Slashdot Mirror
Microsoft Discloses Security Flaws in XP and WMPlayer
An anonymous reader writes: "Salon is running a story on Microsoft's disclosure of a number of security flaws in WinXP and Windows Media Player, versions 6.4 and 7.1. The story also states that there are 2 critical vulnerabilities in Commerce Server 2000. Will I ever get the bang for my MS buck?"
"Will I ever get the bang for my MS buck?"
If they don't treat you right the first time, buy buy again.
If only real player didn't tank out a few years back (my window stills says it's buffering) and if quicktime was widely supported, this wouldn't even be an issue. Everyone seems to get forced into supporting the windows option for lack of a better option (and i'm talking about the masses here). i know all the linux buffs here can point out a million other options on a non-windows OS, but that's not gonna help my friends mother, who needs to read the instructions written on the sticky pad about how to check her yahoo mail.
my last sig was too controversial... now, a new and improved useless sig!
If there were security bugs in Linux or Freeamp, would it warrant front page news?
Yes. If there were a security bug in Linux, Mozilla, XMMS, FreeAmp, etc, that allowed your computer to be compromised, it would warrant front page news on Slashdot.
Or was that supposed to be one of those rhetorical questions?
(1) MS Windows comes with virtually all PCs.
(2) The ammount of security holes alone found in Windows in a given week FAR, FAR outweighs those found in any other OS that I can think of.
Given that we've all had to have Windows shoved down our throats at some point in our lives, don't you think that knowing exactly how it's fucked up this week might just be a plus?
Same reason I wanna know about a security flaw in Linux. So it can be fixed.. for every 1 hole in Linux though, there are like 50 in Windows, so it's a bit more important to fix the Windows ones, that is if you don't say fuck it and delete the POS first.
...don't the Linux vendors (especially IBM) flog this issue for all it's worth? I really think this is where the fight for market share should be.
However, the fact that it isn't makes me think that the vendors aren't entirely confident with the Linux security offer.
Perhaps it's too technical - there are plenty of security patches for GNU/GPL/Linux - I use that title advisedly, as they are rarely in the kernel (at least one a week AFAICS) - but they are generally on a faster turnaround than MS. But it's still not brilliant....hmmmm. Must think about this some more.
Could you expect to see them? Well, I mean, I guess everyone has been *REAL* quiet about the Apache and SSH ones on /., right?
Stop being paranoid about alleged M$ bashing.
Score:-1, Funny
Given the revenue stream of say Win-XP compared to that of commercial Linux distributions, I am very surprised that MS still makes code with so many holes. If XP ius too big for MS to manage the development and support, then they should simplify it.
"Why on earth would there be a bug in Media player that allows uncontrolled access to the system. What we have here folks is a very good example of what a horribly designed OS Windows is..."
Why on earth would there be a bug in OpenSSH/Sendmail/Apache/BitchX that allows uncontrolled access to the system. What we have here folks is a very good example of a troll posting before it thinks, going with the crowd in its 'M$ sucks! Linux rules! Muahahha' mindset.
Software has bugs. Sometimes exploitation of those bugs, if they're severe enough, can allow an attacker to run code on the target system. This is not a flaw unique to Windows.
Please, think before you post.
Janie took my gun...
Actually, it's the other way around. There is/was a bug in XFree86 that makes it crash when requested a redicoulously large font size by Mozilla (or anything else).
Make even shorter URLs - 8LN.org
M$ announces bug. Everybody required to download a critical update...
What's the bug?
DRM doesn't work... turns out you can hear copyrighted MP3s. This is a big security vulnerability and you mush download this patch, otherwise the finanical security of the RIAA will be at stake, and that's unamerican.
[Note: This is intended as a joke and as food for thought. This is not fact.]
Make even shorter URLs - 8LN.org
I think it's more the tone of the post. Just a few days ago a venurability in OpenSSH poped up (and was fixed). The post about that is very neutral and newslike, simply reporting the bug, it's nature and the fix. This one is whiny and sounds immature. It would be like if the OpenSSH post read:
"Security focus has a post on a huge venurability in all versions of OpenSSH from 2.9.9 to 3.3. Just another example of you getting crap for paying nothing."
I think the poster's intent was to remind everyone that MS is not the only company that has security problems and that they did deal with the issues already.
i know im asking for a flaming here....but as a microsoft windows xp user and a user of freebsd on another machine...i find that windows xp is just more easier to do things....windows in general is just easy to do things...for the majority of servers running ms windows software that are behind a private network all these exploits are not a major issue, just service packs etc are needed. its just damn more easier to do things.....set up a network in windows? easy...in linux/unix...it takes 5 times longer. for the 95% of ppl out there that use computers that is just way to long. to install software....windows just run setup...linux...tarball or rpm...its just a whole lot more difficult...thats y linux will never ever take off except for niche markets.
"Linux ... you just have to get over being lazy"
You also need to find out how to deal with 300 broken dependancies for each bit of software you try to install, and how to edit XFree86-config before you can even install the damn thing.
Oh, and if linux breaks after you install it for someone, it's all your fault, and they'll bitch forever about how crap linux is. When windows breaks they just reboot and carry on.
"Security focus has a post on a huge venurability in all versions of OpenSSH from 2.9.9 to 3.3. Just another example of you getting crap for paying nothing."
If the openSSH people were running at 1 critical bug/two weeks this is exactly what you would read.
That's the problem. You have to use IE. It's what Windows Media Player uses to draw its window. It's integrated in the operating system, remember?
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
(2) The ammount of security holes alone found in Windows in a given week FAR, FAR outweighs those found in any other OS that I can think of.
/. bitchs that Microsoft was so insecure because there are so many patches.
Don't ever, ever think that any operating system has less bugs than the other. That is a dangerous belief that is going to reach up and grab you. All of these operating systems are written by human beings.
Microsoft wrote XP to a certain point (like Linux did with 2.4.0), and then released it. After that point, they would have to continiously send out updates to fix bugs and do updates. And everyone on
However, in that same time frame, The 2.4 tree in linux has gone through 19 revisions, with many critical bug fixes! This proves that Linux has just as many bugs as Microsoft.
The difference is that Linux is open about their problems - and they make an effort to keep the public informed. If a critical problem is found, the code is changed (almost immediately).
Microsoft hides their bugs. So for them to come out and announce bugs (and patches) before the bugs become newsworthy issues is a step in the right direction.
Do you have Linux and a DotPal? Click here now!
and their repeated use of backward IN-compatibility to force people to upgrade or lose access to their old data, this phrase from "Cringely's Pulpit" scared the fuckin' crap out of me: "then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR."
... I'm a loss to find words to describe the enormity of the evil.
Its the ultimate in Big Brother technology. The eradication of memory or of access to memory.
Ever seen people with disorders of the hipo-thalamus? They can't form short term memories. Their lives are hard and extremely confusing since the world is a new mystery every damn day. They are extremely vulnerable to being scammed from one minute to the next.
Whoever proposed this inside of M$ is an absolute diabolical monster. A human being (given the events of the last two centuries and the incredible slaughter perpetrated on each other, that is NOT a compliment,) with delusions of god-hood. One that looks bad even compared with the most the megalomaniacal tyrant to slaughter people in order to change their minds about something.
At least when you kill people, you're show for the sub-simian scum you are and/but your victims a're well and truly safe from further predation.
But this deliberate creation of the potential for maiming of the aggregate memory of an entire culture makes the death camps is so utterly base, so vile, so despicable, so
And M$ will find enough "Judas Goats," enough imbeciles to plunge mankind into a second dark ages. Would that the road to the coming Hell was not paved with moot intentions and banal disregard.
Slavering drooling monsters and utter despicable despots, we can overthrow. But our doom will come in the form of some utterly reasonable man in a suit who's just doing his job.
There are a hundred million graves prematurely filled by the victims of some utterly reasonable men in some (uni)form of suit, who's just doing his job.
The ultimate triumph of Voltaire's bastards will be even more thorough and degrading than the patrician nightmare of the religious maniacs who merely preach evil and bring subjugation and death.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Serv-U FTP has bugs that allow DoS attacks and "root"-level access from outside. Is this MS's fault?
Then when is IRSSI the fault of Linux developers?
Look at how fast major server products (OpenSSH, Apache, etc) get patched after exploits are discovered. Then look at how long it takes MS. And how MS delays (UPnP) around critical sales times like christmas.
There's no way you can say with a straight face that MS has a decent security record compared to open source projects like Linux, Apache, etc. (Hell, they barely have a decent security record compared to Sun, etc.)
Install the latest Mandrake with enough aps to replicate the functionality of Win2k Server. Now tell me how often you have to patch it to avoid remote exploits. How often during the same time does Win2k Server have to get patched?
Of course, IRSSI doesn't count here, any more than you can count mIRC against Win2k.