Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Windows Security Nightmare

Posted by michael on from the it's-funny-because-it's-true dept.

latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

6 of 969 comments (clear)

  1. Re:Burn a cd? by SteelX · · Score: 0, Flamebait

    I'm surprised his Windows PC stayed online long enough for him to make a safe CD in the first place. :-)

  2. Security Nightmare by m.h.2 · · Score: 1, Flamebait

    I'm sorry, but the security nightmare isn't Windows. It's the non-thinking morons who use Windows.

  3. This guys a whinner... by Hoover,L+Ron · · Score: 0, Flamebait

    The overall tone of this article comes off as another thinly veiled "Linux is sooo much better than M$" diatribe that it is not funny. Come on take some responsibilty for your own cluelessness and educate yourself on how to live in the real world.

  4. Re:Uh huh! by Cthefuture · · Score: 1, Flamebait

    Thats why I'm such a FreeBSD/Mac advocate.

    Yeah right, until MacOS becomes popular enough for someone to exploit some known hole and install some sinister daemons, keyboard loggers, or whatever.

    And don't think the root/user separation in OSX is gonna save you. All the virus/trojan would have to do is wait until you ran something requiring privileges (like the software update) and either grab the root password or piggyback inside the timeout period.

    --
    The ratio of people to cake is too big
  5. Idiot by Lord+Bitman · · Score: 0, Flamebait

    - Get a fucking firewall.
    - Don't install every spyware you see just because a web page tells you to. You'll notice a remarkable improvement in the longevity of your registry.
    - Also note the large number of users who, though their systems originally came with windows, use a "pirated" copy anyway because of the utterly useless system discs which come with most new computers today.

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
  6. Clueless users - the REAL security nightmare! by nuckfuts · · Score: 0, Flamebait
    The guy who wrote this is a typical clueless idiot who can't keep a computer running and blames something else for his problems.

    In this case he blames two things - Windows Update and the Windows registry. Let's consider arguments from the perspective of HAVING A BRAIN:

    First things first: Yes, it is problematic to patch a vulnerability via the network if a worm that exploits that vulnerability is attacking you while you're trying to patch, but this problem is not specific to Windows Update and his hardly a reason to condemn it. I have seen Windows Update (along with critical update notification) used by the most technically inept people and have been surprised when checking their computers to find that they were actually patched up to date. Windows Update does not solve every security problem (such as the time lag between vulnerabilities becoming known and patches becoming available) but it's infinitely better than the old days when software updates had to be physically distributed.

    As for the writer's second point about Windows Update working together with the Windows Registry to deprive Windows Users of all protection, he offers no specifics about this alleged connection. He simply makes the vague statements that pretty quickly the registry started accumulating all sorts of rubbish and eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install.

    Yes, it is possible to accumulate crud in the registry. This is not reason to blame the Microsoft employees behind the design of Windows Registry. What makes a mess of the registry is the crud that YOU PUT INTO IT. In my experience using good quality software from reputable sources causes relatively few real problems. On other hand, if you go around downloading all kinds of applications that you know little about only to find out that the product I downloaded turned out to be some pathetic crippleware, should you blame this on Microsoft?

    There are times when a registry cleaner might help, but these tools should be used with utmost caution and require a deep understanding of what you are doing. Used stupidly, you just might find that the next time I rebooted, Windows refused to load. Gee, what a surprise.

    I have two pieces of advice for the opinionated twit that wrote this slanted diatribe:

    1) Next time you are considering placing an unpatched system on the Internet to download patches, put it behind a dirt-cheap LinkSys|D-LInk|SMC router. It would have saved you a lot of pain.

    2) Next time you are thinking about trying out unknown software or taking a chainsaw to the Windows Registry, DO A FRIGGING BACKUP FIRST YOU MORON. Then you might not have to moan about being forced to do a clean install.