June Windows Update To Be Biggest in a Year 220
Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."
Sigh. It's gonna be... (Score:5, Insightful)
Reinventing their Wheel (Score:5, Insightful)
Yummy.
Re:Malacious hackers and GWA (Score:3, Insightful)
Re:How much in lost revenue .. (Score:2, Insightful)
As a final note, I'd like to add in that of the 25 developers all running the same OS and hardware, there were only two of us that had this problem.
How much in (RIAA/MPAA) revenue .. (Score:1, Insightful)
The patches cause downtime as well."
That's why you test out patches on a test system. If you're patching a critical system without that first step, then you deserve what you get.
The Mac way (Score:2, Insightful)
[ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]
But I cannot understand why ppl raise a huge hue and cry when MS finally manages to update the OS. Same people alternate between Damn-you-fix-the-bloody-flaw-TODAY or go-rot-in-hell-i-WONT-apply-this-update mentality. I'm a mac guy,but lets give credit where it is due.
Re:Strange Days (Score:5, Insightful)
Your comment is just not true. I get calls EVERY week with someone wanting me to clean their computers (all of them XPSP2 at least). The problem is that the first thing that sort of junk does is stop Automatic Updates from working for everything from Windows to Antivirus to even targetting AdAware etc., so from then on even if the user "cleans" their machine, they aren't getting the updates they need (even though sometimes it looks like they are) and thus they are open to every future problem too (including those fixed in patches like this one).
People are still dumb, they still click, they still don't learn, no matter what it ends up costing them. Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back but so long as I don't do X, I don't notice", "Yeah, I've been getting these random popups for the past few months, if you have a minute could you have a look at them sometime?", etc. Personally, I'd be doing damage control the second I spotted one of these on my own personal computers but it's just tolerated by the average joe. They can literally put up with it for months.
I'm ALWAYS being told that "machines slow down when they get older", don't they? Makes sense to them but to me I'm just thinking "Yeah, only if they are slowly filling with junk". And that's how people work. They keep using it until it gets to the point of being unusable (which for people who used to run older PC's is actually totally unbearable). Then they might casually bring it up in conversation with me, not do anything for several weeks, then try to book my time to clean it up etc.
Come on, a few days ago there was a major news story about the head of Microsoft itself not being able to clean his friend's PC of spyware. I work with people who can't drag-and-drop, you really think they stand a CHANCE of even seeing that they've been infected, cleaning it themselves etc.? And with the growing spate of targetted spyware/viruses, I can't even rely on putting on a nice automated cleaning system (like Adaware/Spybot/AVG scripted to auto-update and then full scan) onto their systems.
The reason I don't hear about it any more? I raise my prices depending on how bad it seems when I hear about it. Can't get on the net at all? That's an extra £10/hour. Can't load any program? Another £10/hour. Antivirus isn't functioning properly cos something's interfering? Another £10/hour. Haven't GOT antivirus/firewall/updates? Another £10/hour.
Got up-to-date antivirus, a good firewall, an "alternative" web browser, scheduled anti-spyware, no visible signs of infection prior and somehow STILL got something nasty? (even if you accidentally clicked a link you didn't mean to, so long as you TELL me you did that) The price drops dramatically to the point where people don't say... "Uh, ok, I'll er... call you sometime." but instead say "Yes, please, if you could."
Users aren't getting educated, they're getting ignorant. They KNOW it's a virus/spyware and they choose to ignore it and continue with their work (which, incidentally, is not only usually private and confidential but usually vital to the running of the school they work for). When you're telling headteachers that X got on the system because supplier Y didn't issue an update, they just carry on regardless. They don't stop to consider what MIGHT have happened to the data (in complete breach of Data Protection laws I might add) or where it might currently be floating, even when informed.
The best customers in the world are the ones who KNOW NOTHING but ADMIT to knowing nothing and look to you for advice. They're the ones that you can TEACH how to use a computer safely. Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you
Re:How much in (RIAA/MPAA) revenue .. (Score:3, Insightful)
Patching for the SME resembles this: Read everything about the patch, what it is fixing, and how to mitigate the damage or exploit. Image the server. Wait 1-3 weeks for ISV's to verify that the patch won't affect anything critically. Image the server again, install patch. Cross fingers, then reboot.
You don't go to a car dealership, find the car that you want, and then say "Great. I'll take two", and you shouldn't have to with servers.
Windows 98 (Score:1, Insightful)
I love it. Each and every one of you out there using Windows XP should truly understand that one day, MS will say the same thing about XP, too.
"It's so broken we can't fix it. Buy a new computer."
Only in a Microsoft world would still-supported products be abandoned since they were, "just too broken." But the irony is that this "breakage" is not something that appears over time; it's not bitrot. These are security vulernabilities that have always been present.
The Microsoft patch cycle is a joke. Needing a torrent of patches in order to stay "secure" means that you probably aren't secure anyways. Within 100,000 issues waiting to be 0-day'd, and with a significant fraction of those both _critical_ and _unfixable_ (EOL, or now, it seems, "near EOL"), how the hell can you sleep at night, unless you fix computers?
And if you are an MS maintenance drone, I guess you can sleep really well at night.
Re:Reinventing their Wheel (Score:5, Insightful)
I think patch days like today are an indication that XP will never be "patched and secure." And probably, neither will Vista.
But if you're switching to Mac, beware of the purists [slashdot.org] who seem to think Mac use is a royal privelege or something.
Re:Windows 98 (Score:5, Insightful)
Everyone ASSUMES that Microsoft is dropping support just because it's too broke and that probably isn't even CLOSE to the truth. The real reason is likely a combination of the two. From the archtecture basis, Windows 98/98SE/ME are UNSECURE! Microsoft has a much better chance of securing things with XP. That's not to say there's no holes in XP....there is. But the reason software is dropped from support is merely a business reason. When 99.9 percent of thier support calls are likely Windows XP or 2003 Server related, what sane person would choose to continue to patch something almost NOONE uses!
Re:Malacious hackers and GWA (Score:2, Insightful)
Second, the concern about WGA's ability to execute code, and not be uninstallable, is very valid. Microsoft has repeatedly proven that it cannot produce robust, unhackable code (Windows, cough cough). And the sheer number of hacks around to disable this thing already leads me to believe that the only reason we aren't all on botnets right now is the mere good graces of the hacking community. Here's a strange idea: why not give the user of a computer the ability to choose what code gets run on his own system? I'm pretty sure it hasn't been patented yet, jump on it!! (Yes I know, that's *nix)
These anti piracy conventions make about as much sense as anti-gun laws: the principle is nice, but in the end, all you do is hurt the civilians. The pirates will still crack the OS, and the criminals will still have guns. I seriously want to see a financial statement from Microsoft showing any noticable gain in the number of licensed operating systems as a result of the advent of the "genuine advantage".
Re:Reinventing their Wheel (Score:2, Insightful)
Every OS has flaws right now. While some might announce their flaws right when discovered, and others try to hide them until they have a patch, they all have holes right now that just have not been discovered.
Yes, Vista will have patches. So will OSXII. So will FC6. It is flawed code by flawed people. Deal with it.
Re:Reinventing their Wheel (Score:2, Insightful)
Software is too dynamic to reach a 'finished' state for something as complex as an operating system. There is always something to fix, improve, or some new bug/vulnerability to patch. No, XP will never reach that 'golden' state where it doesn't have problems/security holes. Rather M$ will just move it's focus to Vista (mistakenly early I suspect, as the majority of user base is most likely just getting to XP now), and open up that new can of worms.
On a side note, this is the precise reason M$ needs to build an O/S from the ground up with security in mind and abandon it's legacy of insecurity.
Re:How much in lost revenue .. (Score:5, Insightful)
Yes.
1. Other operating systems have a user security model that works. WinXP is still very difficult to maintain regular (non-admin) users. There is a LOT of workarounds that are required to make it function correctly (I think MS engineers call these "shims") due to application developers not testing for this scenario, unlike other systems (Mac OS and *NIX demand it).
2. This model has been utilized by *nix systems for over 30 years. While security issues have been found, they have largely been eliminated and it is infrequent to find escalation issues.
3. *nix systems are inherently very modular and consistent throughout. As a result, it is much easier to roll out a patch and rollback if necessary compared to Windows. Furthermore, given this architecture and well established APIs, it is easier and quicker to test patches and release them (not to mention provide competent admins actual source code access to understand the changes made -- let it be at the distribution level, corporate or organizational level).
4. *nix has a long history of being used in untrusted, multi-user settings (servers, thin clients, terminals, universities, banks, you name it..). Windows inherently *trusts* the user
Windows/DOS from the beginning has assumed a single, trusted user. It wasn't until NT came around that a true security model was inplace, but even that didn't take to the mainstream until XP arrived in 2001. Even with the release of XP and the possibility of enhanced security (underprivleged users), Microsoft elected to favor backwards compatibility/ease of use and defauled to Administrative level access for all users instead of enforcing underprivleged users and slapping application developers upside the head to write good code (Though in the 3rd party's defense, even Windows XP has some issues with the entire underprileged user configuration..).
5. So now we are on the verge of "Vista"
Anyways.. thats my take. Sure, any operating system *could* be run in such a way where a user can load up malicious code and undoubtedly, there will be bugs in the source code (it is written by humans after all..) --- however, given the initial focus on Unix to be utilized on untrusted networks in a multi-user environment and the fact they have had over 30 years to fine tune the code, make the code modular and it is still very prominent today (it was done right the first time) makes me think it is a valid, time tested model.
Compare this to the Microsoft model where every few years they have the "bet the company" on a new model.. its apparent to me that they simply are not building a model that is solid. Over the past 20 years, they have released what I consider 5 distinct versions of Windows (Windows 1, Windows 2, Windows 3, Windows 95, Windows NT) -- all with major fundamental changes in how they function. Windows Vista could very well be the sixth version (Atleast it *should* have been.. but with all the feature cut, it might not be..). This is compared to *nix where a lot of fundamental philosophies and tools very much date back over 30 years.
Re:Word of the Day: Switcher (Score:3, Insightful)