on the other foot it definitely would be, and has already been!
Pages