Slashdot Mirror


Weekly Microsoft Critical Security Issue

An anonymous reader sent in linkage to a zd story discussing the latest Windows Security Patches including an especially nice hole letting Java apps gain total control of your machine and assist you in reclaiming disk space by, say, reformating your drive.

8 of 455 comments (clear)

  1. Not quite true... by presroi · · Score: 4, Insightful

    I don't agree with the intention of the message. While it is true that this bug allows the execution of commands, it does this only with the rights of the owner of the user account. In Unixian, this is not a remote root exploit.

    Nevertheless, my last sentence becomes quite irrelevant, as Windows user tend to work as $root.

  2. Help me out here by The+Bungi · · Score: 3, Insightful
    Every time I head on over to SecurityFocus or even some of the Linux sites that aggregate feeds from security sites I see a bunch of Linux and BSD - and all manner of open source software - holes, exploits and vulnerabilities. They apparently get reported and patched with the same speed as the Microsoft (and other platform) security problems. So why isn't there a "Weekly Linux Critical Security Issue" as well?

    Just curious. I mean, if the intent is to inform.

  3. Not overly suprising by dtolton · · Score: 4, Insightful

    As the main post points out this is pretty much a weekly news release from Microsoft. It's interesting because in some ways I get suprised by the severity of the bugs such as allowing a huge hole in the Java VM, that would allow someone to format your hard drive or a bug in Proxy Server that would allow a single mal-formed packed to max the CPU at 100%. On the other hand I'm suprised Microsoft doesn't have more of these bugs.

    I think this is where the philosophical differences of Open Source Software really make a big difference. Even though OSS still has bugs, the live testing cycle is un-paralleled. However I think the biggest difference boils down to this: there is no one saying we have to have this product out the door by XX date. Rather it becomes stable when it's ready, but you can use the development version if you need or want.

    As the lines of code in software grows and the complexity increases, I think we will see a greater number of more sever bugs in closed source systems. Ultimately I believe this will be one of the critical factors leading to OSS's long term success.

    --

    Doug Tolton

    "The destruction of a value which is, will not bring value to that which isn't." -John Galt
  4. I don't understand... by NetCurl · · Score: 3, Insightful

    I can honestly say that it baffles me as to why Microsoft continues to hold such a huge stake in most of the computing world. I don't understand why people continue to digest what is carelessly tossed out of Redmond, WA.

    I can understand the need for an array of software unavailable on any other platform (though, what percentage of that software is actually GOOD software?), and the platform standardization issues, maybe even "ease" of use, but honestly, the security and ridiculousness of the MS platform, ideology, and disregard of standards make me sick.

    What is the continuing allure? Do you really not mind running machines that are completely insecure? And how can they not fix their own NT 4.0 code? That's absurd. They pitch this solution for years, and bail when the cost to fix their crap gets too high.

    I'm not trolling, I'm baffled. Someone tell me why this continues?

    --

    It's only when we've lost everything, that we are free to do anything...

    1. Re:I don't understand... by caluml · · Score: 4, Insightful
      I know for damn sure that nobody's getting into mine without permission.

      That's quite a statement.. ;)
      I'm not saying I could do it... But there are some very clever people out there. One thing I've learned is never to underestimate others.

      So, stick a file on your machine with your online bank details, and your credit card numbers, and post your IP address :)

  5. Re:jvm by fervent_raptus · · Score: 5, Insightful

    I doubt Microsoft would intentionally break their over version of Java. Of course they want to make Java look bad, but creating holes in their own version would simply cause people to switch to Sun's version.

  6. Re:jvm by Andrewkov · · Score: 3, Insightful

    My company has an e-commerce site that our customers use to place orders, check stock, pick up invoices, etc. The app has many Java applets, and requires the Sun Java-Runtime, so we install it on all their PC's, so some people are using it!

  7. Clueless by Thomas+A.+Anderson · · Score: 5, Insightful

    You're right... Last year Readhat issued nearly twice as many security bulletins as Microsoft.

    I'm sure the above is a troll, but I'll answer anyways. When you install windows, you get, well, windows. And internet explorer, and freecell. That's about it.

    When you install linux from RedHat (or Mandrake or...) you get the OS, severl browsers and mail clients, 2+ office suites, 4+ text editors, java, perl, c, python, 25+ games, 3+ window manages, etc (not that you have to install all that - but they're available in the install).

    I'd say Redhat is doing great to only have 2x the security bulletins as microsoft considering they supply 4x or 5x the software on their cd's.

    Plus, it's been documented many times before that bugfixes are available much quicker in the OS world than the MS world.

    I'm increasingly convinced that Linux is dying off. The lies and distortions we are seeing on slashbot have become more and more desperate over the past two years.

    Name one "lie" regarding linux that you've seen on slashdot that's demonstratable not true (articles only, not posts). Remember, nobody is going to agree with all the opinions expressed on this site.

    --
    Personally its not God I dislike, its his fan club I cant stand (bash.org)