Slashdot Mirror
Windows Vulnerabilities Revealed, Patched
Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.
But if you keep port 135 open on your DMZ boxes, you deserve to be hanged with a piece of CAT-5 cable.
Why does MS come out with patches so often?
Probably similar reasons as to why Linux-contributors release patches so often.
Because software has bugs. That's what software is for.
Dacels Jewelers can't be trusted.
Could not check the MS one but I am guessing more than 3 of them were OS level patches since there were three just today.
Every one has security vulnerabilities but lets compare apples to apples here.
seSales, Point of Sale software for OS X.
Yes, this is /.
Yes, hardly anyone here likes MS and people here love to bash MS whenever they can.
That's fine with me. But almost all software has bugs, and in particular bugs that could be exploited to breach the security of the program. Just because MS has a bug in the RPC code doesn't mean that no one should use their software, or in particular the federal gov't should not.
If this same criterion were required of any software the gov't bought, they would have NO software. Linux is not bug free. Software written for Linux is not bug free. The main difference is, Windows is a much bigger target of attack by every hacker and "security group" in the world because it is the most popular operating system in the world. How would any Linux distribution fare if it and its components were used as widely as Windows, and people spent hours every day _trying_ to pass garbage strings of data to all of its external functions in order to find a buffer overrun? I bet it wouldn't do so hot either, and even if it didn't, that doesn't mean that no one should by that Linux distribution, does it?
PROGRAMS HAVE BUGS. And the more complex the programs, the more they interact with other components, often in ways the original programmers never thought of _or intended_, the more likely bugs will be found. My opinion is, taking cheap shots at MS is easy, but writing good code yourself is hard. We're all human beings here, and the developers who work on Linux and open source programs are no smarter than most who work at MS. People make mistakes. Sometimes people don't think about every possible bogus string parameter someone could pass in just to screw up their program. Most of the time the bugs I find in my and other's code is from components trying to _correctly_ use our code!
Flamebait, troll, whatever. Just because you don't like MS for all the /. reasons doesn't justify what you say.
Peace,
Devin