I have one pluggin - google toolbar - probably one of the most popular I would imagine, and it was broken -- for a security update? We are a small company of about 20 people and because of this crazy release 6 week policy and updates with no concern for plugin compatibility we had to ban firefox from the work place and go back to IE . . .

So, because restoring tax rates to Reagan era levels will only erase 36% of the debt - not 100% - we should ignore that as an option - obviously.

To me the most troubling part of this issue is what VUPEN does ... from their web site -- "Exclusive and sophisticated exploits for Law Enforcement Agencies". So, the reason the exploit is not being made public is so that Government agencies can use these exploits to install keyloggers or whatever they choose on whatever computer they which to target and monitor.

Actually no it not - if the bots are sending spam - that MUST be done on port 25 to the target mail server .. if that port is blocked, it cant deliver its payload to other mail recipients.

never realized that, but they love those recursive acronyms at MS. XNA, for example, is "XNA is Not an Acronym"

As much as I hate defending MS, I can't help but doing it here.

A rootkit (and that is one) in a system means that you, being software running on that system, have no chance of detecting it, at least if it has done its homework. For the patcher, those checksums might even have been correct.

It also needn't be manipulated files. Windows, as any OS that has to allow low level drivers, allows you to load non-MS ring0 drivers. Like, say, Linux. It's either that or writing a device driver for every single pesky little controller out there. Do you think MS would do that? Or even do it well?

Now, you don't need drivers for hard drives themselves, but for their controllers. And spyware is quite keen on snuggling up to those controller and "filtering" the calls between them and the OS. Now, those spyware drivers are deemed part of the I/O system (for obvious reasons, they are part of the HD controller drivers as far the OS is concerned). If that driver cannot be loaded because that patch fixes a loophole the spyware used, the OS identifies that as a critical error in the HD controller driver and cannot access the hard drive anymore. BSOD.

The very same would probably happen in Linux, in BSD, in ... whatever Apple's OS is called, I forgot. You have a driver that is deemed critical by the system that fails to load.

If you want to blame anything on MS here, it's probably that this rootkit drivers could be installed in the first place. And I honestly don't know if it's MS to blame or the user. What should MS do if the user clicks "allow" on anything he gets asked? Take away control from the user? I doubt you'd like that.

Amazing honesty.

I have no idea why you get modded Flamebait, maybe because you dared to suggest something that "takes away freedoms".

Bluntly, if anything it might save our freedoms. Because, well, do you think our politicians will not use the rampart spreading infections to spin? "You cannot take care of your computer, therefore we have to limit your ability to install stuff. Only approved applications may run anymore and that way no spyware can infect your machines. And only machines that adhere to this standard may join the internet".

Watch the sheeple cheer. Yay! Finally safe and protected from those evil malware infections!

Someday soon a politician will post what appears to be a benign photo with an embarrassing long/lat location.