Weekly Microsoft Critical Security Issue 518
An anonymous reader sent in linkage to a zd story discussing the latest Windows Security Patches including an especially nice hole letting Java apps gain total control of your machine and assist you in reclaiming disk space by, say, reformating your drive.
Hmm... (Score:1, Insightful)
Oh, you mean the vulnerabilities that I've already patched?
Ok (Score:2, Insightful)
Oh joy! Cha-ching!! (Score:2, Insightful)
Mo money for me! Everytime this happens I go out and patch up my customers. Cha-ching, cha-ching!
And I always offer and *suggest* that they go with Linux but they are *afraid* of change.
They would rather live in fear and subserviance than live in security freedom...
Go figure..
Not quite true... (Score:4, Insightful)
Nevertheless, my last sentence becomes quite irrelevant, as Windows user tend to work as $root.
And in other news... (Score:3, Insightful)
Would this be considered Microsoft bashing? Nahhhhh....
But of course I won't mention that windows Update is free and it worked immediately after I got notice of the patch.
Help me out here (Score:3, Insightful)
Just curious. I mean, if the intent is to inform.
Not overly suprising (Score:5, Insightful)
I think this is where the philosophical differences of Open Source Software really make a big difference. Even though OSS still has bugs, the live testing cycle is un-paralleled. However I think the biggest difference boils down to this: there is no one saying we have to have this product out the door by XX date. Rather it becomes stable when it's ready, but you can use the development version if you need or want.
As the lines of code in software grows and the complexity increases, I think we will see a greater number of more sever bugs in closed source systems. Ultimately I believe this will be one of the critical factors leading to OSS's long term success.
I don't understand... (Score:3, Insightful)
I can understand the need for an array of software unavailable on any other platform (though, what percentage of that software is actually GOOD software?), and the platform standardization issues, maybe even "ease" of use, but honestly, the security and ridiculousness of the MS platform, ideology, and disregard of standards make me sick.
What is the continuing allure? Do you really not mind running machines that are completely insecure? And how can they not fix their own NT 4.0 code? That's absurd. They pitch this solution for years, and bail when the cost to fix their crap gets too high.
I'm not trolling, I'm baffled. Someone tell me why this continues?
Re:jvm (Score:5, Insightful)
Yes but ... (Score:3, Insightful)
<reality check>
Until someone actually writes a massivily spreading virus/worm that jumps from Windows PC to Windows PC doing precisely that (formatting hard drives) - people are just going to patch it and not even think about changing OS.
Hell, most people probably won't even patch it. What doesn't affect them, they don't care about.
</reality check>
Re:Dilemma. (Score:1, Insightful)
Re:jvm (Score:3, Insightful)
Re:Oh joy! Cha-ching!! (Score:2, Insightful)
Not that I love M$, but it seems that your bashing Micro$haft unjustly. Linux seems to be pumping out even more fixes and patches than old Billy boy's crappy product.
It seems like for the last month or so I have received at least 2 RedHat erratas a day, and the majority of them are for security reasons.
For my RedHat email server, there have been 98 updates put out by RedHat and the Linux community. Of those 98, 16 were bug fixes, 4 were enhancements, and 78 were for security concerns. On my W2K workstation, I have installed 12 hotfixes and 3 service packs
Linux enthusiasts like you that bash Microsoft without knowing what you are saying make the entire Linux community look bad. Instead of bashing them, we should at least praise them for responding quickly (this time), once the bug was found.
People who throw stones....
Clueless (Score:5, Insightful)
I'm sure the above is a troll, but I'll answer anyways. When you install windows, you get, well, windows. And internet explorer, and freecell. That's about it.
When you install linux from RedHat (or Mandrake or...) you get the OS, severl browsers and mail clients, 2+ office suites, 4+ text editors, java, perl, c, python, 25+ games, 3+ window manages, etc (not that you have to install all that - but they're available in the install).
I'd say Redhat is doing great to only have 2x the security bulletins as microsoft considering they supply 4x or 5x the software on their cd's.
Plus, it's been documented many times before that bugfixes are available much quicker in the OS world than the MS world.
I'm increasingly convinced that Linux is dying off. The lies and distortions we are seeing on slashbot have become more and more desperate over the past two years.
Name one "lie" regarding linux that you've seen on slashdot that's demonstratable not true (articles only, not posts). Remember, nobody is going to agree with all the opinions expressed on this site.
Not enough hacking (Score:3, Insightful)
I work for a company that has a good bit of Microsoft, some Sun and some linux deployed. Now, without getting into any religious wars over who's more secure, I'll simply say that the Microsoft servers have been compromised on more than one occassion. The Microsoft servers also got hit very hard by Code Red and Nimda.
When I see stuff like that, I just shake my head, because it seems insane to me that the company considers that acceptable. But then I thought about it, and here's why I think they're okay with it: with all of the exploits, all of the headaches, and all of the patching, it really didn't affect anybody above the admin level one iota. We didn't lose any money because of the compromises (sure, we served up a lot of movies and so forth), we didn't pay extra money to clean up afterward, and we didn't lose any data. As far as management was concerned, we got hit full on with evil crackers, and it just didn't matter that much.
Now, I'll grant you that some companies have a lot to lose with poor security. Anybody who's stocking personal information or credit card numbers or whatnot should be very concerned. Financial institutions and military organizations (people who are being specifically targetted for their data) should be more concerned. But I think the majority of companies who are just serving up information on corporate websites, running some basic services, etc. just haven't been hit by security holes hard enough for it to warrant a change in their philosophy.
I think it's much the same for desktop users. There are a lot of Windows vulnerabilities out there and a lot of unpatched machines, but I don't know of anybody who's really felt any pain because of microsoft security holes. I'm certain there are some, but actual exploits are not nearly as epidemic as the vulnerabilities they exploit.
Now, if one of these things ever got any legs and started wiping out hard drives or corrupting data, and if millions of people were affected, and if millions of actual, tangible dollars (not time, effort, etc.) were lost, I think it would suddenly become a very different ballgame. But the fact is, at least for now, that despite the rampant security problems, the business community as a whole isn't suffering enough to worry, and neither are the home users.
I'm not saying it's right, but I know that my boss and his boss don't care if it doesn't cost the company anything.
Please compare Oranges to Oranges (Score:2, Insightful)
You have to compare the SEVERITY and NATURE of the bugs. Sure, there are bugs with whatever OS, but as to this level of Severity and of this Nature, you're just wrong, there are not that many with Linux, Apple or Solaris or whatever. Windows takes the cake.
If you think this is all overblown hogwash, your'e delluding yourself.
Re:Clueless (Score:2, Insightful)
That's about it? Well, I'm sure that your second sentence is a troll. The OS, IE, and freecell? Really, man. When's the last time you installed Windows?
Again, compare Oranges to Oranges (Score:2, Insightful)
You're delluding yourself and you're not employing a correct analysis and comparison of the problems.
A lesson in journalism... (Score:2, Insightful)
In order to report the news well, objectivity and a lack of bias should be maintained. When you start taking pot shots at what you report, you turn into the national enquirer, and people start to not take you seriously. What the people in the peanut gallery say is one thing, but what you put up in the story is another. Now you can say
I'm expecting to see how aliens took over MS soon, and Bill Gates having an affair with .
Re:I don't understand... (Score:5, Insightful)
That's quite a statement.. ;)
I'm not saying I could do it... But there are some very clever people out there. One thing I've learned is never to underestimate others.
So, stick a file on your machine with your online bank details, and your credit card numbers, and post your IP address :)
Re:Ok (Score:2, Insightful)
Or, they could submit a patch to fix the hole -- which is something you couldn't do for Windows.
PS. According to studies (independant) there have been more holes and pathes for Linux than Windows 2000 and Windows XP combined.
Unless you quote your sources, it's hard to take that claim seriously.
Get real. If I can read your code, I can find every flaw to exploit. Period.
Or, you could help figure out the bug, close the flaw, and improve the software. You are barred from doing using closed-source software, like Windows. You are utterly at their mercy to get the flaw fixed. You're powerless.