Forgot your password?
typodupeerror
Microsoft Security

Windows 7 Reintroduces Remote BSoD 427

Posted by timothy
from the no-such-thing-as-perfect-security dept.
David Gerard writes "Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. Well done, guys! Another one for the Windows 7 Drinking Game."
This discussion has been archived. No new comments can be posted.

Windows 7 Reintroduces Remote BSoD

Comments Filter:
  • Re:Local? (Score:3, Insightful)

    by PsychicX (866028) on Tuesday September 08, 2009 @10:06AM (#29350685)
    Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.
  • Re:Local? (Score:3, Insightful)

    by ZekoMal (1404259) on Tuesday September 08, 2009 @10:07AM (#29350711)
    Not expecting such a problem until you go to college; half of the students on my campus don't even have a password put on their computers, making it extremely easy to access them remotely as is. If everyone had Win 7 installed, well...it'd make for some interesting work.
  • Re:First Post (Score:2, Insightful)

    by commodore64_love (1445365) on Tuesday September 08, 2009 @10:08AM (#29350727) Journal

    "Commodore Amiga is better!"
    "No Atari ST is better!"
    "No Amiga!"
    "No Atari!"
    "Amiga!"
    "Atari!"

    Oh that's not the debate you were looking for? Sorry. Let me update that ancient debate for the modern world:
    "Apple Macintosh is better!"
    "No Microsoft PC is better!"
    "No Apple!"
    "No Microsoft!"
    "Apple!"
    "Microsoft!"

    (and ancient debate... just as juvenile today as it was 20 years ago)

  • by rastilin (752802) on Tuesday September 08, 2009 @10:22AM (#29350873)

    Rewritten software is a double-edged sword. On the one hand you are able to finally discard the truly broken sections of your previous implementation; allowing you to make massive leaps forward. On the other you're getting rid of a large list of known bugs and replacing it with an even larger list of unknown ones.

    One of the most useful features of old technolgy is that it breaks in predictable ways.

    So it's not too surprising that something like this happened. Doesn't worry me either, I have firewalls and a NAT on all my machines, no reason not to. However since it's something that happened before, it's irritating that Microsoft didn't think to check for something like this.

  • Re:Local? (Score:4, Insightful)

    by gazbo (517111) on Tuesday September 08, 2009 @10:22AM (#29350881)
    Just because IPv6 reduces the need for NAT doesn't mean you shouldn't use a firewall. I assume that's what you were talking about anyway.
  • by Sfing_ter (99478) on Tuesday September 08, 2009 @10:24AM (#29350897) Homepage Journal

    really - unless the person sets the "Let Microsoft decide when and where I do updates" most of the updates WILL NOT be done. The average person uses the computer like a tv - turn it on to see the web and turn it off when done. Leave my computer on ALL NIGHT just so i can backup/run antivirus/run defrag/run etc. etc. ???

    Oh yeah these people do exist and they have 'FRIENDS' that 'KNOW' computers and 'HELP' them out by turning off that annoying UAC or giving them a 'FREE' version of office. The looks on their faces when I explain that the software they got off Limewire is infected with virus' - they can't believe microsoft would do that!!! THAT is the mentality, and that is why these attacks have always worked, and will always work.

  • by Anonymous Coward on Tuesday September 08, 2009 @10:24AM (#29350901)

    Hi. I'm an adult. I work as a software engineer.

    I cannot join in with the Linux community because of you people. You're just *too awful*. Instead of accepting that this stuff happens and it's bad, you childishly nerdsnort and start writing Microsoft with a dollar sign instead of an S, acting as if this stuff is some amazing manifestation of idiocy rather than a likely consequence of using a mainstream OS developed with time and budgetary constraints. It's going to have stupid bugs. Get the fuck over it.

    I would like to join in with the Linux community, but all I ever hear is this pathetic nyerr-nyerr-nyerr garbage.

    If you want to attract intelligent, grown-up people to Linux you need to stop doing certain things.

    1) Don't act as if users of other operating systems are less intelligent than you. It turns out that Linux-advocacy isn't the entire world, and that leaders in different fields (or even this one!) might be using Windows. They're not "lusers", they just have priorities different from your own.

    2) Don't act as if Linux hasn't had equally stupid stuff happen to it. Yes, it's a different process altogether, and I would dare say that bugs are less likely due to its open source nature, but they still happen. One that I can remember off the top of my head is Debian's guessable SSL keys.

    3) Try—for ten minutes—to give the impression that half of your time isn't devoted to bashing an OS you believe is irrelevant.

    4) For good measure try cutting out the xkcd worship and meme-spouting. We might be able to relate to you people if you acted as if you weren't cut from the same distasteful mold.

  • Re:Local? (Score:3, Insightful)

    by dontclapthrowmoney (1534613) on Tuesday September 08, 2009 @10:32AM (#29351003)

    ...generally speaking you're not expecting attacks from inside your LAN...

    Even if you have total control over all physical access points to your LAN, and total trust in your user base, there is still a chance that internal people can try to do nasty things - and in some ways they may have more motivation to do so.

    I think the concept of "internal/trusted network" is going to shrink - nowadays I tend to this of the "internal network" as ending at the edge of centralised server resources, and clients on what would have been called the "internal LAN" are actually outside of what I would now call the "trusted zone". Even then, SMB traffic is more likely to be open so this vulnerability is still a problem, and many organisations still concentrate on border protection without taking any defense-in-depth measures internally so they're probably wide-open to this.

    I could be paranoid, but I don't want to be less strict with internal controls and then find out the hard way that I was right all along.

  • by Anonymous Coward on Tuesday September 08, 2009 @10:35AM (#29351043)

    The pubertal masses of Slashdot != The Linux community

  • by bflong (107195) on Tuesday September 08, 2009 @10:44AM (#29351211)

    You're in the wrong place. You won't find a high percentage of adult, intelligent people here, and those that are are not very vocal. Maybe a long, long time ago, but no more. As someone else already said Slashdot != Linux Community.

  • by Anonymous Coward on Tuesday September 08, 2009 @10:49AM (#29351279)

    Dear Anonymous Coward,

    Please do not lump all Linux users under the same tree. Most of us that has reached past our first 20-or-so years have gone past the Microsoft hate and like Linux for what it is, not because we dislike MS or Windows. Forgive our immature teenage hacker boys, they've yet to grow up, get a life and get a girlfriend.

    Sincerely,
    A Linux User

  • by BassMan449 (1356143) on Tuesday September 08, 2009 @10:49AM (#29351291)
    Did you read the link?

    Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp [microsoft.com] ) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx [microsoft.com] ). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com..

    I checked both the Open Specification Promise and the Community Promise and SMB2 is not covered by either. Just because Microsoft published the spec doesn't mean they won't sue you for patent infringment.

  • by JasterBobaMereel (1102861) on Tuesday September 08, 2009 @10:57AM (#29351397)

    Slashdot is not the Linux Community

    1) People who use windows are not stupid, they either like it, prefer it, are unaware of alternatives, or are forced to .... people who constant claim it is the most wonderful thing and flawless however consider stupid .... just like mindless Linux advocates

    2) Yes this has happened in Linux, but as you pointed out Windows is a mainstream commercial product and has, I assume, a whole department paid to do regression testing, checking for likely flaws, checking and rechecking.... and this slipped through

    3) Slashdot is not the Linux Community

    4) Slashdot is not the Linux Community

  • by Anonymous Coward on Tuesday September 08, 2009 @10:59AM (#29351419)

    The pubertal masses of Slashdot != The Linux community

    No shit, but you guys certainly align yourselves with it and give it a shitty image. All it takes is one person in a club of a hundred to tarnish the clubs image or one incident to fuck up an image. What was that joke about the old constructor? "I built the old church up on the east hill. I built the schoolhouse over on the outside of the city! I built fives houses for the poor with my own hands! They could've called me Billy the builder! The constructor! But no... ya fuck one goat..."

  • by natehoy (1608657) on Tuesday September 08, 2009 @11:13AM (#29351637) Journal

    Hi, I'm also an adult, and I also work as a software engineer.

    >>I cannot join in with the Linux community because of you people.

    So to keep you from joining a community, all I need to do is act poorly and pretend to be a member of that community? Wow, there can't be a lot of communities that meet that standard of purity. There are asshats in pretty much every community or movement.

    A great number of Linux users, and even contributors, also use Windows, and use both as a tool appropriate to the job at hand. Most Linux project managers and major contributors don't have time to post to slashdot, and don't get into pissing matches over whose digital penis is larger. There are vocal proponents of Linux, and those that like to copy-paste the "Death to M$" meme, but a Linux contributor who seriously wants to kill Microsoft will be out there writing code or documentation, not wasting their time bashing Microsoft on slashdot.

    Try Linux or don't - but don't avoid it just because there are a good number of people with lots of free time out there representing "the community" poorly. Also, don't make the mistake of assuming that Linux is an organized, centralized movement with some form of control emanating from the center. Linux is not a company. It's not a bureaucracy. It's a movement - with lots of different people moving in lots of different directions with lots of different goals and aspirations. Some go about their business more politely than others.

    Most people seriously involved in the Linux movement don't really care one way or the other about Microsoft. It's not that they see Microsoft as irrelevant to the world at large, they are writing what they want. Microsoft really only becomes relevant when they threaten to enforce patents which they have used their majority desktop share to implement as "standards", and you can see they might react with something entirely unlike joy and adulation. :)

    If I build my own car, I really don't have any feelings about Ford, unless Ford decides that I cannot implement roundness in my wheels because they hold a patent on round wheels. At that point, I'd probably be pissed and post nasty things on the automotive section of slashdot when Ford is mentioned. (grin)

  • by Anonymous Coward on Tuesday September 08, 2009 @11:19AM (#29351751)
    More that it represents one whole religion rather than a denomination. But the OP isn't wrong. The Slashdot community mentality is common in every linux user I know, not unlike how the majority of jews follow the torah or christians follows the bible or muslims follows the qur'an.

    And I, like the OP, resist linux because of those people.
  • by moranar (632206) on Tuesday September 08, 2009 @11:40AM (#29352077) Homepage Journal

    So you mean the problem is _less serious_ by the fact that it's been on _more_ Windows versions than stated? Maybe you mean that MS has said 'it's not a problem because this and that?'

  • by jedidiah (1196) on Tuesday September 08, 2009 @11:42AM (#29352091) Homepage

    You make it sound like a gaping security hole is alright just because it's been in the product long enough that people might have forgotten about it.

    If anything, this makes it sound like Windows 7 is the same old crap and that once again we have empty promises from Microsoft claiming that they will do things right this time.

    Windows users are like domestic abuse victims.

  • by Anonymous Coward on Tuesday September 08, 2009 @12:20PM (#29352691)

    While the OP is a dick ("Hi. I'm an adult."), the point it makes is, to some degree, valid. It doesn't matter if the entirety of the Linux using world is not like a lot of the idiots on here. Vocal members do tend to define how something is perceived. I read the OpenBSD mailing lists, for example, and the climate there is one of extreme hostility. I have no desire to use OpenBSD due to the fact that its loudest members are, by and large, complete assholes. I know there are better ways to evaluate an operating system, but this plays a large role for me.

    I'm a Linux user, but I still cringe at how some people act so childish. The summary for this story was particularly bad. I don't care one way or the other if people use Linux (why would I?), but I do think some of the more immature posters might want to think about how they look; the kind of people who are so insufferable do tend to be those who want others to convert, and this is the equivalent of telling me I'm going to hell unless I convert to your religion. All it does is push a person away.

  • by shutdown -p now (807394) on Tuesday September 08, 2009 @12:22PM (#29352729) Journal

    I'm sorry, Sir. This is not the Linux community, this is the Slashdot community.

    If you want the Linux community, go to http://www.kernel.org/ [kernel.org]

    http://kernel.org/ [kernel.org] (specifically, LKML) would be the Linux developer community. Linux community as a whole is a very big thing, but Slashdot is definitely a part of it. Not saying that every single person here is a Linux advocate, but they are certainly in majority.

  • by Anonymous Coward on Tuesday September 08, 2009 @12:43PM (#29353029)
    Funny, I could say the almost same thing about your thoughtless copy-pasta.

    This brain dead Microsoft bash is just an update to previous MS bashes, being sold to you by people who have no actual technical knowledge of the product itself, and don't know it is an entirely new operating system.
  • Re:Local? (Score:2, Insightful)

    by FrankSchwab (675585) on Tuesday September 08, 2009 @01:24PM (#29353605) Journal

    WTF does "one, giant active directory domain" or "ping accross continents baby" have to do with IP Subnets?

    Do you have any understanding of networks at all, or do you just spew back the crap you've heard?

    /frank

  • by Anonymous Coward on Tuesday September 08, 2009 @01:45PM (#29353987)

    I think the point is that Vista has been around for a couple of years now, and it's obviously not the "OMGWTFBBQ" issue some anti-Microsoft folks think it is. If it were, there would have been a big stink about all the remote BSODs in Vista.

    Right, because Vista has been so broadly deployed in enterprise environments!

  • by blind biker (1066130) on Tuesday September 08, 2009 @03:13PM (#29355243) Journal

    The article makes it seem like it hasn't been in Windows since Windows NT and that Windows 7 is the first time it's reappeared. Seriously, Vista has it.

    Is this a case of "It's after midnight, must post another slam on Microsoft, even if we have twist and stretch like taffy to make the case"?

    I'm here, reading your wonderful post, and laughing my ass off! Do you really think, reminding us that this horrible flaw is already present in Windows Vista, will somehow "soften the blow"?

    Man, you're precious!

  • by cwrinn (1282510) on Tuesday September 08, 2009 @06:47PM (#29358777)
    It's pretty pathetic that such visceral complaints are keeping you from collaborating in such an intelligent and engaging community. Perhaps you should reevaluate your stance on this after some deep thought.

How much net work could a network work, if a network could net work?

Working...