Slashdot Mirror
Microsoft Notes Critical Security Holes in Windows, Office
Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.
As my grandfather who was a doctor said, "Doctors, mechanics and others like these all benefit from the misfortunes of others".
Today I just spent 3 1/2 hours updating security patches on a group of machines in an office for office 2000. The people there are annoyed about all the patches, and we joked about it being "this months security update". Now there's this, and I'm going to be called in again to update their machines. On one hand it's irritating, on the other hand it gives me more work, which I need at the moment.
A few of them are curious about Linux, and I keep it in their mind - not telling them that it will solve all their problems, but that in the near future it may be beneficial for them to consider it. I let them know an alternative is there, and they are positive, no knee-jerk reactions. I'm honest to them about it's advantages and disadvantages - where it will help them and where it will be a challenge. When the time is ripe they will change over - it is inevitable. This won't eliminate the need for security patches, but I hope through the use of thin clients only one or two machines will ever need updating.
What if Microsoft has an API to by pass the filters Zone Alarm hooks in?
I have never seen the sense in firewalling a machine with the same machine.
Maybe it's just me, but I fail to see a single mention of the EULA, much less a statement that it changes when you apply this patch. Even when installing, the only dialog presented to the user is the "Do you want to install this update?" box. I'm as concerned as the next guy about Microsoft's propensity to sneak in unannounced EULA changes and automatic updates without telling you, but let's not point fingers where there's nothing to see.
People who actually examine the patches on their Open Source O.S. raise your hands.
Linus put your hand down.
Seriously, we should be pushing for accountability, not a world were everybody's grandma has to learn C++ just to make sure that the big bad software company hasn't installed a trojan horse.
When you got your oil changed last, did you take the engine apart to make sure that your mechanic didn't put a rabbit in there?
I know that you probably change your own oil. It's an example.
*everything* is Orwellian to cats.
My favorite part of the EULA is where you can not reveal the results of any benchmark tests of the .NET framework unless Microsoft gives you permission to do so.
What does that tell us about .NET?
I wonder if saying something like "I would like to tell you exactly how slow the .NET framework is, but then Microsoft would sue me" would be ok.
Interestingly enough, though...you only have to accept the EULA if you use the Windows Update feature of IE. If you just download the fix from TechNet, no EULA is mentioned.
Hey, those of you who actually operate a printing press raise your hands.
See? There's only about three of them. There's no point in freedom of the press if only three people use it.
Ok, now everyone who's been arrested this week raise your hands.
Only a couple dozen out of a couple hundred thousand? Ok, no point in rights for the accused, then.
Next up, let's see how many of you are black. Only about ten percent? Well, what's the point in those equal protection and non-discrimination clauses? Most people don't need them.
No, because I could sue my mechanic for breaking my car. I can't sue Microsoft for breaking my computer.
Why is it that a company can use such a poor security model and people will still think they should make up for it buy buying all sorts of band-aids to the real problem of a late implementation of a security model by Microsoft?
Because Microsoft owns the computer industry. It sucks. Their software is worthless. What's an admin supposed to do? Go deploying linux boxes at every workstation? Sure, I'd love that. There's a few UNIX geeks in various departments who would love that too. For the people who have no business using a computer, having e-mail, or getting on the internet, it'd take us years to train them in on linux. Then all we'd hear is "why can't I install this dancing puppy thingy that my stupid ass aunt sent me?"
The fact is, to deploy linux and force users into it goes against everything that an IT department stands for. We have to cater to the greater audience. If 90% of our users refuse to use anything other than Windows, we're screwed. Wed can hold daily meetings about what Microsoft has done NOW, why they're eveil, why their software is bad for us, they still won't get it.
When it comes to anti-virus, firewall, and ad blocking, open source is a great option. Squid, MIMEDefang, SpamAssassin, junkbuster, it's all good. Better yet, it's all free. An IT department can put up an open source blockade at the door, the users don't know the difference, and we're much happier.
So, to sum it up, we know MS sucks. I hate their software with a passion. SOMETIMES YOU JUST DON'T HAVE A CHOICE. I run linux at work and at home. We run linux products at the T1 entry point here at work. We have to run Windows on most desktops because THE PEOPLE WHO USE THEM ARE MORONS AND DON'T CARE ABOUT SECURITY.
There is no reasonable defense against an idiot with an agenda
:wq