Slashdot Mirror
Weekly Microsoft Critical Security Issue
An anonymous reader sent in linkage to a zd story discussing the latest Windows Security Patches including an especially nice hole letting Java apps gain total control of your machine and assist you in reclaiming disk space by, say, reformating your drive.
Oh, you mean the vulnerabilities that I've already patched?
Forget the whales - save the babies.
Ok well Linux users have been hammering on the "Windows is insecure" thing for what -- 6 years now? And Windows' market share is as good as it ever was, perhaps even a bit better. Time to try a new strategy? This one is getting boring!
More *bad* flaws in winblows!!
Mo money for me! Everytime this happens I go out and patch up my customers. Cha-ching, cha-ching!
And I always offer and *suggest* that they go with Linux but they are *afraid* of change.
They would rather live in fear and subserviance than live in security freedom...
Go figure..
I don't agree with the intention of the message. While it is true that this bug allows the execution of commands, it does this only with the rights of the owner of the user account. In Unixian, this is not a remote root exploit.
Nevertheless, my last sentence becomes quite irrelevant, as Windows user tend to work as $root.
Just curious. I mean, if the intent is to inform.
As the main post points out this is pretty much a weekly news release from Microsoft. It's interesting because in some ways I get suprised by the severity of the bugs such as allowing a huge hole in the Java VM, that would allow someone to format your hard drive or a bug in Proxy Server that would allow a single mal-formed packed to max the CPU at 100%. On the other hand I'm suprised Microsoft doesn't have more of these bugs.
I think this is where the philosophical differences of Open Source Software really make a big difference. Even though OSS still has bugs, the live testing cycle is un-paralleled. However I think the biggest difference boils down to this: there is no one saying we have to have this product out the door by XX date. Rather it becomes stable when it's ready, but you can use the development version if you need or want.
As the lines of code in software grows and the complexity increases, I think we will see a greater number of more sever bugs in closed source systems. Ultimately I believe this will be one of the critical factors leading to OSS's long term success.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
I can honestly say that it baffles me as to why Microsoft continues to hold such a huge stake in most of the computing world. I don't understand why people continue to digest what is carelessly tossed out of Redmond, WA.
I can understand the need for an array of software unavailable on any other platform (though, what percentage of that software is actually GOOD software?), and the platform standardization issues, maybe even "ease" of use, but honestly, the security and ridiculousness of the MS platform, ideology, and disregard of standards make me sick.
What is the continuing allure? Do you really not mind running machines that are completely insecure? And how can they not fix their own NT 4.0 code? That's absurd. They pitch this solution for years, and bail when the cost to fix their crap gets too high.
I'm not trolling, I'm baffled. Someone tell me why this continues?
It's only when we've lost everything, that we are free to do anything...
I doubt Microsoft would intentionally break their over version of Java. Of course they want to make Java look bad, but creating holes in their own version would simply cause people to switch to Sun's version.
<reality check>
Until someone actually writes a massivily spreading virus/worm that jumps from Windows PC to Windows PC doing precisely that (formatting hard drives) - people are just going to patch it and not even think about changing OS.
Hell, most people probably won't even patch it. What doesn't affect them, they don't care about.
</reality check>
Avantslash - View Slashdot cleanly on your mobile phone.
Third option * Format Windows, install Linux. No less security flows, but no intrusive EULA.
My company has an e-commerce site that our customers use to place orders, check stock, pick up invoices, etc. The app has many Java applets, and requires the Sun Java-Runtime, so we install it on all their PC's, so some people are using it!
...security freedom...
Not that I love M$, but it seems that your bashing Micro$haft unjustly. Linux seems to be pumping out even more fixes and patches than old Billy boy's crappy product.
It seems like for the last month or so I have received at least 2 RedHat erratas a day, and the majority of them are for security reasons.
For my RedHat email server, there have been 98 updates put out by RedHat and the Linux community. Of those 98, 16 were bug fixes, 4 were enhancements, and 78 were for security concerns. On my W2K workstation, I have installed 12 hotfixes and 3 service packs
Linux enthusiasts like you that bash Microsoft without knowing what you are saying make the entire Linux community look bad. Instead of bashing them, we should at least praise them for responding quickly (this time), once the bug was found.
People who throw stones....
You're right... Last year Readhat issued nearly twice as many security bulletins as Microsoft.
I'm sure the above is a troll, but I'll answer anyways. When you install windows, you get, well, windows. And internet explorer, and freecell. That's about it.
When you install linux from RedHat (or Mandrake or...) you get the OS, severl browsers and mail clients, 2+ office suites, 4+ text editors, java, perl, c, python, 25+ games, 3+ window manages, etc (not that you have to install all that - but they're available in the install).
I'd say Redhat is doing great to only have 2x the security bulletins as microsoft considering they supply 4x or 5x the software on their cd's.
Plus, it's been documented many times before that bugfixes are available much quicker in the OS world than the MS world.
I'm increasingly convinced that Linux is dying off. The lies and distortions we are seeing on slashbot have become more and more desperate over the past two years.
Name one "lie" regarding linux that you've seen on slashdot that's demonstratable not true (articles only, not posts). Remember, nobody is going to agree with all the opinions expressed on this site.
Personally its not God I dislike, its his fan club I cant stand (bash.org)
I thought about this a lot too over the last year or so, and based on my experience, it's simply that despite all of the security risks, most companies aren't losing that much money on lack of security.
I work for a company that has a good bit of Microsoft, some Sun and some linux deployed. Now, without getting into any religious wars over who's more secure, I'll simply say that the Microsoft servers have been compromised on more than one occassion. The Microsoft servers also got hit very hard by Code Red and Nimda.
When I see stuff like that, I just shake my head, because it seems insane to me that the company considers that acceptable. But then I thought about it, and here's why I think they're okay with it: with all of the exploits, all of the headaches, and all of the patching, it really didn't affect anybody above the admin level one iota. We didn't lose any money because of the compromises (sure, we served up a lot of movies and so forth), we didn't pay extra money to clean up afterward, and we didn't lose any data. As far as management was concerned, we got hit full on with evil crackers, and it just didn't matter that much.
Now, I'll grant you that some companies have a lot to lose with poor security. Anybody who's stocking personal information or credit card numbers or whatnot should be very concerned. Financial institutions and military organizations (people who are being specifically targetted for their data) should be more concerned. But I think the majority of companies who are just serving up information on corporate websites, running some basic services, etc. just haven't been hit by security holes hard enough for it to warrant a change in their philosophy.
I think it's much the same for desktop users. There are a lot of Windows vulnerabilities out there and a lot of unpatched machines, but I don't know of anybody who's really felt any pain because of microsoft security holes. I'm certain there are some, but actual exploits are not nearly as epidemic as the vulnerabilities they exploit.
Now, if one of these things ever got any legs and started wiping out hard drives or corrupting data, and if millions of people were affected, and if millions of actual, tangible dollars (not time, effort, etc.) were lost, I think it would suddenly become a very different ballgame. But the fact is, at least for now, that despite the rampant security problems, the business community as a whole isn't suffering enough to worry, and neither are the home users.
I'm not saying it's right, but I know that my boss and his boss don't care if it doesn't cost the company anything.
There's a huge difference between a flaw like this in the VM that microsoft ships that can be used to format your HD by viewing a web site and some bug in a library that can impact maybe a handful of people.
You have to compare the SEVERITY and NATURE of the bugs. Sure, there are bugs with whatever OS, but as to this level of Severity and of this Nature, you're just wrong, there are not that many with Linux, Apple or Solaris or whatever. Windows takes the cake.
If you think this is all overblown hogwash, your'e delluding yourself.
Could you go back and check the SEVERITY and NATURE of those bugs? Do any of them let a HD be wiped out just by surfing to a web page?
You're delluding yourself and you're not employing a correct analysis and comparison of the problems.
Apparently, Slashdot and its editors have never been taught how news reporters/sites gain respectability.
/. is an editorial site, and maybe get away with it, but as such it will never really be able to sway opinion very well.
In order to report the news well, objectivity and a lack of bias should be maintained. When you start taking pot shots at what you report, you turn into the national enquirer, and people start to not take you seriously. What the people in the peanut gallery say is one thing, but what you put up in the story is another. Now you can say
I'm expecting to see how aliens took over MS soon, and Bill Gates having an affair with .