Slashdot Mirror
Can You Trust Microsoft On Security?
simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)
I liked the "whitespace" joke better.
I don't think that the Yahoo! story is a Joke... it was posted 03/31 not 04/01... If it is, please correct me. I'd like to be wrong here.
Desperation is a stinky cologne
With the recent spate of MS problem such as the slammer worm, IIS vunrabilities etc their public image is tarnished at best. However I think what people realise is that most programs have potential security holes. What people want is a quick response to the problem.
Take the two recent sendmail issues. Two big holes were found but fixes were available straight away. What about MS? Well I believe the record is 6 months after an exploit is in the public domain. Now thats why I have trouble trusting MS
Rus
Cheap UK and US VPS
Beware of the man behind the curtain
However, even the non paranoid don't trust Microsoft. The problem is evidently that the suits are going for Microsoft while the techies (the real ones, who didn't get the job by the list of MCSEs in their CVs) just get beaten into submission.
Conversion Rate Optimisation French / English consultant
Is this rhetorical?
Eve Fairbanks says I drive a hybrid!LOL
Because if you can't trust the NSA, who can you trust?
This one is not even funny ...
That's why I don't like 1st april : You can't really trust what you read on the news for a whole day. I mean you can trust the news even less than usual.
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
The review is also available on mirror1, mirror2, mirror3, mirror4
Yay! Slashdot is finally going to mirror content!
Oh wait, what day is it?
Trust is earned. You don't becone trustworthy, just by marketing. Ask yourself "Has Microsoft earned my trust?"
Remember: If you buy anything from spammers, you have a small penis.
I sometimes wonder if the trust on MS is not on security but in responsibility.
:-) But they would be quickly overrun with requests...
In other words, companies would prefer to use MS products because they can lay the blame on it if something goes wrong, and shift responsibility for a solution to them.
OOS is either very distributed or you have to work it yourself, which presents an additional risk for your person. I have no doubt that many are willing to take the blame as trade-off for ditching MS, though.
Maybe if an insurance company were to offer "computer bug funds", things would change.
The ENIAC Demo Competition
O..o..outside?! You mean where the pizza guy comes from?
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Microsoft Corp. has announced that later this month Bill Gates will give a world-wide video conference to finally explain dot-Net. "It's time to ascend to the next level", Gates said, "we've cut elsewhere drastically in order to augment our sales staff in time for the event". Business leaders should expect calls, visits, and treats during the next month from Microsoft sales staff to ensure that all end users have installed the license for the current Windows Media Player and the licenses for the latest service packs. Calls will be followed by onsite visits. Microsoft sales staff, all licensed notary publics, and Business Software Alliance inspection teams to ensure that each and every the click-through agreement is followed up with a notarized contract.
As part of the treat, each site will receive packets of flavored drink mix for a special toast at the end of the teleconference. MSCEs will give instructions on the preparation of the mix and will assist the sales staff in dispensing to executive staff.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Koetzle noted that while Microsoft's patches for the last nine high-profile Windows security holes predated such attacks by an average of 305 days, too few customers applied the fixes because "administrators lacked both the confidence that a patch won't bring down a production system and the tools and time to validate Microsoft's avalanche of patches."
I know I have totally screwed at least one "critical" production server by installing a service pack. Granted, that was NT4, which on the whole is just an impossible architecture to patch...or so they say.
Lack of security from the ground up in their design is what I believe the problem really is. The lack of a simple "bring this server up to date" scheduler doesn't help either. Even if they had that, people wouldn't use it due to patches toasting systems in the past.
-Pete
Soccer Goal Plans
While 77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows, 89 percent still use the software for sensitive applications[...]
So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications". Of course, they probably have very little choice in the matter, and hopefully they take my tack of firewalling it off from everything when forced to use it.
I was just getting at the obvious false statement in the teaser - the respondents *are* trusting Win, they just aren't *happy* about having to.
I forget what 8 was for.
I cant trust a company that says they cannot patch their own enterprise-level Operating System (only to force customers to buy a new one, because, IMHO "technical" excuses like that are ridiculous).
:)
If Microsoft says they cant patch, then open the source for us to patch it for free
------- The last Sig. got fired.
Microsoft is as secure as a Ford Pinto is safe.
I only trust an operating system as far as I can throw it. After comprehensive tests windows XP CD's fly 300 feet when launched from my skeet shooter and are still bootable. But most of my Linux CD's never survive the launch process so I there fore I can not trust Linux since I can't throw it.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
Granted, it's from an April Fools story, but couldn't they even try to get the BSOD screen shot right?
That BSOD version is from Win9x versions... the NT-based BSOD has the text at the upper left of the screen, and no CTRL-ALT-DEL message either.
Given that the Windows codebase has evolved over so many versions, it's hardly surprising that there are plenty of security holes. If the foundation is shakey, don't expect the building to stay up. Especially in a closed-source environment where the number of people scrutinising the code is minimal.
.Net products is the opportunity for them to start over with their security. The models in place for .Net apps are superior to what was previously on offer for Windows development. They even throw in stuff like run-time buffer overflow detection...if you turn it on.
.Net security problems so far appears to be minimal, MS could improve their image as being poor in security, provided they get sufficient take up...and don't screw it up this time around...
It seems to me that one potential benefit for MS from it's
Given that the number of
It's all very easy to sit around and put each other on the back and say "yes, well, we've known this for years". We know that Bill made his big trustworthy computing announcement, and he said it was a forward looking initiative - they were going to focus on getting new products right rather than going back and re-architecting old products (a decision I agree with).
So, Windows Server 2003 was RTMed last week - the first OS released post-trustworthy computing. Let's wait and see the fruits of Bills initiative, rather than keep flogging that same dead horse. If windows 2003 has good security, well, maybe they have a chance. If it doesn't, forget it, game over.
Read reviews of shopping cart software
The "translation" is done using the ASCII charset which is used as a standard in computers, and the corresponding numbers are in hexadecimal form.
The whole message is F0AD:42494C4C. From this, we get "Fuck Off And Die: Bill". How, you ask?
F0AD == Fuck Off And Die [hacker slang]
42494C4C: break them into pairs, as we do with hex numbers. We get 42 49 4C 4C.
Now match the hex numbers with their corresponding values from the ASCII Table.
42 == B
49 == I
4C == L
4C == L
Use ISO 8601 dates [YYYY-MM-DD]
Even if the patches worked, and even if it had been an old-style, slow worm, you can't patch fast enough. But it wasn't. Slammer reached saturation in 8.5 minutes. Most likely this story was a tidbit to draw fire away from the quarterly financial statement or from the DRM/Palladium stealth payload in Windows Server 2003 + Office 2003.
Sure folks may wish to run Microsoft products for ideological reasons, but there aren't any technical ones and now the market is changing. C*Os have figured out the OS X, RedHat, Mandrake, Debian, OpenBSD, etc. are much easier install and maintain than Windows Xp and far more flexible and secure -- both on the workstation and the server. Novell Netware should also be mentioned as excellent. C'mon when was the last time you heard of MS machine reaching an uptime of more than 200 days? That would be embarassingly short for QNX and Novell.
Microsoft has been to computing what Big Tobacco was to sports.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Windows XP Service Pack 1 causes memory management problems that my experience shows are far, far worse than Microsoft says. The new 815411 patch seems to fix the problems on the one system on which I have tested it. The title is "Programs Run Slower After You Install Windows XP SP-1", but that doesn't make sense. Why do they run slower? Because the operating system is trying to recover from memory management errors?
To see the problem, start 20 instances of Mozilla, each with 10 tabs. As you are doing this, you will find that the responsiveness of the Windows XP system becomes much slower. Then, when the limit of installed memory is reached, and the system begins using virtual memory, all instances of Mozilla will crash. After the crashes, the Windows XP system remains unstable. The instability can only be fixed by re-booting.
See the Slashdot article: XP Service Pack Slows Programs
The Slashdot article referenced this article: Service Pack glitch causes system slowdowns (Notice the nonsense subtitle in this article: "Windows XP SP1 update flaw affects memory-allocating programs".)
Microsoft is apparently afraid that the patch causes more problems, so the patch has limited availability. Also, by making people who want the patch call Microsoft, the company may be collecting information about the problems people are having. It seems from the way the notice of the patch is worded that if you call Microsoft, you may have to pay.
I downloaded the patch from other sources, and found that they all were the same, so that relieved worries of a bad patch.
Sources:
Neowin
Q815411_WXP_SP2_x86_ENU.exe
Q815411_WXP_SP2_x86_ENU.exe
Q815411_WXP_SP2_x86_ENU.exe
http://www.paricom.com/matt/xphotfix/