June Windows Update To Be Biggest in a Year 220
Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."
Sigh. It's gonna be... (Score:5, Insightful)
Re:Sigh. It's gonna be... (Score:2)
Re:Sigh. It's gonna be... (Score:2, Informative)
Re:Please! (Score:4, Funny)
Reinventing their Wheel (Score:5, Insightful)
Yummy.
Re:Reinventing their Wheel (Score:5, Insightful)
I think patch days like today are an indication that XP will never be "patched and secure." And probably, neither will Vista.
But if you're switching to Mac, beware of the purists [slashdot.org] who seem to think Mac use is a royal privelege or something.
Re:Reinventing their Wheel (Score:2)
Re:Reinventing their Wheel (Score:2, Insightful)
Every OS has flaws right now. While some might announce their flaws right when discovered, and others try to hide them until they have a patch, they all have holes right now that just have not been discovered.
Yes, Vista will have patches. So will OSXII. So will FC6. It is flawed code by flawed people. Deal with it.
Re:Reinventing their Wheel (Score:2, Insightful)
Software is too dynamic to reach a 'finished' state for something as complex as an operating system. There is always something to fix, improve, or some new bug/vulnerability to patch. No, XP will never reach that 'golden' state where it doesn't have problems/security holes. Rather M$ will just move it's focus to Vista (mistakenly early I suspect, as the majority of user base is most likely just getting to XP now), and open up that new can of worms.
On a side note, this is the precise reason M$ needs to b
Re:Reinventing their Wheel (Score:2)
If you want to shed many of the problems plaguing Windows you are going to have to stop tacking on old code for the sake of backwards compatibility. Apple has made major breaks with old software and then provided "bridge" software to help users over the hump (Classic to support pre-X apps, Rosetta to run pre-Intel binaries).
Unfortunately, it doesn't look to me like this is where
And if you did do something wrong... (Score:2)
Re:Word of the Day: MacSnob (Score:2)
Holy crap! Watch your step getting off that horse; it's a high one!
When my current PC outlives its usefulness, I'll be a "switcher" too. And look out, because there are going to be a lot of us pretty soon. Whether we meet you high, exacting standards is moot. Thanks to current Windows trends, Mac is about to become a lot more popular.
And I guess MacSnobs wouldn't know Clarus [clarus.com] from Claris [wikipedia.org]. Maybe the word of the day is Pretender [wikipedia.org].
Re:Word of the Day: MacSnob (Score:2)
Given the link you provide for Clarus [storybytes.com], perhaps pretender is indeed the word of the day.
Re:Word of the Day: MacSnob (Score:2)
Whaaa...?
What does storybytes.com have to do with clarus.com? Whatever, here's the Google search result [google.com] for Clarus.
Re:Word of the Day: MacSnob (Score:2)
There's a certain irony in a person unfamiliar with Clarus labeling a Mac user a "pretender."
Re:Word of the Day: MacSnob (Score:2)
Point taken, 'pretender' comment withdrawn.
'MacSnob' comment still stands.
Re:Word of the Day: Switcher (Score:2)
That's what they kept telling me when I was an Amiga user. I still have a fondness for my old Amiga(s). It's unfortunate Commodore didn't market it directly to a single industry for a while (like Macs with the desktop publishing). They barely marketed it at all. Who knows what direction things would have went if Tramiel didn't leave. He didn't stop in to take back control of C= when it was faltering. At least Jobs stepped up to put Apple back on track again.
Re:Word of the Day: Switcher (Score:2)
The owners at the end did not care about the company, about growth, or technology, and would not have even considered bringing Tramiel's genious back in. They were far too busy engaging in insider trading and embezzlement than caring about their employees, stockholders, and the industry at large.
Re:Word of the Day: Switcher (Score:3, Insightful)
Re:Word of the Day: Switcher (Score:2)
How much in lost revenue .. (Score:5, Interesting)
Re:How much in lost revenue .. (Score:2)
And perhaps more interesting:
How much more would it cost not to patch?
How much more would it cost to patch a comparable number of linux installations.
Re:How much in lost revenue .. (Score:3, Interesting)
Re:How much in lost revenue .. (Score:2, Interesting)
The patches cause downtime as well.
Re:How much in lost revenue .. (Score:2, Insightful)
As a final note, I'd like to add in that of the 25 developers all running the same OS and hardware, there were only two of us that had this problem.
Re:How much in (RIAA/MPAA) revenue .. (Score:3, Insightful)
Patching for the SME resembles this: Read everything about the patch, what it is f
Re:Testing good, but you can still get bitten (Score:2)
But I'm sure Microsoft didn't do that ON PURPOSE.
Re:How much in lost revenue .. (Score:5, Insightful)
Yes.
1. Other operating systems have a user security model that works. WinXP is still very difficult to maintain regular (non-admin) users. There is a LOT of workarounds that are required to make it function correctly (I think MS engineers call these "shims") due to application developers not testing for this scenario, unlike other systems (Mac OS and *NIX demand it).
2. This model has been utilized by *nix systems for over 30 years. While security issues have been found, they have largely been eliminated and it is infrequent to find escalation issues.
3. *nix systems are inherently very modular and consistent throughout. As a result, it is much easier to roll out a patch and rollback if necessary compared to Windows. Furthermore, given this architecture and well established APIs, it is easier and quicker to test patches and release them (not to mention provide competent admins actual source code access to understand the changes made -- let it be at the distribution level, corporate or organizational level).
4. *nix has a long history of being used in untrusted, multi-user settings (servers, thin clients, terminals, universities, banks, you name it..). Windows inherently *trusts* the user
Windows/DOS from the beginning has assumed a single, trusted user. It wasn't until NT came around that a true security model was inplace, but even that didn't take to the mainstream until XP arrived in 2001. Even with the release of XP and the possibility of enhanced security (underprivleged users), Microsoft elected to favor backwards compatibility/ease of use and defauled to Administrative level access for all users instead of enforcing underprivleged users and slapping application developers upside the head to write good code (Though in the 3rd party's defense, even Windows XP has some issues with the entire underprileged user configuration..).
5. So now we are on the verge of "Vista"
Anyways.. thats my take. Sure, any operating system *could* be run in such a way where a user can load up malicious code and undoubtedly, there will be bugs in the source code (it is written by humans after all..) --- however, given the initial focus on Unix to be utilized on untrusted networks in a multi-user environment and the fact they have had over 30 years to fine tune the code, make the code modular and it is still very prominent today (it was done right the first time) makes me think it is a valid, time tested model.
Compare this to the Microsoft model where every few years they have the "bet the company" on a new model.. its apparent to me that they simply are not building a model that is solid. Over the past 20 years, they have released what I consider 5 distinct versions of Windows (Windows 1, Windows 2, Windows 3, Windows 95, Windows NT) -- all with major fundamental changes in how they function. Windows Vista could very well be the sixth version (Atleast it *should* have been.. but with all the feature cut, it might not be..). This is compared to *nix where a lot of fundamental philosophies and tools very much date back over 30 years.
Re:How much in lost revenue .. (Score:2)
Personally, I think it would be hilarious to put one of today's average unix users (ie: Linux brats) on to a thirty year old unix system. Heck, even just sitting them down in front of an early- mid-90s commercial unix would be quite entertaining.
The suggestion that the world would be (markedly) different if some other OS was #1 is silly to begin with, but trying to say that all the other OSes arou
Re:How much in lost revenue .. (Score:2)
To believe what I wrote implied that there have not been any advancement on *nix over 30 years (or even 10 years) is stupid. There are many commands and tools that are very much in use today that would be found on either of those systems. I was more inferring that m
Security by diversity (Score:2)
Because most opensource operating systems comply to open standarts and you can imagine cohabitation of various different OS and distro.
It won't exactly be Linux becoming #1 standart, but POSIX as represented by various Linux distributions, and BSD variants, being standart.
Open-source code can rather easily get to cross compile across different *nix as long as they are standart compliant, and thus m
Re:Security by diversity (Score:2)
Discussion is about software vulnerabilities, about microsoft having so poor security that need so much patching, and if this is a microsoft trait or if once linux rises similar sitution will be observed.
Of course, I know, there are some annoyance that aren't software dependent, like phishing, spam, spoofing and similar scam that aren't software dependant (and in fact even computer dependant and could also work with smartphone or even faxes) but wetwar
ActiveX (Score:4, Interesting)
Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.
-Jar.
Re:ActiveX (Score:5, Informative)
IIRC, the workaround is to make sure your [object] tag is written out using (Java|VB)script. If you visit macromedia.com they use this technique and have a tutorial about it written up. And to be fair, MSDN's been letting developers know about this for ages.
Re:ActiveX (Score:2)
Either way, this patch release _must_ be managed correctly within the corporate IT space.
-Jar.
Re:ActiveX (Score:2, Informative)
Microsoft has a tutorial on their MSDN site [microsoft.com] which discusses this as well.
Re:ActiveX (Score:2)
The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.
Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.
The fix is trivial [microsoft.com]
Takes a minute to implement.
Re:ActiveX (Score:2)
Clarification (Score:5, Informative)
Re:Clarification (Score:3, Interesting)
Huh? Flash would be out of business then. What the post-Eolas IE actually does is prevents the user from interacting with the ActiveX control until 'activated' with a click. (The control's running fine meanwhile, which means it can also be a security risk.) Also, this applies to controls put on pages with an honest-to-gosh [object] tag. If you write your [object] tag dyn
Re:Clarification (Score:2)
Beware of Microsoft's advice (Score:5, Funny)
Re:Beware of Microsoft's advice (Score:2)
*shakes head?* (Score:2, Funny)
Then I realised I was booted into Ubuntu.
*slinks off into the night*
Re:*shakes head?* (Score:2)
That happened to me when I installed Ubuntu on my sister's computer. Some monitors can't use higher resolutions unless the HorizSync and VertRefresh rates are configured in /etc/X11/xorg.conf, something the installer does not do by default. I used a Knoppix CD to find out what they were since it prints them out at bootup, but
The Mac way (Score:2, Insightful)
[ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]
But I cannot understand why ppl raise a
Re:The Mac way (Score:2)
Mac Security Updates don't change the OS version number.
If you examine Apple's Security Updates here [apple.com], you'll see that the updates that are called "Security Updates" don't change the OS version number. The updates that do change the version number are called "Mac OS X Update" (e.g. "Mac OS X 10.3.9 Update").
Re:The Mac way (Score:2)
The Apple equivalent of Service packs are the Z level revisions (as in X.Y.Z, patch level, for Major, Minor and Patch level). They only charge for the X and Y upgrades.
Of course
Won't they be coming
Re:The Mac way (Score:3, Informative)
Re:The Mac way (Score:2)
Apple keeps OS X releases updated throughout their life cycle, until they reach 10.x.9. Then a new major version is released for only $120. No activation, no WGA. Not even a serial number.
Mo' money, mo' money... (Score:3, Interesting)
"We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
I think anyone who is still running windows 98 would be better off switching to Linux. I would have to beleive most software running under 98 could be run under Linux using Wine/Crossover Office, or alternatives found. More than likely, most 98 users just have some office type applications and never upgraded because they didn't need the fancy new OS. My old office still has 98 on many computers just because the people using them run basic apps that get by with what they have, and upgrades would be costly (relative of course, some small businesses would be hurt by 10K in computing upgrades). With so many security holes are known, and support is ending, AND newer Linux distros are pretty darn close to "it just works", we may see small pockets of Linux migration.
MS not supporting what they say they do! (Score:4, Interesting)
So even though Microsoft have stated that they support 98 and ME until 11th July 2006, they will not support those two OSes today?
Yes, people are crazy if they rely on 9x in anyway, but when Gates says he'll support it until a date I'd expect support to be provided, even it means some changes to the shell. And we all know how much exageration is used when a job is being avoided... ("major re-write of the Windows Explorer").
Re:MS not supporting what they say they do! (Score:2)
Re:MS not supporting what they say they do! (Score:2)
So Illegal Copies Break The Law (Again)? (Score:5, Informative)
This is why i'm using Autopatcher XP [autopatcher.com] (Annoying forum-based website), you can download the updates off them, see the details and unselect all the crap you don't want, without having to go through Microsoft and Windows validation. You just have to wait a while before they release the newest version.
Re:So Illegal Copies Break The Law (Again)? (Score:2)
Re:So Illegal Copies Break The Law (Again)? (Score:2)
5 minutes later i see a Security Centre icon in the bottom right and it's downloading and installing updates i didn't even agree to.
Windows Genuine Advantage "Your install is not valid" here i come...
Re:So Illegal Copies Break The Law (Again)? (Score:2)
I guess this thread [emailbattles.com] is to what you are referring, or something similar. Again, I have never seen this firsthand.
Re:So Illegal Copies Break The Law (Again)? (Score:2)
Re:So Illegal Copies Break The Law (Again)? (Score:2)
Coincidence (Score:2)
Coincidence?
Get your facts straight... (Score:5, Informative)
Re:Get your facts straight... (Score:5, Funny)
Cool, how do I get WGA to fail? And will it get rid of IE and Messenger too?
Re:Get your facts straight... (Score:3, Funny)
"Security updates will still be downloaded if you select "automatic updates", you just can't download nice addons like windows defender"
You don't class windows defender a security update?
From Microsoft...
"Windows Defender is a free program that helps protect your computer against [...] security threats"
Come on admit it, you thought Windows Defender was Microsoft's version of the popular 1980's arcade game didn't you?
Re:Get your facts straight... (Score:2)
Re:Get your facts straight... (Score:2)
Why is this a bad thing, exactly?
Re:Get your facts straight... (Score:2)
Re:Get your facts straight... (Score:3, Informative)
Re:Get your facts straight... (Score:2, Funny)
bash: wuauclt.exe: command not found
kim@kimp4:~>
Damn it, that just won't work for me!
Malacious hackers and GWA (Score:2)
-Eric
Re:Malacious hackers and GWA (Score:3, Insightful)
Re:Malacious hackers and GWA (Score:2)
The only
Re:Malacious hackers and GWA (Score:2, Insightful)
Second, the concern about WGA's ability to execute code, and not be uni
Re:Malacious hackers and GWA (Score:2)
Or, you know, the fact that some of us are on Macs. Or running Linux :)
We've had a machine here at work fail WGA, even though it's a legit licence. Fortunately, the box in question is due to be turned into an IPCop [ipcop.org] box in a week or two, so no biggie.
The part that worries me is that it sets a precedent - will all
Re:Malacious hackers and GWA (Score:2)
As for corporate America which uses SMS or WSUS all updates go through an approval process first and then are authorized to be installed on clients. Sorry but when a client on my network does a DNS lookup they aren't go out to the Internet everytime. Yes the NSA can and probably does monitor anything and everything but that is
Re:Malacious hackers and GWA (Score:2)
You're not thinking like a PHB:
- Vendor lockin - switchinng to alternatives is too much work
- PHBs swallow FUD hook, line, and sinker, and don't realize that when microsoft advertises TCO, downtime, etc. they redefine those terms without really explaining how they define those terms
- Swag (T-shirts, gadgets, trips to Hawaii)
Microsoft Windows is going to be locked into the corporate
Re:Malacious hackers and GWA (Score:2)
Re:Malacious hackers and GWA (Score:2)
Re:Malacious hackers and GWA (Score:2)
Microsoft wrote and compiled your software to begin with. It already has root on your box, whether you use "Genuine Advantage" or not.
Re:let me be the first to say (Score:2)
That's not the biggest problem that I have with WGA. My problem is that it phones home every morning, using the connection settings from IE, but it doesn't support Integrated Windows Authentication like IE does. That means that proxy users (like all of mine) get "mysterious" proxy authentication requests every mornin
Re:Strange Days (Score:3, Funny)
If that isn't an epic example of foreshadowing, I don't know what is.
foreshadow: To present an indication or a suggestion of beforehand; presage. ex. see Slasdot post by Anonymous Coward, Tuesday June 13, @08:57AM
Re:Strange Days (Score:5, Insightful)
Your comment is just not true. I get calls EVERY week with someone wanting me to clean their computers (all of them XPSP2 at least). The problem is that the first thing that sort of junk does is stop Automatic Updates from working for everything from Windows to Antivirus to even targetting AdAware etc., so from then on even if the user "cleans" their machine, they aren't getting the updates they need (even though sometimes it looks like they are) and thus they are open to every future problem too (including those fixed in patches like this one).
People are still dumb, they still click, they still don't learn, no matter what it ends up costing them. Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back but so long as I don't do X, I don't notice", "Yeah, I've been getting these random popups for the past few months, if you have a minute could you have a look at them sometime?", etc. Personally, I'd be doing damage control the second I spotted one of these on my own personal computers but it's just tolerated by the average joe. They can literally put up with it for months.
I'm ALWAYS being told that "machines slow down when they get older", don't they? Makes sense to them but to me I'm just thinking "Yeah, only if they are slowly filling with junk". And that's how people work. They keep using it until it gets to the point of being unusable (which for people who used to run older PC's is actually totally unbearable). Then they might casually bring it up in conversation with me, not do anything for several weeks, then try to book my time to clean it up etc.
Come on, a few days ago there was a major news story about the head of Microsoft itself not being able to clean his friend's PC of spyware. I work with people who can't drag-and-drop, you really think they stand a CHANCE of even seeing that they've been infected, cleaning it themselves etc.? And with the growing spate of targetted spyware/viruses, I can't even rely on putting on a nice automated cleaning system (like Adaware/Spybot/AVG scripted to auto-update and then full scan) onto their systems.
The reason I don't hear about it any more? I raise my prices depending on how bad it seems when I hear about it. Can't get on the net at all? That's an extra £10/hour. Can't load any program? Another £10/hour. Antivirus isn't functioning properly cos something's interfering? Another £10/hour. Haven't GOT antivirus/firewall/updates? Another £10/hour.
Got up-to-date antivirus, a good firewall, an "alternative" web browser, scheduled anti-spyware, no visible signs of infection prior and somehow STILL got something nasty? (even if you accidentally clicked a link you didn't mean to, so long as you TELL me you did that) The price drops dramatically to the point where people don't say... "Uh, ok, I'll er... call you sometime." but instead say "Yes, please, if you could."
Users aren't getting educated, they're getting ignorant. They KNOW it's a virus/spyware and they choose to ignore it and continue with their work (which, incidentally, is not only usually private and confidential but usually vital to the running of the school they work for). When you're telling headteachers that X got on the system because supplier Y didn't issue an update, they just carry on regardless. They don't stop to consider what MIGHT have happened to the data (in complete breach of Data Protection laws I might add) or where it might currently be floating, even when informed.
The best customers in the world are the ones who KNOW NOTHING but ADMIT to knowing nothing and look to you for advice. They're the ones that you can TEACH how to use a computer safely. Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you
People Don't Want to Be Bothered (Score:2)
Hell most people don't really need to be on the open Internet at all. They only visit a couple of sites and pick
Re:Strange Days (Score:2)
What scares me is that some people seem to see this as a badge of honor, to the point of bragging about how "infected" their system is and everyone should praise their ability to slog through the mire and still get their work done.
Its like a geek bragging about having genital warts because it proves he's had sex with someone -yeah, someone with a communicable disease.
Re:Strange Days (Score:2)
Can't get on the net?
That's a paddlin'.
Can't load any program?
That's a paddlin'.
Interfering with the antivirus?
That's a paddlin'.
Not having antivirus/firewall/updates?
Oh you'd better *believe* that's a paddlin'.
</jasper>
Re:Strange Days (Score:2)
The only reason my notebook is dual booting, is to be able to support other people, so I can test out fixes, or walk through the menus of some incomprehensible program with a client. I don't actually use Windows for anything.
Re:Strange Days (Score:2)
Re:Strange Days (Score:2)
Why not Opera on Windows?
There were a lot of security problems that read "visit this link in IE". Think about that again
Re:The same message. (Score:2)
You already have the previous patches. Once installed, it's unimportant how critical the original problem was (assuming the patch works).
Not having this patch is critical. Having it is benign. Just like all the others.
Re:The same message. (Score:2)
Re:Firefox? (Score:2)
The founder of Eolas said in eweek (in September 2003) [eweek.com]:
"We have from the beginning had a general policy of providing non-commercial users royalty-free licenses. We expect to be paid for the commercial use of our technologies....We released our browser back in 1995 to the world free for non-commercial use, so that should be an indicator to people that the open-source community shouldn't have anything to fear
Re:Firefox? (Score:2)
Re:Naive question of the month (Score:2)
Many times it has nothing to do with how bad the OS is, but rather how much more expensive a *nix/*BSD admin will be.
Re:Naive question of the month (Score:2)
You are, however correct. Other will point out that those dime-a-dozen MCSEs can't manage a system worth a damn, and if you got a competent IT admin for Windows they'd be just as expensive as a competent *nix admin. Which is also true. But sometimes all you need in a small IT department is someone who can follow the install prompts, check to make sure the components are plugged in, and wipe the users asses when they make a mess.
Re:Windows 98 (Score:5, Insightful)
Everyone ASSUMES that Microsoft is dropping support just because it's too broke and that probably isn't even CLOSE to the truth. The real reason is likely a combination of the two. From the archtecture basis, Windows 98/98SE/ME are UNSECURE! Microsoft has a much better chance of securing things with XP. That's not to say there's no holes in XP....there is. But the reason software is dropped from support is merely a business reason. When 99.9 percent of thier support calls are likely Windows XP or 2003 Server related, what sane person would choose to continue to patch something almost NOONE uses!
Re:Windows 98 (Score:2)
All people interested in accuracy should have stopped reading right here.
See, what the parent comment's author clearly does not understand is that Windows 9x does not run under DOS. It is launched from DOS. DOS is a boot loader. It is as important to Windows, once running in GUI mode, as grub or lilo would be to Linux if it weren't cleared from memory once the kernel loaded.
The DOS kernel loads. Then the DOS command shell loads. From there, w
Re:Windows 98 (Score:2)
Each and every one of you out there using any commercial OS should truly understand that one day, your vendor will say the same thing about your current OS, too.
Only in a Microsoft world would still-supported products be abandoned since they were, "just too broken."
Note that "only in a Microsoft world" is a product like Windows 98 supported for so long in the fir
Re:"Mandatory" non-security update bugs me.. (Score:3, Funny)
Re:windows... (Score:2)
Re:The beauty of Vista (Score:2)
-matthew