Slashdot Mirror
Microsoft to Release 7 Patches Next Week
craters writes "Microsoft plans to release 7 patches next week for Windows and Office. From the article: 'In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated Critical, which by the company's definition means that the vulnerability can be remotely exploited.'"
It appears there is a conflict at Redmond. In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.
It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.
Martin
Ohhhh man... it figures.. right when I had my spyware pickup line down to a science...
Example:
Me: Well maam, I can fix the problem.
Hot Housewife: Great! Whats it going to take?
Me: Well I've been reading some websites on good ways to deal with myWife.
Hot Housewife: mmmmHmmmm
Me: ANd then we'll look and see if I can find my article on Kama Sutra, and get to work.
Hot Housewife: Screw the article.. why don't you just start checking out my ports now!
Please delay this patch for a couple more weeks, until my viagra laden penis enlargment pills and kingly inheritance arrive from my new friends in Nigeria, thus negating my need for cheesy spyware pickup line attempts.
Don't anthropomorphize computers: they hate that.
Happy VD from Microsoft!
"The basic tool for the manipulation of reality is the manipulation of words." - PK Dick
---
Seriously, Microsoft has become far more security conscious than they were. Don't forget that XP is now almost five years old...with all the talking they've done about security over the past several years, doesn't it stand to reason that they've learned quite a bit just from trial and error?
120 characters for a sig? That's bloody useless.
Why?
Because on my Windows 2000 system, the size of the patches 33 in number so far, is bigger than the OS itself! And some quaters say 33 is pretty conservative because M$ puts more than one patch in the so called "hot fix" as seen in the Control Panel. I am already afraid, not to mention a patch that might break other software!
Anyone know when the date is when MS will stop making security patches for Windows 2000?
I've been avoiding getting newer versions of Windows with any of my new machines I've gotten or made for quite a few years now, and have no plans on ever using Windows XP on my home systems. Will I have to look to third parties for future flaws found in the various Windows 2000 bugs that will be discovered?
It's doing DULL little tasks. Like reading Slashdot. Duh!
Please. 5 years, and there is no end to the virus/spyware problem. And now they, Microsoft, are going to provide "protection" for an additional fee. Why should they do that? Why not include it in Windows XP?
If they were smart, they would release a Windows XP 2 edition that has every little update, and includes 5 years of virus protection. They should charge like $75 for it or something. It would be good PR, and an easy way to make some more money.
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
There's no cause to panic yet, because this doesn't _necessarily mean a worm can happen (ie, doesnt breach the SP2 firewall, or work in outlook, or IM, or get past HTML filtering in most web email providers). Based on the past, more likely is that they are talking about an IE only exploit. If the remote exploit is just in IE that it means is that if you visit a malicious website .. they can infect your computer. Yes, a danger .. but if you are paranoid and only go to selected websites .. you're reasonably safe.
Microsoft warned users...
I don't use Windows systems often, but most of my colleagues and friends do. How exactly has Microsoft warned its users? Pop-up windows? Ads in the local paper? Public service announcements on cable television? Are the requirements for Microsoft repairing computer-disabling software bugs the same as, say, General Motor's obligations for repairing automobile-disabling engineering mistakes (e.g. recalls)?
$nice = $webHosting + $domainNames + $sslCerts
is the Kama Sutra remover that's no longer of any use now that they've waited so long to release it. Now they're just kicking those 3 infected users while their down. They're basically saying "Now that it's deleted all your documents, here's that removal tool we decided not to release a couple weeks ago, so you wouldn't be bothered with an unscheduled patch release."
That's like saying George W. Bush is a disgrace to politics in the U.S.
What's so bad about XP? NT 4.0 already made the worst change to NT ever, which was to merge the kernel and GDI memory spaces. If you're going to claim that some older version of NT is somehow better, in my book, you're going to have to go all the way back to NT 3.51. :P
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
//Windows XP is a disgrace to the NT family ... I'd much rather go that route than to ever go the way of XP.//
... no virii, no worms, *rarely* crashed ... overall fast and stable. This has been done using free software, and simply good computing habits -- which I'm sure you could implement, since you know enough about computers to make Linux work for you.
... well, it just does!" comments ...
Care to delineate why? I've used XP Pro since day of release
I tire so, of these "Xp sucks because
Frammin' on the jim-jam, frippin' at the krotz!
Dude, if the imac is the answer, it must have been a pretty stupid question. I don't want to trade one proprietary system (mostly software) for another (mostly hardware.) If I'm going to leave Windows as my desktop OS, then it's not going to be for another vendor that seeks to limit choice. Which is any vendor.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I don't see what the big deal is, both Linux and MacOS get patched. Some more often than others...
so all of the linux/OSX fanboys and start flaming Microsoft yet again. Sure, they have vulnerabilities in their product, so does everyone else. If anything, being the security professional that I am, Microsoft has made me MONEY over the last few years. BTW, I use linux ALL of the time.
"Give up hope, dreams are for suckers."
Never mind the dozens of patches needed to get MacOS X secure and all the money needed to spend to get a computer that runs it.
Half right.
Windows NT 3.51 was pretty solid and reliable, but had lousy device support.
NT4 had slightly better device support, but it was a lot less reliable, and more of a memory hog.
Windows 2000 has been a lot better than NT4, though it's still got a messed up architecture, and it's got good device support.
Windows XP is, well, it's Windows 2000 with a few extra bundled tools (like the Citrix stuff from Terminal Server), and nasty copy protection.
I wouldn't use XP on ANYTHING if I wasn't using a corporate load that doesn't have time-bombs in the kernel ready to lock you out of your own machine if you upgrade the hardware.
I used to have an NT351 machine under my hand. It was a real trouper and never gave me any trouble. But you're right about device support. 351 supports what, 4GB volumes? But even so, it was way solid, at least compared to any Windows since.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'm not saying this isn't good news, but it's not very big news, is it?
I mean, do we need a frontpage story just because MS releases a patch? Don't they do it more or less regularly?
And besides, why should we care since all of us here use either Linux or BSD?
As the parent alludes, bustage from patches is precisely why our corporate network admins have disabled automatic updates via group policy.
They download the patches directly and install them on some test machines, and verify that the patches don't actually break anything critical to our business. They then push the patches out to the rest of the corporate network via a software update service. Usually this happens within just a couple of days after Patch Tuesday.
As a local system admin, the bottom line is that I don't usually need to call out sick to defend my sanity. (or what passes for my sanity).
For that, I have this on my door. (I'm close to winning.)
Maybe Microsoft will release updated virus definitions once a month too.
Let's see, there's one patch for gluttony, because the Windows software is bloated.
There's another patch for lust, so Google Desktop won't track your pr0n habits.
There's supposedly a patch for sloth, but I'm too lazy to see what it does.
There's a patch for wrath, you son-of-a-bitch!
There's a patch for envy, it will nullify Firefox.
There's a patch for pride and that just leaves one patch for greed, but Micro$oft will fix that sooner or later.
Looks like Microsoft is trying to patch there image.
The posts start out provocatively talking about "hot fixes", "KamaSutra", "fingering", "port scanning"... But I get worried when the conversation moves to "virii" and "worms".
ConsultingFair.com
As I've said several times here before:
:D
I don't have a virus/spyware problem. My XP box has NEVER had a virus or spyware. I don't put a lot of effort into it, it just hasn't picked one up.
Here's what I have:
A NetGear broadband router (buffer against most worms)
Windows Firewall that spends most of its time turned off
AVG Free
AdAware Personal that I scan with irregularly
Spybot and its automatic utilities
AVG, AdAware, and Spybot are almost always the first three things mentioned if you go anywhere on the internet and ask how to secure your XP system. A broadband router is often recommended even by ISPs these days, and provided by SBC DSL as part of the DSL modem (though I use my own because I like it better).
If we flipped Microsoft's market share with Apple or Linux, we'd find out just how many security holes exist in those operating systems. We don't see all the virus and spyware activity for them because there aren't enough in the hands of uneducated users for a virus to propagate. If you want to sell crappy $10 software at Wal-Mart, you write it for the largest number of average users you can. If you want a virus to spread and get noticed, you do the same.
mod this post -1 Unpopular for saying Apple and Linux have security holes
120 characters for a sig? That's bloody useless.
Pretty funny guy.
News flash: You think the heads-up about security updates is for you, the imac using home user? No. Its for us IT professionals that have to manage 1500+ machine Active Directory networks.
So go ahead with your imac. Have fun with your ipod. But don't expect the rest of the corporate world to be impressed.
Han shot first.
Similarly I've used WinXP at work for about 3 years now, and Win2K since December of '99. Neither has given me trouble ever. No serious virii or spyware problems, no crashes, very fast...
I definately would not put down XP that much. I prefer 2K because the addons in XP are things that I have not had a need for yet, and the XP I use at work has themes and cleartype turned off (along with a few other things disabled).
Hell, I've even spent quite a bit of time on NT4 without any problems (but I wasn't looking for much hardware support just stability using standard office apps on ancient comps) and it went smoothly.
My favorite is when people make BSOD jokes. I've never gotten one in XP and only ever gotten them in Win2K when I was fiddling around with homebrew device drivers. BSOD meant something back when 9x was the most common home MS OS (aka the dark ages).
1 (short ton / firkin) = 89.1432354 slugs / keg
7 reboots.
What?
Is one of the patches for the Access lawsuit which requires you to patch office xp? To bad SCO doesn't sell indemnity insurance for Microsoft products, they're barking up the wrong tree with Linux.
One ring to bind them - should probably have more fiber and less rings in their diet.
Microsoft releases security patches once a month every 2nd Tuesday of each month (one month last year required no patches, and occasionally (rarely) a super-critical flaw requires an out-of-cycle patch)), which means that this same story appears on slashdot each month so fanboys can orgasm over the fact that another set of patches is being released.
7 98, Apple releases security patches more-or-less monthly as well (not quite as often as MS) yet we see no headline stories on slashdot regarding those patches.
Of course, according to http://docs.info.apple.com/article.html?artnum=61
Slashdot at its finest!!
-- "I never gave these stories much credence." - HAL 9000
Hey dumb ass, before you were even born English (American) used the words "its" for posession and "it's" as a contraction of it is.
NeXTStep is sexy but you if you buy them in any kind of quantity you can get PCs for half what you pay for macs. At least, ones useful for business. The imac is a bitch to even get into (the new one especially) and that's just not supportable if you have more than a handful of machines.
Windows sucks, sure, but I'm not sure OSX on Macintosh is the answer. In fact, I'm pretty sure it isn't.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Translation: Until next week, if you run Windows there are at least seven ways to pwn you.
In six or seven years that i'm using it this Debian box has NEVER had a virus or spyware. I don't put a lot of effort into it, it just hasn't picked one up.
CooL...I have automatic updates. Nothing here to see.
What if (like the vast majority of people) you don't care if it's proprietary? Then it's just logical that one would choose from the better of two proprietary systems. Then, uh, "dude", the GP post actually makes perfect sense.
Believe it or not some people don't choose OSs based on their openness, but on whether or not they are crap.
I completely agree. I just can't understand what Apple is trying to accomplish with this. This message reads more like an insult than a selling point.
Being "conscious" about it doesn't do jack and shit. Windows security is going nowhere. Microsoft is trying to fix decades of bad security design decisions and failing at it. The fact that most recent Windows software right now STILL won't run correctly without elevated privileges (including games, which are the LAST thing that should need them for fuck's sake) speaks for itself.
Microsoft has always encouraged both developpers and users to ignore basic security measures. That alone is almost impossible to fix.
Note that I'm NOT saying non-Windows systems (ie. OSX, Linux) have flawless security. Far from it! But the general concern for security is there, and has always been. Microsoft has some serious cleaning up to do if they want to reach that level.
that doesn't mean debian is fool proof, it just means people haven't bothered to target it because it holds such a small minority of the OS market.
See, i told you others could disagree.
Stasis is death. Embrace change.
I'm in the middle of downloading about two dozen patches for Suse 10.0
At least they're issuing patches
If my call is important, why am I talking to a recording?
// I'll just list a few reasons://
It's easy to answer those objections:
1. Install Firefox, remove access to IE (easy to do with profiles)
2. Upgrade your hardware.
3. Upgrade your hardware.
4. Install kerio or Sygate PFP (about a two-minute download).
Frammin' on the jim-jam, frippin' at the krotz!
Yes, but those people are stupid and/or ignorant. They need to consider both criteria to avoid the tyranny of vendor lock-in. The fact that some people are lame does not make me want to be lame.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"