Slashdot Mirror
Domain: technet.com
Stories and comments across the archive that link to technet.com.
Comments · 534
-
Re:Oh man, this one again?
let me refer you to the site that I referred to in my earlier post, in which the Progam Manager for Windows Update states that the updates were installed if Automatic Updates were set to "3) Check for updates but let me choose whether to download and install them", No need for a visit to the WU site.They DID NOT manually visit the WU site.
Can you cite a source for that? None of the sources I found that claimed to reproduce this seemed to specify either way, -
Re:Oh man, this one again?Yeah, it would be nice if people quit the FUD, wouldn't it?
They updated Windows Update, when people explicitly visited the Windows Update site. That is all. They are not pushing out updates to critical system files without any user intervention.
That claim, Sir, is incorrect. The updates were pushed out to those systems that had automatic updates set to "Check for updates and notify me". Your claim that a visit to the Windows Update site was required is simply wrong. Now, who is spouting FUD? -
Re:You couldn't be more wrong.The dolphins were paying Adams to provide good PR. After "they" thanked us for the fish, how could we think that they'd be so ethically challenged as to run MicroSoft? It's a in depth conspiracy, run by very smart mammals - do you think that, say, Steve "monkey-boy" Ballmer could think this stuff up?
Anyway, the dolphins have had one of their paid monkeys continue the conspiracy with denials and obfuscation.
-
Windows Update Program Manager lies or incompetentSo there is a blog post by
Nate Clinton
Program Manager
Windows Update
athttp://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx
where Nate writesany user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notification
(Emphasis mine).
It's a pretty long post.
Just wanted to mention it here since there is no logic in it, and this explanation is simply wrong, since Microsoft controls both the Updating server and client, and can simply keep a version number for identification. In fact, you would think that Microsoft keeps a copy of past updates just so they can be replayed. So if very old version of Microsoft Update Client contacts the server, of course many past updates have to be applied, one of which will be the update to the update client.
So we are looking at two cases- Microsoft Windows Update Program Manager is incompetent and uncapable of thinking through the tiniest feature
- Microsoft Windows Update Program Manager lies about the problems, methods and efforts involved
(An example of why I stay away from Microsoft documentation and publications)
Stephan - Microsoft Windows Update Program Manager is incompetent and uncapable of thinking through the tiniest feature
-
From the Microsoft team
http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx
Apparently, it has done this all along, and it's a legitimate feature to keep the updater software itself up to date. It's a question not of "Who watches the watchers?" but "who updates the updaters?" -
You've been vindicated.
See here.
-
Re:Can't Win for...
Misleading articles make you wrong. YSee here.
-
Re:M$ is a Loser.http://blogs.technet.com/mu/
If you have automatic updates, this is simply not happening, period. Just more FUD to whip up the zealots like you.
And yes, you are twitter, no matter how many ways from Friday you try to deny it. Don't make me go look for the links.
-
Sorry, you're mistaken
Too bad for you the article is wrong. See here. Relax and take a deeeeep breath.
-
Wrong
You've been FUD'ed. See here. Relax and take a deeeeep breath.
-
Yes I want to bet
Enough of the hot air and FUD. Read The TFA is a piece of FUD. See here.
-
Wrong
The TFA is a piece of FUD. See here.
-
Confirmed by Microsoft
You're right. MS has posted a blog here which pretty much confirms what you said. What I am really interested to see is if Slashdot will post a correction.
-
Re:Hang on a minute...
You're right. Except that it does not happen that way. Even when you're on Microsoft's Site. The activex control for Windows Update runs only on their site, and detects that the user is running an old version and asks explicit permission from the user to update it and only then are any changes made to your system.
Well, this is Slashdot, after the article has been proven to be total FUD, and almost all the up-modded comments have been shown to be paranoid rantings with no justification, people like you turn up to STILL create more FUD and get modded up groupthink. Sigh.
If you're really interested, read here .
-
Wrong wrong wrong
The whole article is a piece of FUD. There are no auto updates of any files happening if you turn Automatic Updates off. See here .
-
Update: Microsoft's Reply here, 3:00PM EST
Microsoft has posted a reply here.
-
Re:First post thanks to OPERA!!!!
Nah, the speed problem was because AC was using Vista.
You need to use Gentoo Linux with a minimum of CFLAGS="-O3 -finline-functions -funswitch-loops" to get the best speed results with Opera. -
Re:Flash lifespan in persective
You're assuming that the 2GB a day could be spread evenly over the disk. This would vary depending on how much free space you have on the device. If your drive is 1% full then you can distribute your writes over the other 99%. But most people don't keep their storage mainly empty. In fact people tend to run just under the limit - hence the saying that crap always expands to fill the available space. If your drive was 99% full then you can't distribute the writes over the parts with data (as it would have to be moved somewhere else negating the benefit), and then you run into the problem with the limited duty cycle.
Wear levelling happens inside the device - the OS can't see it.
So even if you keep writing to the same logical sector over and over again that physical location moves around so that the erase count remains the same for each erase unit. The device has just needs to keep track of the mapping from logical blocks that the OS uses to physical blocks which are an actual location in flash.
It has to be like this, since all filesystems tend to write to the area at the start of the disk very frequently. On FAT the FAT needs to updated everytime a file grows. On EXT2/3 or NTFS it's actually worse - the inode needs to be updated on file growth or when the file "last accessed time" changes. People have worked on "last accessed time" problem though - XP only updated it with a one hour granularity, and Vista disables it by default. Linux has a relatime mount option. -
Re:router
Huh? Hold on there. If you actually read that knowledge base article you're link to, it says that Vista is setting the BROADCAST flag by default, not the UNICAST flag. I don't think there even IS a UNICAST flag.
So, it's looks like Vista uses the OLD approach (broadcast) by default instead of the current modern approach (Unicast). This is drain bamaged by Microsoft alright.
(The Linux box isn't supporting the OLD broadcast standard - completley opposite of what you're saying. Support for broadcast by a server is only a "SHOULD" and not a "MUST" in the relevant RFC, so the Linux box is adhering to standards.)
As for your other comment, "Jim"s article is a red-herring. His post is about causing the Windows DHCP *server* to send a Unicast response EVEN IF the client asks for a Broadcast response - which is not what a sane DHCP implementation should need to do, now, is it? His post is essentially "how to configure Windows DHCP servers to work around drain bamaged clients that ask for Broadcast for no good sane reason."
Read the comments on this post. Microsoft have been told. And as you can see, even they know that broadcast support in a server is only a should, not a must.
(WHY Microsoft changed Vista to use broadcast by default is the question - I cannot think of a sane reason for it. There are situations (such as with DHCP relay agents) that unicast will work when broadcast won't.) -
Re:Failed engineeringIt's not like something they should have tested for and never found, it's something they did themselves. After reading your post, the parent post and the grandparent post (and every other +3 post in the thread) I feel like I'm the only one who made it to the end of TFA: The throttling rate Vista uses was derived from experiments that reliably achieved glitch-resistant playback on systems with one CPU on 100Mb networks with high packet receive rates. Things they apparently didn't bother to test for:
- Multiple NICS
- Gigabit NICS
- Multiple CPUs/Cores
One thing I don't get is how he managed 41.61% CPU utuilization while transferring a file. Did he have the ethernet equivalent of a winmodem? -
Re:I object to the "defective by design" tag
It's actually intentional throttling that wasn't fully thought-out. See Mark Russinivich's blog: http://blogs.technet.com/markrussinovich/archive/
2 007/08/27/1833290.aspx
Certain parts of network handling occur in the kernel with scheduling disabled, which means that they have the potential to cause glitches in the audio if too many packets are handled per second. Vista tries to provide low-latency audio, so it has less tolerance for delays than previous versions of Windows. So the audio guys talked to the networking guys and decided there would be a flag that says "please reserve some time for audio processing if an audio stream is being processed". Unfortunately, the reservation was way too agressive.
No excuses - this is a bad bug and should never have happened. The behavior is designed to fix a problem, but the fix created a new one. It will be fixed. Hopefully that fix won't cause more trouble... -
Mark Russinovich on this issue
Mark Russinovich posted a fairly in-depth and technical explanation of this problem. It's worth taking a look at.
http://blogs.technet.com/markrussinovich/archive/2 007/08/27/1833290.aspx -
Re:So does vaporActually, you can buy it today In this case, Microsoft's product page needs a clarification, as it states: "It's all coming together. Available in stores fall 2007." The blog states that the software has been released to manufacturing but "OEM products are still forthcoming." But will there be software to convert a paid-for, older computer with a new hard disk into a home server, as there is with Linux?
-
Re:Let's Compare!"Windows: Huge Security Holes
Linux: None" - by BillGatesLoveChild (1046184) on Friday August 24, @12:49AM (#20340125) ONTO SECURITY, SINCE YOU MENTIONED THAT:
"Read 'em & WEEP", Linux fiends:
---
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
---
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
---
ALL I tend to see/hear/read here @
"(Insert *NIX variant here) is more secure or securable than Windows
Well, ok: Put your money where your mouth is, back up your bluster, because talk is cheap - show me, show us, & backup your bluster!
Beat the score I am able to achieve on the multiplatform CIS TOOL benchmark gauge of security then... back up the bluster!
CIS TOOL uses tests based on best practices for the OS platform it runs on testing analogs each has between them & they do have them (such as state & configuration files ACL/MAC security, every OS has these for example)!
(& this test is noted as valid and good for helping you secure yourself, no less by COMPUTERWORLD & SANS (both cited here quite a bit on this site mind you, & thus, respected here)
Here is my score of 84.735/100 on it:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
In fact, when I challenged the *NIX crew here (especially asking for BSD & SeLinux kernel hook bearing security addons such as UBUNTU/KUBUNTU have no less) to this test?
HARDENING LINUX (of ALL places, lol, that happened here @
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
Over 30x now, & all the LINUX PENGUINS ran, each time (bsd people too) & at a post here at slashdot called "Hardening Linux" too, lol, no less!
APK -
Re:Let's Compare!"Windows: Huge Security Holes
Linux: None" - by BillGatesLoveChild (1046184) on Friday August 24, @12:49AM (#20340125) ONTO SECURITY, SINCE YOU MENTIONED THAT:
"Read 'em & WEEP", Linux fiends:
---
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
---
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
---
ALL I tend to see/hear/read here @
"(Insert *NIX variant here) is more secure or securable than Windows
Well, ok: Put your money where your mouth is, back up your bluster, because talk is cheap - show me, show us, & backup your bluster!
Beat the score I am able to achieve on the multiplatform CIS TOOL benchmark gauge of security then... back up the bluster!
CIS TOOL uses tests based on best practices for the OS platform it runs on testing analogs each has between them & they do have them (such as state & configuration files ACL/MAC security, every OS has these for example)!
(& this test is noted as valid and good for helping you secure yourself, no less by COMPUTERWORLD & SANS (both cited here quite a bit on this site mind you, & thus, respected here)
Here is my score of 84.735/100 on it:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
In fact, when I challenged the *NIX crew here (especially asking for BSD & SeLinux kernel hook bearing security addons such as UBUNTU/KUBUNTU have no less) to this test?
HARDENING LINUX (of ALL places, lol, that happened here @
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
Over 30x now, & all the LINUX PENGUINS ran, each time (bsd people too) & at a post here at slashdot called "Hardening Linux" too, lol, no less!
APK -
Re:Let's Compare!"Windows: Huge Security Holes
Linux: None" - by BillGatesLoveChild (1046184) on Friday August 24, @12:49AM (#20340125) ONTO SECURITY, SINCE YOU MENTIONED THAT:
"Read 'em & WEEP", Linux fiends:
---
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
---
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
---
ALL I tend to see/hear/read here @
"(Insert *NIX variant here) is more secure or securable than Windows
Well, ok: Put your money where your mouth is, back up your bluster, because talk is cheap - show me, show us, & backup your bluster!
Beat the score I am able to achieve on the multiplatform CIS TOOL benchmark gauge of security then... back up the bluster!
CIS TOOL uses tests based on best practices for the OS platform it runs on testing analogs each has between them & they do have them (such as state & configuration files ACL/MAC security, every OS has these for example)!
(& this test is noted as valid and good for helping you secure yourself, no less by COMPUTERWORLD & SANS (both cited here quite a bit on this site mind you, & thus, respected here)
Here is my score of 84.735/100 on it:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
In fact, when I challenged the *NIX crew here (especially asking for BSD & SeLinux kernel hook bearing security addons such as UBUNTU/KUBUNTU have no less) to this test?
HARDENING LINUX (of ALL places, lol, that happened here @
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
Over 30x now, & all the LINUX PENGUINS ran, each time (bsd people too) & at a post here at slashdot called "Hardening Linux" too, lol, no less!
APK -
Re:DRM strikes again?
-
On SQLServer 2005, & Windows vs. Linux? See in
"So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):
Vulnerability Report: Microsoft SQL Server 2005:
http://secunia.com/product/6782/?task=statistics
Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...
----
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:
----
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
----
And, as far as your thinking CIS TOOL is malware?
COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302
2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).
----
You stated these objections:
1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)
2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:
a. Disconnect your router or PC from the net, yanking the cable IF -
On SQLServer 2005, & Windows vs. Linux? See in
"So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):
Vulnerability Report: Microsoft SQL Server 2005:
http://secunia.com/product/6782/?task=statistics
Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...
----
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:
----
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
----
And, as far as your thinking CIS TOOL is malware?
COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302
2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).
----
You stated these objections:
1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)
2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:
a. Disconnect your router or PC from the net, yanking the cable IF -
On SQLServer 2005, & Windows vs. Linux? See in
"So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):
Vulnerability Report: Microsoft SQL Server 2005:
http://secunia.com/product/6782/?task=statistics
Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...
----
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:
----
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
----
And, as far as your thinking CIS TOOL is malware?
COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302
2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).
----
You stated these objections:
1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)
2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:
a. Disconnect your router or PC from the net, yanking the cable IF -
It is, too bad you are bringing it on yourself!
"The point is: Even if I set up my system so that it cannot possibly hurt me" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
You can, & YOU KNOW IT:
You think it phones home with some info. that should NOT go out? DISCONNECT your cablemodem/dslmodem (whatever you use)... that's even simpler than disabling the network connection in Windows @ least, &/or using IPTables + SeLinux SOCKETS LEVEL MAC CONTROL!
You think "world writable/Everyone group access" to files it writes is bad?? Chmod/chown them, & use SeLinux MAC ACL like control on them also..
You think it's 'malware', comparing it to SLAMMER?
Well, SANS & COMPUTERWORLD (sites often cited here on
----
"running malware is still kind of pointless" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
&
"Sorry, not happening until you convince me that not only is it not malware" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
----
Ok, now I have to ask the "ultimate question":
CAN YOU PROVE THAT CIS TOOL IS MALWARE?
?
(I mean, after all - you're "hinting around" how it COULD be... so, prove it!)
You *NIX guys - you're not "real big" on proof, are you?
History's not showing me that here, with yourself & around 30 others coming up with so much b.s. to avoid taking the multiplatform CIS TOOL test on their *NIX rigs, & putting up a better score on it than I could of 84.735/100 using Windows Server 2003 SP #2 custom-hardened!
AND, my system was hardened with, guess what?
WITH CIS TOOL's HELP NO LESS (based on best practices, for any OS platform it runs on, that are known... as to its checked areas & suggestions for better security, mind you!)
APK
P.S.=> You may get angry @ this one, but you brought it on yourself:
"If they were, don't you think you'd see FAR more vulnerabilities in Windows, given how many more apps exist for it?" -
Oh, I dunno about that, but... given July 2007 data, right here, in the url below?
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period.
apk -
It is, too bad you are bringing it on yourself!
"The point is: Even if I set up my system so that it cannot possibly hurt me" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
You can, & YOU KNOW IT:
You think it phones home with some info. that should NOT go out? DISCONNECT your cablemodem/dslmodem (whatever you use)... that's even simpler than disabling the network connection in Windows @ least, &/or using IPTables + SeLinux SOCKETS LEVEL MAC CONTROL!
You think "world writable/Everyone group access" to files it writes is bad?? Chmod/chown them, & use SeLinux MAC ACL like control on them also..
You think it's 'malware', comparing it to SLAMMER?
Well, SANS & COMPUTERWORLD (sites often cited here on
----
"running malware is still kind of pointless" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
&
"Sorry, not happening until you convince me that not only is it not malware" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
----
Ok, now I have to ask the "ultimate question":
CAN YOU PROVE THAT CIS TOOL IS MALWARE?
?
(I mean, after all - you're "hinting around" how it COULD be... so, prove it!)
You *NIX guys - you're not "real big" on proof, are you?
History's not showing me that here, with yourself & around 30 others coming up with so much b.s. to avoid taking the multiplatform CIS TOOL test on their *NIX rigs, & putting up a better score on it than I could of 84.735/100 using Windows Server 2003 SP #2 custom-hardened!
AND, my system was hardened with, guess what?
WITH CIS TOOL's HELP NO LESS (based on best practices, for any OS platform it runs on, that are known... as to its checked areas & suggestions for better security, mind you!)
APK
P.S.=> You may get angry @ this one, but you brought it on yourself:
"If they were, don't you think you'd see FAR more vulnerabilities in Windows, given how many more apps exist for it?" -
Oh, I dunno about that, but... given July 2007 data, right here, in the url below?
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period.
apk -
It is, too bad you are bringing it on yourself!
"The point is: Even if I set up my system so that it cannot possibly hurt me" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
You can, & YOU KNOW IT:
You think it phones home with some info. that should NOT go out? DISCONNECT your cablemodem/dslmodem (whatever you use)... that's even simpler than disabling the network connection in Windows @ least, &/or using IPTables + SeLinux SOCKETS LEVEL MAC CONTROL!
You think "world writable/Everyone group access" to files it writes is bad?? Chmod/chown them, & use SeLinux MAC ACL like control on them also..
You think it's 'malware', comparing it to SLAMMER?
Well, SANS & COMPUTERWORLD (sites often cited here on
----
"running malware is still kind of pointless" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
&
"Sorry, not happening until you convince me that not only is it not malware" - by SanityInAnarchy (655584) on Friday August 17, @09:45PM (#20271119)
----
Ok, now I have to ask the "ultimate question":
CAN YOU PROVE THAT CIS TOOL IS MALWARE?
?
(I mean, after all - you're "hinting around" how it COULD be... so, prove it!)
You *NIX guys - you're not "real big" on proof, are you?
History's not showing me that here, with yourself & around 30 others coming up with so much b.s. to avoid taking the multiplatform CIS TOOL test on their *NIX rigs, & putting up a better score on it than I could of 84.735/100 using Windows Server 2003 SP #2 custom-hardened!
AND, my system was hardened with, guess what?
WITH CIS TOOL's HELP NO LESS (based on best practices, for any OS platform it runs on, that are known... as to its checked areas & suggestions for better security, mind you!)
APK
P.S.=> You may get angry @ this one, but you brought it on yourself:
"If they were, don't you think you'd see FAR more vulnerabilities in Windows, given how many more apps exist for it?" -
Oh, I dunno about that, but... given July 2007 data, right here, in the url below?
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period.
apk -
Re:Doesn't prove me wrong...
" Except maybe mine, pointing out that for most of its history, Linux has not been attacked, while Windows has, badly." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
If you say so, but, take a peek @ this (very current data - remember what I said about that earlier in my last post? Here goes):
July 2007 - Operating System Vulnerability Scorecard
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, by category...
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
"Read 'em, & WEEP..."
APK
P.S.=> Windows Server 2003, & XP seem to do a LOT better, showing less vulnerabilities overall, & less to patch + done earlier it seemed (upon initial scanning @ least), by a FAR MARGIN over LINUX... apk -
Re:Doesn't prove me wrong...
" Except maybe mine, pointing out that for most of its history, Linux has not been attacked, while Windows has, badly." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
If you say so, but, take a peek @ this (very current data - remember what I said about that earlier in my last post? Here goes):
July 2007 - Operating System Vulnerability Scorecard
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, by category...
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
"Read 'em, & WEEP..."
APK
P.S.=> Windows Server 2003, & XP seem to do a LOT better, showing less vulnerabilities overall, & less to patch + done earlier it seemed (upon initial scanning @ least), by a FAR MARGIN over LINUX... apk -
Re:Doesn't prove me wrong...
" Except maybe mine, pointing out that for most of its history, Linux has not been attacked, while Windows has, badly." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)
If you say so, but, take a peek @ this (very current data - remember what I said about that earlier in my last post? Here goes):
July 2007 - Operating System Vulnerability Scorecard
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, by category...
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
"Read 'em, & WEEP..."
APK
P.S.=> Windows Server 2003, & XP seem to do a LOT better, showing less vulnerabilities overall, & less to patch + done earlier it seemed (upon initial scanning @ least), by a FAR MARGIN over LINUX... apk -
Re:Breaks happens all the time
Just to follow from my post marked 'troll' stating that Linux is NOT MORE SECURE...
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx -
Re:I just don't see why this is an issue
Maybe it's just me, but perhaps the fact that they normally shit on their customers whenever they get the chance to. Must I remind you about the rootkits, exploding batteries, or shutting down Lik-Sang? There are probably more examples, but these three are the ones that come to mind almost immediately. Oh I almost forgot - the marketing isn't too great either.
Then again, maybe I'm just cynical too. -
Re:Is this just a Linux issue?
Last access time updates slow things down affects all OSs and filesystems, even though some have a high granularity for atime updates, e.g. once per hour. NTFS used to enable atime updates by default but as of Vista it is disabled -
http://blogs.technet.com/filecab/archive/2006/11/0 7/disabling-last-access-time-in-windows-vista-to-i mprove-ntfs-performance.aspx -
Re:It's not the function that's the problemI guess it is useful, make privacy threatening features to force people to use the closed encryption mechanisms that make you unable to dual boot, ain't that awesome? If you're going to troll, do it about something you know about. Despite the name, Bitlocker is logical volume encryption; nothing forces you to encrypt the whole drive. Nothing prevents you from having a dual-boot system.* Yes, I know there's a Register story that says otherwise; if you believe the Register, I have a bridge to sell you.
*Caveat: if you're using a TPM module to do the encryption, you need to use the Windows boot loader rather than GRUB as the first boot loader. This is perfectly possible; full guide to doing it here -
Re:Patch Tuesday = no work for an hour or two
Perhaps you should have told the WSUS development team that the widespread WSUS CPU utilization issues could be solved by you and your specific installation of WSUS... http://blogs.technet.com/wsus/archive/2007/05/15/
s rvhost-msi-issue-follow-up.aspx -
Re:The Microsoft guy did a second reportIt mentioned that the writer had removed some packages but kept GNOME around, but only about five lines were dedicated to each distro (there were four, though I believe two were Red Hat or strongly Red Hat based).
Some of the issues I noticed in the second report include:
- choosing to assess Ubuntu 6.06 instead of 7.04 because "Ubuntu has only committed to long term support for 6.06 and not later releases."
- The "apples to apples" feature set didn't compare actual default applications. Windows does have a very minimal application set on install compared to Linux. It would have been easy to compare vulnerabilities for just the comparable products - gedit for wordpad, for example.
- His chosen metric doesn't actually assess the security of the product. Interestingly, he was advised this via a comment back in October 06, but chose to continue.
http://blogs.technet.com/security/archive/2006/10/ 06/Red-Hat-and-Windows-_2D00_-Defining-an-Apples_2 D00_to_2D00_Apples-Workstation-Build.aspxI'll leave the final comment to the man himself;
NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure.
November 07, 2006, Jeff Jones That Microsoft published the results as a valid security assessment tells you a lot about the company and their commitment to real security in their products. -
Why not RHEL5?
RHEL5 shipped March 14th, 2007. Why not compare it's errata?
I wouldn't count any updates released on 3/14 against RHEL5 on it's ship date - It's a perfect example of how OSS works and how fast patches are available. RH wanted to ship a stable version and didn't want to through last-minute patches into the install routine. What's the first thing you do when you install a new OS? You run the tool for online updates. So on day one 19 patches were available for all the bugs that had popped up since the version freeze to produce RHEL5.
Since 3/14, there have been 42 updates to RHEL-WS5. 11 of them have been after the 90-day mark, so that leaves you with 31 defects in the first 90 days of RHEL-WS5. That's also not using the "reduced" method to match feature-for-feature what Vista has.
However, I think the point is still always going to be that you can't have totally bug-free sofware. But it's how fast are bugs found and fixed. That's what Microsoft can't touch. How long do bugs go unreported so someone can take advantage of them on MS OS? Even once reported, how long do they linger? The same is simply not true for any critical bugs found in OSS.
But it is nice to see MS finally taking security seriously. They've only been trying to do that for 5 years with their Trustworthy Computing Initiative. Why not compare Windows 2003 Server stats, since it was released after the Trustworthy Computing Initiative? 6 months showed 38 defects. If you compare RHEL5 with just the same installed features to match WS2003 in 3 more months, I wonder how it will fair?
Of course, Microsoft had the NSA help them with Vista, which proves again that the more eyes you have on the source code, the better
I'll stick with CentOS myself... all the benefits of RHEL without the support fee costs. -
Wrong cache link - full text here
Sorry - the previous google cache link was to the 90 day writeup, not the 6 month writeup. Here's the text of the 6 month writeup... (site is very slow right now).
Windows Vista - 6 Month Vulnerability Report
Submitted by Jeff Jones on Thu, 2007-06-21 11:53. Topic(s): | Client | Corporate Management | Information Security | Operating Systems
I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista - 90 Day Vulnerability Report. It was about the earliest span of time I thought might give us some indicators, and the indicators did look good. (Though, I did not give us an "A+", in spite of some of the attributions
Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain. Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:
* Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
* Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
* A comparison view that combines both of these
For the full details, or to print the report, you can download the report in pdf.
For those that only want the executive summary, here is a key chart that shows the publicly disclosed High severity vulnerabilities during the first 90 days of availability, broken down by vulns fixed and vulns unfixed. Note that this chart is showing the reduced Linux builds that exclude non-default and optional components without equivalents on WIndows. (clicking the chart also gets you to the full report.)
High Severity Vulns, Fixed and Unfixed in First 6 Months of Windows, Red Hat, Novell SUSE, Ubuntu, Apple Mac
The results of the analysis show that Windows Vista continues to show a trend of fewer total and fewer High severity vulnerabilities at the 6 month mark compared to its predecessor product Windows XP (which did not benefit from the SDL) and compared to other modern competitive workstation OSes (which also did not benefit from an SDL-like process).
If you share the opinion that Windows and applications ported to Windows get a higher level of researcher scrutiny than other OSes, then the 6-month results are even more positive. If you don't share that opinion, then they still stand on their own
Read, Enjoy, Forward.
Best regards ~ Jeff
Full Disclosure: I work for Microsoft - read my previous blog post, Exactly how biased am I?.
Also, I'd like to make a shameless plug for my other blog, http://blogs.technet.com/security, where I sometimes post more personal entries such as The Saga of My Luggage & British Air and Building My Windows Vista Media Center - Part 1 - The System. -
MS' Teredo (IPv6) blog
MS has a blog for this sort of thing. Sean Siler promised to answer questions and provide help on issues pertaining to this via an email list I'm on. http://blogs.technet.com/ipv6/
-
Re:Or maybe
"One of them will consistently go from the standard ~12MB to over 200MB and I have yet to figure out what causes it. It didn't always do that but after patches were applied it started to act that way."
This is actually a known issue that happened because of a screwup at MS. You can go here for details:
http://blogs.technet.com/wsus/archive/2007/05/15/s rvhost-msi-issue-follow-up.aspx
The latest MS Update software -should- fix this, but in case it doesn't they describe the process to fix it until they roll out the proper stuff on the MS Update site.
I've had to deal with far too many computers that have this problem... it is (to me) one of the worst screw ups MS has had in recent time. -
Vista alread ignores setting MAC access timesVista is configured by default to not update the last access time on files, a decision made to increase file system performance.
So, who needs script kiddies with tools when M$ can screw up forensics? -
Bill's Blog
Be sure to post your comments on Bill Hilf's blog here.
-
Re:Volume of patches won't get better
This has apparently been dealt with, from what I'm reading.
http://blogs.technet.com/wsus/archive/2007/04/28/u pdate-on.aspx
http://www.microsoft.com/technet/community/newsgro ups/dgbrowser/ -
Re:Offer + acceptance + consideration = contract
I have yet to see (apart from that clause in Vista's EULA - which actually according to Paolo from Microsoft means that you aren't allowed to run the same copy of Windows as a guest where it is also installed as the Host OS, which is pretty "well, DUH!" anyway) any EULA which tries to remove a right other than the inevitable warranty disclaimer.
That's not what the license says. The exact wording is as follows:
4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.
This precludes running it as the guest OS even if it isn't the host, and you're only using it once. The text of the legal document takes precedence over the BS statements of some random Microsoft employee, you know!
No, because for it to mean that, then it would read "4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software within a virtual (or otherwise emulated) hardware system" which it does not. It states that you may not use the software which is installed on the licensed device (the physical hardware) within a virtual or otherwise emulated environment (of course this DOES mean you can't boot Mac OS X via Boot Camp, and load a Vista partition with Parallels, but who cares?).
Oh, and here's an official Microsoft statement from the Windows Server team: http://blogs.technet.com/windowsserver/archive/200 6/10/17/Virtual-Hard-Disk-format-becomes-open.aspxI would be interested in seeing some of the more bizarre EULA clauses, so if you have any examples to share, please do.
- Some EULAs, such as those for various database programs (Oracle and MS SQL, I think), disallow publishing benchmark results (or require running the tests in a specific "approved" way).
Yeah, that's stupid.
The Vista EULA prohibits accessing any DRM'd stuff from within a virtualized OS session.
That would be a restriction required of them by the MPAA and RIAA and their scummy ilk. Are you really surprised by this?
EULAs are often non-transferable, and thus prohibit resale of the software.
No, OEM EULAs are non-transferable, and that's because they sell them at less than half the price (on the precondition that it's bundled with something, or you're bundling it) - which sounds fair to me. Any other type of non-transferable EULA is never enforced and usually just there for some bizarre legal reason. Exemption: MMORPGs. I don't know why this is, but although they don't necessarily prohibit transfer of your software license, you can't transfer your game account.
The Vista EULA only allows you to install the software on a different device once. After that, it's worthless.
"15. REASSIGN TO ANOTHER DEVICE. a. Software Other than Windows Anytime Upgrade. You may uninstall the software and install it on another device for your use. You may not do so to share this license between devices"
It doesn't ANYWHERE in this clause say that you can only transfer it once. Please also note that I pulled this from the Home Basic/Premium EULA, the lowest common denominator.(Source for Vista EULA info.)
If you actually READ the page you just linked, you'd realise you can transfer licenses to other machines legitimately. It was either a mistake or they backtracked (according to Microsoft, it was just a poorly thought out decision. THAT I believe). Oh, and of course
