Slashdot Mirror
Microsoft Notes Critical Security Holes in Windows, Office
Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.
It's sad that, when I saw that the patch was released, the first thing I thought was, "I hope the EULA won't force me to accept automatic installs from now on."
I think I'd rather have an insecure system than one that gives MS carte blanche to install what it wants. There's something wrong with that.
Am I the only who noticed this does not include the fix for invalid SSL certificates? Pretty big (and very expensive) problem, I think....
The Right Reverend K. Reid Wightman,
You have to reboot to complete the installation. Great. Now all my server updates (please do not ask why, I just follow orders) are going to be a joy. I can't believe I have to reboot to patch a damn browser.
I don't want knowledge. I want certainty. - Law, David Bowie
Today I just spent 3 1/2 hours updating security patches on a group of machines in an office for office 2000.
If you don't like constantly having to patch MS Office, then don't use it. There are plenty of alternatives, including WordPerfect Office Suite, which is what I use.
I pledge allegiance to the flag...
of the Corporate States of America...
If someone with the corporate edition key for XP Pro installed SP1, would they be able to apply this patch as well? I thought the SP1 would lock out all further updates?
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
They already know. Remember a couple of months ago, when Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. The architecture of Windows is inherently insecure and cannot be fixed. Read all about it here.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Especially considering to get the "Designed for Windows 2000 / XP" Logo on your software, you have to have an install that doesn't require a reboot.
I am not a number! I am a man! And don't you
And how do you know it doesn't? After all, Windows Update sends stuff to Microsoft. Latest Service Pack for W2k has a completely Automatic Update incorporated (now, I thought service packs shouldn't include new features). I know, in their privacy policy on the web they state they don't send info...but privacy policies on the web represent nothing nowadays and are subject to change any day in the week.
And it will load virusen (note spelling) on your computer so they can h4x0R you!!
Small anecdote: recently I "fixed" the PC of a acquitances of mine (clueless computer user). This family uses only Microsoft products and is clueless about maintenance (their Antivirus was hopelessly out of date). So, I say that this was an unpatched Windows 98, with an unpached Outlook (5, I think) and an unpatched Internet Explorer(5, I think). Now, what did I find on this machine: spyware *en masse*, and besides that at least 5 instances of Klez and *two* programs that Norton Antivirus identified as "Backdoors". Now, what again about haxorring?
Microsoft doesn't give you the blueprints of the software, yes. I'm perfectly okay with that. However knowing that many skilled programmers all over the world tinker daily with the open-source equivalents gives me this warm and comfy feeling that malicious code *will* be detected and *will* be fixed. It's just a feeling, so it's rather subjective... but honestly, do you prefer to be part of a community that might care for you *or* know that a company that is only after money (which is after all the goal of any company) is responsible for your security?
Of course your post was flamebait, and I took the bait.
Does this EULA have the infamous "we have the right to turn off functionality and delete files" clause that Microsoft has been putting in EULAs lately, in preparation for extra-aggressive digital rights management?
I wonder if Microsoft's EULA could be considered a form of coercion? Look at it this way:
Microsoft creates a flawed piece of software. They sell it to millions of unsuspecting victims under one EULA.
Then, they release patches for flaws that are serious enough to destroy a business if left uncorrected. They tell the victims: ?Agree to this new EULA that takes away many of your rights or we won't fix our software!?
The race isn't always to the swift... but that's the way to bet!
Funny how everyone's arguing over the EULA and fails to note that this patch doesn't do a damned thing about the SSL cert authentication bug.
There are 6 new security holes in Windows, (The security hole is actually in Windows since you cannot separate Internet Explorer from the operating system, Michale please make sure that your statements are correct, a hole in IE is a hole in Windows.) and Office?
How can this be? Microsoft as been focusing on security all year, and I just patched my system last month.
The reason I state that a domain isn't for everyone is that not everyone can afford it.
The point I'm making is that one shouldn't have to decide between a)inferior corporate networking or b)overpriced software. If you need a Domain, you shouldn't have to settle with a Workgroup because Microft didn't make Domains available in your software product. You should be able to customize your software to meet your needs, from start to finish. You shouldn't have to spend thousands more just to make something that finally works the way you wanted it to.One should be able to have the server available out of the box (should they want it), or any number of possible installations (including workstation with full office suite).
Sounds crazy? Sounds Linux.
You're right, it's silly to make a one-size fit's all install, and that's exactly what Microoft does. I'm arguing quite the opposite. The Windows installation is not flexible enough; it doesn't give the user the ability to do anything more than install the basic bare-bones software that they bought. You should be able to decide whether you want to install NT Server or NT workstation (allong with the other software that Micosft sells separately). You should get that choice for the price of the operating environment you bought.The mrosoft gestalt is based upon the idea that one buys the base model and then buys more and pays more and spends more in order to reach what they need. As a contrast, let me use the FreeBSD model; one can configure the same installation of FreeBSD to be a secure Internet server, or to be a desktop operating system. It's up to the installer to decide what they want to do with the machine, not the committers, nor anyone else associated with the FreeBSD project. This is the flexibility that Miosoft products can not afford to have. This is the one size fits all that I'm crying about.
I beg to differ. There is no granularity. What is the difference between the Windows 2000 server that I install at home and the one that you install to be a domain controller on your 3000 node network? Nothing. You can choose from the vast array of icrosoft services that you want to buy for your "modular" server, but there is nothig modular about the server. My friend, it sounds as if you've led a fairly luxurious life up in the corporate cathedral. There's no business in the world that doesn't want to do things right, but the way that Microt sets things up, they need to make hard decisions between capital assets and depreciating investments of software and training of a high turnover workforce. And I'm sure there are a lot of admins, who, if they could afford the time and money, might pay for a MCSE Training Kit. The micosft model doesn't cater to these people. They don't have enough money to buy the complete product.Online newsgroups are an invaluble resource for those who do RTFM, and even for those who don't. I have never been a part of, nor come across an online newsgroup which was full of questions whose only reply was RTFM. For both the FreeBSD project and Linux, there are dedicated news newsgroups and mail lists who are staffed by people willing to do nothing but anwer new users' questions.
And as to the idea that Microft documentation is superior to the documentation produced by the Linux community, I wholeheartedly disagree. Whether a document is formatted better doesn't make it better documentation.
I spend my days around people that devote themselves to writing "good documentation." I have been at meetings for organizations which devote themselves to writing "good documentation," but all they end up worrying about is following the Microsoft Manual of Style. Most of the documentation "experts" I've had the opportunity to be around are more concerned with statement uniformity, with fonts and with orphaned lines than they are about producing good content. And I'd say this holds true for most of the Microsoft Press documentation that I've had the opportunity to read.
The difference is that the documentation for Linux programs, although it is terse, is directly related to the subject. No one is worried about making it look nice. And although I do see much more of the RTFM attitude than I'd like, there's much less of it than you make out. (I find it kind of ironic that the very start of this dialogue was the same type of attitude posed toward someone who asked a genuine question about Windows domains.)
I guess the problem is that I didn't make my point clear. My apologies.
Mirosoft makes money.
Period.
Software is just a byproduct of that process.
Documentation is just a byproduct of that process.
And, inidentally, a new car does come with the highway to drive on; at least, I've never had to buy one.
But I don't get the relation to this situation.
Notes From Under *nix: blas.phemo.us