Slashdot Mirror


MS Patch Train Leaves the Station

per1176 writes "Microsoft has released 10 advisories to cover a dozen security vulnerabilities, including a "critical" cumulative update for the Internet Explorer browser. The IE fix corrects a remote code-execution vulnerability that exists due to the way the browser handles PNG (Portable Network Graphics) files."

5 of 361 comments (clear)

  1. Sure glad I don't have to do this crap by ch-chuck · · Score: -1, Troll

    I put Fedora Core release 3 on this notebook and have just 'used it' ever since. No monthy security updates, no worry about the worm de jour - I just use it to write and work with software that actually does something useful. It really fricking amazes me how much cpu time Windows users spend just patching holes in that leaky boat. Every time I turn on the Kim Commando show it's 75% virus, worms, attacks, malware, spyware, evil email, spoofing, phishing, on and on and on. I guess it just keeps the masses entertained with their gloat of computing power that they have no idea what to do with except follow the latest fashions in screensavers and toys, the drama of attack & defense, danger and rescue adds excietment to an otherwise boring appliance. Maybe as an engineer who uses computers to actually accomplish something I just have a different point of view.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  2. Re:Forgive my ignorance by /ASCII · · Score: 0, Troll

    You misunderstand the way that patches work. It seems intuitive that when a patch is applied to a program, it is somehow sewed onto the program binary, much like you sew a patch onto a piece of clothing. If that where the case, programs would indeed get larger and larger, until all programs where made of 99% patches and all looked exactly alike.

    The reason why this does not happen is that once a patch has been applied for a while, it is removed again. This is most apparent under Linux, where you can download a patch file and apply it directly to the source. Applying the patch will change the program, but will not consume or change the patch itself. Obviously, once the patch has been applied, it's code healing abilities kick in and remove any local vulnerabilities, after which the patch can be safely removed.

    As a matter of fact, the exact same patch can be applied to multiple pieces of software, without destroying or diminishing the patch. Try it out for yourself! Be aware, though, that some patches are made to fit specific types of programs or bugs, so applying a patch made to fix a buffer overflow in firefox may fix similar bugs in Opera or Internet Explorer, they will most likely do very little to remove crash bugs in Open Office or Gnome.

    --
    Try out fish, the friendly interactive shell.
  3. Re:To bad by PsychicX · · Score: -1, Troll

    Typical slashdot ignorant idiot.

    IEBlog on PNG transparency
    "The modifications to IE's image pipeline were required because transparency in IE has historically only included palette based transparency or binary transparency. The data structures and image formats necessary to pass around more complex transparency information were not available. Adding this information to the pipeline involved touching how all of the image decoders worked and were displayed. Additionally, functionality to perform the alpha blending needed to be hooked in."

    Remember that IE6 is feature frozen right now, and is in a state of security fixes only. All of the new stuff is going into IE7.

  4. Re:New Microsoft Security Update by James_Aguilar · · Score: 1, Troll

    You mean so they can experience the joy of having to edit text configuration files in order to get even their onboard NIC to work? Hmmm . . . no thanks . . . good thing we can turn Windows update off. Viruses are a risk of lossiness, Linux is a reality of the same.

  5. Re:IE PNGs by Cat_Byte · · Score: 0, Troll
    Go out and convince MS to stop packaging it with their os. Make people have to do a little work to get on the internet.


    Obviously you have not tried to install any old Microsoft products and get to windowsupdate yet ;)

    --
    Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.