Can You Trust Microsoft On Security?

simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)

was on cnet yesterday

[mAineAc]

was found here [com.com] yesterday. I don't think it is a joke.

Poor Patches Screwing User Confidence?

[peterdaly]

Koetzle noted that while Microsoft's patches for the last nine high-profile Windows security holes predated such attacks by an average of 305 days, too few customers applied the fixes because "administrators lacked both the confidence that a patch won't bring down a production system and the tools and time to validate Microsoft's avalanche of patches."

I know I have totally screwed at least one "critical" production server by installing a service pack. Granted, that was NT4, which on the whole is just an impossible architecture to patch...or so they say.

Lack of security from the ground up in their design is what I believe the problem really is. The lack of a simple "bring this server up to date" scheduler doesn't help either. Even if they had that, people wouldn't use it due to patches toasting systems in the past.

-Pete

Re:The WinXP screenshot

[Anonymous Coward]

What's more, a fatal exception has occured at F0AD:42494C4C.

Also, check the bytes:
0x42 = 'B'
0x49 = 'I'
0x4C = 'L'
0x4C = 'L'

Re:Trust... security??

[Anonymous Coward]

1. I agree that nobody should be trusted on Security. We all need to be educated on Security, and be able and willing to act on it. Even the most secure products can be defeated by ignorance.

2. As a Developer who has programmed with MS Access since 1.0 and VB since 3, I disagree with your notion that Techies do not like Microsoft. You might want to check out sites like "AngryCoder" ( http://www.angrycoder.com [angrycoder.com]) run by people who are definitely pro-Microsoft, but also willing to criticize Microsoft where they deserve it.

Re:Are we surprised?

[lseltzer]

How can you raise the slammer worm and then say that Microsoft doesn't respond quickly? The article makes clear that attacks on Microsoft products were an average of 305 days after Microsoft patched them, and this was famously the case with respect to slammer. People aren't applying the patches in spite of clear warnings.

Bork Bork Bork

[Mintee]

"Since "product activation" is necessary to get the system working, XP proceeded to dial my modem and register my personal data with Microsoft Passport, while at the same time signing me up for MSN and billing my credit card without asking. How convenient can you get?"

So So Terrible, Yet So So True!
All Hail APRFLS God. Mr. Gates!
And wasn't M$ founded on April 1st.

ASCII magic

[Compact Dick]

The "translation" is done using the ASCII charset which is used as a standard in computers, and the corresponding numbers are in hexadecimal form.

The whole message is F0AD:42494C4C. From this, we get "Fuck Off And Die: Bill". How, you ask?

F0AD == Fuck Off And Die [hacker slang]

42494C4C: break them into pairs, as we do with hex numbers. We get 42 49 4C 4C.

Now match the hex numbers with their corresponding values from the ASCII Table [mindprod.com].

42 == B
49 == I
4C == L
4C == L

Re:Are we surprised?

[Anonymous Coward]

They tarnished their own image with Windows Update. Seriously. Auto-update is a good feature but a PR nightmare. Windows doesn't have any more bugs than it had before (less because they're actually fixing them) but now instead of basking in a false sense of security we get Windows Update popping up every 3-5 days to inform us of the latest critical vulnerability. This is not reassuring.

|Windows XP SP1 has big memory mgmnt problems.

[Futurepower(R)]

Windows XP Service Pack 1 causes memory management problems that my experience shows are far, far worse than Microsoft says. The new 815411 patch [microsoft.com] seems to fix the problems on the one system on which I have tested it. The title is "Programs Run Slower After You Install Windows XP SP-1", but that doesn't make sense. Why do they run slower? Because the operating system is trying to recover from memory management errors?

To see the problem, start 20 instances of Mozilla, each with 10 tabs. As you are doing this, you will find that the responsiveness of the Windows XP system becomes much slower. Then, when the limit of installed memory is reached, and the system begins using virtual memory, all instances of Mozilla will crash. After the crashes, the Windows XP system remains unstable. The instability can only be fixed by re-booting.

See the Slashdot article: XP Service Pack Slows Programs [slashdot.org]

The Slashdot article referenced this article: Service Pack glitch causes system slowdowns [vnunet.com] (Notice the nonsense subtitle in this article: "Windows XP SP1 update flaw affects memory-allocating programs".)

Microsoft is apparently afraid that the patch causes more problems, so the patch has limited availability. Also, by making people who want the patch call Microsoft, the company may be collecting information about the problems people are having. It seems from the way the notice of the patch is worded that if you call Microsoft, you may have to pay.

I downloaded the patch from other sources, and found that they all were the same, so that relieved worries of a bad patch.

Sources:

Neowin [neowin.net]

Q815411_WXP_SP2_x86_ENU.exe [ntlworld.com]

Q815411_WXP_SP2_x86_ENU.exe [rene-hennig.de]

Q815411_WXP_SP2_x86_ENU.exe [t-online.de]

http://www.paricom.com/matt/xphotfix/ [paricom.com]