Slashdot Mirror


Security Flaws May Be Microsoft's Undoing

tarpitt writes: "According to this article in the LA Times, repeated software flaws in Microsoft products has begun to raise concerns that they 'threaten the stability of a major piece of the world economy and to raise questions about Microsoft's future.' Flawed security is seen as a stumbling block to accepting Microsoft sponsored on-line services. It is also driving discussion about making software manufacturers liable for damages caused by flawed products." This piece in eWeek on troubles with XP's automatic updates is an interesting companion; releasing often doesn't seem to be enough. Update: 01/15 15:00 GMT by J : Bruce Schneier's January Crypto-Gram came out this morning, and is also topical: "Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense..."

2 of 505 comments (clear)

  1. I despise XP by Dolly_Llama · · Score: 2, Flamebait
    The final straw for me came when XP on boot would demand i send error reports to the mothership without explaining what went wrong AND since these were tied into IE, I'd get a POP-UP AD!!

    I'm buying a powerbook tomorrow, I swear to Bob..

    --

    Somewhere, something incredible is waiting to be known. -- Carl Sagan

    1. Re:I despise XP by hyphz · · Score: 1, Flamebait

      I'd think a more serious one is this:

      In XP, go to your user manager, and go to "Create Account".

      When asked for the name of the account, type "Helpassistant".

      Give the account limited access and press OK... XP will report that THE ACCOUNT ALREADY EXISTS!

      EVERY copy of XP contains this account hardwired. It can't be edited because it never appears as an option on the list of users. It may not be possible to locally log in with it, but it certainly can be logged on with remotely.

      Nobody knows the password yet (except MS) - or even if the password is the same or varies with the Windows version - but if I was a hacker I know what I'd be working on.

      (Oh, and as for "it's just for helpers to fix your machine for you".. of course it is. Yes, and if it was a backdoor account it'd obviously be called "Backdoor", wouldn't it? :) )