Slashdot Mirror
MSIE Uber-patch Of The Month
mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/"
Maybe not even all six -- the maintainer of the above URL
claims in a post to Bugtraq
that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability.
Also, please compare to previous MSIE Uber-Patches Of The Month:
December 2001, 3+? holes in IE;
March 2002, 2+? holes in IE;
April 2002, 2+? holes in Mac IE.
Microsoft released another security patch for Internet Explorer
Is it Thursday already?
--saint
Yet another reason to use lynx :)
or even better
telnet www.webserver.com 80
GET / http/1.0
Internet Explorer is the most stable and secure web browser ever made. Why do they need a patch for it?
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Saying you're trying to fix all the holes in IE is like saying you mean to turn a sieve into a bowl.
::shudder::).
Seriously, it seems they are finally turning around and trying to make their products more reliable. They've come a long way since Win95 (or WinME...
The speed of time is one second per second.
God forbid Microsoft release a patch. What would you rather have them do? If this were the newest version of the Linux kernel, the people of Slashdot would be planning a parade. It is a patch to a microsoft product though, so it is time to bring out the bashing. Give me a break!!!
News for Nerd. Stuff that matters.
Does this really matter anymore? It's kinda like my weekly routine of buying milk. It's getting pretty dull...
luckily several other competing browsers have much less patches that have to be applied.
netscape - doesnt have any holes - it crashes before anyone have time to exploit them.
mozilla - its not called holes, its a feature until further notice.
opera - pages download quick, dont they? then stfu.
According to NTBUGTRAQ it breaks certain javascript
= 1& A2=ind0205&L=ntbugtraq&F=P&S=&P=2859
http://www.ntbugtraq.com/default.asp?pid=36&sid
The example code that fails with the patch is here.
Those who will sacrifice Freedom and Security will get Windows...
you know - with this many patches, IE is moving from the realm of science fiction to high fashion!
This is the big patch that really should be fixed.
It is the one that makes it dangerous to push the Back Button
the page you link to HAS the vulnerabilities fixed LISTED.
i tical/Q321232/default.asp)
And if you actually go to download it, you'll see that it DOES apply to versions 5 and 5.5. (http://www.microsoft.com/windows/ie/downloads/cr
AHHHHHHH! I'm burning with goodness again!
- Reakk, Sluggy Freelance
It worries me that a patch can be news. Microsoft really has people waiting in anxiety for a new patch to fix (and add some new) security holes.
Brr. I hate monopolies.
I going to write a letter like the Peruvian one to my government right now!
DNA is the ultimate spaghetti code.
When a kernel patch comes out it usually consists of fixes to features (speed, stability, etc.) and yet more new features. Read the changelogs, that's what they are.
When MS releases an IE patch it's because they need to fix the ability for some random porn site to install software on your computer. Or make it easier to spy on you with their messenger client.
Not that this affects me at all as I only use mozilla now.
What about this?
Netscape isn't secure either. A well written web page can read and capture local files.
Micro$oft, although they write their fair share, isn't the only company that writes bad code.
As the subject states; this is not news for nerds.
...doing NOTHING BUT addressing security issues as part of their new security focus.
Do you suppose they need to do more?
"How to Do Nothing," kids activities, back in print!
lmao
Do it for da shorties
The "Windows Update" icon on my taskbar failed to retrieve the patch last night, I had to manually go to the Windows update site and download it. I only discovered this when I started wondering why my VAIO was getting so damn warm, and why the fan hadn't stopped in several hours...
And then they "recommend" that you go for automatic updating. Typical.
My sig is too lon
I'm glad to see them stepping up to patch this stuff. Really. I'm not being sarcastic. A lot of people use IE, and we shouldn't jsut curse our grandmothers and mothers to using a flawed browser. I really salute them for taking the security stance a little more seriously.
Of course, I say this even though my mother got Mandrake 8.2 for Mother's Day.
-- Who is the bigger fool? The fool or the fool who follows him? --
Warning! Positive comments about Microsoft ahead...
I have Windows XP on my desktop and RedHat on my public server.
I have grown to appreciate the way Windows XP patches itself. Frankly it is a bit of a pain in the butt having to apply patches to my RedHat server each month and I would be much happier if it could just do it itself, automatically, like XP does.
I hate Microsoft. They're bastards. But the auto-patching that Windows XP does is great. We need it for Linux, both desktop and server.
Does anybody provide support for beta Mozilla builds now that Mozilla is 1.0? In fact, does anybody provide any support for Mozilla 1.0? (Other than IRC chat rooms...)
With this patch, IE will finally be perfect and I can sleep in peace knowing that Big Bill® is watching over me.
Don't anthropomorphize computers, they don't like it.
Out of laziness, but lately I am not patching IE or any of the other known vulnerabilities on the software I have installed, unless the vulnerability is really dangerous: It comes to a point, that simply, I don't care anymore.
You might say that this is against me, not to patch my software, and you are right, but I am tired.
I think the security model used by MS and others (well, assuming this is a security model) is not valid anymore, I cannot go patching my software every morning after booting the computer!!
Microsoft is a formidable opponent. They're very rich and very good at using those riches to get what they want. We need to avoid being smug.
Miko O'Sullivan
Windows Update fatally crashes my system each time I go to download all the 'critical updates' my system needs. Which means that I'm unable to actually patch my boxen, unless I maybe reinstall the operating system, which would make me lose all my application settings/components and be forced to reinstall them, etc, etc.
One central source, one update system. One critical point of failure. One of the many problems that come with having one operating system to rule them all and in the darkness find them...
Boy, do I hope nobody tries to r00t my 98 box. After plugging in my shiny new cable modem it probably looks real attractive now.
Do you still live at home, or ever eat there? Do you know what happens when you don't tip at restaurants? Might want to start checking your food...
speaking of bugtraq, this just came through my e-mail from Greg Chatten with St. Louis Internet.
;)
Date: Thu, 16 May 2002 12:32:17 -0500
Subject: MS02-023 Patch Breaks JAVASCRIPT
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
The installation of the 15-May-2002 Cumulative Patch for IE (V6 in this
case) breaks the following Javascript code. This code works in IE versions
*not* patched with Q321232 but fails to execute on IE6 which has been
patched. I don't have IE 5 or below so I don't know if they broke those
versions as well.
Then there is lots of javascript. Just like microsoft to break something else while they fix another thing.
The original message should be in the bugtraq archive by now
-- this space for rent --
Anyone who cares about this stuff should be subscribed to Microsoft's Security Notification Service or NTBugTraq. Unless Slashdot intends to start posting every single security advisory that gets published (utter nonsense), this sort of news story doesn't belong on Slashdot.
I think this represents a big change in MS's aproach to security.
:)
Now if only theyd fix the winnuke bug.
I remember one guy in the office wanted me try and break his
über secure win2k box with software firewall.
I winnuked his ass and he cloudn't even move his mouse.
There was no way he could filter it out as the bug is in the TCP/IP stack i think.
Yes I understand this is lame but he asked for it
I know I'm going to hell, I'm just trying to get good seats.
2. Choose a cool marketing name for the hole, like "achilles' hole" or such. Make it fancy.
3. Call the news agencies. Once there is a fancy marketing name, they will jump on it and create public hysteria. Remember "Code Red" ? It was just like any other worm attack except that it had a cool name for the media blew it way out of proportion.
4. Watch the patches roll in.
5. Lather, rinse, repeat. Every six weeks should do it. The public should see a pattern sooner or later.
Mozilla has the same security bug described by greymagic.com
Just a Reminder for all the End Users out there using XP
;)
one of these days M$ WILL release a critical update that will deactivate any copies of XP with illegal Product Codes #'s
make sure your copy is legal ppl
(not that i expect any one on this site would be running XP
The More Knowledge you have the Luckier you Get- J.R. Ewing
Come on, they exist.
upgrading with apt is easy, and not much work.
*BSD also have their update tools, and some other posters mentioned Redhat tools.
These things exist, you just have to use them. Or maybe they should be made prominent however XP does it so people will complain about the security pitfalls of doing so.
You must now have ever had a MS sales rep come talk to your company.
http://www.windmeadow.com/
For those that are SO lazy that you can't click on the link:
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:
Finally, it introduces a behavior change to the Restricted Sites zone. Specifically, it disables frames in the Restricted Sites zone. Since the Outlook Express 6.0, Outlook 98 and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 all read email in the Restricted Sites zone by default, this enhancement means that those products now effectively disable frames in HTML email by default. This new behavior makes it impossible for an HTML email to automatically open a new window or to launch the download of an executable.
This page shows what can happen when IE is allowed to spread...
At least M$ is fixing problems, maybe not as fast as the oss companies/people, but christ.. None of you guys bash redhat, suse and the like when they release an update for an app that can give you root. I know in the /. eyes M$ is the root of all evil, but you know what, best item/app/os for the job.
/. hypocrites, bring this post to a -1.
I don't care if its a mac/ms/*nix/*BSD or what, but if it gets the job done, relatively well and fast, I will use it.
For programming, i don't care if its VB/C/Glade/Perl/Python whatever.. whatever suits the job best. And yes, sometimes, if not MOST of the time, it's a MS solution (for me at least, YMMV).
And for the record, win win98 installation, which I just reinstalled everything ( 2 days worth of installs and hundreds of reboots ) is showing the same symptoms of the problem for the reinstall, which I'm assuming came from windows-update. So no, I'm not living in a perfect world. At the moment, I'm cursing Billy boys name, but I'm still using Win98 for most of development work and 2 linux machines as servers, since, like I said, best solution for the problem.
So flame away, you
"It's not like your minds are as open as the source you love..." - Me to the majority of Slashdot.
they are great salesmen. They basically sold the entire world a product that simply didn't do what they said it would do. Only now are they finally making good on their promise.
They are finally making the software robust and not crash 20 times a day.
They are finally making it such that you can actually use the programs without fear of having to reinstall the whole when you try to get a new screensaver.
They are finally making it a good product.
What's wrong with this? They've been charging for the full product all along, when only now are they finally delivering. They have suckered the entire world. They take your money every time you buy a computer even if you don't use their software.
but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/
What a silly thing to assume! You do realize this is Microsoft we're talking about?
Follow me
The URL had an extra space in it (which must have been added by slashdot, as I copied/pasted straight from IE.) I just redid this, and Slashdot broke it again (but using HTML the link part works.) Here it is whole:
. asp?url=/technet/security/bulletin/MS02-023.asp
http://www.microsoft.com/technet/treeview/default
it is a bit of a pain in the butt having to apply patches to my RedHat server each month
Try AutoUpdate. It does a good job keeping RedHat up to date.
People who disagree with you are not automatically evil, greedy, or stupid.
The point of all these MS stories is simply to get hits on pages with ads.
Money money money . .
-r
Just because something is free does not mean you have to take it.
Does Slashdot post a huge exposé every time someone fixes another crippling security hole in Mozilla?
Maybe once Mozilla is actually released, then they might.
I don't know about you, but I consider beta software and final released software somewhat differently.
While everyone is harping on Internet Explorer problems, I have to openly (pun intended) ask this question: how will we see bug and/or security fixes for Mozilla 1.0 when that is released very soon? Will it be in the form of patch files? Or do we have to download the whole browser all over again?
Raymond in Mountain View, CA
Nobody else claims their browser is a key component of the operating system-- that it cannot be removed because its functionality is so interwoven into the operation of the system.
Of course people are going to flame Microsoft for designing such a product with so many critical security holes which compromise their computer, making it part of the OS and then arrogantly refusing to give people the ability to remove it. At least I can un-install every other browser if I decide it doesn't suit me.
You complain about people flaming Microsoft. I submit to you that if that corporation wasn't so arrogant, pushing its views and way of doing things onto everyone else then stifling the innovation of others, that people would be a lot more forgiving of mistakes.
I have no sympathy. Not for this corporation. Microsoft made this bed, it can sleep it in now.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
These constant Internet Exploer fixes are a result from the "browser wars", when MS an Netscape competed to release their new browser every six new months or so. The rush prevented good code auditing, and several bugs were not wiped.
Now that this "war" is over, I hope MS (and Netscape) make a good review of their browser before releasing it, and stabilize the existing code. If we are lucky, IE 7 will be shipped only in 2003 or 2004 - and by "we" I mean every internet user, for the bugs in IE helped the spread of annoying worms like Nimda and Klez.
Bullsh*t.
How come my firewall is *still* seeing 80+ Code Red/Nimda probes daily?
Just like any other worm?
You have no clue.
The number of infected Micro$oft boxes out there is scarcely any less than it was six months ago, thanks mainly to clueless Micro$oft users...
t_t_b
I'm on PJ's "enemies" list! Are you?
No wonder I've backsliding...
t_t_b
I'm on PJ's "enemies" list! Are you?
Just because someone bashed MS, that doesn't mean that they are being unreasonable.
My beliefs do not require that you agree with them.
the MS link to the detailed info about the patch is 'unavail' (ms slashdotted? *grin*) as is the link from the windowsupdate site. What is available follows (I hope you enjoy this as much as I did):
System Requirements: This update applies to Internet Explorer 5.5 Service Pack 2.
How to use: Restart your computer to complete the installation.
How to uninstall: Uninstall is not available.
closed minded is as closed minded does
If a clueless MS sales rep giving a presentation to your company is allowed to represent MS to the rest of us, can I use your typically clueless l33t h4x0r IRC Linux zealot to represent Linux?
-l
I ran Windows Update last night and downloaded this patch for my Win2k system. I logged into my regular user account and all I get is my backgrond screen - no icons, no start menu, etc. I was able to do CTRL-ALT-DELETE to start the task manager and therefore Mozilla, which I'm using now to post this message.
I tried the same method described above to start IE and Windows Explorer. Both failed. I read the TechNet bulletin referred to in other posts. It looks like MS updated the code that support something they're calling a "local resource file". Correct me if I'm worng, but doesn't MS use "local resource files" to handle the desktop in Win2k?
BTW, the only positive outcome is that my memory usage has dropped form 135 MB to about 80 MB. Besides my desktop, among the missing applications are my AntiVirus program and firewall.
Finally, I get the same symptom when I try to use the Administrator account. I don't know how I'm going to back out the patch if I can't run the Control Panel Applet without IE/Windows Explorer.
Any pointers would be appreciated. Good thing I have a Linux box and/or Mozilla to fall back on.
"I'm The Bounty Bear. I will find him anywhere. I'm searching."
thanks mainly to clueless Micro$oft users
This I think says it all...
it really has NOTHING to do with the worm.
any other UNCLEANED system with some other worm would cause the same probes with a different name.
Just like any other worm?
YES
Just like ignorant users?
YES
"Just Smile and Nod." --Huck
The difference is that the Linux kernel is a work in progress the various patches and changes are released as they are developed - It's a collaborative development effort.
On the other hand IE is developed behind closed doors at Microsoft which claims to do all it's quality control and testing in house before it's software is released - Indeed microsoft claims this as a reason to use Microsoft Software rather than Linux.
I'm starting to think Taco could get his "cult" to commit mass suicide if he could prove that it'd help them rail on MS...
So would we be drinking the Kool*Aid out of a Slackware cup? Or a Debian cup? Or a SuSE cup?
clueless l33t h4x0r IRC Linux zealot to represent Linux? No
Clueless RedHat sales rep. Yes
Clueless Mandrake sales rep. Yes
Clueless IBM sales rep. Yes
Clueless Debian project leader rep. Yes
http://www.windmeadow.com/
For Linux users, it would be up to the Linux distro to provide patches like that if they wished. But none of them will either. Too much work for no money
... its just the snazzy new versions of things that take a lifetime before you see them ... e.g. "Stop asking me when X 4.2 debs will be out, it will be months!" as one of the developers posted, a day or two after 4.2 had been released by the XFree group, and was already up and running on my Source Mage and Gentoo boxes.
On my Source Mage system I simply run a 'sorcery update' before going to bed, and any new versions of packages are downloaded, compiled, and upgraded accordingly. All dependent packages are recompiled as needed, such that all are optomized and compiled against the most current rev. Downloading and compiling mozilla may be time consuming, but if I'm asleep while its happening who really cares?
On my Gentoo system I do an 'emerge rsync' followed by an 'emerge --update system --pretend' (to first see what it is going to do), then if I like what is going to happen, the same command again without the --pretend to actually do the update, followed by an 'emerge --update world --pretend' and, once again if I like what is going to happen, an 'emerge --update world'. If I don't want to upgrade everything (not as safe to do under Gentoo as Source Mage) I simply do an 'emerge --update [package-name]', such as 'emerge --update mozilla' before going to sleep.
In either case, the next morning I wake up with the most current security patches (if any) and newest stable versions of all the Free Software out there, including Mozilla.
I had Mozilla rc2 running within 24 hours of its release, fully compiled and optimized for my machine. No waiting on Red Hat, Suse, or, God forbid, Debian to get around to pushing their versions out. (Though in defense of Debian they do push SECURITY fixes out very fast
The Future of Human Evolution: Autonomy
I notice that everytime MS gets a negative posting here, which is often and to be expected, since this is a place where you don't have to fear any recriminations when posting negative MS articles (Rob Malda does not have to report to an editor in chief and explain why he's undermining the MS advertising on the site), A lot of people post a lot of anti-slashot commentaries about anti-MS bias etc.
/. Criticism keeps MS on it's toes and stops them from doing what they like with users' (including your) rights. It gives me a good critical counterclaim for every piece of anti-linux FUD that comes from MS.
This is one of the few *very* public sites that I can go to and read public criticisms of MS, step by step. If I wanted to read what a fantastic job MS is doing with it's security and how it really is such a *fab* company, then I could either go to MS' site and read the marketing departments latest press releases or go to ZDNet and read commentaries by the zombies in their editorial department.
I *want* to read extremely critical news here on
/. May often be wrong but they don't try to tell me how wonderful is and how I can just back and let MS handle all my problems.
My experience is generally that the crappy dial-up connection I have to use dies during the windows update process. Something of an endless cycle:
start downloading
connection dies
start downloading again
connection dies
start downloading again
connection dies
Yeah, maybe I could go find each update individually. But geez, is a resume feature so hard to implement? I mean really, MS claim they have the best programmers in the world and this is the best they can do? Perhaps that explains a lot.
Sorry Bill, add this to the list of reasons I'll choose OS X over XP.
Ok. End rant now.
And do not get me started on why neither cable modem or DSL is available to me.
-r
Just because something is free does not mean you have to take it.
from the annals of BugTraq
...
> I was unable to run the demonstration code on
> http://sec.greymagic.com/adv/gm001-ax/.
> I get the following error:
> "An error has occurred in this dialog."
>
> I am running Windows XP Professional 32bit with the latest patches.
GreyMagic software stated that:
> As a result of that incomplete "patch" IE5 and IE5.5 are still very much
> vulnerable to this attack in other resources. For a demonstration see
> http://sec.greymagic.com/adv/gm001-ax/.
If you have Windows XP, you will have IE6.
--
Tom Gilder
tom@tom.me.uk
I just went to WindowsUpdate to update IE. The installation of the security patch caused my computer to crash. No kidding.
I go back to the site to try again, but it says I have the patch already. The question is, did it finish installing before it crashed?
Hey, I've been saying this for _years_.
Quickly now, man, run out and buy a Mac.
dalamcd
moer liek CELtroid prime!!@1!
Why put a link to a non public website in your pref?
Phil
"better ways of doing things eventually just replace the inferior things" - Linus Torvalds 09-08-07
This is one reason (of many) I switched to Mozilla. I can't believe a non-beta browser (especially one that's been out for such a long time) can have so many vulnerabilites. But, it's Microsoft we're talking about here.
So how do I go about updating 20+ Win2k machines at a client site running all different version of IE?
There has to be an easier way than running around to each machine applying a patch every month.
Just downloaded the patch. After download, a ... not
security info gets displayed, and it says that
the patch was signed 24.04.02 21:04
really sure what to think about that, but there
is nothing really important on the box anyway.
There has to be one that isn't totally swiss cheese....does anyone have any insights on this?
particularly from the "other side"....
"Suburbia is where the developer bulldozes out the trees, then names the streets after them."
The dept. title is most likely referring to this MadTV sketch. Seems appropriate.
"I have fallen off the wagon, for I am a slave to tea."
Let's see, there was one major security hole in Mozilla, and it was fixed in about 2 days. That's worse than MS why? You could have gotten a nightly within a couple of days of Greymagic's posting. And RC2 has it fixed if you want a milestone release.
At least with moz prior to the real 1.0, I know I'm using software that isn't declared "done" yet.
Javascript is a scourge, turn it off. Enough said.
The last thing I want my server to do is to "figure out for itself" that it needs to download some worm and then automatically go do it.
Rather, let me decide and then it's my fault if I download a worm.
You know what I hate? Dialogs that are designed to shift blame to the user if the program makes bad decision. "This code is signed and looks safe. Are you sure you want to run it?" (Use a sandbox!) "It was my fault I lost my mail because I clicked 'yes' when it said my Inbox was corrupted and wanted to know whether it should rebuild the indexes." (Don't ask the user confusing technical questions!)
Having the user verify each security patch does little to protect against patchworms, and it prevents patches from being distributed while the admin is sleeping. I would not be happy if a Code Red-like worm broke into my computer while the patch system waited for my permission to install a critical security patch.
Including a verification dialog would make it seem to me that the system was designed insecurely -- insecurely enough that the author decided he needed to be able to blame me for clicking "Yes" when the crypto-based verification breaks.
The shareholder is always right.
Comment removed based on user account deletion
I was thinking the exact same thing. I didn't hear a damn thing come of the month-o-fixin'. Nobody noticed.
What about IE 5.0 and Outlook Express 5.0 ? While any of these patches work on them? Do they even have the vulnerabilities found in 5.01 and up?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Why doesn't Microsoft:
IMHO- It is normal to have vulnerabilities in software, but it is NOT normal to have them stay around as long as MS lets them.
I see a lot of comments around here of people insulting MS for having vulnerabilities... but I doubt you could cite any [relatively complex] piece of software that didn't have any bugs.
Attack them for not fixing the bugs, but don't attack them for having them.
-braxton
4. Exactly what does this update do. (What someone want me to believe it does doesn't count;)
This post to bugtraq claims Windows XP Pro is not vulnerable with the patch. If true this would support Microsoft's argument, "Well, if you upgrade ..."
"...Remember "Code Red" ? It was just like any other worm attack..."
I sympathize, but he's right. Predictive, not historical. Even if Microsoft does manage to get all the Code Red/Nimda boxes patched, there's plenty more holes to exploit. Melissa was the first. Code Red was the second. I'd worry about the third.
I never said anything about having users apply patches. That is a different animal all together.
I'm just talking about having MSFT make patches so those windows users who know a thing or two can apply them.
Apparently I have not been clear enough. Obviously the technology used to propagate the worms was different. Exploiting holes in web servers that people don't (or perhaps do) know they're running is very different from tricking a person to click on loveletter.vbs. This makes it more effective and widespread.
But "Code Red" was just like any other worm in the sense that it was another thing targetting vulnerabilities that were patched long before the attack occured and any user that had their head on straight would not get infected.
Not 3 weeks, but 49 days, 17 hours, 2 minutes and 47.296 seconds of continuous operation.
Microsoft now acknowledges the existence of a bug in tens of millions of copies of Windows 95 and Windows 98 that will cause your computer to "stop responding (hang)" -- you know, what you call crash -- after exactly 49 days, 17 hours, 2 minutes and 47.296 seconds of continuous operation.
Well not exactly like that for Windows. The RedHat bug was found and fixed in something like five days, fast enough so that it is unlikely that anyone ever got bit by it. The Windows bug took nearly 4 years before discovery, probably as a result of some Y2K testing.
Kinda funny they picked the shortest month of the year...
"Karma can only be portioned out by the cosmos." -Homer Simpson
upgrading with apt is easy, and not much work.
Apt-get works fien on Red Hat and has for a very long time. Check out www.freshrpms.net and its various mirrors.
Security conflicts with Microsoft marketing stratgies. Real security demands that the owner of a computer is root and M$ is not. See Slashdot article "read the fine print" here for details.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
It looks like software quality was a factor in convincing AOL to drop MSIE from its OS X version beta.
The change virtually ensures that AOL for Mac OS X will be Gecko based. AOL claims that beta results so far have shown significant improvements in speed and compliance with HTML standards by using Gecko. One can only assume that future Windows versions will at least have the option of a Gecko based browser as well.
Work for Change & GET PAID!
Someone already tried this. It's called Windows XP.
It's called free speech. Luckily Slashdot (for the most part) allows it here. Just like Microsoft proponents have to deal with Microsoft bashing, Microsoft opponents have to deal with posts supporting Microsoft.
It's a good system. Why complain about it?
T
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
MS claim to fix security issues (after a long time), but they don't always hit the target:
http://jscript.dk/unpatched/
This is why it is important to make people aware of Microsoft's security policies. If they were actually secure, or at least fixed vulnerabilities properly, it wouldn't be such a major issue.
Clever signature text goes here.
The problem is that MS are releasing a patch they claim fixes certain security holes, while this is not really the case.
Clever signature text goes here.
2 words
Google Ranking