New Windows Vulnerability in Help System
wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."
Microsoft is in some serious need of some help on this...
> and no virus definitions for the major scanners
Jesus, even my ScanJet is vulnerable?
I'm a man, therefore I use MAN pages when I need help. ;)
- A
As a mac user I'm just glad that our beleaguered platform that's now full of trojans has a competitor and hopefully this upstart Windows will take some of the attention away. phew!
To extend the lock metaphor well beyond any rationality: i'll teach them to use keys instead of a "dance and sing" ritual... "you have to log in as root to do this and that" instead of "you have to right click and selct this, unless its september or a full moon when you have to double click here and then do this that and this other step; except for full moons during september when you have to sacrifice a blue goat at 11:13pm PST using a 14 inch Stihl chainsaw".
i loaded up ie, went help... contents and index... search... and typed in"help subsystem vulnerable" and hit list topics
a pop up box announced "no topics found"
so what is everyone talking about? this doesn't seem to be a problem
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
this is probably some kind of mean trick from mister Linus to discourage the use of Windows. I don't believe in this vulnera...
hey, where did my files go?
how to format my harddisk. Maybe Windows-help can provide me with some support. *clickety-click*
sig(h)
we haven't finished talking about the OS X security hole. Damn MS always has to get market dominance in everything they do...
The Mothership
That's it! I'm buying a Mac!
"The more I use Windows, the more I love my Commodore 64"
If telephones are outlawed, then only outlaws will have telephones.
There you are, all your user friendliness rubish, that Linux is ready for the desktop.
How would Joe Average, Jose Sixpack, Aunt Tillie, your Mom, my Mom, Granma, Grandpa, the children, would react if faced with such arcane, incomprehensible instructions.
In Windows everything is easy, In Windows everything is one click away.
You Linux zealots are the sux0r.
IANAL but write like a drunk one.
He's been busy trying to get that damned virus off of his machine.
I don't know about the rest of you, but things like these are actually scaring me out of running Windows.
:P
If you stop using windows, the terrorists have already won!!
Not representing or approved by my company or anybody else.
If this trend continues, their product names will soon be haiku.
Isn't that an oxymoron? I was reading an interview the other day that Gates has shifted the company's #1 priority from Longhorn to security. This is another major blow for Microsoft. But, since when has the help menu actually ever been useful anyway?
Considering how seldom the idiot^H^H^H^H^H^H users actually use the help function whre I work, it shouldn't be a problem. It seems they regard the IT Support "Help Desk" as their first place to look when they ought to be using the online Help function in that seemingly invisible menu at the right side of their window.
You see? You see? Your stupid minds! Stupid! Stupid!
Imagine teaching your mother to use one account for installs, and another for her email and browsing, then throw in some stuff that will only work under admin and you'll quickly see where this goes.
Somewhere in Linux-land, a phone rings....
Hello? Oh, hi mom. Yeah, I can help you install a program on your computer. What do you want to install? Oh, cool. Have you downloaded it? Good job. OK, open up a terminal.... it's a command line interface, where you type commands. Much more powerful than a GUI. Where did you save the file? You don't remember? Hmm. Just type "cd". Now type "ls". Do you see the file name? Great! OK, type "tar -zxf "
It didn't work? What does it say? OK. What is the name of the file you downloaded? Oh, well, that is a bzip file, not a tar and gzipped file. So type the same thing as before, but use "bzip2" instead of "tar".
What? Why didn't it work? Oh, it doesn't have the same syntax. Crap. Go to the man page. Oh, man stands for manual. Type "man bzip2". What does it say?
(20 minutes later)
OK, now we have uncompressed the files you need. No, not yet. Type "./configure" No, it's OK, it is figuring out what kind of computer and software you have.
OK, now type "make" OK, call me back when it is done.
(15 minutes later)
OK, now type "make install" What? Why not? What does it say? No, not that. Oh, wait, you have to be root. It is an administrator user.
Because not just everyone can install programs, for security reasons. Look, just change to the admin user by typing "su". OK, now enter the root password. I DON'T KNOW! You mean you don't know your root password?
(10 minutes later)
Mom, you should NOT use the dog's name as the password. Because it is insecure! Nevermind. Just type "make install". There. Now it is installed.
No, there is no icon, you have to type the name of program to run it. Type it. What? I don't know, what was the name of the binary after you compiled it? A binary file is a program you run. You compiled it when you typed "make". Hmm, let's look in the Makefile. Type "vi Makefile". What do you mean it is blank? Oh, wait. Use capital M. Type ":r Makefile" with a capital M.
OK, now you are in vi, the most powerful editor ever. WHAT DO YOU MEAN YOU PREFER EMACS!!!!
My beliefs do not require that you agree with them.
What's a floppy??? Don't they have pills or something to fix it??
Arf!
Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.
I was hoping linux would keep its marketshare above 1% anyway.
Phone rings.
Hi mom. You want to install a program? Ok, what's it called?
Great! Now open a terminal window. It's a command line interface and it's much more powerful than a gui. Got it open? Great. Now you have to become the superuser, so type 'su' and then put in the password.
You don't know your root password? Ask dad.
Ok, great, so now you're root. Now type "urpmi", a space, and the name of the program you wish to install.
It's asking for the CD that contains the program. Put that CD in and follow the directions.
You're done, now? Great! Now just click on your K menu and you should find it under "Applications". You don't have a K menu? You have a little paw. Ok, click the little paw, yes I know it's cute. Found it? Glad to help!
Like what I said? You might like my music