.ANI Vulnerability Patch Breaks Applications 164
Jud writes "Microsoft's fix for the .ANI vulnerability was part of Patch Tuesday yesterday. However, all is not well with the update. Reportedly, installing the patch will break applications such as Realtek HD Audio Control Panel and CD-Tag, which mentions they are affected by the problem on their main page. A hotfix is currently available from Microsoft, however their current position is this is an isolated problem and the fix is not planned to be pushed out through Microsoft Update. "
Hehe (Score:2, Insightful)
Weird, 'cause I hear about one of these stories almost every week. Isolated in what sense?
Before all the lame bashing.. (Score:4, Insightful)
This is exactly why it takes Microsoft so long to put out patches sometimes. Unlikely all these free and open source packages, Microsoft Windows is actually used by tons of users at home and in the business world. People need their machines to do their daily activities and jobs. This is why so much testing is needed before something can just be shoved out there. This is why you tend to see this sort of thing from patches released out of cycle. It obviously has not and could not have been tested as much (and yes sometimes problems occur with patch Tuesday patches).
You might not see as many issues with *nix based systems. Why? Well, there just are as many users. This might sound like a cliche but it is a fact. Look at when official Redhat patches and other updated packages actually come out. They come out days, weeks, and months later. Sure there is some patch that some random guy hatched together -- the power of open source!! However, if you were to apply that untested P.O.S. across the world in tons of real environments, you'd probably have a shitton of problems.
This does not excuse problems with patches, but at least it came quicker. Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.
Re:Hehe (Score:4, Insightful)
Sarcasm aside, how exactly did it come to pass that the guy who wrote the code for animated mouse cursors managed to open an "extremely critical" security vulnerability in the process... and then how did it become so important that fixing it breaks applications which relied on said bug?
I'm sorry, I'm not entirely 100% anti-MS (XBox Live owns, Visual Studio
Re:Before all the lame bashing.. (Score:5, Insightful)
Having millions of users might be an excuse, but having a bad design can't, if you claim to be developing best software.
I really find it just plain spreading FUD to compare open source software equivalent microsoft software with those metrics. Blah, blah, but it's used by millions, see what happens when open source is used by millions. Just wondering how many in those millions compare design decisions taken during software development of product they use. What's lame is not seeing how broken design of some parts of the software, not bashing due to these flaws.
Re:Anyone's surprised? (Score:5, Insightful)
If you read the hotfix page you'd see this:
Re:Before all the lame bashing.. (Score:3, Insightful)
A security exploit in animated cursors and then they stuff up a number of other applications trying to patch the exploit.
This isnt Internet Explorer. Its a simple animated cursor.
And yeah I am using Linux and have been for years. Happy?
Re:Anyone's surprised? (Score:2, Insightful)
It's not only possible. It's mandatory. It's called input validation, and everybody else is doing it. The only reason I can see why Microsoft is an exception is that they have convinced people like you that it's not their fault if *their* software breaks. Get a clue.
Re:Before all the lame bashing.. (Score:4, Insightful)
Re:Before all the lame bashing.. (Score:5, Insightful)
2000 ragtag home users? You are smarter than that, I can tell by the quality of your writing and sentence structure alone. While some OSS packages serve small communities, there are lots of packages that serve large and diverse communities. (PostgreSQL, Apache, the Linux kernel, Firefox, the list goes on). Those packages have, on occasion introduced vulnerabilities due to the natural vicissitudes of software development. And when their vulnerabilities are discovered, they get fixed quickly. (And this one hit me this morning: I don't need Linux Genuine Advantage for permission to receive updates to my damn software!!!)
It is worth noting, however, that such vulnerabilities are nearly always limited in scope due the inherently modular nature of the OSS world. Microsoft built a highly integrated system to support its business model. They are welcome to their high integration approach. And those of use who do not appreciate the effects of that way of doing business are welcome to complain when it wacks the shit out of our families' productivity when we are trying to get some proprietary fix.
Re:Before all the lame bashing.. (Score:5, Insightful)
Re:Realtek HD Audio exists on a lot of PCs... (Score:3, Insightful)
Windows comes with a perfectly usable GUI interface to volume controls and other audio hardware settings. Why did Realtek have to create a crapware application to do the same thing?
Re:Realtek HD Audio exists on a lot of PCs... (Score:3, Insightful)
Anyway, if I want the audio to work in XP on my wife's new laptop, I have to use Realtek's crapware application. That's just the way it is.
I guess this is a good argument for the Linux model, where drivers are provided as part of the kernel, and are all standardized, rather than being completely vendor-provided. If you're running KDE, you'll just KDE's built-in mixer and volume control software, regardless of what audio hardware you have. That hardware will have drivers in the kernel which have nothing to do with any GUIs. By having everything community-supported rather than vendor-provided and supported, much better standardization exists, and you don't have to run around to different vendors' websites trying to find drivers for your hardware because it's all already included in the kernel and distro.
Re:Anyone's surprised? (Score:2, Insightful)
Wow, brilliant.
So... since I can write a really bad script that deletes a user's files or a bad application for any OS, it is the OS's fault or the company that designed the scripting language?
Cool, I will write tons of applets to wipe hard drives to give to my friends and then tell them that you said they should blame the company or people that made the OS or scripting languages and should sue them.
SlashDot has went from intellectuals with free time to the mildly retarded with way too much free time.