Windows Security Holes Go Mostly Unexploited

murky.waters writes "Wired News has an article with a decidedly different take on security holes in Microsoft Windows: Despite the thousands of known exploits and virii, most MS users aren't target of much harm, and the big guns such as Klez have had almost no effect on home users. An interesting read that, if true, challenges some common arguments."

The reason is ...

[tomhudson]

That's because there are SO many exploits to choose from. Nobody has the time (or need) to exploit all of them :-)

Klez - What kind of virus name is this?

[heldlikesound]

You know for being a virus, I'd think the authors would want to give it a cool name, like Infectita or Shadowbyte, I dunno SOMETHING cool. Instead, it's Klez, which sounds like a freeware puzzle game that sucks ass but has a lot of bright colors.

Re:Klez - What kind of virus name is this?

[baryon351]

klez always made me think of a bundled lesbian that came with KDE...

Why...

[intermodal]

why does this headline sound like an invitation?

In a related story

[frovingslosh]

Most Chevy Geo's are not broken into or stolen, so it would be OK for GM to just use the same key on them all, giving the owners the illusion of security.

Quick, somebody turn the FUD back up!...

[Saeger]

...or I'll have to sell some of my precious "security" stock.

God Bless American AntiVirus companies and their Anti-Terrorist business campaign!

You could be transmitting your IP address right now for hackers to lock-in on! Buy some protection for you and your loved ones before they wipe out your hidden porn collection!

--

RIAA HACKED

[gulfan]

http://www.riaa.org/admin/press_and_news.html You can modify or post ANY news on the site now, the front page has GOATSE on it. http://www.riaa.org/ Do your worst :P

Why bother

[dheltzel]

Who wants to own a Windows box anyway ? Is there anyway to upgrade it to Linux after you get in ?

What is needed is a remote, unattended install of Linux so the system security can be fixed while giving the cracker something more useful to use. It might even be considered charitable, the new system admin could maintain the system for free and the users might not even notice if you gave them an autologin with a message telling them their kid installed a cool new desktop theme!

I beg your pardon?

[D'Arque+Bishop]

Despite the thousands of known exploits and virii, most MS users aren't target of much harm, and the big guns such as Klez have had almost no effect on home users.

Hmm.

*checking mail logs*

According to my mail server's logs, I have gotten FORTY virus/worm-infected emails since midnight.

No effect on home users? Someone hit this guy with a cluebat.

Just my $.02...

Re:What a load of horse feces

[Munra]

At least you managed to get a girlfriend on IRC :)

Re:Maybe I'm an exception, but...

[still_sick]

what's your ip address? ;-)

127.0.0.1

Do your worst. >:)

I'd like to think that's part of the reason I have very few problems with hacking. I don't try to hack other people, I don't snoop on networks, and I don't "step up" to challenges like this.

Live and let live.

Re:Security holes = hidden tax that effects all

[Vodak]

Hackers are nothing like the mob. Hackers are dirty little kids with acne and B.O. They fear bullies in school and hack because they have no girlfriend. Mobsters on the other hand beat up people like hackers and have girlfriends. =] ah the joy of using simplistic stereo types.

Re:public memo

"Virii" drives me nuts. Typical half-baked autodidact bullshit: can't spell, can't capitalize, but "virii" and "boxen" are the way of the walk. "I teached myself programing real good! Why doesn't my resumes get any response?"

The interesting part:

[althalus]

Is that this doesn't seem to be a hack on the system (that may exist too). The problem is in bad programming. This link (if it's still there) was the main problem, as it was the tool to post news/press releases, and had no authentication. Direct link and you could control what went on there. There might have been other weakness' but that's the one I heard of. Now the funny part is, just before the site went down, somebody caused it to redirect to the infamous goatse.cx, and as a friend noted. when goatse.cx goes up, the owning is complete

Windows Security Holes Go Mostly Unexploited

[Angst+Badger]

Windows Security Holes Go Mostly Unexploited

Well let's get to work!

This is linked to the wrong article...

[rayd75]

After running up2date on my Redhat box I surfed on over to Slashdot and found a post about a Wired article on the rarity of exploits for Windows security bugs. Intrigued, I clicked through only to find that the linked article was about the exploitation of software bugs in general and only casually mentioned Windows in one instance. I'm sure that there must be another article dealing exclusively with Windows since "Windows" is in the title, the submitter mentioned it twice, and he even crafted a Google query on Windows exploits. Can anyone point me to the correct article? Thanks in advance!

Re:In other news

Most household locks are easy to kick in.

True, but the noise might wake Mr. Smith and Mr. Wesson...

Re:And how many

[susano_otter]

By default, it mails a "daily insecurity report" and daily status report on your network interfaces and basic system information to me.

Why is it mailing my system information to you? That doesn't seem very secure at all.