Slashdot Mirror
IE Download.Ject Exploit Fixed
Saint Aardvark writes "Just in time for the weekend, the
Internet Storm Center is reporting that Microsoft is providing
a fix for the Download.Ject vulnerability that hit IE late
last month. The press
statement says that it'll hit Windows Update later
today..."
This configuration change to the Windows XP, Windows Server 2003 and Windows 2000 operating systems improves system resiliency to protect against the Download.Ject attack.
In addition to this configuration change, which will protect customers against the immediate reported threats, Microsoft is working to provide a series of security updates to Internet Explorer in coming weeks that will provide additional protections for our customers.
Please note that this isnt a fix, it is only a configuration change to help defend against the problem and nullify the threat from the known places it is spreading from. No doubt that within a short time, whoever is behind the virus will find other places to have the virus attack from. This is just another "this will help for now, please wait for the real fix" incident from Microsoft.
It's a "configuration change" to work around the problems that are still there. Many users won't do what they recommend (ie high security) because it'll be inconvenient or "hard."
That assumes I remember to run Windows Update... Why do I have to do it myself Microsoft! I want automatic and forceful patch downloading and installation! Sure, you could throw in an extra DRM patch here or there... but I don't care, I'm lazy!
Help Brendan pay off his student loans
Looks like the governments statement got MS to get off their lazy butts and fix something.
If you like what I've said here, and want to read more, go to http://www.krillrblog.com
For the others, Microsoft has provided customers with prescriptive guidance to help mitigate those issues.
You can have Automatic Update download and even install things on Windows XP.
Got it, but in the meantime I switched to Mozilla Firefox and I honestly don't see any reason to go back to IE apart from a handful of aggressively IE-only sites.
Never email donotemail@WeAreSpammers.com
O get the fix early, HERE.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Just got my WindowsUpdate popup a minute ago. No restart. Yay!
What's still frustrating is the amount of time between the identification of a vulnerability and the time a real patch is released. A real patch, not just some KB article telling you to edit the registry.
Fix can be downloaded here.
I Am My Own Worst Enemy
The Department Of Homeland Security said it is safe to go back to using Internet Explorer as your main browser...for about 10 minutes, when the next exploit will be released.
So, the vulnerability will hit Windows Update later today? How do they know? (Other than the fact that Microsoft is running security at the Windows Update site, of course.)
If aspiration is a virtue, achievement cannot be a vice.
That means all the sys-admins will have to work late on a Friday night making sure its installed.
Excellent timing.
Unknown host pong.
I'd recommend a little prayer before every time you click on a link in Internet Explorer.
"Late last month"
vs.
"A week or so ago"
I know Microsoft is not one for timely updates, but this wording makes it sound like Microsoft has been sitting on this particular problem a lot longer than they have.
that MS doesnt care about security, only publicity. They don't care until it affects their marketshare, THEN they fix it.
Everyone switch to Linux! Then MS will fix Windows!
If you like what I've said here, and want to read more, go to http://www.krillrblog.com
and sync'd my SUS server for the LAN here...no problems so far.....
They might've found one way to prevent the auto-download, but there are still plenty of ways to force a download using ActiveX. Even with that, there are still a few ways to run them too; methods that are still unknown to most assholes trying to get you to buy their pills that give you bigger penis-breasts-ego-wallet-spyware-car-wife-mom-WMDs .
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
too late. I've already switched
This signature is a waste of 42 characters
Late last month actually means June 25th. Which by my count was only 1 week ago. But it wouldn't be a bash microsoft topic without a little twisting and manipulation.
Why is it called Ject? Is the virus writer or the AV firm some kind of closet Final Fantasy X fan? Seriously? Why Ject?
Riiiiiiiight....
This is completely incomprehensible. I'm using Mozilla Dangerphoenix, and ms let me get the download with no hassles at all. Of course it's not one of their usual updates, but I still find it hard to believe that they haven't broken the link for non-IE browsers like they do for the rest of their site. Unless the "Configuration Change" is really just an extension to "fix" my Mozilla Pornopony to behave just like IE. DAMN YOU MICROSOFT, WHEN CAN I TRUST YOU!!!
1.Netcraft confirms:In Soviet Russia all your base welcomes a beowolf cluster of CowboyNeal overlords. 2.? 3.Profit!!1!
Of the 6 comments rated above 3, 3 of them are jokes about switching to Mozilla/Firefox. Anyone know what redundant means? /gripe.
Now that I have your attention, to save some time here:
In soviet russia windows updates you!
All your updates are belong to us!
I use you insensitive clods!
Download.Ject.A
Download.Ject.B
Download.Ject.C
Download.Ject.D..............
After years of seeing the tricksy titles of spam for installing worms, I've skeptical enough of anything which claims to be a fix, even when it really comes from the product company. This is the 'Executive Band-Aid', meant to trick decision makers into a false sense of security.
"There, see? They've fixed it already. Nothing to worry about."
A feeling of having made the same mistake before: Deja Foobar
IE will teach you religion.
emt 377 emt 4
Granparent poster obviously didn't even read the MSFT posting.
'nuff said
Can somebody point me to where the ACTUAL official notice from US-CERT is that recommends NOT using IE? I would love to forward it to the head of my agency, but forwarding a link to slashdot is not going to hack it.
I looked on the US-CERT website but could not find it.
thanks
What use are IEs extra features if they have to be turned off by default.
ActiveX should never have been embedded into a browser in the way it has been. Yet most of the sites that I have to use IE for is because of ActiveX controls.
Microsoft tricked a lot of the world into using ActiveX and now they're paying the price.
I can hear the support conversations already -
"Yes, if your security zone is set to high your computer won't be vulnerable. But if you want to view anything with ActiveX (read: multimedia) you'll have to turn these vulnerabilities back on."
Does anyone else find this mildly insane ?
[ Monday is a terrible way to spend one seventh of your life. ]
Wonder no more. 11 months of IE exploits and at least a year or two's worth of future exploits can be avoided with one simple registry change. The problem that MS has isn't that they are incompetent, it's that they insist on leaving default features that are used by 1% of administrators like myself.
98% of spyware released since January 2004 can be avoided with the above registry fix. If you think that statistic is outrageous, I challenge you to find one piece of malware installed without using ADODB.Stream in one way, shape, or form. Be forewarned, I make and research IE exploits for a living and wouldn't make this kind of a claim without having the data to back it up.
Riiiight...
Slashdot in 5 Paragraphs
In other news, the US House of Representatives has changed the language in a bill requiring Pentium 4 class processors to have a weapons license. Instead of Pentium 4s requiring a weapons license "Microsoft Internet Explorer" will now require a weapons license.
For those of you that missed it:
Does A Pentium 4 Need A Weapons License?
And, while it's unfortunate that many people don't (or can't) run Windows Update, it works well for people with fast connections who are behind firewalls so their systems don't get screwed up before they can patch them!
Best Buy can have you arrested
You may have to put multiple sites into the trusted sites. Add: http://v4.windowsupdate.microsoft.com Add: http://windowsupdate.microsoft.com WU works fine for me.
"There's an old saying in Tennessee.. I know it's in Texas, it's probably in Tennessee that says, fool me once, shame on...shame on you. It fool me. We can't get fooled again."
Drop IE and there is no problem.
My bad. Forgot to monosyllablize the heap big clue; there's no one-syllable word for "local internet zone", so...
"I.E. made of code. I.E. code run on your box. Since I.E. code run on your box, all zone known to I.E. are "SELF"!"
Black Knight: Have at you.
King Arthur: You are indeed brave, sir knight, but the fight is mine.
Black Knight: Oh, had enough eh?
King Arthur: Look, you stupid bastard. You've got no arms left.
Black Knight: Yes I have.
King Arthur: Look.
Black Knight: Just a flesh wound.
It's all fun and games until someone loses the key to the handcuffs.
Microsoft e-mailed me the patch some time ago, like they do with all their other security updates. I install them all as they come in, and keep my system virus free!
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
It was only mentioned two posts before this that CERT advised people to stay away from IE, even though CERT released that advisory on June 10, and it was even reported on BBC on June 14. Now this story comes along mentioning the patch will be available later today? The CERT advisory could have been published on Slashdot nearly a month ago, but conveniently is published on the same day as the fix is released. Was it intentional to keep information about the CERT announcement off of Slashdot until the fix was released?
So you visit a M$ page in IE with all that bollocks... so funny it really is a sham all the spin from M$.
http://secunia.com/advisories/10395/
All XP sp2 will bring is more eXtra Problems #2.
NickHooray, for closed source?
slashdot is so predicatable.
avoid satire.
avoid criticism.
mod up platitudes.
fucking sheep.
Can I get confirmation from a second source before I go modifying my registry? It sounds nice, but I don't know what exactly is going on when I fuck with the registry and I just want to make sure this isn't some prankster. No offense intended to the author, but not everyone here has honorable intentions.
g
in bed.
"Microsoft Kind of Does Something Vaguely Related to Download.Ject Exploit"
Slashdot in 5 Paragraphs
http://secunia.com/multiple_browsers_frame_injecti on_vulnerability_test/
Hitting reload a couple times fixes it.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
I work for a consulting company that is a Microsoft Parter. Recently we had a Microsoft sponsored security seminar where the MS guy said that most exploits occur when hackers reverse engineer Microsoft security patches. This is what he defined as a "0-day exploit". I was pretty disgusted by this twisted propaganda. Any regular subscriber to BugTraq is aware of many vulnerabilities in fully patched Microsoft systems that are not corrected for months.
I keep hearing there is a keylogger embedded within this. What about that? This *patch* fixes the hole, but does it remove the crap already on machines? Is the keylogger still running, sending God-knows-what to God-knows-who.ru?
Can anybody post a link to somewhere telling me how to make *sure* everything is removed? The symantec site still says this is hardly found in the wild...
Dear Microsoft,
I am writing concerning downloading the most recent Windows Updates. I am unable to obtain them as your site requires IE, and the government recently suggested that users cease use of IE.
Please help!
-Adam
I'm sure they wouldn't complain about having a job to do.
Talk about damage control... they don't have the fix on their site at the time of this writing... so it's vaporware for now.
I know of at least two very large companies who have moved to Firefox in the wake of this latest episode. I suspect many people are finally fed up, which has prompted MS to announce patches before they're even available.
Considering a recent patch to fix a vulnerability broke the complaince of IE as it relates to embedded uids/pws in URLs, I wouldn't be surprised if this "fix" ends up crippling something else.
We should start collecting wagers on what new problems this upcoming "fix" introduces. Otherwise it would probably be online by now.
NewsForge has an article on how to disable and replace IE. This is the sort of thing you want to pass on to your relatives/friends who still use Windows and IE.
that's the funniest thing i have read all day
meep
http://www.kb.cert.org/vuls/id/713878
"Use a different web browser
There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML)."
Is the juice worth the sqeeze?
I use Mozilla and Firefox now. I got tired of the IE exploits being more in number than the IE fixes.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Here's a link to the real fix.
...I heard there's another device which uses electromagnetic radiation in the 400 to 700 nanometer range that allows the user to see lifelike 3D images through solid walls at even greater distances, at much higher resolution and without the need for bulky equipment...
;-)
I think it was called a "window".
If this device becomes widespread, the potential for privacy invasion would be HUGE!
Geeze...Where are mod points when I need them!?!
Sig? - yeah, whatever.
FullDisclosure: ADODB.Stream object
Any attack vector that relies on an ActiveX control can be stopped by setting the killbit. This is IE security 101.
-weld
According to the US-CERT announcement (Vulnerability note VU#713878), this problem was first published on july the 9th.... so it took MS 23 days to provide some "configuration changes" for a serious and critical problem.
So where is that Forrester report on how fast are linux distros to provide fixes to know problems vs MS. On average it seemed that MS is faster...
That report, like other "Windows vs linux" reports, has some methodological issues. There is a joint response from the distros... that in brief states that "Not all vulnerabilities have an equal impact on all users.", and that "For each vendor the report gives just a simple average, the "All/Distribution days of risk", which gives an inconclusive picture of the reality that users experience."
It seems to me that a security flaw that let people install key loggers in your machine, without you doing anything, and then sends tha info they harvest to some server in russia is a pretty BAD AND SERIOUS flaw!.
~~~ I promised someone that I would post here today to introduce Real Troll Talk.
~~~ It's a frequently-updated webzine featuring popular Internet trolling personalities revealing their most intimate thoughts and feelings.
~~~ Stop by today to read the first issue, featuring pb, and the second issue, featuring the one and only TRoLLaXoR.
~~~ (C)opyright Real Troll Talk 2004
"Second, I have never -- that means NOT EVER -- seen an IE fix that broke my machine worse than a virus would."
Hmmm. Well THERE's a ringing endorsement....
Too Late Microsnot!! I have removed links to, and changed permissions to the executables in 3 of the machines at my home for IE. Windows XP has been weened. Mozilla user now.
Whats even nicer now is dumb ass vendors that rely on activeX controls to support their stuff now has no support in IE... but we don't care what they think.
You know too all that almost all of these patches and updates that come down the pike are because of broken IE!!!! I don't use Win Media player either so why am I messing with this anymore???!!!
Disable IE, Media Player, and automatic updates and your set!!! Use Winamp or iTunes for Windows, and Mozilla or Opera for browser and a decent firewall (Sygate/Zonealarm), and a decent AV product like Grisoft. Don't use norton cause they call up IE components.. at least mine did. It's gone now!
Cheers;
Jeff
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
No security vulnerabilities have actually been fixed here; all that's happened is that some functionality (which exacerbated existing security holes and was probably a bad idea to begin with) has been disabled.
it links to microsoft which explains what this does.
I am NaN
The NT Bugtraq list has been discussing this patch today, focussing on it's poor timing of release (there are indications that it could have been pushed earlier than the Friday before a major US holiday). Russ Cooper, owner and maintainer of the list had some good points, about the patch itself. Definitely worth a read if you have to maintain Windows systems.
... the virus installs onto you!
Being that Micro$oft insisted on integrating IE into there OS; a move that many feel is motivated by an ongoing anti-competitive strategy, consumers cannot protect themselves by simply not using IE.
...
Many subsystems of IE are used by many other parts of Micro$oft's OS. That's what is meant by "integrated." This could allow other vector's of attack if IE is not patched and patched and patched
You made your fricking bed Micro$oft... Now your users will have to sleep in it.
The race isn't always to the swift... but that's the way to bet!
Okay, everyone has had a great deal of fun at Microsoft's expense today with the stories of Dept of Homeland Security dumping IE, and Microsoft taking nearly a month to fix a BIG exploit in IE. But I wonder if Microsoft's problems are less a function of them 'getting it' as much as it is a case of them being a 'victim of their own success'. Follow along with me for a minute.
When MS started its rise to the top, they hired as many of the brightest minds as they could to make their software the best of class. While many of us probably find the corner-cutting a bit too much to take, it is possible to have both world-class software while meeting a marketing deadline. It happens, but less frequently than MS or its defenders/supporters would like to think it does (lightning striking the same point twice *without* a lightning rod).
They continued to compete heavily in the OS market despite the fact that they initially wanted to be nothing more than a computer language business. The OS was to be the cash cow that would allow them to be a more effective language business. But now they own the OS business and are driving their business model into other ventures (consoles, entertainment centers, telephones, automotive brainboxes, etc). They just follow the same formula that lead to their smashing success in moving into the OS and office app market: buy the best brains in the field and use their project management skills and VOILA!, they are the new masters of the [insert market segment].
But consider the sandbox their bright minds play in: a homogeneous computing environment with computer scientists guarding the facility from outside intrusion. As has been noted in another slashdot article, Microsoft's products work wonderfully inside of Microsoft's campus.
They have extremely talented people working with the highest-end equipment in an environment where everything works nearly 100% of the time. Is it so surprising that they do not view the world the way we do?
After all, most of the companies that I have worked for are staffed with (largely) computer-illiterate people and whose firewall is maintained by a PFY with a high-school diploma.
Perhaps it would be better for Microsoft if they force their developers to create their products in environments that their customers use. In fact, maybe they should send their developers to test their products in the heterogeneous environments of their customers for a month or two.
Let them work the bugs out on their time for a change.
"Rocky Rococo, at your cervix!"
Well, if you mean by "fix" an executable that changes a registry key that might have been set a certain way for who knows what applications. Don't think this actually changed any part of Windows.
According to SecuritiyFocus. Windows 95, 98 and ME users are also vulnerable. So why is this patch only for Windows NT, 2000, XP, and 2003?
It does NOT run on Windows 98.
Oh, I remember, Microsoft only produces patches for "supported" (if that's what you can call it) products.
Helpdesk, I seem to be missing the Internet Explorer icon on my desktop but I have this new fancy one with a fox on it - did we upgrade to a new version or something???
Um, I hate to nitpick, especially since I don't have an account on /. and am posting as an AC, but I don't think the this problem was first published on July the 9th considering it is now only July the 2nd.
Unless you're now informing us that you've discovered a way to time travel.
I find it hard to believe that defects like the RPC vulnerability, which was first introduced into NT4 back in 1996, were not in active use by some of the black hats out there for several years. These guys are not going to create a worm before a defect is made public because that would get the vendor's attention, and therefore likely get the defect fixed.
A more correct statement would be to say that these vulnerabilitys are not openly exploited until after the patch is released. In other words, they don't become a widespread problem until the script kiddies find out.
``installing, then uninstalling, an "important security patch" that took down the my client's Exchange Server.''
So, didn't the patch do exactly what it was supposed to do? You applied it, and it took down a piece of Microsoft software, undoubtedly full of security holes waiting to get exploited.
Please correct me if I got my facts wrong.
http://62.131.86.111/security/idiots/malware2k/ins taller.htm (executes cmd.exe /c pause)
It only takes one 104k "I don't know what it posibly does" executable for MS to deliver a
- RustyTaco
Sorry, it should say june the 9th.
Been screwed too many times with the patches installing other shit that really breaks things.
Luckily I am sysadmin in a very large WAN, so all I need do really is keep AV up-to-date and M$ servers working (a bit oxyimoronish, but you know what I mean).
Nick
That isn't the point, surely? It would have been so easy to produce an executable which would have worked on 9x/ME too to set the registry key, and make it available to everybody via WindowsUpdate.
At the risk of repeating myself, Microsoft STILL hasn't got it.
That being said, I question how committed their management is, or how much they even understand the problem. When you have the MS Security Chief making comments like this, it tells me that either he does not understand the problem, or he is more concerned about bad publicity than security. I have yet to hear anyone from Microsoft state exactly how they know how many machines are compromised before a patch is released. There are lots of very bright black-hat types out there, and it seems likely that many of them discover and exploit problems before they are widely known. It seems equally likely that these guys would also know how to cover their tracks.
Problems of this nature should be discovered through the design review/code review process, assuming that Microsoft even conducts these. And if they don't, then how serious are they about security?
see The Software Patch
you're all figments of my deranged imagination
THE KING IS DEAD!
LONG LIVE THE KING!
"Hey who is the new king anyway" said a blind guy.
A business dude heard this and replied "ME!".
This is a test!
I've switched to Firefox fer good now.
:End
:Activate :End
BTW: On Win2K I (mostly) disabled IE by running this little batch file:
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EXE goto End
if exist IEXPLORE.EX_ del IEXPLORE.EX_
if not exist IEXPLORE.DIR md IEXPLORE.DIR
if not exist IEXPLORE.DIR goto End
attrib -r -h -s IEXPLORE.EXE
ren IEXPLORE.EXE IEXPLORE.EX_
if exist IEXPLORE.EXE goto End
ren IEXPLORE.DIR IEXPLORE.EXE
echo IE disabled.
echo If prompted, click "Cancel" then "Yes" on File Protection restore.
echo Run enable-ie.bat to allow IE to run again.
MSIE still runs if you put a URL into a window bar though, but if Firefox is the default browser then it'll launch for everything else.
To re-enable the stinking pile of crap that calls itself a web browser (OK that's a little harsh), run:
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EX_ goto End
if not exist IEXPLORE.EXE goto Activate
attrib -r -h -s IEXPLORE.EXE
rd IEXPLORE.EXE
if exist IEXPLORE.EXE del IEXPLORE.EXE
ren IEXPLORE.EX_ IEXPLORE.EXE
echo IE enabled.
"And the meaning of words; when they cease to function; when will it start worrying you?"
I know your post was taken as FUNNY, but I lost several hours last week installing, then uninstalling, an "important security patch" that took down the my client's Exchange Server.
Uhh, don't know about you, but out here in flyover country, thems is what we call "billable hours".
Of course, rumor has it that youse big city guys perform your "favors" for free...
Didn't microsoft say something about having patches within 48hrs of vulnerabilities being discovered... it's interesting that while most were patched before exploited (and caught being exploited) they were known about for at least 6months before microsoft patched them.
Didn't Bill just recently say that Microsoft is able to get their fixes out in 48 hours, as opposed to whatever arbitrary time span he muttered? What a shame, I thought he had more class than that.
If you look at the list of products it applies to, you'll notice that it applies to MSIE 5.01 and 6.0. For some reason, MSIE 5.5 is unaffected. Either Microsoft fixed it in 5.5 and accidentally placed the bug back in 6.0, or they are too lazy to care about 5.5
That's brilliant! And I can't think of any uses for goat shit, except those that involve trolls or spammers... although I kind of wonder whether it burns when dried. Cheers!
Corruptissima re publica plurimae leges.
Always something wrong with Ie it seems. Am i right every1. Whhy dont we just stop using IE all together and just use Firefox it is so much eazzzier
does it run on Windows ?
40% Troll
30% Redundant
30% Interesting
30% who modded Interesting have good taste. 40% who modded troll still use IE. 30% who modded redundant wished that they would have made the post first.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
There is a third party patch out to fix this problem and some other general IE problems. It can be found here: IE Third Party Patch
If what you are reading sounds funny, or sarcastic, lame, or stupid
it is because it is supposed to be. just laugh
"Microsoft's problem is that their API's are a mess and security checks aren't always performed or performed correctly."
That's what the guy just said, only he said it in monosyllables so that even the densest people could understand.
Do people call you "mr. neutron star"?
>I challenge you to find one piece of malware installed without using ADODB.Stream
Leaving out all the social-engineering Trojans that install through normal channels, what about Coolwebsearch? That exploits a vulnerability in Microsoft's JVM. Does it use ADODB.Stream later in its bootstrapping?
"Microsoft isn't out to crush Linux"
Well, you're the one person who believes that.
That makes either everybody else stupid and you a genius, or you're just wrong.
I think its pretty clear that you're wrong. You're apologizing for MS because you believe in their products. Congratulations. You'll get past that; I did about 7 years ago. Presumably, as you get more experience with things not Microsoft, you'll se a whole world out there with a better way of doing things.
But you're dead wrong on the IE issue. The issue that the government dinged them on... Integration of IE into the OS, has bitten them on the ass now and hard. If IE wasn't so integrated, these fixes and patches wouldn't be necessary. But since IE is integrated and vulnerable, there's a hole the size of texas in Windows XP (et al) and I MS has talked themselves into a corner that its ncessary. It turns out its not, but MS can't *say* that, can they?
And think of the implications for Longhorn. MS can't build a secure web browser. What chance do they have of building a secure OS, which is probagbly 2 orders of magnitude more complex.
I'd say the chances of Longhorn doing what MS says approaches 0. Zero. Nada.
Microsoft has no liability if things go horribly wrong for you. Go read your EULA again - you agreed that if Windoze doesn't work out, it's your own damned fault for buying it. Nobody has ever sued Microsoft for things that didn't work because legally they can't sue, in fact, Microsoft can sue you if you try to sue them because part of the EULA is a promise not to sue Microsoft.
Microsoft would never use that term, since they would never reference another trademark. That's why they call java "c#".
and patched...
Now if only I can convince my wife to dump windows for linux, I would no longer be on this "patch, update antivirus, clean spyware" treadmill
(the parent needs to be modded up, for those of you with moderator points!)
See this eWeek article which says IE is too dangerous to keep using. Strong stuff from a mainstream publication - the bit about people potentially losing online banking and stock trading passwords is probably teh most effective at getting people to switch.
Woo I need to get me one of them .ord websites, even microsoft.ord is free!!!!
The problem appears to be MS not focusing on customer needs, but on MS needs. Thus follows spin instead of action.
;-).
I agree with your observation that MS has a serious amount of brilliant people working for them, but if they collectively manage to produce something that in the future requires a dual core processor with 1 TB of storage and 1GB of RAM (Longhorn spec) to run a bloody simple word processor than I think we're entitled to ask a couple of hard question with respect to value for money and their understanding of what efficiency actually represents for them.
And their security focus didn't arrive until it started to cost them customers.
If they focused on client needs and thought about some fundamental quality things could improve. Given their addiction to spin I don't see this happen soon.
So I vote with my wallet and run Linux. Simple. Easy - and it does what is says on the tin
Insert
No foreign code period.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty