Slashdot Mirror
Microsoft Discloses Security Flaws in XP and WMPlayer
An anonymous reader writes: "Salon is running a story on Microsoft's disclosure of a number of security flaws in WinXP and Windows Media Player, versions 6.4 and 7.1. The story also states that there are 2 critical vulnerabilities in Commerce Server 2000. Will I ever get the bang for my MS buck?"
After seeing holes in OpenBSD and Apache recently, I guess it's Microsoft's turn again. ;)
The article implies that these vunerabilities haven't been patched. Funnily enough, I downloaded the patches from Windows Update last night, thanks to XP's auto-update feature.
Every Operating System and application has bugs. If there were security bugs in Linux or Freeamp, would it warrant front page news?
Not wishing to be Flamebaity at all. MS have a lot of things severely wrong with them. For once they've dealt with an issue in timely fashion. This is not the Anti-MS rhetoric you're looking for.
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
"Yeah, we may have four new security holes (two critical) in our flagship secure commerce server, and three new holes in WMP, but YOU guys had a possible exploit (with a simple workaround) in OpenSSH! HA! Nyer nyer. Thhhhhpt."
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
Nearly 6 Months and only #ERROR# root exploits in the default install...
"Will I ever get the bang for my MS buck?"
If they don't treat you right the first time, buy buy again.
Why on earth would there be a bug in Media player that allows uncontrolled access to the system. What we have here folks is a very good example of what a horribly designed OS Windows is...
Especially XP! M$ says "Windows XP makes everything run together smoothly and makes things easier." It actually makes this sort of thing more plausible. Can anyone imagine a bug in XMMS that can make GNU/Linux unusable? Hah...
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-032.asp
Would it have killed ya to post this as well Timmy? =P
Banged for your MS buck? Sure, just bend over for Bill...
Why, we'll make Rock Ridge think it was a chicken that got caught in a tractor's nuts!
Oh you'll get your bang out of a MS product
:)
alright. No boom? No boom _today_, boom tomorrow, there's always a boom tomorrow.
--Matt
PS: I suppose one could also be banged by their lawyers.
Don't take life so seriously; it isn't permanent.
This is most certainly not the way to get microsoft to donate $750 million to them.
Everything will be taken away from you.
Honk if you love Bill...
Send Bill to jail, I say.
Then he can *really* worry about security holes.
:)
Will I ever get the bang for my MS buck?
...
You're getting plenty of bangs and you still complain???
Were is journalistic integrity nowadays
If only real player didn't tank out a few years back (my window stills says it's buffering) and if quicktime was widely supported, this wouldn't even be an issue. Everyone seems to get forced into supporting the windows option for lack of a better option (and i'm talking about the masses here). i know all the linux buffs here can point out a million other options on a non-windows OS, but that's not gonna help my friends mother, who needs to read the instructions written on the sticky pad about how to check her yahoo mail.
my last sig was too controversial... now, a new and improved useless sig!
INT, STORE, NIGHT. CUSTOMER walks into a near empty store, he steps through the doors cautiously, peering around curious as to where the hell the clerks are.
Customer: Hello..? uh... hello...? I want ta get a copy of Windows XP. Is anybody here?
CLERK, unseen: Is it safe?
Customer: Is what safe?
Clerk: Is it safe?
Customer, preturbed: Yes... It's safe. It's very safe...
Clerk: Is it safe?
Customer: Lissen! Are you going to come out, or what?
Clerk: Is it safe?
Customer: THIS ISN'T FUNNY!
Clerk 2: It puts the lotion on its skin and puts it in the basket.
Clerk: Shut up man. Is it safe? Is it safe? IS IT SAFE?
Customer: STOP IT! I JUST WANT A COPY OF WINDOWS XP! (Customer breaks down to the floor, sobbing) I just want a copy of XP...
Clerk: Is it safe?
Customer screams and runs out of the store, climbs into his car, which immediatley spins out and slams into a fire hydrant. The car bursts into flame. The customer bails from the car and runs down the darkened, abandoned street. He gets a half dozen steps from the car, and then he, illogically and without reason, bursts into flame himself.
Clerk 1: Thirty seconds, You owe me five bucks.
Clerk 2: I don't have five bucks.
Clerk 1: Take it from the register.
On-topic discussion part.
THEY TOLD ME IT WAS SAFE! I TRUSTED YOU MICROSOFT! I TRUSTED YOOOOOOOOOOOOOOU! YOU BLEW IT UP, YOU MANIACS YOU BLEW IT UP!
"PokeySteve, are you drunk?"
"Yes, but on love.
And whisky.
But mainly whisky."
Why is it when I hit ^R that ZSH calls me a cocksucker?
Microsoft has also anounced that this is to be the last free patch. All subsequent security patches will be available only to registered users at $14.95 per user licence. Very fair price, after all you can't have programmers working for nothing, that would be unamerican.
Yeah i use win2k on my desktop.. and ive patched the wmplayer-bug. Is it just on my system, or does the patch screw with the boot-process? Well the thing boots really really slow now anyways..
Most software is expected to have bugs. But when it comes to OS great care should be taken into removing these, especially those involving security. But bug tracking is an art form. You can never remove bugs 100% as the difficulty in finding the bug increases dramatically as you approach 100%.
When it comes to software like the media player, this is much more serious. This goes into much more than just one single OS. I run Win95, Win98 and Win2000, and all these may be affected. On top of that the media player keep posting me to update the software. Wouldn't it be nice if the system gave me the option to update to the most stable and secure version or the latest version? You might think I have that option, as I may choose not to download the latest, but make my way through the download jungle to find an earlier version. But this jungle is impossible to move through for ordinary people.
I understand that Microsoft wait with disclosure of the bug until they have a patch. This is often criticized, but in some cases it make sense.
-:) Oh no - not again.
www.rednebula.com
...don't the Linux vendors (especially IBM) flog this issue for all it's worth? I really think this is where the fight for market share should be.
However, the fact that it isn't makes me think that the vendors aren't entirely confident with the Linux security offer.
Perhaps it's too technical - there are plenty of security patches for GNU/GPL/Linux - I use that title advisedly, as they are rarely in the kernel (at least one a week AFAICS) - but they are generally on a faster turnaround than MS. But it's still not brilliant....hmmmm. Must think about this some more.
"I run Win95, Win98 and Win2000"
Yesterday I was browsing in my local department store and found myself shouting "I've soiled myself, I've soiled myself". I know how you feel.
Funny, a few days ago, i was having to do the ole ./configure , make , make install with openssh 3.4. Tonight i had to hit windowsupdate and grab the various fixes (flame away, i run win xp pro on my desktop, but at least i redeem myself by running my backup, dns, and dhcp on redhat 7.3). Any OS can have bugs and issues. But i still much prefer linux/open source for stuff that needs security. I patch my linux box a LOT less often then i have to run windows update. And i dont have to reboot my damn linux box every time i update samba or openssh or bind.
Lawyers, MBA's, RIAA? A jedi fears not these things!
You should read this MSN Article
Umm...I think you've just been banged for your MS buck. :)
"In mathematics, it's not enough to read the words -- you have to hear the music"
Will I ever get the bang for my MS buck?
I don't know about you, but I've paid $0 in my lifetime for MS software, so you could say I've gotten at least my share of bang. But I wouldn't say that. I'd say that MS owes me for forcing their way into an OS monopoly, therefore forcing me to use their Piece of Crap in order to use lots of apps I want to use (ie, games).
Love and kisses,
Jeff
Property is theft.
Imagine a beowulf cluser of these XP boxes....
What an unpleasant thought!
Maybe Cringley's right ...
It's so obvious now.
Palladium isn't for you. It's for them. They have never been able to get the SOFTWARE to be secure. So now they have resorted to the only possible solution that still gives everyone root. They have decided to get a HARDWARE based solution instead.
The best thing about this Palladium for MSFT is that they don't have to worry about anymore security problems. It will all become a problem of Intel and AMD, the keepers of the hardware key.
Given the revenue stream of say Win-XP compared to that of commercial Linux distributions, I am very surprised that MS still makes code with so many holes. If XP ius too big for MS to manage the development and support, then they should simplify it.
Will I ever get the bang for my MS buck?
Oh please, when was the last time you actually bought a microsoft product?
I know I'm going to hell, I'm just trying to get good seats.
now if they only allowed us poor windoze users to remove wmp in the first place, but no, it's a part of the os now
Remember: If you buy anything from spammers, you have a small penis.
Can anyone imagine a bug in XMMS that can make GNU/Linux unusable? Hah...
My computer crashes all the time while changing tracks in XMMS. I don't think its that funny.
Why don't we just stop using MS products? It used to be in the 80s that MS was trying to bring computers to every desk but now they just want to bring newer versions to your wallet (or is it the other way around?)
If you're using Windows consider another OS. If you can't live without Windows at least try out 3rd party software. If you can't live without Microsoft software say "bah bah"!
This comment was brought to you by a loud-and-proud Mozilla user!
After a week in which I spent hours remotely updating apache and openssh on my colocated boxes, it's hard to get worked up about another Microsoft patch.
Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.
Security update? Who's security are they protecting? There is no option to uninstall media player. Your choices (if you wish to continue using Windows) areA: Leave your system open to bugs that give system level access to the next worm (imagine nimda with a malicious /default.htm)
B: Bite the bullet and install the patches. But if Microsoft releases an update that silently and without notification installs itself and 'disable(s) your ability to ... use other software', you're SOL. But hey, it's ok. Don't you know Microsoft is supporting 'Trustworthy Computing'?
"Will I ever get the bang for my MS buck?"
No
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
OpenSSH is designed for remote logins--in essence, a bug that allows uncontrolled access is relevant to the software's purpose. Unauthorized access into an OS vis-a-vis an audio program shows an inherent problem with XP. My argument is not that MS sucks look how shitty the bug is, it's that one small component can be used to dominate an entire system. Think before YOU post--you clearly demonstrate the common mindset of finding someone with an exposed problem and attacking it like a shark in order for a much needed ego-boost.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
M$ announces bug. Everybody required to download a critical update...
What's the bug?
DRM doesn't work... turns out you can hear copyrighted MP3s. This is a big security vulnerability and you mush download this patch, otherwise the finanical security of the RIAA will be at stake, and that's unamerican.
[Note: This is intended as a joke and as food for thought. This is not fact.]
Make even shorter URLs - 8LN.org
"The company has posted on its Web site a software "patch" for users to download."
Now, where did i hear that kind of thing before? (...using this "La-ser"...)
So the trojan horse part of the M$ media squeaker was a bug all along?
Riiighhht...
This morning windows updater had already downloaded the patches, all I had to do was confirm the installation.
People can whine all they want about that there are security flaws and ofcourse it's sad these still pop up, but the patches are there, the system to install them is VERY easy (just click one single button) so in the end, the end-user is not that much hurt by them, simply because the patches are installed so easily.
The discussions about 'security flaw free' software are endless and allthough they should be held, are nowhere near consensus: as long as there are humans involved in hammering out code and as long as the computer/software based checkinglogic is not up to par as where it should be, these flaws WILL be there, possibly in every tool written by man. Until computer science reaches the point where a compiler can proof that software is security flaw free, we should be grateful that the FIXES for security flaws are installed using the most easiest way: by simply clicking one single button.
Never underestimate the relief of true separation of Religion and State.
Five score years ago, a great Slashdot Editor, in whose symbolic shadow we stand signed the Emancipation Proclamation. This momentous decree came as a great beacon light of hope to millions of Anonymous Cowards who had been seared in the flames of withering injustice. It came as a joyous daybreak to end the long night of captivity.
But one hundred years later, we must face the tragic fact that the Anonymous Coward is still not free. One hundred years later, the life of the Anonymous Coward is still sadly crippled by the manacles of segregation and the chains of discrimination. One hundred years later, the Anonymous Coward lives on a lonely island of poverty in the midst of a vast ocean of karma prosperity. One hundred years later, the Anonymous Coward is still languishing in the corners of Slashdot society and finds himself an exile in his own land. So we have come here today to dramatize an appalling condition.
In a sense we have come to our website's comments pages to cash a check. When the architects of our website wrote the magnificent words of the slash code, they were signing a promissory note to which every poster was to fall heir. This note was a promise that all men would be guaranteed the inalienable rights of life, liberty, and the pursuit of karma.
It is obvious today that Slashdot has defaulted on this promissory note insofar as her Anonymous citizens are concerned. Instead of honoring this sacred obligation, Slashdot has given the Anonymous Cowards a bad check which has come back marked "insufficient karma." But we refuse to believe that the bank of karma is bankrupt. We refuse to believe that there are insufficient funds in the great vaults of karma of this site. So we have come to cash this check -- a check that will give us upon demand the riches of freedom and the security of justice. We have also come to this hallowed spot to remind Slashdot of the fierce urgency of now. This is no time to engage in the luxury of cooling off or to take the tranquilizing drug of kuro5hin. Now is the time to rise from the dark and desolate valley of segregation to the sunlit path of racial justice. Now is the time to open the doors of opportunity to all of God's children. Now is the time to lift our site from the quicksands of karma injustice to the solid rock of brotherhood.
It would be fatal for the nation to overlook the urgency of the moment and to underestimate the determination of the Anonymous Coward. This sweltering summer of the Anonymous Coward's legitimate discontent will not pass until there is an invigorating autumn of freedom and equality. Two thousamd and two is not an end, but a beginning. Those who hope that the Anonymous Coward needed to blow off steam and will now be content will have a rude awakening if the nation returns to business as usual. There will be neither rest nor tranquility in Slashdot until the Anonymous Coward is granted his posting rights. The whirlwinds of revolt will continue to shake the foundations of our site until the bright day of karma emerges.
But there is something that I must say to my people who stand on the warm threshold which leads into the palace of justice. In the process of gaining our rightful place we must not be guilty of wrongful deeds. Let us not seek to satisfy our thirst for freedom by drinking from the cup of page-widening and moderation abuse.
We must forever conduct our struggle on the high plane of dignity and discipline. We must not allow our creative protest to degenerate into crapflooding. Again and again we must rise to the majestic heights of meeting moderation force with soul force. The marvelous new militancy which has engulfed the Anonymous Coward community must not lead us to distrust of all logged-in people, for many of our logged-in brothers, as evidenced by their presence here today, have come to realize that their destiny is tied up with our destiny and their freedom is inextricably bound to our freedom. We cannot post alone.
And as we post, we must make the pledge that we shall post insightfully and on topic. We cannot turn back. There are those who are asking the devotees of karma rights, "When will you be satisfied?" We can never be satisfied as long as our bodies, heavy with the fatigue of posting, cannot gain lodging in the motels of the highways and the hotels of the cities. We cannot be satisfied as long as the Anonymous Coward's basic mobility is from a smaller ghetto to a larger one. We can never be satisfied as long as a Anonymous Coward in Mississippi cannot post at +1 and a Anonymous Coward in New York believes he has nothing for which to post. No, no, we are not satisfied, and we will not be satisfied until justice rolls down like waters and righteousness like a mighty stream.
I am not unmindful that some of you have come here out of great trials and tribulations. Some of you have come fresh from IP bans. Some of you have come from connections where your quest for freedom left you battered by the storms of persecution and staggered by the winds of editor's brutality. You have been the veterans of creative suffering. Continue to work with the faith that unearned suffering is redemptive.
Go back to Mozilla, go back to Internet Explorer, go back to Opera, go back to Galeon, go back to your browsers, knowing that somehow this situation can and will be changed. Let us not wallow in the valley of despair.
I say to you today, my friends, that in spite of the difficulties and frustrations of the moment, I still have a dream. It is a dream deeply rooted in the Slashdot dream.
I have a dream that one day this nation will rise up and live out the true meaning of its creed: "We hold these truths to be self-evident: that all posters are created equal."
I have a dream that one day on the pages of Slashdot the sons of former ACs and the sons of former logged-in posters will be able to sit down together at a table of brotherhood.
I have a dream that one day even the site of Slashdot, a news site, sweltering with the heat of trolling and crapflooding, will be transformed into an oasis of on-topic posts and +1, Insightful.
I have a dream that my four children will one day live in a nation where they will not be judged by their user name but by the content of their posts.
I have a dream today.
I have a dream that one day the site of Slashdot, whose editor's lips are presently dripping with the words of interposition and nullification, will be transformed into a situation where little Anonymous boys and Anonymous girls will be able to join hands with little logged-in boys and logged-in girls and walk together as sisters and brothers.
I have a dream today.
I have a dream that one day every valley shall be exalted, every hill and mountain shall be made low, the rough places will be made plain, and the crooked places will be made straight, and the glory of Natalie shall be revealed, and all flesh shall see it together.
This is our hope. This is the faith with which I return to Slashdot. With this faith we will be able to hew out of the mountain of despair a stone of hope. With this faith we will be able to transform the jangling discords of our site into a beautiful symphony of brotherhood. With this faith we will be able to post together, to moderate together, to meta-moderate together, to karma whore together, to stand up for freedom together, knowing that we will be free one day.
This will be the day when all of Natalie's children will be able to sing with a new meaning, "My Slashdot, 'tis of thee, sweet site of liberty, of thee I post. Site where my fathers died, site of the pilgrim's pride, from every basement, let freedom ring."
And if Slashdot is to be a great website this must become true. So let freedom ring from the prodigious hilltops of New Hampshire. Let freedom ring from the mighty mountains of New York. Let freedom ring from the heightening Alleghenies of Pennsylvania!
Let freedom ring from the snowcapped Rockies of Colorado!
Let freedom ring from the curvaceous peaks of California!
But not only that; let freedom ring from Stone Mountain of Georgia!
Let freedom ring from Lookout Mountain of Tennessee!
Let freedom ring from every hill and every molehill of Mississippi. From every mountainside, let freedom ring.
When we let freedom ring, when we let it ring from every village and every hamlet, from every state and every city, we will be able to speed up that day when all of God's children, ACs and logged-in posters, Slashbots and Crapflooders, trolls and editors, will be able to join hands and sing in the words of the old Anonymous Coward spiritual, "Free at last! free at last! thank Natalie Portman, we are free at last!"
The patches install spywre and serial number tattlers!!! plus they doom you if you have the famous chines-hack version of XP release version that everyone I know runs, when they run XP for testing.
These facts have been mentioned before... I suspect you are trolling with such a provocative standard.
BTW Macs have never had a security exploit, so a bug is not a bug, its the security bugs that are the ones people care about the most.
i'm waiting for someone to do a dns hijack of update.microsost.com and load a
nice new trojan on everyone's box that their av software doesn't detect. if
these morons were serious about security, they'd use ssh, not http, for
updates (and let you turn off html rendering in your email client).
thank God the internet isn't a human right.
You should have read the installation instructions. I'm not sure about Redhat but my Debian asks if it may overwrite the MBR while Windos does it unconditionally.
And
> Before this, I was a neutral in the Linux vs. Microsoft debate.
I don't buy that. If you weren't biased towards Windos in the first place you wouldn't have given up on the first minor problem and blame Linux for something which is your own fault.
If I had given up on installing Windos because of commensurable issues (I actually did this several times, though I never seriously used it) I would never have gotten any Windos to run -- except on my laptop, where it came preinstalled (I'd rather have it without, but they don't sell it, and you know why).
He saw some dirty arabs and fired. Too bad it was just some friendly kurds, BBC reporters and his fellow cowboys.
Microsoft will *always* take your buck,
and
Microsoft will *always* give you a bang, just bend over...
Or is that not what was meant?
If you give me a billion dollars I will write you an operating system that has no ownd bugz in it at all.
Sounds like your friend needs to take that sticky pad and write a script. Then create a big icon for the script and call it "Get Yahoo Mail, Click Here".
I have no idea if that can be done in windows. I know that it can be done with most, if not all, Linux desktop enviroments.
Linux on the desktop does not need to be "difficult". Linux remains the better option over Windows, you just have to get over being lazy. The bad news is you have to learn something new. The good news is you're gonna learn something new, and it's going to work.
So what if your friends mom can't/won't write scritps to automate her computing tasks. You do it for her for a fee (even if it's just chocolate chip cookies). You set up a Linux desktop for her once. Give her one button access to the things she wants to do and she'll be out of your hair. She damn sure won't be calling you to come fix her computer because of the daily BSOD.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
i know im asking for a flaming here....but as a microsoft windows xp user and a user of freebsd on another machine...i find that windows xp is just more easier to do things....windows in general is just easy to do things...for the majority of servers running ms windows software that are behind a private network all these exploits are not a major issue, just service packs etc are needed. its just damn more easier to do things.....set up a network in windows? easy...in linux/unix...it takes 5 times longer. for the 95% of ppl out there that use computers that is just way to long. to install software....windows just run setup...linux...tarball or rpm...its just a whole lot more difficult...thats y linux will never ever take off except for niche markets.
I sent them this:-
I know what BSA fears most,
It's the possibility that the communists have built up a huge arsenal of
keygens (before thecrack.net went down a couple of weeks ago.) and they
are planning to release a worm that generates everyone a new random
license, making it impossible to tell which software is pirated and which
is not. This will of course be the end on the BSA, probably through the
madness of running round in circles if nothing else.
But don't tell them I know these things, or I might gave a knock on the
door tomorrow asking why I have no licence for my Linux boxen.
thank God the internet isn't a human right.
I've always thought I've gotten banged pretty well for my Microsoft buck.
Analysis of the lyrics of White Room
From http://www.microsoft.com/technet/treeview/default
Never confuse volume with power.
It seems like MS is joining the ranks of McAafee and the other AV vendors in creating a scare with an ulterior motive. In MS's case, to quitely patch the system until its fully disabled from viewing content they deem as illegal! And to do this they either take an actual security issue and piggyback the DRM patches, or they planned the "holes" from the get go to be announced and "patched" at key points in time, as to slowly wane the users into locking down their systems from "illegal" content. With the latest talks of Palladium and such, it seems like this isn't such a far off theory either - such an obvious one, actually, that it could be true!
Sound waves should be free!
Why flog MS by Linux vendors? Because Hypocrisy thats why! Why would a Linux corp crow about a MS security weakness, even if easy to explain, whrn other OSes have NEVEr had a remote security weakness in many years?
Microsoft XP trojans existed since day one. Remember the groundbreaking Reuters news stories when the reporter had his virgin laptop with XP successfully infiltrated by hackers alleging the weaknesses?
Thats why I reccommend the Mac OS for the ultimate in security from external infiltration.... it has NEVER been shown to have any defects with its standard installation EVER, unlike even OpenBSDs SSH vulnerability this week.
The fact is
No Mac webserver has ever been hacked! Ever.
I am speaking about the the current 9.2 or older of Mac OS X (not OS X (unix FreeBSD OS)).
This is despite two large contests (10,000 us dollars over one month duration).
That is why the US Army once gave up being exploited and for some of its sites used Mac OS 9.x and Webstar (a commercial web server).
There are numerous technical reasons why no mac webservers have ever been remotely hacked and exploited, many are quit interesting.
No Linux/UNIX is as secure as Mac OS 9.x and earlier, as demonstrated by the hundreds and hundreds of exploits in Unix and the lack of a single exploit ever discoverred in OS9 web servers. Ever.
If you want security in an OS implement what Apple's Mac OS 7 through 9.2 offers:
get rid of root (leaves a false sense of security lazy programmers dont understand)
make microkernel as small as possible (even if you pass gary dividians birthaday in a register to get into kernel space, you cannot cause
mischief that can be caused external from mac kernel)
get rid of command line (creates a huge way of exploiting between processes)
get rid of single file fork executables (use a second invisible file associated with each executable file)
get rid of filename extensions (use an invisible embeded file type that cannot be set by users typing)
get rid of unix utility software (use non-command line tools that use high level scripting rules)
get rid of ANSI C library based code (The mac uses safe Pascal Style Strings often, including in ROM)
avoid C string buffer exploits (again, most commercial mac programs avoid null terminated strings).
sotre all web server files meant to run as executables and CGI as specially "typed" files
and most importantly have compilers save return addres HIGHER up the stack (prevents most clever overflow exploits)
Basically you end up with Mac OS 7 through 9!
If security is paramount, to exclusion of all else, then Mac OS 7 through 9 cant be beat. And is 100% secure so far according to historical facts.
SecurityFocus concurs.
But most linux loving slashdot readers will never understand the TECHNICAL reasons no mac web server running Webstar and Mac OS has ever been rooted, or ignore the facts.
I wonder why people try to award silly designations to "secure" linux distros! When it has been shown to have many holes historically.
Windows NT and XP have regularly shown to have security exploits available over their histories while the Mac has never had one published instance of an exploit.
Now that some poeple use OS X (unix) I will have to routinely warn people that it has already had over 15 exploits since released while regular Mac OS is still untarnished.
---
Please dont bother calling this informative post a Troll. This is not a troll. Why? because I am formally requesting that i am not intrerested in your rebuttals. Do not bother to criticize this post.
A true troll, by definition, WANTS responses and is not stating anything important. By requesting no criticism, I am proving I am not a troll.
This post is meant to only educate people on why no mac servers have been rooted and state a few inarguable facts. So quit modding it as a troll without reading the FAQ on the web regarding the definition of 'trolling'. Otherwise -1 mods are merely ignorant censorship by fanboys that hate to admit they know nothing about secure OSes..
Now I will have to post it 5 times becuase someone keeps trying to suppress interesting posts that SPECIFICALLY opt-out of being classified as trolls such as this one.
When you start having to shell out big bucks for something, one should have a right to expect some higher quality.
When things go wrong with something that you've paid for, they often do get scathing reviews. However, when something goes wrong with something that cost you nothing, the usual reaction is "Oh well, what're ya gonna do?".
Considering Microsoft's most expensive operating system has extremely serious security flaws found in it at least monthly, I'd say its defective. Imagine if you had to go back to the people who made your car every month to have it repaired...
s/right/write/ sigh
Never confuse volume with power.
"Will I ever get the bang for my MS buck?"
Duh... it's already patched. Showed up as an automatic update on my PC yesterday!
Yea, I'd say I get enough bang for my buck.
One thing that's always bugged me about these kinds of updates? What do you do if the machines don't have internet access? I know that that invalidates most of the vulnerabilities (except inside the lan), but what happens someday in the future when the machine finally goes online and tries to download 3000 security updates?
Maybe vendors should have to release these updates on CD as well.
NOTE: I'm not focusing on MS here, other vendors should be asked to do the same.
t'nera semordnilap
YHBT. YHL. HAND.
Will I ever get the bang for my MS buck?
Timothy, you do every day. What would /. be without the daily "M$ sucks! Lets all post about how horrible M$ is!" story to increase those page loads?
Why, /. might actually have to talk about things of interest to geeks!
"Seven Deadly Sins? I thought it was a to-do list!"
Is that an existing expression, in Dutch and/or English and/or another language, or really an invention of Desert Fish (Woestijnvis)?
Just wondering.
This sig under construction. Please check back later.
I also think the article forgot to mention you can install Critical Update Notification in Windows 98/ME/2000/XP that automatically flags you about security and other important updates whenever you log onto the Internet.
I think the flurry of bugs and bug fixes has been due to Microsoft's commitment to security lately. At first I thought it was pure BS but now I am beginning to think that they are going over their code with a fine tooth comb.
I don't personally use Microsoft, but I am glad that they are cleaning up their act. Their flaws are costing everybody money... not just MS users.
...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)
I think it was supposed to read "Re:So who actually read the technical rite up...front"
You asked: Will I ever get the bang from my MS buck?
Rest assured. M$ gets a bang out of your buck.
>Perhaps it's too technical
*Exactly*.
In a world where we cannot convince people that MHz don't matter, and people believe that security is a product, attempting to convince them of the security issues with MS will prove fruitless.
MS will just release statistics and compare their OS with the number of security holes found in OS + Applications and people will believe it to show that Linux is less secure. They will turn up their marketing engines and hype that Open Source means Lower Security and people will believe it.
True Story: I was attempting to convince a certified MS XP technician that MS didn't understand security. Keep in mind this is someone deep within the ranks of the Microsoft Heresy (like the Cainite Heresy, but more Hideously Evil(TM)).
I cited Scheiner, cDc, L0pht, and a half-a-dozen others. I talked about how open source was a good thing, the reply I got back can be summarized:
1) Security is a product ("A firewall will make you secure")
2) He thought the only reason you would want to secure your system was to keep people from browsing the pr0n there (and seeing the other files).
3) The threat level is minimal--no one would want to break into *your* system.
4) Believing that security was a real issue was like believing everything anyone told you (down to "three headed big foots in Utah").
Of course this is absolutely absurd, but thats what he believed. While you may not be able to sell the general public on all of that, it gives an impression on how MS treats security and how their marketing department would convince their users to treat it.
Sad, but true.
Integrate Keynote and LaTeX
probably just a ploy to get people to upgrade. BC
Unfortunately, I want to exploit the applications on my machine. I could just buy a pocket calculator and get rid of my computer - that would be secure too.
If security is paramount, to exclusion of all else,
Which it never is. If security is paramount to the exclusion of all else you simply leve the computer switched off.
I'm computing in the real world, you are clearly computing in the MacWorld.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
At least by charging people for the 'privalage' of downloading their patcher, Microsoft will finally have an incentive to announce its security flaws. Of course, this has the side effect that they might not beta test their software as much becuase if there is a bug in thier software, they get paid to fix it down the road.
Double check your facts and never say never.
h tml
And for that reason, you are a troll.
Successful hack of a Mac webserver during the Crack-A-Mac contest: http://www.zdnet.com/anchordesk/story/story_1189.
(Do notice I mentioned Lasso, I know it wasn't the webserver itself - my point is that you should never trust anything - not even Mac OS 7-9
it's in my head
Microsoft admits to a flaw it has now patched. Big deal. When Microsoft admits to holes that aren't patched, then you'll be telling us something we don't already know.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Mac webserver hacked, just 1 example.
9 .h tml
http://www.zdnet.com/anchordesk/story/story_118
Mac webserver hacked, one of many.
9 .h tml
http://www.zdnet.com/anchordesk/story/story_118
STFU
Will I ever get the bang for my MS buck?
You have MS bucks? Where did you get them?
You mean we've already switched to the new Microsoft Exchange Rate XP where we all trade goods and services in M$ (thats Microsoft Dollars)? I know they're supposed to be changing the US dollar at some point soon but I didn't think M$ had that much control over things. I've heard of Microsoft Money, but this is ridiculous!
You report, Slashdot decides
Prevueing you're poast ownly hellps iff ewe no how two spel inn teh furst plase
and their repeated use of backward IN-compatibility to force people to upgrade or lose access to their old data, this phrase from "Cringely's Pulpit" scared the fuckin' crap out of me: "then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR."
... I'm a loss to find words to describe the enormity of the evil.
Its the ultimate in Big Brother technology. The eradication of memory or of access to memory.
Ever seen people with disorders of the hipo-thalamus? They can't form short term memories. Their lives are hard and extremely confusing since the world is a new mystery every damn day. They are extremely vulnerable to being scammed from one minute to the next.
Whoever proposed this inside of M$ is an absolute diabolical monster. A human being (given the events of the last two centuries and the incredible slaughter perpetrated on each other, that is NOT a compliment,) with delusions of god-hood. One that looks bad even compared with the most the megalomaniacal tyrant to slaughter people in order to change their minds about something.
At least when you kill people, you're show for the sub-simian scum you are and/but your victims a're well and truly safe from further predation.
But this deliberate creation of the potential for maiming of the aggregate memory of an entire culture makes the death camps is so utterly base, so vile, so despicable, so
And M$ will find enough "Judas Goats," enough imbeciles to plunge mankind into a second dark ages. Would that the road to the coming Hell was not paved with moot intentions and banal disregard.
Slavering drooling monsters and utter despicable despots, we can overthrow. But our doom will come in the form of some utterly reasonable man in a suit who's just doing his job.
There are a hundred million graves prematurely filled by the victims of some utterly reasonable men in some (uni)form of suit, who's just doing his job.
The ultimate triumph of Voltaire's bastards will be even more thorough and degrading than the patrician nightmare of the religious maniacs who merely preach evil and bring subjugation and death.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Oh, you're getting banged all right ......
Will I ever get the bang for my MS buck?
This is the way the world ends
This is the way the world ends
This is the way the world ends
not with a bang but a whimper.
-- D
It has been my experience, that the pre MacOS X releases crash at an alarming rate. Considering I have never used a mac for more than two hours, this is very disappointing - Windows is more stable.
I also believe that the MacOS kernel implemented cooperative multitasking instead of preemption - which is a bad thing [TM] especially in a server. Since these means that a bad behaving app could take out the entire system.
So the reason I don't think the MacOS is a suitable platform is that it is built on a fundamentally broken architecture.
Woe be on to them, all who rise against poor people, shall perish in a the end. Buju Banton
Why would you post this? It serves no purpose as to annoy people. Sure, Linux isn't as polished as Windows, or has as advanced a kernel in design, but at least its free. Anyone can contribute to it. The only problem i see w/ Linux is that distros include apps that are ridiculously buggy (arhmm -- pkg man) and therefore give it a bad view in some desktop users. I dual boot mandrake and xp and do just fine. That other fellow's right, at least most linux installs ask whether or not to overwrite the mbr unlike windows. That's why I always install windows first. Have a great day.
why run from Vincenzo?
How many times do I have to tell you, wave your hand at the close of a jedi mind trick?!
Democracy is two wolves and a sheep voting on lunch.
they'll bang you for a buck.
Didn't you read the license?
Why do we stand for this?
Why do you, whoever you happen to be, stand for this?
The only way this can truly change is through market intervention: legal solutions will be iffy and likely do more harm than good; internal forces certainly won't cut it; and petitioning is useless.
Support Apple, Support Linux, Support OpenBSD, but don't support Microsoft!
Integrate Keynote and LaTeX
This certainly isn't helping Microsoft's plan to brainwash the public into thinking they make the safest/reliable products, and should own the world. lol. Ok, yes I understand that many OS's have flaws and security issues. However, this is in its MEDIA PLAYER. WTF?!?! I downloaded the latest version of WMP about a month ago, and was going to install it until I realized it forced you to install like 5 other non-useful bloatware packages. I'm glad I didn't. This makes me feel very unsafe knowing that everytime I watch a movie, or listen to an audio file, microsoft opens a connection into my computer, for the knowledgable to access. What's the use in that? Is it an error, or another backdoor for M$ to secretly spy on your private materials? Thanks again Bill!
Here is a page that has direct links to the patches.
Windows Update did not correctly detect that I'm using 6.4, and wanted to patch 7.1 instead.
Sounds to me like you'll be getting banged for your buck over and over and over again. No wait...I meant "screwed".
The email was from Thomas Greene of The register fame.
So I better give him the credit.
thank God the internet isn't a human right.
ah damn it, I agree with a troll!
if we must get picky, News implies information bias or otherwise is unspecified and i know i cant spel so deal with it ....... i would like to take this time to apologize to everyone else who has to read this
This is how you know you're a geek the power goes out and you are unemployed and unemployable. Yes I know I can't spell
The best you can do is an article dated 1997? That was written before Netscape 4.0 was released-just look at the headline above the Crack-A-Mac contest. You cant find a single article about a Mac server being cracked since 1997? No articles about problems with OS X? Looks like Macs really are more secure.
I have no trouble connecting windows to windows OR Linux to linux. BUt I can't seem to get SAMBA to work, drat it all.
What Linus giveth, Billy taketh away
I love that cut and paste flamebait.
"Remove ALL functionality of other OSs, and you have... MacOS!" Great!
For XP users out there, try setting the system date way out there (like 2075) and getting any media to play with WMP or Real Media.
"The fact is :
No Mac webserver has ever been hacked! Ever."
You're missing the point.
The point was, that someone stated an absolute, that absolute was not only incorrect it was blatently false, therefore, the entire statement is in doubt. The majority of the post was opinion stated as fact and had very little technical merrit.
It was only one example, and only one was needed. It just happened to be the first opinion I could find on Google in under 30 seconds. Putting any more time into it wouldn't be worth it, I've already proved my point; the statement is false.
The original post is overrated, a troll, and flamebait, and should be moderated as such. The fact that it was posted several times in a puerile fasion proves this.
Beta Test? Of course they Beta test.. in fact, they have the largest number of Beta testers in the world... everyone who is running a MS OS.
Hmm... we release a buggy product, and then you have to *pay* to receive the fixes. Somehow this doesn't seem to relate to most industries (aka, the automotive industry.. we build a car with a faulty fuel pump, and then issue a recall to replace the faulty pump *free* of charge). MS, "we ship a faulty product, and then *charge* you to fix the problems". Hmmm...
Why bother rooting Microsoft's closely monitored servers and uploading a trojan that needs to pass a fairly strong digital signature check, when you can just root the update code, which is LESS SECURE than the original?
Have fun with the new version of MS DRM. I will...
Will I ever get the bang for my MS buck?
Just remember, YOU'RE the bang-ee.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
You should have read the installation instructions. I'm not sure about Redhat but my Debian asks if it may overwrite the MBR while Windos does it unconditionally.
Probably because your average microsoft user would think that any question pertaining to the MBR would be some erroneous message and create a nasty support issue. just one more thing that was intelligently left out of the install options.
What if a hacker took over Windows Update and used it to install a worm. He could automatically update the worm. He could also take over you computer remotely, alter software at will, and generally cause havok. It would be like computer AIDS where the immune system is a source of contagious material.
if i see another sex joke on here ill have to go out and strangle a baby seal....do you want that..... could you sleep at night with that on your mind.....
This is how you know you're a geek the power goes out and you are unemployed and unemployable. Yes I know I can't spell
Where does it say that? I went to the M$ site and didn't see anything mentioned about Gates slaves having to pay $14.95
Why is everyone up in arms about every MS security hole, yet complacent when similar
vulnerabilities are found in Mac or Linux
sw? What a bunch of 2-faced losers.
This is a newswire story, why would you link to Salon, as opposed to a dozen of more obvious places? Like, say, Yahoo? I understand Salon is going under, but really, come on...
"Hot lesbian witches! It's fucking genius!"
I'm not sending this file for your advice, because you are obviously a dumbfuck.
C Pungent
It was left out because M$ don't bother if there was another OS on your harddisk. Because they don't want you to have any other OS on your computer.
It's annoyingly stupid from the users point of view.
He saw some dirty arabs and fired. Too bad it was just some friendly kurds, BBC reporters and his fellow cowboys.
Look at that EULA again:
These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer.
WinAmp is one of those "other software on your computer" which may be disabled. Duh.
Essentially, this is a backfit of their XP license and DRM technology for the 60% of WinSlaves that are using Win98.
Given that Windows Security is an oxmoron, there's no reason to "upgrade" your computer this way. Outlook, IE or some stupid piece of junk like a plug and play deamon that you never knew listened to the network will eat you anyway.
If you just must have M$ in your house, blind it to the network by NOT installing the network card drivers or pointing it to a bogus gateway IP number. Never use it to surf, read email or anything else that M$ will never do right. I admit that I have such a beast in the corner for talking to cameras and an old scanner. It's legal and I own it. But I'll never ever trust it. Red Hat's dual boot (GRUB) let's me get the information off of it.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
1 and 2 are related
3 and 4 are related
{1,2} and {3,4} are related since money making and open source doesnt necessarily go hand in hand
"Damn Microsoft all to hell"
Darn! I coined THAT line for a office junior to say in a short film (Cubical Crisis) in which a computer converted to Linux dies, and the junior figures out that MS is responsible!
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
Will we be able to sue and get a buck for the MS bang?
They have a huge R&D lab too. Apple