nanog mailing list archives
Re: Please run windows update now
From: valdis.kletnieks () vt edu
Date: Tue, 16 May 2017 13:37:01 -0400
On Tue, 16 May 2017 09:40:50 -0700, JoeSox said:
What would be more of an interesting discussion, to me, would be why doesn't Microsoft know about these hoarding of vulnerabilities by State actors and plug them up?
It's pretty hard for Microsoft to know about an exploit the NSA is sitting on, until Shadow Brokers or similar spills the beans.
Are they really that clever of vulnerabilities? Does Microsoft not have the resources?
The talent pool for top-flight hackers is not all that large. And even if you acquire a large skilled team, there is *zero* guarantee that some other talented team won't find a hole that your team didn't spot. In fact, there's a lot of good reason to believe that exact situation happens *all the time*.
Is Windows like the ocean, where there are just hundreds of new species awaiting to be discovered?
Find statistics on average number of bugs per thousand lines of code. Find estimate of how many 10s of millions of lines of code ships as part of Windows. Do the math - and have alcohol handy for the almost certain drinking binge that the answer will inspire.
Did Microsoft at least know of the NSA vulnerabilities, for example, and kept it classified until NSA told them to plug them up?
There's lots of informed speculation on that one, but I can almost guarantee that you'll never get a definitive answer from somebody who actually know.
Attachment:
_bin
Description:
Current thread:
- Re: Please run windows update now, (continued)
- Re: Please run windows update now William Waites (May 15)
- Re: Please run windows update now bzs (May 15)
- Re: Please run windows update now J. Oquendo (May 15)
- Re: Please run windows update now Aaron C. de Bruyn via NANOG (May 15)
- Re: Please run windows update now valdis . kletnieks (May 15)
- Re: Please run windows update now Jonathan Roach (May 15)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now JoeSox (May 16)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- RE: Please run windows update now Keith Medcalf (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now Matt Palmer (May 16)
- Re: Please run windows update now J. Oquendo (May 16)
- RE: Please run windows update now Keith Medcalf (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now Josh Luthman (May 16)
- Re: Please run windows update now Carl Byington (May 16)
- Re: Please run windows update now John Levine (May 17)
- Re: Please run windows update now Brad Knowles (May 15)