Microsoft Notes Critical Security Holes in Windows, Office 634
Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.
Sad state of affairs.... (Score:3, Interesting)
I think I'd rather have an insecure system than one that gives MS carte blanche to install what it wants. There's something wrong with that.
Re:Sad state of affairs.... (Score:2, Troll)
Re:Sad state of affairs.... (Score:5, Insightful)
Linus put your hand down.
Seriously, we should be pushing for accountability, not a world were everybody's grandma has to learn C++ just to make sure that the big bad software company hasn't installed a trojan horse.
When you got your oil changed last, did you take the engine apart to make sure that your mechanic didn't put a rabbit in there?
I know that you probably change your own oil. It's an example.
Re:Sad state of affairs.... (Score:2, Insightful)
Linux appreciation/zealotry is about ideals. It's not that we necessarily want to look at the components, but just that we have the option to do it if we are so truly paranoid.
That said, I agree with you anyway.
Re:Sad state of affairs.... (Score:3, Insightful)
Plus you still have spent two+ hours on that, or another, installation issue.
Re:Sad state of affairs.... (Score:3, Insightful)
But you would have spent time setting up the machine, whatever the OS.
Re:Sad state of affairs.... (Score:3, Insightful)
Nope. Installing Windows 2000 Professional is about three ten-minute jobs, separated by big gaps of free time to do other things. Job #1: boot from the CD and partition and format the drive. Go do something else for an hour or so. Job #2: kick off the OS install. Go do something else, or have lunch, or whatever. Job #3: finish the OS install and set up the RAID set. Go home while the RAID set formats overnight.
Total time from start to finish is measured by looking at a calendar. Total time spent on the job is about half an hour.
Re:Sad state of affairs.... (Score:3, Informative)
#5: Download and install all the security patches you need.
So, there's another half an hour or so right there...
Quick installation (Score:3, Informative)
Well, then setting up Red Hat takes even less time then with a kickstart diskette. Time: Put in disk and install CD, turn on computer, come back when it is done configuring everything.
Re:Sad state of affairs.... (Score:4, Informative)
Oh and I work on my own car and go through source code in my spare time so your points don't work much on me. I don't trust M$ nor mechanics.
BTW a friend works at Jiffy Lube and always has interesting stories on how the boss makes him take suckers to the cleaners.
Re:Sad state of affairs.... (Score:5, Funny)
First off, this is funny! :-)
But it does kinda miss the point, as no doubt many people will be quick to explain. (Don't you think ``You missed the point'' should be the Official Slashdot Motto? :-)
The point is that if a patch is open source, and if only 1% of the 10,000 people who install it bother to read through, then that's still 100 pairs of eyeballs that will spot any funny business. So, crucially, the other 99% (and yes, I admit to falling into the 9,900 here more often than not) also benefit from the code's openness.
Summary: I don't want it open so I can look at it; I want it open so Linus can look at it for me and tell me if there's anything wrong with it! :-)
ObDisclaimer: no, I'm not really a degenerate freeloader. Usually I am in the 99% that doesn't read the code. But every often - say 1% of the time - I will read it. See also my open source Net::Z3950 module at perl.z3950.org [z3950.org] before you dare question my Free Software credentials. Infidel! :-)
Re:Sad state of affairs.... (Score:3, Insightful)
Then again, I don't worry too much about MS on the malicious code side. I won't install a patch the first day it comes out and will watch for installer's reactions (with debian I'll install and if I'm havign a new problem I'll check debian boards about the patch). I am, however, getting more and more upset on the EULA side. For a product that is supposed to be free, I.E. sure asks for a lot.
Re:Sad state of affairs.... (Score:5, Insightful)
See? There's only about three of them. There's no point in freedom of the press if only three people use it.
Ok, now everyone who's been arrested this week raise your hands.
Only a couple dozen out of a couple hundred thousand? Ok, no point in rights for the accused, then.
Next up, let's see how many of you are black. Only about ten percent? Well, what's the point in those equal protection and non-discrimination clauses? Most people don't need them.
Re:Sad state of affairs.... (Score:5, Insightful)
No, because I could sue my mechanic for breaking my car. I can't sue Microsoft for breaking my computer.
Re:Sad state of affairs.... (Score:5, Insightful)
Re:Sad state of affairs.... (Score:2, Insightful)
But by leaving your system insecure, you're giving every h4X0r on the planet carte blanche to install whatever they want on your machine. I'm afraid you're stuck between a rock and a hard place.
Re:Sad state of affairs.... (Score:3, Funny)
Re:Sad state of affairs.... (Score:3, Funny)
"Not me. Must have been some cracker that broke into my machine and installed the update."
It's official! (Score:2, Informative)
Microsoft are now worse than script kiddies. That's some statement.
You know, you could run (1, [redhat.com] 2, [mandrakelinux.com] 3, [suse.com] 4, [debian.org] 5 [slackware.com]) something [openbsd.org] other [freebsd.org] than [apple.com] windows.
Just a thought.
-r
Re:It's official! (Score:2)
And don't bring Apple into the discussion. Too expensive for me.
What you really need... (Score:2)
Automatic Install FUD? (Score:5, Informative)
On my Win2K machine, Windows Update provides a list of updates I have yet to install. One of these is Windows Automatic Updating (June 2002). The info text for this update reads:
Windows Automatic Updating, June 2002
This Windows feature notifies you when critical updates are available for your computer. This feature replaces Critical Update Notification if it is already installed. Critical Update Notification will no longer offer critical updates. Download now to receive notifications of critical Windows updates.
System Requirements
This update applies to Windows 2000 Service Pack 2 (SP2).
How to use
To set your preferences for automatic updating, follow these steps:
Click Start, click Settings, and then click Control Panel.
Double-click Automatic Updates.
Select the notification method you prefer.
How to uninstall
Uninstall is not available.
However, I have always consistently unselected this item to preven its intallation. I want to know definitively if the latest cummulative security patch somehow end-runs this, or deprecates Window Automatic Updating in lieu of some new updating scheme.
Definitively, not speculatively.
How to Kill Automatic Updates (Score:5, Informative)
In win2k:
Start > Settings > Control Panel > Administrative Tools > Services. Doubleclick the item "Automatic Updates." Pick Startup Type "Manual" or "Disabled" (I think the difference is Disabled means you have to be an administrator to turn it back on). Click OK. You may have to hit the "stop" button at the top of the Services window to actually stop the instance currently running, but it won't ever start again.
Ahh, my computer is free from evil once again.
Re:How to Kill Automatic Updates (Score:3, Informative)
Actually, SP3 adds a template to the GPO that allows you to include it in Active Directory. I can turn it off on all my machines with a couple clicks.
Or better yet, I chose to install System Update Server, that is a local version of Windows Update, it downloads the patches, I can approve which ones i want, then it pushes them out to the clients Auto-update style. The GPO allows me to set when to scheudle it and to use an internal server. Now i roll out all my fixes without much of an issue.
Re:Sad state of affairs.... (Score:5, Insightful)
On another topic, do you really believe MS is going to install software willy-nilly on a couple hundred thousand computers without the owners consent? The backlash from that sort of thing could easily put them out of business.
This whole elitest attitude everyone has needs to go.
For crying out loud (Score:5, Insightful)
There is a real simple solution to automatic updating if you don't like it: TURN IT OFF! I know this may be a huge supprise but if you actually bother to LEARN about Windows you'll find that it does offer options. Just go to the services control panel and disable automatic updating. Bingo, your computer will only then get updates when you manually check for them. There is then no way to remotely restart or reenable this service without an administrator password on that computer.
The reason MS has language in their EULA about their automatic updating is to cover thier own ass. The thing is, sometimes their updates will cause problems on a given system, despite their best efforts to stop that from happening. For example, they had a 3com net driver update that for wahtever reason caused a system with Tiny Personal Firewall installed on it to BSOD on boot. The problem was related to TPF 2.0.15 (that version was not tested on XP by Tiny Software), as systems without it were not affected. Well, if this update got pushed out automatically to systems and people failed to check what they were installing before doing so, it could cause problems. The EULA is a CYA measure for situations like that.
Please, before you shoot your mouth off about Windows try LEARNING about it first. You would ask that other learn about Linux before passing judgement, do the same yourself for Windows.
It's not FUD (Score:4, Insightful)
Microsoft simply reserves the right to update your system, period. In fact, as I read it, blocking an update that Microsoft wants to put on your system (with or without Windows Update) would be a breach of contract, as, like I said, there are no provisions in the EULA for users blocking the updates.
This can't be said enough: The EULA described a superset of the Windows Update mechanism. If they decide to force something onto your system, you will have no recourse after agreeing to the EULA.
It's not FUD; that clause allows Microsoft to take control of the computer, while theoretically not allowing you any recourse. I for one don't care to turn that power over to anybody, especially as they haven't even made mealy-mouthed promises not to abuse it. It's just there, and they can do whatever they want with it, whenever they want, and not violate the license.
I will say this: I'm sure that if they only wanted to cover their ass with regards to the Windows Update mechanism (something you already agreed to anyhow by leaving it clicked), they would have written something more limited.
mod parent up, please (Score:3, Insightful)
Please be sure to read the EULA (Score:3, Interesting)
Re:Sad state of affairs.... (Score:5, Insightful)
I have never seen the sense in firewalling a machine with the same machine.
I've CAUGHT M$ stuff sneaking past ZA... (Score:5, Informative)
WinME, no patches, ZAPro; system had no modem, thus no internet connexion. ZAPro dutifully reported every attempt to connect (which a lot of programs try to do for one reason or another, usually innocently)
Win98, no patches, ZA Amateur 2.63 (I think); system has moden and DUN configured in the usual way. HAD been well-behaved. Made the mistake of installing TurboTax this past April, and it forcibly installed IE5.5. Which FUBAR'd DUN. When I finally got DUN working again and went online, ZA *immediately* reported an attempt to intrude, from a M$ IP address (I whois'd it, so I'm sure), IIRC on a UDP port. Excuse me? What business does M$ have trying to get into MY computer? And since IE5.5 wasn't running per se (I only use Netscape online), clearly it had suborned Windows itself. And again, ZA didn't make a peep, tho it had always reported every other attempt to get in or out.
This is why I IEradicated IE5.5 [see 98lite.net] and reverted the system to IE5.0, which had never exhibited any underhanded behaviour (tho I don't let it out on the net, I only use it for checking my HTML locally).
And yes, there is a hardware firewall in my future, exactly because of this sort of security breach.
Re:Sad state of affairs.... (Score:4, Interesting)
do you even have (a)/dsl?
Checking my log for today I've had over 50 people try and initiate unauthorised connections. The only server I run is HTTP and ident so there's no reason for any of them to try any other ports than those.
nslooking up their ip and I get mostly dial-up users or No such server.
Windows shares are the usual culprit. I did some scanning myself after cable modems launched in our area. I found myself on someone's shared C: drive will full rights. I trawled through some files to try and get some sort of ID. c:\program files\icq\ did me nicely and I was able to get the person's ICQ number. I looked them up on the ICQ whitepages and couldn't believe it when it turned out to be my uncle!
You don't need to waste a whole PC on it either
I've got one of these
befsx41 [linksys.com]
Works great, no trouble in 3 years. Not a single piece of software has had trouble with it. Can't recommend it enough for home/soho users.
Moderate severity (Score:5, Interesting)
Re:Moderate severity (Score:2, Insightful)
Re:Moderate severity (Score:3, Informative)
But when was Microsoft ever concerned about its customers fully understanding its security problems?
--Jim
Re:Moderate severity (Score:3, Interesting)
Great! (Score:5, Funny)
Arbitrary commands run by strangers if I don't,
Arbitrary commards run by Microsoft if I do.
If only more sites complied with standards, I could dismiss MS entirely for Opera.
Re:Great! (Score:5, Funny)
Arbitrary commards run by Microsoft if I do.
You know, I think I would rather trust the strangers.
Re:Great! (Score:3, Insightful)
I believe the phrase is, "Better the Devil you know."
This means Microsoft, sorry to say. Of course, I use Mozilla exclusively on a Mac and a Linux machine. No Windows boxes for me at all.
Re:Great! (Score:2, Insightful)
Re:Great! (Score:2, Informative)
Have you tried out Mozilla lately? The quirks mode in Mozilla renders bad HTML just as well as IE does, IMHO. Ever since Mozilla
Re:Great! (Score:2)
No need for this patch. (Score:5, Funny)
Download now to continue keeping your computer secure.
So apparently my computer is allready secure and there is no need to download the patch then!
Silly Microsoft.
Re:No need for this patch. (Score:3, Insightful)
Microsoft's idea of security. It's really just as secure after the download and patch as it was before
Irritating but beneficial too (Score:5, Insightful)
Today I just spent 3 1/2 hours updating security patches on a group of machines in an office for office 2000. The people there are annoyed about all the patches, and we joked about it being "this months security update". Now there's this, and I'm going to be called in again to update their machines. On one hand it's irritating, on the other hand it gives me more work, which I need at the moment.
A few of them are curious about Linux, and I keep it in their mind - not telling them that it will solve all their problems, but that in the near future it may be beneficial for them to consider it. I let them know an alternative is there, and they are positive, no knee-jerk reactions. I'm honest to them about it's advantages and disadvantages - where it will help them and where it will be a challenge. When the time is ripe they will change over - it is inevitable. This won't eliminate the need for security patches, but I hope through the use of thin clients only one or two machines will ever need updating.
Re:Irritating but beneficial too (Score:2, Informative)
Re:Irritating but beneficial too (Score:3, Interesting)
If you don't like constantly having to patch MS Office, then don't use it. There are plenty of alternatives, including WordPerfect [corel.com] Office Suite, which is what I use.
Re:Irritating but beneficial too (Score:5, Funny)
I installed a Linux fileserver at a company I used to work at, and when I was laid off we agreed that they would call on me if they ever had a problem with the server and we would "work something out". I haven't recieved a single call, and it's been over 6 months! When I run into my former coworkers at the store and such I ask them how the servers doing and they always say "Great, we haven't had a single problem".
If you depend on support calls to make your living, the last thing you want to do is install Linux!
Re:Irritating but beneficial too (Score:3, Funny)
Since you schedule it with cron, you can make sure it doesn't happen on your vacation. Some would say this is dishonest, but then again some would say "So is installing NT on purpose".
Re:Linux has a stream of patches too (Score:2, Insightful)
MS on the other hand offen ignores security issues (21 open security problems with IE.) and do not maintain as many packages.
There is no EULA attached. (Score:5, Informative)
No EULA (Score:5, Informative)
I just installed it now (q323759.exe) and it didn't ask me to agree to anything. In fact the only question I got was "Do you want to install this update?".
For now, my PC is safe from Microsoft forced modifications (relativily speaking)
Re:No EULA (Score:2)
Re:No EULA (Score:3, Insightful)
Re:No EULA (Score:2)
Ahh, whoops, sorry. It does actually tell me I needed to reboot (I hit "no", I'm busy). Forgot about that one. But yes, you're right, some more information would have been nice.
SSL Cert. (Score:4, Informative)
Re:SSL Cert. (Score:4, Funny)
That's because their PR people haven't acknowledged that it is a problem yet. Give them 6-8 months. Sheesh, you Open Source people sure are impatient.
SSL? (Score:4, Interesting)
And even on 2000/XP (Score:4, Interesting)
Re:And even on 2000/XP (Score:4, Funny)
Truly ironic (Score:5, Interesting)
A flame but a good point (Score:2, Insightful)
If your servers are configured correctly and you have redundancy in place then there should be no problem installing this update,
If you don't use load balancing then just bring the warm/cold server online while you take the server your about to update off line.
Spend a few days testing the updated server.
and then sync with the cold/warm server and repeat.
If you load balancing then take some servers out of the loop and run them concurrently to make sure Microsoft hasn't broken anything then repeat until all servers are updated.
If all of the above sounds like voodoo then you should be more concerned about you internal systems than any bugs that might be in Windows.
Re:And even on 2000/XP (Score:3)
Why are you running a GUI on a server?
-
About the leaked corp edition... (Score:3, Interesting)
For crying out loud..... (Score:2, Insightful)
Just for kicks, I signed up for Microsoft security bulletins. I get hoards of e-mail every week, as new vulnerabilites are continually found in each of their products. Being an IE administrator it's important to subscribe to this stuff.
New IE patches come out about every 2 months. This patch is not all that big of a deal. All the fixed issues had workarounds, and a lot of it could be prevented by using a good proxy server.
The fact that Slashdot immediately jumps all over Microsoft for this is ludicrous. Get a life.
Re:For crying out loud..... (Score:2, Insightful)
Re:For crying out loud..... (Score:2)
This goes double for the linux side. I see patches for stuff I may or may not have installed. I hate to say it, but I have two linux boxes I know exactly what is in there - an MP3 player for my car and home. Everything else I am at the mercy of Sun, RedHat, and SUSE's installer. I trim, but don't really know what is bundled.. The OpenSSH thing was a big wakeup call for me to check the bloody MD5 hashes - not just install from a mirror.
Re:For crying out loud..... (Score:2, Funny)
*ROTFL*
Is that a joke? IE administrator? I just love the idea that a browser needs administration (and I don't care how many users you have, it's no excuse).
IE administrator... Good grief. Soon we'll have keyboards admins and mouse keepers...
Re:For crying out loud..... (Score:2)
Here's our dillema. We've got all these proprietary web based systems that were written specifically for IE. Opera, Mozilla, Netscape, they all give us weird errors. We're government, when an agency says "this is how it is", our hands our tied. I've written some colorful letters to the people who design these, the response is usually "but everyone uses IE".
So, we're forced into using IE for everything. 500 IE users == a lot of security problems. Stay on top of patches and find ways of rapidly deploying them. Use a good proxy server to filter out stuff (like the gopher vulnerability) and hope for the best. So, from that I label myself as an IE admin, since the dumb thing needs so much babysitting.
Re:For crying out loud..... (Score:4, Insightful)
Because Microsoft owns the computer industry. It sucks. Their software is worthless. What's an admin supposed to do? Go deploying linux boxes at every workstation? Sure, I'd love that. There's a few UNIX geeks in various departments who would love that too. For the people who have no business using a computer, having e-mail, or getting on the internet, it'd take us years to train them in on linux. Then all we'd hear is "why can't I install this dancing puppy thingy that my stupid ass aunt sent me?"
The fact is, to deploy linux and force users into it goes against everything that an IT department stands for. We have to cater to the greater audience. If 90% of our users refuse to use anything other than Windows, we're screwed. Wed can hold daily meetings about what Microsoft has done NOW, why they're eveil, why their software is bad for us, they still won't get it.
When it comes to anti-virus, firewall, and ad blocking, open source is a great option. Squid, MIMEDefang, SpamAssassin, junkbuster, it's all good. Better yet, it's all free. An IT department can put up an open source blockade at the door, the users don't know the difference, and we're much happier.
So, to sum it up, we know MS sucks. I hate their software with a passion. SOMETIMES YOU JUST DON'T HAVE A CHOICE. I run linux at work and at home. We run linux products at the T1 entry point here at work. We have to run Windows on most desktops because THE PEOPLE WHO USE THEM ARE MORONS AND DON'T CARE ABOUT SECURITY.
Now that I've returned to my laptop... (Score:2)
My original title (which was edited by michael for purposes of clarity, I'm assuming) failed to mention Office; the CNN story and Microsoft TechNet article didn't seem to coincide. However, it's entirely possible that a few shared components may be vulnerable.
call the exterminators (Score:3, Funny)
"Beware gophur attack in coming days.
Tunnels created by gophur may break windows.
Advise careful monitoring of the handler."
To see if he goes all Caddyshack on me.
I need more old protocols coming back purely to be used for my amusement.
Overly Critical? (Score:2, Informative)
Just my $.02
>FlameBait
Questions: Microsoft, Alternatives, EULAs (Score:2, Insightful)
Why is it that companies (and individuals) complain and complain about how much time/money/energy they spend on patching Microsoft products and yet don't do anything to change a) their practices and b) their product choices?
This is an honest question that I'm wondering about. I agree with the people who also wonder why Microsoft flaws get so much attention from /. and Linux/Solaris/Apple/etc flaws get next to none. To those that say "Because there aren't any worthwhile reporting on." I say "Read more." The recommended patch cluster from Sun has lots of interesting reading.
There seem to be _alot_ of alternatives for almost everything. How many of those alternatives are used by more than the developers of those alternatives? By more than the friends/family of the developers? For my part, I don't have the money right now to get a second machine and my current Windows machine is used primarily for games. However, when I get the money, I will be running something other than Microsoft products where possible. My browser of choice right now is Mozilla. But there are sites that require me to use I.E. much to my disappointment. What are the technically savvy people doing to help their companies move away from Microsoft and what alternatives are they proposing? [And no 'Linux' isn't a good answer. What distro of Linux?]
Personally, I'm glad Microsoft changed their EULA to say that it gives them the right to run whatever they want on your computer. It gave me a wakeup call to read the EULAs more carefully. Occasionally, I turn down the EULA and don't use the product. Are other people finding that they are reading EULAs more carefully and actually turning them down more?
--Maarten
Re: (Score:3, Insightful)
Ugh (Score:2)
Film at 11.
Next!
RedHat and Mandrake announce security patches.
Film at 12.
Next!
Good for them (Score:2)
If they don't pshaw the other holes that other people find and admit their seriousness now, I'll actually have one less reason to hate them.
Good News! (Score:2, Funny)
In the same e-mail, I sent a link to RedHat.
Hopefully, my family will finally switch to an OS that actually works.
Thanks Microsoft, for helping me make my family realize how much your software sucks -- couldn't have done it without you! *smiles*
but the real problem is... (Score:2, Informative)
from the bottom of the BBC article:
My favorite part of the EULA... (Score:4, Insightful)
My favorite part of the EULA is where you can not reveal the results of any benchmark tests of the .NET framework unless Microsoft gives you permission to do so.
What does that tell us about .NET?
I wonder if saying something like "I would like to tell you exactly how slow the .NET framework is, but then Microsoft would sue me" would be ok.
Interestingly enough, though...you only have to accept the EULA if you use the Windows Update feature of IE. If you just download the fix from TechNet, no EULA is mentioned.
OK , OK, we get it (Score:5, Funny)
(While playing Zoboomafoo Alphabet the Critical Update came onto the screen obscuring the Lemurs. "Daaaad stupid Windows is bothering me!")
Not to mention remote root on SQL Server (Score:3, Informative)
-dave
Is there a "we can turn you off" clause? (Score:3, Interesting)
EULA a form of coercion? (Score:3, Interesting)
Microsoft creates a flawed piece of software. They sell it to millions of unsuspecting victims under one EULA.
Then, they release patches for flaws that are serious enough to destroy a business if left uncorrected. They tell the victims: ?Agree to this new EULA that takes away many of your rights or we won't fix our software!?
Re:Suprise suprise suprise.... (Score:2, Funny)
Re:Suprise suprise suprise.... (Score:2, Insightful)
Re:Suprise suprise suprise.... (Score:2)
Re:Suprise suprise suprise.... (Score:2)
Do we count the time that OpenSSH got trojaned? (Score:2, Offtopic)
The folks at OpenBSD still haven't explained how that's happened so we've got six theoretical bugs (which will undoubtedly become reality Real Soon Now) versus an unexplained, but very real, hack, which may or may not manifest itself elsewhere. And as long as we're calling apples and oranges, take a look at the size of the codebase and the amount of functionality of one versus the other.
How it happened not really relevant (Score:4, Informative)
Read the OpenBSD FAQ for the details of why the FTP server isn't an OpenBSD box, but IIRC it's basically because it's a donated box and bandwidth from a university, and beggars can't be choosers.
Re:Suprise suprise suprise.... (Score:2)
That's what I said to my friends and now I have time to enjoy myself. Before that, I would go over to a friends house and find myself cleaning up their system.
Now I tell them that I don't do windows.
Re:Suprise suprise suprise.... (Score:2, Troll)
And where does the writer of the article get off saying "The world's No. 1 software maker said ..."
Microsoft is not the worlds' number one software maker. They've bought most of their current product line. Now, if the article had said "The world's No. 1 software bug producer said ..."
Re:Suprise suprise suprise.... (Score:5, Funny)
Who? Microsoft, or your family?
Re:ha! (Score:5, Interesting)
They already know. Remember a couple of months ago, when Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. The architecture of Windows is inherently insecure and cannot be fixed. Read all about it here. [tombom.co.uk]
Re:ha! (Score:2)
Lets just hope he didn't find out about these issues looking like this [theregister.co.uk].
Disclaimer: I've met him in real life several times, thankfully he was fully clothed. He often pops on to the place linked below under the name of "Foon".
Re:Get some PRIORITIES! (Score:2)
Re:Well.... (Score:2)
OK, now here's something I don't understand, but you appear to, so I'll ask now..
How (exactly) does ctrl-alt-del make a computer MORE user friendly?
When you boot Win NT/2K/etc, you have to 'hit ctrl-alt-del' to log in - exactly what is being accomplished by doing that? Would it not be easier to simply present a login screen?
Exactly how does adding a step - which seems (to me, at least) to be a NOP - make the computer easier to use?
Re:News for Nerds, Twisted to Make MS Look Evil (Score:5, Informative)
No, the fact of the matter is that the oldest security hole [pivx.com] still present in internet explorer is over...
2 years and 2 months old.
Look, if they ACTUALLY fixed their OS (and by OS I mean browser, which MS says is the OS) we wouldn't care. But, you see, since they don't care to fix their OS (and if you can't fix it in 2 years then you are one very pathetic uncaring company) then we will care to explain to others that they don't care.
Get it?
You can apply every security patch in the world, but IE is still lets any site read:
- Any and all of your files
- Run any code they please
- Upload files of their choosing
- Modify files they want to
- Delete files they want to
- Delete your BIOS so you can't boot up your computer
- Make your computer dial 911 constantly, tying up emergency systems
- Install viruses on your computer
- Make your computer do DDOS attacks
- Make your computer email bomb threats to the president under your name
All without warning you. And any amount of patching won't affect it.
Is that not serious enough? Do they need to set your computer on fire to make it serious enough? Does your computer have to reach out and throttle you before you see how serious it is?
Sheesh.
Re:News for Nerds, Twisted to Make MS Look Evil (Score:3, Insightful)
From following that link, you can see that it is obviously *possible* to build a browser (a good one, in my experience... upgraded to Mozilla 1.0 from Netscape 4.7, since I hated NS6 and won't use IE) that has relatively few security holes, and it is also possible to fix them as they come up. What excuse do you want to give on MS's behalf for being so behind, especially when they have a lot more resources to throw at the issue?
Re: oh my! (Score:3, Funny)
We do, its called linux.