Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flurry of Security Patches

Posted by timothy on from the heck-why-not-fix-those-too dept.

yggy writes "It's been a hectic day on the security patching front. Microsoft's bulletins for July include patches for three critical vulnerabilities on the same day that Mozilla releases new security updates for Firefox and Thunderbird. Not to be left behind, Apple fixed two Tiger flaws while Oracle issued a critical database server update." (See these separate stories on today's release of Firefox 1.0.5 and the 10.4.2 update from Apple, too.)

17 of 212 comments (clear)

  1. Tomorrow by mfloy · · Score: 5, Insightful

    So today we have a bunch of new patches, which means tomorrow we will have all the exploits being developed and released. The major problem with patches is they often are not installed by end users, and that is the bread and butter of zombie botnets.

    --
    Voice your opinion!
    1. Re:Tomorrow by Parham · · Score: 5, Insightful

      Luckily Windows has tried to stop this from happening as much as possible by downloading the patches in the background, and then asking you to install, and bugging you to install until you do. What I'm actually waiting for is, seeing what NEW security problems these new security fixes make. This recent article in the games section comes to mind amongst other things.

    2. Re:Tomorrow by Tim+C · · Score: 3, Insightful

      More than that, Windows gently reminds you at appropriate times that you really ought to have patches download and install themselves automatically. ("At appropriate times" means on the Windows Update site, and in the Security Centre)

      Now, you may argue that that's a bad idea, you should always know what's being installed on your machine and what it might break, etc, and I'd agree. The flip side of that though is that anything that increases the likelihood of home users installing security updates has got to be a Good Thing.

      [It's been 4 minutes since you last successfully posted a comment

      Editors, can we *please* get this fixed?]

      --
      It's official. Most of you are morons.
  2. Re:Firefox by audacity242 · · Score: 1, Insightful

    Before you go using the (rather bad) logic that OSS is bad because of the issuance of a high risk patch, you might want to look at how many high risk patches Microsoft has released compared to the Firefox people.

    -Jenn

  3. Re:Hmm.....time to go to Windows Update..... by Kimos · · Score: 3, Insightful
    However, despite not updating my Windows install for months, I still have yet to be infected with one virus, spyware/adware program, or have my machine hacked. Maybe it has more to do with the fact that I browse the Internet with care, rather than update with every stupid patch M$ puts out ...
    I don't think it's fair to say that you're too smart to get viruses/malware like everything else, it's probably a few other factors that you take for granted. Using Firefox is one of them. You have the major Windows patches so that protects you from most of it right there. Think of the MSBLAST traffic that's still out there, meaning that each of those machines is still pre-SP2. Also, being behind a router/NAT/firewall helps (again, I'm assuming). A good number of zombie machines are the direct to DSL or cable modem kind of one computer households.
  4. Re:Open source by Rosco+P.+Coltrane · · Score: 2, Insightful

    It's called doublethink. That's because Microsoft is Big Brother you see...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  5. Re:Open source by Anonymous Coward · · Score: 1, Insightful

    Uhm, no. It's actually called double standards. However, you can link to Wikipedia as much as you like trying to prove that wrong, but in the end, you're just going to look like a clown.

  6. Re:Firefox by drclaw007 · · Score: 2, Insightful

    Of course it would have nothing to do with the fact that one of these pieces of software is a (comparitively simple) web browser, while the other is an OS which users expect to run on some dodgy p3 which has been gathering dust in a corner for the last 6 years or so and has millions of lines of code to debug :)

  7. Re:Firefox by Slashcrunch · · Score: 4, Insightful

    Anyone that claims open source is entirely free of bugs is dreaming and/or misinformed.

    The beautiful part is the speed at which critical bugs in OSS are corrected after being discovered.

  8. Re:But wait... by Caledai · · Score: 5, Insightful

    Nah - its not that Microsoft sucks because the release patches.

    Neither does OS suck because they release patches.

    Its because microsoft takes so long to release patches for certain vulnerabilities that have been documents - even up to half a year before..

    And that the continue to promote products that have been proven to be seriously flawed, and release new versions without those flaws fixed.

    There is a difference between releasing a product, and then patching it - and releasing a product knowing it needs patches before its released.

    I gotta admit - look how much testing the do on the patches they do release. Service Pack 2 anyone?

    --
    Although it can be funny, tell them to plug the power in.
  9. Re:Open source by bigman2003 · · Score: 3, Insightful

    Most of the exploits are written AFTER the patches come out. Most exploit writers just look at the patch, see what it fixes, and then figure out the vulnerability. So the patches don't really need to be released immediately. (This is the practical reality, of course there are others who find this plan to be horrible, but it works for me.)

    I really like this once a month patch cycle. I get an idea that maybe they plan the patches a little better, and test them more.

    Maybe EA should have done that with Battlefield 2, instead of trying to rush a patch out.

    --
    No reason to lie.
  10. Re:WindowsUpdate freezes PC by kayak334 · · Score: 2, Insightful

    Shouldn't that read, "ZoneAlarm on Win98 freezes PC?"

  11. Re:Open source by man_of_mr_e · · Score: 4, Insightful

    You think so? Check out the patch list for FF 1.05

    http://www.mozilla.org/projects/security/known-vul nerabilities.html#Firefox

    12 vulnerabilities in this patch, the oldest was created in APRIL! And it's marked as high severity.

    The newest we don't know, because Mozilla is keeping it hidden until July 20th, but if you take the Bugzilla report number, and add one to it you can get the bug that was created directly after it, and that was created in MAY!

    So yes, Mozilla DOES sit on critical bugs for months.

    --
    If you need web hosting, you could do worse than here
  12. Re:I hope... by emandres · · Score: 1, Insightful
    they're both free browsers, it's not like they lose money
    IE is free, as long as you don't consider your soul to be of much worth...
    --
    The only way to tell the difference between a hamster and a gerbil is that the hamster has more white meat.
  13. Re:Open source by Charles+W+Griswold · · Score: 2, Insightful

    So yes, Mozilla DOES sit on critical bugs for months.

    Good grief, you're kidding? What a bunch of lazy bastards. When they get a bug report, they should verify it, find the code responsible, fix the code, verify the fix, keep tweaking the code until it passes all of the tests, rebuild the entire code base, and release the fixed version of Mozilla THE DAY AFTER THEY GET THE BUG REPORT!!!

    </sarcasm>

    In case you hadn't guessed, these things take a bit of time.
    --
    "Those who are too smart to engage in politics are punished by being governed by those who are dumber" -- Plato
  14. Re:Hmm.....time to go to Windows Update..... by RAMMS+EIN · · Score: 2, Insightful

    Look, the point is not that someone with good computer skills can run Windows without problems. The point is that running Windows requires that you have an understanding of computer security, but most of its users don't have that. People use computers to get work done, they don't want to and shouldn't have to think at every step they take "is this a good idea or will my system be compromised now."

    The fact to the matter is that Microsoft products are so insecure that you need to learn a whole set of rules about what to do and what not to do to use them securely, while at the same time they are being viewed as easier to use than competing products, especially for people who are not computer experts. The truth is that it's much easier for a non-expert to use a Linux or OS X system securely - getting the work done is about just as easy, but keeping secure doesn't require nearly as much effort or knowledge as on Windows.

    Having said that, simply putting a Windows box behind a firewall will go a long way to cure problems, and a competent sysadmin should be able to keep the software and virus definitions up to date. Alas, many companies seem not to have competent sysadmins, and home PCs are still a problem - even the current PC generation often only knows how to use the system, but doesn't know or care about keeping it secure.

    I commend Microsoft for forcing Windows Update down unsuspecting users' throats. That's an important step forward. Now if they would also fix all the security holes in a timely manner, Microsoft software might actually become the easyest to use. However, as it stands, almost any alternative is easier to use.

    --
    Please correct me if I got my facts wrong.
  15. Re:Hmm.....time to go to Windows Update..... by j0217995 · · Score: 2, Insightful
    Ok so you are saying that someone without computer skills can run any form of *nix or *bsd? I doubt that.

    I would rather bet money on someone w/o a lot technical skills keeping their Windows box up and connected to the internet then having the same person connect a *nix box to the internet and make sure everything was working.

    Good luck getting grandma to connect w/o help from you to "AOL" which is also known to her as the Internet.