Critical Security Updates Coming To Windows XP, 8, RT & Server 289
SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"
Why? (Score:5, Funny)
Re: (Score:3, Insightful)
OSS groups release security fixes, they are applauded for caring about people's safety and security.
Microsoft releases security fixes, they are appaled that they would let such a problem exist.
Re: (Score:2, Interesting)
I believe that does happen, yes. But you seem to be replying to a post that denies there being a problem in the first place.
Re: (Score:2, Insightful)
Yes, because OSS groups are entirely volunteer effort, basically by the users for the users.
Microsoft is a paid product, if you buy it, you expect it to work as advertised, any flaw you stumble upon is money you got cheated of.
I'm still waiting to see a Linux distro that works and is advertised as "Android for Desktop".
Re: (Score:3, Insightful)
Re: (Score:2)
[...] like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.
I tried Gnome 3 and it was shit time for me.
Re: (Score:3)
Re:Why? (Score:5, Informative)
Sorry that is just not true.
First, the kernel developers have a strict policy for not breaking API or ABI with applications.
See for example: Linus Chews Up Kernel Maintainer For Introducing Userspace Bug [slashdot.org] "Userspace" means applications.
Secondly, the developers of low level stuff like GUI toolkids (Qt, KDE, GDK+, PluseAudio, etc) are also very strict about breaking compatibility.
On the plus side, Linux don't costs you anything. It's not like you have to pay 80 or 100 Euro to update from Debian Lenny to Debian Squeeze. When Debian Squeeze was finished you just download it and update your system. Costs you maybe half a hour time.
Re: (Score:3)
Re: (Score:2)
Unfortunately Hairy I tried Windows 8.1 yesterday. The UI is even worse than 8.0!
I really did try not to be an old man afraid of change and an elistist as I would lvoe applets on my phone and PC all working together in Harmony in HTML 5 glory.
Now it only scrolls left to right making up and down useless on my mouse and while the start button helps clueless users I kept having to hit it. IE 11 disapointed me and misrendered and wouldn't work on many websites. WTF this is 2013 not 2003! As someone who wants to
I died laughing (Score:2)
AMD hardware sucks with Linux.
I run CentOS in an emulator.
Ironically Linux KVM(amongst Others) supports AMD-V http://searchservervirtualization.techtarget.com/definition/AMD-V [techtarget.com] .
Perhaps if you spent less time making random allegations against hardware you would understand the technology a little better.
CPU support vs. GPU support (Score:2)
CPU support vs. GPU support (Score:2)
Even if Linux supports AMD CPUs better than Windows does, Windows might still support AMD GPUs better.
Hold it there cowboy :) http://tech.slashdot.org/story/13/06/29/2235257/amdati-drops-windows-xp-support [slashdot.org] AMD/ATI Drops Windows XP Support so no.
Re: (Score:3, Interesting)
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Debian routinely maintains security patches for oldstable. Ubuntu has it's LTS releases. Centos releases stick around for quite a while. Not bad for something you can install for free. If you'd rather pay the distro provider for support, there's RHEL. There doesn't seem to be much interest in going back further since the upgrades are free and tend not to fail on older machines. If you need to keep an old release around, I'll bet you could pay for that and get it.
I don't like Gnome 3, so I don't use it. Ther
Re: (Score:3)
Re:Why? (Score:5, Informative)
So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.
You really based your arguments on what you read on blogs rather than personal experience? Plenty of people still run kernel 2.2 which is about 15 years old now, or 2.4 which is about 10 years old now. And if you run something like debian, it's as simple as "apt-get distupgrade" and editing a few config files.
Or... you know, just not upgrade.
Seriously. Get over it.
sudo apt-get install xubuntu-desktop (Score:3)
You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA
But there's one big difference. Unlike new major versions of Windows, new versions of Linux, glibc, etc. are available without charge. I didn't have to pay a dime to upgrade Ubuntu from 8.04 through 12.04, apart from the Internet access that I was paying for anyway.
and even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you
No, fuck Unity. After I failed to get the hang of the Un(usabil)ity that is 11.10's default GUI, I installed Xfce (sudo apt-get install xubuntu-desktop) and was able to make it mine again.
Re: (Score:2)
You've been lucky then as I've had Realtek drivers shit all over themselves in XP/Vista and Win7 and don't forget the Nvidia debacle. It took them almost a full year after Vista was released before they got stable drivers for the fucking video card. Can't use a computer when the fucking video crashes on you and gaming? Forget it. Fastest way to crash the whole fucking system and have to reinstall. Even Intel has screwed up their drivers (security flaws - remote exploits) causing BSOD's the forced a reinsta
Re: (Score:3)
Re: (Score:2)
I've had Windows drivers die on update - the best one that comes to mind for me was my Toshiba laptop (2006). Had WiFi issues with XP SP3 when that came out, and WiFi, GPU and Power Managment really hit the fan in Vista for a short while, and then again in Windows 7 (wouldn't work with the Vista drivers, due to some issue with Toshiba's installers. Had to go through some hoops to get everything working).
For long term stability in Linux, I'm using RHEL. RHEL 5 still supports the software I need it to run,
Re: (Score:3)
Oh and in all my years I have NEVER seen Windows shit all over one of my drivers with an update
I have an indestructable LaserJet 4 that runs fine under XP and the latest version of my preferred linux distribution. That same printer will not work with Windows 7 or 8 because there is no compatible driver for it.
Re: (Score:2)
If you see it, you won't see it for long*. [android.com] ;-)
;-)
* Though admittedly longer if you use Bing
Re: (Score:3)
"LIMITATION ON AND EXCLUSION OF DAMAGES. You can recover from Microsoft
LIMITED WARRANTY. If you follow the instructions and the software is properly licensed, the software will perform substantially as describe
Re: (Score:2)
Re: (Score:3)
I'm not concerned that they are releasing updates, my concern is with how long it takes before they acknowledge a bug and release a fix. With OSS, the fix is released ASAP (at least that's the theory), with proprietary software... Well, here's a car analogy that might help [imdb.com]:
Re: (Score:2)
Re: (Score:3)
OSS groups release security fixes, they are applauded for caring about people's safety and security. Microsoft releases security fixes, they are appaled that they would let such a problem exist.
They often engage the community in totally different ways. The OSS groups often disclose vulnerabilities, workarounds, and print advisories very early --- they are honest and alert about the threat early.
Closed source OS vendors avoid publishing anything until they have a fix.
Closed source OS vendors have
Re: (Score:2, Informative)
The difference is people pay a lot of money to Microsoft to do one thing, make a good operating system. I'm not paying anything for Linux so I don't expect them to be perfect at all.
That's also why I like Win and Mac: when I pay, I get a premium OS, with less bugs, missing features and crashes, than I have with a Linux desktop distro.
Re: (Score:2)
More Crashes on Microsoft (Score:2)
That's also why I like Win and Mac: when I pay, I get a premium OS, with less bugs, missing features and crashes, than I have with a Linux desktop distro.
A quick look at my computer uptime 21:45:37 up 4 days, 22:40, 2 users, load average: 0.66, 0.60, 0.58
The fact that you are marked informative is quite scary...the fact that that you did so using the word "premium" shows how far we have fallen in terms of real measures, and how much we live with unsubstantiated bullshit terms.
From a study http://www.theregister.co.uk/2013/05/03/macbook_pro_most_reliable_windows_pc/ [theregister.co.uk] On 37,000 Apple and Windows computers still on sale(new) it recorded 224,144 crashes, 250,79
Re: (Score:2)
4 days uptime is nothing. my win7 laptop regularly stays up for about a month, until the next huge patch tuesday which forces a restart.
Uptime isn't important, lack of downtime is (Score:5, Insightful)
.How long your computer hasn't rebooted isn't the important bit. What is important, that it will be available when you need it to be and that it won't reboot or crash without your explicit permission. Even though I have set my permissions such that MicroSoft should never ever update without my consent, let alone reboot my machines, it has happened on several occasions that they pushed an update without prior warning and rebooted XP computers.
On any critical infrastructure I'd want to have total control over when something happens and what happens then. Some vendor autonomously deciding to reboot my heart/lung controller during a heart transplant will not do. The same applies to (air) traffic control (ILS in San Francisco anyone?), hight voltage control, nuclear power plants and whatnot. Hell, I don't even want them to reboot my music player if I'm listening to it.
I don't mind having to do regular scheduled maintenance in maintenance windows if I know in advance, during the design phase of the platform. That way, I can decide which exact OS will be the most useful and beneficial for the exact purpose I intend it to have. Any rogue OS that decides to reboot "on it's own" will never ever get a place in any important infrastructure I have, no matter how long uptime some dude on a forum achieves on it.
Any down time outside of service windows is a major issue, regular windows are not only a minor nuisance compared to an incident during production hours, they are also "job security" if you look at it. I don't care how long uptime you get. I just don't want any downtime for myself.
Re:Uptime isn't important, lack of downtime is (Score:4, Informative)
If your "critical infrastructure" isn't hooked up to a WSUS (Free) or SCCM (Not) server for updates then you're asking for trouble; you're saying to Microsoft "I don't want to manage my own update deployment, please do it for me".
That said, I've never had a machine set not to use Automatic Updates reboot itself for an update without my intervention.
Android Phones and Tablets (Score:2)
Install Linux on random hardware with the same (lack of) quality assurance PC manufacturers do, and put the result in the hands of average users, and we'll se how reliable that will be.
They do already...on Phones, and tablets, and the results are spectacular.
Re: (Score:2)
Re: (Score:2)
Windows 8 Pro Upgrade $280 (Score:2)
people pay a lot of money to Microsoft
$39.99
http://windows.microsoft.com/en-gb/windows/buy?ocid=GA8_O_WOL_Hero_ShopHP_FPP_Null [microsoft.com] from the Windows sales page the cheapest...read crippled (Windows 8 upgrade) its $150 for the less crippled version (Windows 8 Pro)$280. They do not offer a retail version...the price must be horrendous.
Windows 8 Pro Upgrade (Score:3)
Most users will not need or ever use the additional advanced features in Windows 8 Pro.
From http://windows.microsoft.com/en-ca/windows/compare [microsoft.com] from the Website
1) Provides enhanced data protection with BitLocker and BitLocker To Go to help keep your information secure.
2) Enables you to host a Remote Desktop Connection on your own PC so you can connect to it when you're using a different PC.
3) Connects to your corporate or school network with Domain join.
Linux Users are offered these features in *every* version without the $130 markup.
Think of the Children (Score:3)
And as I stated, most users don't care about or even know what those things are.
You don't think users want to BYOD...or not have strangers looking through photos of their children...or help a family member with a technical problem in another state.
I think that covers *all* users. Perhaps instead of stating things you should think them through. these things are available at no cost on linux, and out of the box. Its a shame windows is so far behind.
Re: (Score:3)
Re: (Score:2, Interesting)
Probably just the zero day vunerabilities that NSA are using, would be such a bitch if Snowden would choose to publish them
Information thats been set free is useful, isn't it ?
Re: (Score:3)
all the issues they left open.
Not *all*, just the ones that aren't zero day anymore and that are too well known by script kiddies. I must be kidding of course...
A side effect of code reuse?? (Score:2)
If so, I guess this is one of the downsides.
Re: (Score:3)
It has been a busy month (Score:5, Funny)
So... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
windows slashdot users were feeling left out with all the stories of linux kernel minor version releases and linus' random brain farts in forums.
Re: (Score:2)
Liar :) (Score:2, Informative)
I'm more of a platform-agnostic myself.
No your not your consistently anti-oss and there is nothing wrong with that, hell whatever floats your boat, but platform-agnostic you are not.
Re: (Score:2)
Re: (Score:3)
Except Windows is not *enjoyable*; its universally hated.
Speak for yourself, it's not universally hated. I doubt even the majority hates it, since people keep using it.
Re: (Score:2)
Microsoft patches flaws on regularly scheduled patch day. News at 11.
A request... (Score:5, Interesting)
I do not have the ability to do so, but could someone that is able to do so please make a close comparison before/after changes?
They might be trying to cover their tracks in terms NSA backdoors--hide the evidence to minimize the coverage--and the changes they make with updates might shed some light on those backdoors.
Re: (Score:2)
Either it's a big conspiracy or someone modded five people up and then decided to post in the thread thereby undoing their mods.
The NSA is too busy tapping your phone to bother with slashdot posts.
Re: (Score:3, Interesting)
"Either it's a big conspiracy or someone modded five people up and then decided to post in the thread thereby undoing their mods."
While that may be, there are many here on Slashdot that have long been accused of being "Conspiracy Theorists"--myself included--that have been vindicated by the "conspiracy" exposed by Edward Snowden.
All I am asking is that people here be aware that there are many methods to stifle dissent, and that social media (Slashdot included) is now a powerful tool to both monitor and shap
Re: (Score:2, Informative)
http://pastebin.com/irj4Fyd5
Re:A request... (Score:4, Interesting)
All I am asking is that people here be aware that there are many methods to stifle dissent, and that social media (Slashdot included) is now a powerful tool to both monitor and shape public opinion.
I first noticed that some subjects and opinions are silently removed from Slashdot back in 2004. Glad you're finally catching on. Using a site with a high number of visitors? Expect this sort of thing.
Re: (Score:2)
Day 16 in Linux Mint (Score:4, Insightful)
Re: (Score:3)
Re: (Score:3)
> Try to make it so your screen wont blank using GUI tools
What that even suppose to mean?
> The control panel is missing well over 50 elements compared to win or mac.
Like what?
PS: I'm a full time Linux user, Fedora with KDE4.
Re: (Score:2)
Re: (Score:2)
I cant prevent Mint or Ubuntu from blanking the screen (shutting off the monitor) using the GUI. It requires several commands at the CLI for several programs and still doesn't work right.
How very odd. I just went to System/Preferences/Power Management and the monitor setting is right there.
Re: (Score:2)
In Gnome 2 there were several widgets like Caffeine that would also let you disable it via the tool bar. Not sure if there's anything available since the unity/Gnome3 insanity.
Re: (Score:2)
Re: (Score:2)
its pretty simple to do in linux mint.
ps: i'm assuming you meant set the 'turn off display time' to 'never'
Re: (Score:2)
How is Wine compatibility on newer versions of MS Office, Adobe Photoshop, and Lightroom these days? It's been a couple months since I checked, but last time I looked it was pretty lackluster.
Re: (Score:2)
The SELinux stuff is open-source, just like the rest of the kernel, so it's available for anyone to do a security audit on.
I don't know if anyone's actually bothered, of course, but the code is there in the open.
Re: (Score:2)
Re: (Score:2)
there's a couple of problems that i've not yet figured out how to solve. one, it can't hibernate. i think its a consequence of using wubi/mubi to install mint and it can't be helped. two, it can't sleep/wake as well! earlier builds used to be able to sleep. not this one. it sleeps ok, but can't wake. three, the bluetooth works sometimes, and doesn't work on other times. i haven't been able to figure out a pattern so haven't been able to solve this.
Re: (Score:2)
Coming To Windows XP, 8, RT & Server (Score:2)
...but if you're running Vista or 7, you're on your own. At least, according to Slashdot's headline...
This is news? (Score:5, Interesting)
Doesn't Microsoft patch these kind of security holes every Patch Tuesday? How is this one special?
Re: (Score:2)
Next on slashdot: After the current sunday we'll have a Monday!
their patches can no longer be trusted (Score:5, Interesting)
All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA? What percentage of these updates were sponsored and ordered by the NSA? Are only 30% of the changes for the benefit of the NSA? 70%? There is no way to know.
Re:their patches can no longer be trusted (Score:5, Insightful)
"All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"
All joking aside. Excellent idea.
How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?
See where I am going with this?
Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.
This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?
Do you fear doing nothing?
Re: (Score:3)
US data collection was all in the open over years of CS/telco history:
http://en.wikipedia.org/wiki/Operation_CHAOS [wikipedia.org]
http://en.wikipedia.org/wiki/Project_MERRIMAC [wikipedia.org]
http://en.wikipedia.org/wiki/Project_RESISTANCE [wikipedia.org]
http://en.wikipedia.org/wiki/COINTELPRO [wikipedia.org]
http://en.wikipedia.org/wiki/Main_Core [wikipedia.org]
http://www.foreignpolicy.com/articles/2012/04/18/patriot_games [foreignpolicy.com]
http://en.wikipedia.org/wiki/Project_SHAMROCK [wikipedia.org] (just an exercise
later http://en.wikipedia.org/wiki/Project_MINARET [wikipedia.org]
http [wikipedia.org]
Re:their patches can no longer be trusted (Score:5, Insightful)
All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?
No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.
The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".
Re: (Score:2)
30% - 70% Windows patches might be NSA directed? Well, Heaven knows Windows has no legitimate bugs to fix [theverge.com] . But that does help me understand something. I've been puzzled by your sig for some time since I can't say I know anyone that actually lives in fear. Now it is clearer. You probably bitch when Microsoft doesn't fix something, but are too terrified to use it when they do. That explains a lot. Especially if you aren't applying patches and get pwned.
Your views are simple: It's all a plot. Windows
Re: (Score:2)
You could have just googled my sig. Have you never watched Blade Runner? If you live in the US you are a slave for at least a third of your life, and if you are not afraid of the power of the regime it is either because you are part of the repression machine or are just ignorant and whistling in the dark.
As for responding to the post you mention. I did read it. I'm still not convinced that you have mind reading abiliities. And I am well aware that Stalin was not a nice guy and that the USSR was not a nice p
Re: (Score:3)
What any domestic US agency can get, any other US agency can get.
All the fear of encryption exports seemed to stop and the US tech press got lost in nice new toys.
Now we know why, the change over from setting encryption standards to just having a legal entry into domestic and export hardware and software.
Its never the patches, it was always the OS.
Re: (Score:2)
No, but all are excellent reasons to switch to an open-source OS.
Re: (Score:2)
Something seriously wrong .. (Score:2)
Re: (Score:2)
There's something seriously wrong with the present-day computing that such vulnerabilities are continually being discovered.
It's not very surprising. It takes less than a minute of programming to accidentally make a mistake --- millions of vulnerabilities can be crafted in an hour by pure accident, or by incompetence.
It takes months or years to discover the vulnerabilities, and longer to prove to people's satisfaction, that yes, they are indeed exploitable.
As long as such disparity exists;
Re: (Score:2)
Because memory management in a muli-tasking, multi-threaded operating system and associated support libraries is hard, and end users are not willing to pay for the additional development time. Free software writers are mostly not willing to spend the development time on the boring security stuff either (the OpenBSD team being a notable exception, and even they are only human).
It's simply human nature to solve a problem (i.e., get an application or OS to "work") and then move onto the next problem. Very
Re: (Score:2)
You're implying that the problems are in the compiler, which clearly indicates your lack of knowledge of software and vulnerabilities.
Re: (Score:2)
Stack exploits, heap exploits and buffer overflows are clearly defects in the software, exploitable by defects in the memory management unit. If you know different then please do enlighten us with your knowledge.
Re: (Score:2)
For commercial software, there's the additional problem that 70% of employees are not actively engaged [gallup.com] in their work.
These come out every month (Score:2)
Remember Google recently added Malware to Google transparency report [google.com] Take a look at the major uptick in malware warnings in 2013..... perhaps a sign that more and more popular destinations are getting compromised and actually leveraging remote code execution exploits, or other trickery, that may be among that covered in the patches.
There's this thing called Patch Tuesday; first Tuesday every month. There are almost always plenty of remote security vulns, with patches. If there aren't -- then t
Re: (Score:2)
So... (Score:2)
Re:Well (Score:5, Informative)
Deleting all those NSA backdoors is a helluva job.
No, No, you don't get it. These are installing the new backdoors.
Re: (Score:2)
Re: (Score:2)
My solution to boring drudge work (Score:2)
It's human nature to try and do the bare minimum in terms of boring drudge work.
Most of my career has been spent doing boring drudge work. That's why it's called "work". If it was fun, they'd call it "fun", and you wouldn't get paid for it.
Years ago, I discovered the secret to dealing with boring drudge work -- recreational levels of caffeine. No workplace I've ever been in has monitored my coffee consumption. HELL yeah!