Slashdot Mirror
Latest Version of MyDoom Exploits New IE Flaw
techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.
Give Firefox such a big present for their 1.0 release.
It's pretty neat how far FireFox is beginning to spread. CNN carried this story on TV just a half-hour ago. They mentioned that FireFox was becoming the most popular alternative to IE. My coworkers (who's job includes watching CNN) came by and asked me why this FireFox thing is better. I told them about tabbed browsing, popup blocking, lack of security issues, and other niceties.
:-)
One of the coworkers downloaded FireFox right away. I actually expected him to take a little while to wean off of IE. After I showed him FireFox's features, however, he set FireFox to his default browser and deleted his IE shortcuts! I think we're definitely making headway.
Javascript + Nintendo DSi = DSiCade
A bug in IE? I won't believe it till I see i--
Microsoft today announced that it was going to leave IE users to fix their own patches...
Can they start teaching in school that using IE is like having un-protected sex with 15 donkeys? or would Microsoft complain?
This comment does not represent the views or opinions of the user.
People still use IE?
ok so they accidently leave one bug in their browser and everybody jumps all over them. big deal!
users could pull their heads out of their asses and stop clicking on links in SPAM.
No, It's a good reason for switching to linux so I don't have to hear you bitch anymore.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
How do we know the link to the story isn't just a trick to get us infected?
Technology, the cause of and solution to all of life's problems.
A patch has just been released:
http://www.mozilla.org/products/firefox/
Let's not be hasty. True, I love Firefox, but IE is a giant honey pot out there for malicious attackers. If too many people switch, they'll start targeting Firefox. As much as I hate to admit it, they WILL find flaws to target.
After seeing this posted i checked my pattern files on the mail server.
Happy to see that ClamAV had the pattern files through a cron job 5+hours ago.
Microsoft with buffer overflow errors? never! Hope this brings even more publicity to FireFox :)
that just about says it all, now I will RTP and determine if this flaw was introduced since the last patch....
Good to hear. Just gives more people another reason to switch to the newly released firefox 1.0 browser! Hopefully the nytimes ad will be placed within the next 2 weeks and the world will be a better place.
I'll post this here just in case you all know the answer and care to share it: how can I tell firefox to save my bookmarks file in my My Documents folder instead of some distant profile folder? I store my documents on a separate volume and back it up regularly.
here at our company, we were hit w/ this virus a few days ago.. of course since IE is our standard browser.. well you get the picture.. anyway, the virus uses a few vulns.. one is the link spoofer and the spoofed link (in an email from the infected box which pulls any email addy it can to trick you) is a link to the infected box.. which then uses the noted vulnerabilty and the process repeats... so basically
Comment removed based on user account deletion
You mean like how Apache is #1 for vulnerabilities because it's the most popular web server?
Man, if only there were some browser we could use instead of IE...
Oh well.
"It is seldom that liberty of any kind is lost all at once." -David Hume
SP2 not vulnerable... Upgrade or perish.
This isn't about this particular worm, but recently made it though my spam filters and IDS:
.rtf ending.
----
Re: my bill
From: [from address, probably spoofed]
To: [My adress]
Requested file.
+++ Attachment: No Virus found
+++ [Name of antivirus software] - [website of antivirus software]
bill.zip
-----
The zip contained a pif file with a
Particularly scary social engineering, since it claims to be from an anti-virus company that I'm actually familiar with.
Irene KHAAAAAAN!
A seemingly infinite number of flaws in a finite piece of code, this is quite an achievement.
every new version of firefox breaks all the themes and extentions previously installed. This is my 4rth time around hunting down Easygestures...
Oh yes... that's that web browser that people used to use before FireFox came along isn't it...
How quaint, people are still using it...
but c# doesn't suffer buffer overflows!
I've been running Linux on my main desktop for years, and recently I've really been considering switching to Windows. After all, it's got some cool apps, and while I wouldn't call it "feature complete", I say they've done a good job of implementing many of the best features of Linux and OSX. However it's articles like this that convince me it's still a bit early to switch to Windows.
All told they've made some real inroads in servers, and the desktop experience is improving with each release (the current unstable branch -- AKA "XP" -- has implemented the theme concept long popular in KDE and Gnome!) however I think it's still premature to declare Windows ready for prime time on the desktop.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
"Whassat Boss? *Minimizes browser to tray* Nah, just working on the company project. Not browsing Slashdot. Waste company time? Perish the thought."
Beware of bugs in the above code; I have only proved it correct, not tried it. -Donald E. Knuth
>>Is this yet another good reason for running Firefox?
Or Windows XP SP2, which is not vulnerable.
What kind of imbecil runs XP but not SP2?
+100 scratch off a few more ticks for microsoft 'innovation'!
Woopsie! Slashdot forgot to mention the fact that this vulnerability has no effect on XP machines patched with SP2. Way to go Slashdot!
Tech, life, family, faith: Give me a visit
telling us to stop clicking on hyperlinks?
Microsoft should feel lucky that their crappy browser is being anal probed. by finding exploits like this they are forced to "improve" it. Improve might be a big word but imagine if there were exploits but no viruses/trojans/whatever, you would think that M$ would fix these exploited holes?
How can McAfee have a simple checkbox that turns on- bo-config.gif
buffer overflow protection:
http://vil.nai.com/vil/images/vse80i
I mean if my program has a buffer and I want
to overflow it have can they stop it. The screenshot mentions APIs so make it just knows about the Win32 APIs.
Company with 1,000 desktops x 1 hour user training/lost productivity (minimal) x $45 average user hour cost = only ~50k!! Sounds like a switch is worth it. I mean, only having to pay $45k for something that will never have a security issue is really worth it.
Right.
I mean, it's great they're running an ad in NYT and all, but everybody who I have installed Gecko-based browsers for also want a decent mail reader.
Rather than going for the still-beta Thunderbird, why not just go the whole hog and install Mozilla proper? You get all of Firefox's features and considerably more.
The only niche I can see Firefox/Win32 filling is for people who don't want to run IE, but for some reason don't want to run Mozilla Mail (which is rare at least in these parts).
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The *real* ironic twist to the story is that newer versions of McAfee VirusScan that Dell has been shipping requires Internet Explorer to be installed... and uses it to run the control center windows.
Now how's that for secure?
I may never, ever figure out the mentality of that decision.
until someone discovered a bug that redirects to a pwn3d auto-update site, click a button wait a few kb download and voila... Yeah that might not happen, but don't think it is out of the range of possibility...
There are a few design flaws in IE that make it a uniquely dangerous program to use to access the internet. These mistakes have, as yet, not been made by the Mozilla team. Perhaps we have learned a few things...
The largest problem (mostly the cause of spyware rather than viruses though) is the issue of ActiveX scripting. Because ActiveX controls are trusted on the basis of vendor signature, and because someone can force an old version to be downloaded and installed, it means that no security patch can protect you against a malicious site scripting against a bug in an ActiveX control signed by a trusted vendor. No security patch can be writte to do this without breaking *every* ActiveX control in the internet.
The second issue is that of security zones. This allows an attacker to exploit any flaws that come with the enforcement of such zones. This is an issue for viruses and spyware alike.
Now, it is possible that a new as yet unimagined sort of attack will eventually be possible against some type of functionality in Mozilla. At least one type has (XUL files spoofing interfaces), but if these become a problem, it is open source, and so you or anyone else can pay for somone to make a version with a different structure. If enough people switch, the process begins over again. But each time, I think we are safer.
LedgerSMB: Open source Accounting/ERP
Second, IE, like Windows and the rest of Microsoft, is committed to Trustworthy Computing. You'll see that commitment with the next beta of Longhorn. XPSP2 demonstrated that commitment. The work in Windows Server 2003 around "hardening" showed that commitment. Our work on security updates for a browser released in 1999 shows that commitment. I've talked with customers running Win2K and IE5.01 who have solid business reasons for not changing OS or browser. They understand that they are running an "old" platform. They want to be as secure as possible in that choice. Microsoft is there for them, and will be for a long time.
Obviously this new security hole is just a figment of your imagination or a filthy lie.
There are no holes in Internet Explorer. Internet Explorer is secure - other reports are merely lies from the Firefox infidels. Allah willing, Microsoft will rule the browser market for a thousand years. Also, the MyDoom authors are at this very moment committing suicide.
For those who don't RTFA, XP SP2 doesn't appear to be vulnerable.
"Users who have installed Windows XP Service Pack 2 are immune to the programs that use the vulnerability, including the two new variants of the MyDoom virus."
...and oh yea, SP2 isn't vulnerable. (because of the firewall)
Sheesh, so many Firefox zealots taking over this story... Firefox this, Firefox that...
You moderators really need a tool to seperate the wheat from the chaff. The trolls from the instightfuls. You need my
Super Dooper Slashdot Moderator Tool Extension Thingy for Firefox!
Take your moderation skills to the next level... today!
Opera...It has a lot less secutiry flaws than even Firefox and more functionality - and the only usable damned email client under Windows. Unfortunately their Java certificate support blows goats which is turning me off it as I now need this in my development work. Other than that though, it's far superior to Firefox (Which is pretty damned good) IMO.
Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.
Hmmm.... I can think of one:
how about:
#include
int main(){
printf("Hello World!\n");
}
I dare you to find a security hole or other issue in that one! Probably better to say "it is unlikely that any nontrivial software will be without security holes or considerations."
I run Qmail, and it certainly has its security considerations (no holes though). Security issues with Qmail are admin issues, not programming vulnerabilities.
LedgerSMB: Open source Accounting/ERP
The fake scan information was used in W32/Netsky.o, W32/Mydoom.y and W32/Buchon.gen also, but not with the same combination of body and subject.
So this may be a new strain of virus.
I've sent the sample to a virus company.
Irene KHAAAAAAN!
I don't get to use any of their products, but I'm still curious.
Where I work we rip each other's code to shreds, so its a bit embarrassing to put something crappy in front of the team. And we a lot of complex network code, just in case you were wondering...
When will I ever learn..
I clicked it, and I'm just fin@%(@#)%*(@#)NOCARRIER
Like the MinimizeToTray extension?
Took me about 5 seconds to find with Google.
FF has a white list of sites that it will allow extensions and updates from. It will only accept updates.mozilla.org, unless the user tells it otherwise.
Now of course, it doesn't require the use of SSL, so it would be possible to trick FF from downloading malware from another site, if the attacker can spoof DNS replies, or edit your hosts file.
I hope you meant your coworker deleted the desktop and menu shortcuts to Internet Explorer. Not that he deleted the shortcuts in the Favorites menu.
Firefox converts your Microsoft® Internet Explorer favorites for you.
Irene KHAAAAAAN!
Having a 50%/50% split in popularity among browsers will reduce attacks simply because exploiters get less benefit and have to do more work. If we can get that to 25%/25%/25%/25%, then exploiters will move on to some more attractive target, and simultaneously, each of the four browsers will focus much more on standards compliance.
I convinced the ECS at my school to load Mozilla Firefox on our machines as the default webbrowser. We'll see how well this goes...
Two weeks draws the Firefox add fully into the vortex of the Christmas shopping season. Every upscale retailer in the northeast is competing for prime space in the NY Times. They get the white meat, the Moz Foundation, the gristle.
you're trusting your include to provide the expected behaviour from printf
you're trusting your compiler and linker to provide you with the expected behaviour from compiling and linking your source code
you're trusting the kernel to not modify the behaviour of the syscalls required to print
you're trusting the CPU to execute the instructions you think it executes
Reflections on Trusting Trust
Ken Thompson
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
What slashdot without posts of some MS exploit that has been patched for the last 4 months. Can't wait till some spyware/malware/parasiteware company starts writing stuff in mozilla extensions, Its even simpler now since it doesn't even require the components to be signed. I love to see how slashdotters spin that.
Have you ever been to a turkish prison?
An exploit affecting IE?! That's something you don't hear everyday.
Oh, wait...
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Is this yet another good reason for running Firefox?
Yes. As we all know, because Firefox is open source, it is naturally bug-free. While we're at it, I'd also like to suggest running your machine with telnet, ftp, nfs and XDMCP all forwarded through your firewall/router. After all, Linux is also super-secure!
Don't forget, Linux, much like Solaris, is completely immune to viruses!
http://shit.slashdot.org/article.pl?sid=04/11/09/2 115242
It will only accept updates.mozilla.org, unless the user tells it otherwise.
You know, the same can be done to IE. Just one registry patch is all it takes. I don't know why MS doesn't make it a wizard. Of course, it relies on the behavior of zones, and that mechanism has been cracked several times. What makes you think the FF whitelist has no similar vulnerabilities?
FF is more secure right now, which means it's in a good position to stay secure. But it doesn't take dozens of new bugs, just a couple really good ones, to crack it as wide open as IE.
> new and improved MyDoom variant
I'm sure I'm not the first person to wonder, how can something be both new and improved? If it's new, then there has never been anything before it. If it's an improvement, then there must have been something before it.
IE is embedded everywhere in Windows, even when you bring up an HTML dialog box. Add/Remove Programs? DHTML. System Restore? DHTML.
:)
Windows Update? Active-fucking-X. So unless you move http://*.microsoft.com/ into trusted zone (ramped up to medium security), you cannot get security updates without enabling ActiveX download and scripting.
Even in WinXPSP2, there is still that trusted zone that gives unlimited rights. Like download unsigned activeX controls without prompting. There is nobody I'd give that right to, not even myself. Yet they have it.
Plus all the MSN content pushes AX at you. At least Expedia are not that daft; you can shop there with Firefox. But check out a pure MS site
like the channel9 developer site; ActiveX, windows everywhere. No attempt made to evangelise to the rest of us
I love Opera, and havent tried Firefox. How is firefox superior to Opera?
The security of a piece of software depends on more than just the robustness of its code. As has been pointed out numerous times before, no non-trivial programs will be bulletproof.
Software security depends also on the motivation that people have to attack it. This MSIE provides in spades. IE is ubiquitous, hence if you were going to write a worm to swipe people's passwords you'd go for IE and skip the little guys. Also, people simply hate Microsoft, especially people with the ability to write malware. Attacking MS software is a great game for many people, and because MS have pissed so many people off, from competitors to customers, it's easy to see why.
Why on earth would you use IE?
"It is just so hard to program with such security in mind!" say the Microsoft IE programmers, at the DGM (Daily General Meeting!)
No software is bulletproof.
You've never played Hatris for NES, Pipe Dream for NES, Faceball 2000 for Game Boy or Super NES, or Yoshi's Cookie for Super NES. All were published by a Japanese company called BPS, for Bullet Proof Software.
Wow, that has to be the +5 Funny-est thing I've read all day.
Seriously. Licencing that crap was one bad move. The Mosaic group couldn't code their way out of a paper bag. Code from sub-par OSS groups like this are what's giving MS a bad name.
MS needs to code their own browser code, then we will see an end to this. As long as MS insists on using this shoddy and insecure OSS/Mosaic code (instead of their own secure code), the virus writers will flourish.
Or Safari or any number of other browsers.
need i say more?
See the following:
Sophos.com link
For some reason, I actually see this one doing quite a bit of damage... if the infected users are running firewall software, though, it should prevent it from spreading widely (since they will probably not accept connections on the port it opens to serve http from)
[an error occured while processing this directive]
Sure but Paypal does and their email can be spoofed exactly by cut and paste. Combine this with the recent and very easy spoof of the contents of the status bar and you have an easy pasword harvester. Or you could combine it with an email that automatically overwrites the Windoze hosts file, so that the next time you think you are visiting paypal, you are visiting some snake in Romania. The list of holes is endless and damning and it's easy to fool anyone if the software does not do what it should.
These are not demonstrated problems with Firefox unless Firefox uses the Windoze host file, DNS or other unreliable services. Better just use Firefox on a reliable OS.
Friends don't help friends install M$ junk.
Way to go Swamii, by making an asinine comment about Slashdot, you make yourself look less than believable. In defense of Slashdot, I can say that McAfee does not confirm what you say. Do you have a link to back up your claim?
The link to McAffee with signs of infection and removal instructions is all anyone really needs here. IE is a thing people use at work when forced by clueless management.
Friends don't help friends install M$ junk.
They're the ones who wrote the base of IE, which MS then licensed from.
I agree with your sig, though I voted for Bush.
Ignorance is curable, stupid is forever.
good thing i am not a hacker, and that skript kiddies are n00bs but.... if i were going to write a worm use an arp-poisining protocol to redirect local hosts on the network to your man-in-the-middle web page and exploit the ie flaw automagically to your wonderful co-workers. luckily the real script kiddies dont lurk on slashdot. oh, wait. d'oh.
Zero day eh? Oh or several weeks whichever. You know lets assume it wasn't dicovered weeks ago by "mangle me" or some other tool. It seems kinda ironic that a microsoft prod of all things is using a "warez" scene term to describe a vul. Besides there are dozens of identical vuls out there people are ignoring, it would take very little effort to change to a different vul for new variants. When will virus creators lean that they need more! Backs doors are old. God forbid if they focus on a random sample of vulnerabilities...Muhahahahha. (muahahhahaha)
Almost any application can have buffer overflows in it. On the other hand... this isn't the kind of bug we really need worry about. Microsoft (or Mozilla.org, god forbid) can fix buffer overflows easily without breaking applications that depend on them. It's the deeper security flaws in the HTML control that we ned to worry about.
We are the Borg. Lower your trust levels and apply our patches. We will add your financial and technological distinctiveness to our own. Your culture will adapt to service us.
I noticed an increase in spam like emails starting yesterday afternoon, thought some spammer or scammer had gotten my email address. I dunno if I'm happy or sad its a virus not a spammer. These email viruses are so annoying, my delete key might wear out, and if I got like 20 on 0 day and like 40 today, well, crud.
You mean to tell me that IE has security flaws? Why hasn't anyone told me before now?
Skeptical Limericks
The thing that galls me most is that this iframe exploit was made publicly known about a week ago, yet MS makes no mention of it at http://www.microsoft.com/security, or anywhere on their web site that I can find. The issue won't just go away if they keep their heads in the sand, yet that seems to be one of their preferred methods for dealing with security issues.
Note how the vulnerability only affects XP and XP with SP1.
Win2K made it to the list too, fully patched.
I particularly liked their solution "use another product". Given the choice between SP2 or FF, guess which wins. The one with a new exploit every month or the one with tabs.
I've been M$ free for years now. I look at this stuff for amusement purposes only.
Friends don't help friends install M$ junk.
IT: Latest Version of MyDoom Exploits New IE Flaw
should read
IT: Latest Version of MyDoom Exploits Old IE Flaw, Which Has Been Patched
or
IT: Latest Version of MyDoom Infects Machines of Morons Who Failed to Install SP2
Even the haters have to start to admit that SP2 is doing its job very, very well.
Here is yet another previously unknown virus/exploit which SP2 deflects. This is *EXACTLY* what it was designed to do.
Keep posting these "sky is falling" anti-MS stories Slashdot; in every post, you are proving MS's commitment to designing new products with security in mind.
Public Service Announcement: The XP2 bashers are not telling you the truth. There are no widespread problems with XP2. (Notice how they never cite reliable sources for their claims?) Believe me or them, I care not. At this point, I have rolled out SP2 to well over 16,000 machines, with nearly zero problems. XP2 is all good. If you use Windows XP, make sure you patch it with SP2.
I'm sure its just a simple co-incy-dinc, and that the Mozilla team was not involved at all.
I think that is the best way anyone has ever put it. I'm gonna wipe off the tear now. *lights a candle*
CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer.
:/ (then again, SPF should help some...).
What I find more interesting here is that they're moving the virus data "out of band" -- they're no longer transmitting the virus in the message, which may make things harder on the AV companies. How do you filter out all emails that merely contain links to websites? Worse, the links are to infected computers.
Imagine a virus that said: "Check out this cool website I found!" and nothing more? Not a lot to filter out from your email there
Funny thing is, I had this idea and wondered how long it would take for the virus writers to think of it, too. Hrm, only took a few months. Wonder how long it'll take them to generalize this and realize that email isn't the only way to send content to people? Granted, it's one of the most popular, but if the virus writers ever develop the skills to make them adapt to as many services as I can envision... Ugh, at least I'm not on a platform directly affected by this crap (well, except for the nuisance virus emails... meh).
It doesn't render compliant HTML/CSS as well as Firefox/Mozilla. Especially floated divs, etc. It's about on par with Konqueror in this respect, though WRT different CSS standards. Opera is sweet, just not up to standards, quite.
Just for grins, what IS the problem supposed to be with Thunderbird? I've been using it quite a while, and have had no problems. Not trolling, just curious.
Best,
Mal the Elder
While I was reading the article in CNNMoney, I saw and run the at "security quiz" ... only to find it quite dumb, and funny;
so I wrote
this open letter
to the authors of the quiz,
that I want to share with you /.ers
Isn't it about time we introduce a new technical term:
MS-DoS: The kind of security problems that arise from using Microsoft's products.
This here reply to your hero...
I am answering only because your comment has been moderated as "Score:5, Insightful." Please let me use a great analogy: I often say that--unlike Bill Gates--I lack money. "To say you lack money is going a little further than I'd go," some people say, "for no person is absolutely poor, no person lacks money." Of course, I don't assert that I have absolutely no money whatsoever. I am only saying that I have considerably less money than Bill Gates. Also, the operating systems and web browsers I use have considerably less security issues than those sold by Bill Gates. No car is absolutely safe, but that is not a good excuse to sell cars which explode every time a butterfly hits the windshield. No sex is absolutely safe for your health but that doesn't make unprotected sex with strangers any smarter. The same goes with software. More pleasant? Convenient? Perhaps. But not any smarter.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
...what kind of imbecil runs anything from M$?
How is Firefox ever expected to catch up with all the security issues in IE?
I mean, they're way ahead of us. We better start implementing some security flaws right away. Otherwise we might not be able to get all the really stuborn, old-skool, virus-loving IE users to switch.
"Live free or don't."
It was W32/Netsky.P
The only new thing about the email that I got was the subject line.
Irene KHAAAAAAN!
Many people are still using Windows 2000, which is fully supported by microsoft. I am sick and tired of people saying "Buy Windows XP now!" when MS refuses to fix anything for Win2k even though it is fully supported by MS.
Whoever wrote this one is a supported of GNU/Linux, Google, BSD, math, pgp, and more.
google
secure d
I was reading the technical details of the virus on Symantec's site, and noticed that the virus will send itself to all email addresses it finds, except when they contain the following:
acketst
arin.
berkeley
bsd
fido
fsf.
gnu
iana
ibm.com
ietf
isc.o
isi.e
kernel
linux
math
mit.e
mozilla
pgp
rfc-ed
ripe.
sendmail
tanford.e
unix
usenet
utgers.
There is more that it filters out, check it out.
Proved what? I never said that particular combination of painful upgraded junk had this particular problem. I will say, however, that it will have many other problems. That's easy to see from the history of the thing. What you've proved to me is that you are strangely obsessed with unimportant details. What exactly are you trying to say?
This fact was purposefully ignored and suppressed by Linux zealots like yourself to make you feel better about OSS.
That's an odd perspective and no where close to true. I don't have to invent problems for M$. I feel good about not having to pay the M$ tax. I feel good about having a reasonable user permissions model for my OS, multiple desktops, spam filtering, spell checks everywhere, and the hundreds of other ways that free software environments are superior to Windoze just like FF kicks IE. I don't need to overlook one small part of the Windoze system that's not broken for that. I get a kick out of seeing how broken the rest of it is.
So what drives you to make these silly and pointless apologies for M$ in such a sneering and unprofessional manner?
Friends don't help friends install M$ junk.
Anyone else got the Doom3 ad when loading the article?
Concealed? Sure, whatever. I looks like Slashdot gave you a nice place to trumpet the good news in your own insulting way. Of course it does not really matter. IE's still got holes and always will.
But guess what? It does matter; network admins that have to apply patches to many, many machines on a corporate network CARE.
I've been part of that kind of nightmare for BankOne. It was a pathetic and painful mess that's the best it ever gets.
asshole zealots like yourself don't care about people, you just care about your pushing your open source views on others and slamming those who don't agree with them. GNU/Linux/GPL nut jobs...you people will be the death of open source.
I've been called worse than better trolls than you. That's the kind of thing I expect from M$ apologists. It's strange how some people think insults are a way to sell something.
Open Source software is not likely to die because people like me point out glaringly obvious things like FF is better than IE and is less trouble and risk to install than something dumb like SP2. Free software is unlikely to die when people like me notice that it's easier install something like Mepis than it is to continue to grind along with M$ junk.
Friends don't help friends install M$ junk.
My point is that it does not matter. SP2 might protect you against one little hole, but the rest of the structure is a sieve. I asked you to put up, and you did. So what, here are More holes. I don't use that crap and I'm not going to get into silly details when I talk to people. The big M$ picture is a dismal failure and a mean time to 0wnership of less than 20 minutes.
Stop trying to convert me, I don't like your religion. I know what Linux and Firefox are already, please stop babbling from your Linux bible and shut up for one second.
Thanks for more insults but it's not going to work for you. I'm not going to shut up any more than I'm going to carry the M$ word for you. I'm not going to think I'm an extremist either. I'll simply call things as I see them.
Friends don't help friends install M$ junk.