Security Vulnerabilities Discovered in WinXP SP2

SoTuA writes "Few months after SP2 hit windowsupdate.com, Finjan Software reports that security flaws have been found in WinXP SP2, including malicous code execution without user intervention. Finjian has turned over the findings, along with proof-of-concept, to Microsoft."

Finjan scaring up some buisness

[smashin234]

I did some searching and discovered this:
http://news.com.com/Finjan+Warning+users+or +scarin g+up+business/2100-1002_3-5449269.html

And this quote by the Finjan CEO pretty much sums up what I thought this was:
"By using Finjan's proactive security solutions...users can enjoy a secure environment that protects them from such vulnerabilities."

Its just a ploy to scare up buisness for this security company. But lets not jump to conclusions, those 10 errors may exist, but the truth is that this security company may not have followed the industry guidelines.

That is the key question, did Finjan give MS these errors 30 days ago like traditionally is done? If they did, then they have every right to publicize the problem, but if not, they are engaging in questionable buisness practices.

Re:expected

[Waffle+Iron]

The difference of course is that most of those retailers and manufacturers are primarilly conduits of capital. They may collect a lot of revenue, but the vast majority of that is immediately transferred back out to their suppliers. They just retain a modest profit margin and operating expenses.

Microsoft, OTOH, is more like an economic black hole. Huge chunks of the revenue they collect just accumulates in their bank account. They don't seem to be able to figure out what to do with it, even though it's obvious that over the years they should have been investing more of it in improving the quality of their software.

Re:Not supprising

[NemoX]

The bundle comes with multiple alternatives to each of the packages listed. I have > 7 desktops to choose from not just KDE. I have > 4 printer services to choose from, not just CUPS. I have >3 SQL servers, not just MySQL.... They do not package it because they support it, per se, they package it because the believe in end-user education and freedom of choice.

Everytime I have to reinstall windows, I spend about a day going out to get the latest software from the internet to install...Newsreader, IRC, WebBrowser, Image viewer, etc. I don't have to do this with my LInux installs since it is already provided for me. With your logic, then windows shouldn't come with an internet connection, since they don't support what you could potentially download and install. Distros provide this as a very helpful option package(s). One reason I started buying Linux instead of downloading it, is because I loved the multiple cd/dvd's that had everything I could possibly want on it (re: SuSE distro).

And if you want to talk about not having the resources to check things before they include it, then Windows should come without anything, just an empty box, because...

My Windows' uptime 36 hours
My shortest of 6 Linux' uptime = 8 months 2 weeks and 3 days (had to change UPS battery, heh).

Last Windows reformat due to system file corruption: 3 months; average 1 time per year.
Last Linux reformat due to system file corruption: NEVER; average 0 times in 7 years.

Last Windows breach: 3 months ago, between install and d/l of SP4 (yeah, I couldn't even download the service pack before getting hit, I had to get the redistributable package via my Linux box and burn it to CD!)
Last Linux breach: NEVER

Re:Exploits work as limited users? With firewall o

[heybo]

One big problem with running under a limited user account is that a lot of common Windows programs will not run under a limited users account. One such program is QuickBooks. This is even true with W2K.