Microsoft rewarded for security failures with another US Government contract

(www.theregister.com)

189 points rntn | 1 comments | 02 Sep 25 17:30 UTC | HN request time: 0s | source

Show context

kazinator ◴[02 Sep 25 21:31 UTC] No.45109336[source]▶

Microsoft is rewarded for security, privacy and reliability failures each time a consumer buys another Windows PC.

And, to be fair, so is every other software project with an imperfect track record, that continues to have users, whether FOSS or closed source.

replies(3): >>45110407 #>>45110811 #>>45110842 #

okanat ◴[03 Sep 25 00:17 UTC] No.45110811[source]▶

>>45109336 #

I don't use Linux as my primary OS anymore. However the default protections of the Linux desktop is worse than Windows's which is rather sad. For "root" level operations Windows has several layers to protect the system itself. The newer Appx packages are have scoped security protections around them.

On Linux, yes you can spend months modifying Flatpaks, or writing SELinux rules or apparmor profiles but nobody does that. The out-of-the-box Linux user distros are quite a bit lacking and it is only a matter of time that malware that steal secrets from home directory to arrive to Linux too.

replies(2): >>45111176 #>>45112337 #

1. c0balt ◴[03 Sep 25 01:10 UTC] No.45111176[source]▶

>>45110811 #

> On Linux, yes you can spend months modifying Flatpaks, or writing SELinux rules or apparmor profiles but nobody does that.

For what it's worth, RHEL and to some degree Fedora do give you those SELinux rules for most of their packages. That OOB for anything you would install with rpm.

> it is only a matter of time that malware that steal secrets from home directory to arrive to Linux too.

No need to wait? Most of the malware distributed over npm/pypi has supported Linux and sometimes MacOS for a long time.

↑