Slashdot Mirror
June Windows Update To Be Biggest in a Year
Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."
...a long week.
I do like programming things that work super quickly, especially when they work super quickly, super quickly.
Come get your Microsoft Genuine Advantage Notification spyware tool updates... hot off the compiler.
that the genuine windows advantage checker thing is going to be making a lot of people mad when they find out their copy of windows won't update. Prepare ass for violent kicking by viruses!
Just when XP is nice and patched and secure, they'll release Vista and start the process all over again.
Yummy.
More
How much in lost revenue is all this Microsoft Patching costing the real economy?
...genuine advantage failure doesn't mean unpatched windows. Security updates will still be downloaded if you select "automatic updates", you just can't download nice addons like windows defender, media player etc.
I am NaN
The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.
Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.
-Jar.
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
Hasent every one this year (security update) been the most important update to date. They seem to be repeating themselves alot.... maybe we can expect XPse soon.....oohh wait they call that service pack now.
if you are what you eat , then I could be you by tomorrow.
US Democracy:The best person for the job (among These pre-selected choices...)
No patches for me and most spyware and malware isn't compatible yet!
about $54B
The cesspool just got a check and balance.
Don't fix it if it's not broken!
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
"I can't think of any of them that have had any sort of virus or spyware disaster in months."
If that isn't an epic example of foreshadowing, I don't know what is.
foreshadow: To present an indication or a suggestion of beforehand; presage. ex. see Slasdot post by Anonymous Coward, Tuesday June 13, @08:57AM
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
And this effects Firefox, how? Has FF implemented this yet or do they not have to? To me, I don't use IE, so I could care less about this patch.
"Ever patch a system and have some core services not work after?
The patches cause downtime as well."
That's why you test out patches on a test system. If you're patching a critical system without that first step, then you deserve what you get.
I was sitting here wondering why my laptop hadn't started to automatically update....
Then I realised I was booted into Ubuntu.
*slinks off into the night*
I don't feel windows sending critical updates should cause any flare-ups. Putting your system on automatic updates and let windows update the system is easy enough. One thing I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6
[ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]
But I cannot understand why ppl raise a huge hue and cry when MS finally manages to update the OS. Same people alternate between Damn-you-fix-the-bloody-flaw-TODAY or go-rot-in-hell-i-WONT-apply-this-update mentality. I'm a mac guy,but lets give credit where it is due.
I work in tech support for six different schools and dozens of people for whom I do private jobs.
Your comment is just not true. I get calls EVERY week with someone wanting me to clean their computers (all of them XPSP2 at least). The problem is that the first thing that sort of junk does is stop Automatic Updates from working for everything from Windows to Antivirus to even targetting AdAware etc., so from then on even if the user "cleans" their machine, they aren't getting the updates they need (even though sometimes it looks like they are) and thus they are open to every future problem too (including those fixed in patches like this one).
People are still dumb, they still click, they still don't learn, no matter what it ends up costing them. Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back but so long as I don't do X, I don't notice", "Yeah, I've been getting these random popups for the past few months, if you have a minute could you have a look at them sometime?", etc. Personally, I'd be doing damage control the second I spotted one of these on my own personal computers but it's just tolerated by the average joe. They can literally put up with it for months.
I'm ALWAYS being told that "machines slow down when they get older", don't they? Makes sense to them but to me I'm just thinking "Yeah, only if they are slowly filling with junk". And that's how people work. They keep using it until it gets to the point of being unusable (which for people who used to run older PC's is actually totally unbearable). Then they might casually bring it up in conversation with me, not do anything for several weeks, then try to book my time to clean it up etc.
Come on, a few days ago there was a major news story about the head of Microsoft itself not being able to clean his friend's PC of spyware. I work with people who can't drag-and-drop, you really think they stand a CHANCE of even seeing that they've been infected, cleaning it themselves etc.? And with the growing spate of targetted spyware/viruses, I can't even rely on putting on a nice automated cleaning system (like Adaware/Spybot/AVG scripted to auto-update and then full scan) onto their systems.
The reason I don't hear about it any more? I raise my prices depending on how bad it seems when I hear about it. Can't get on the net at all? That's an extra £10/hour. Can't load any program? Another £10/hour. Antivirus isn't functioning properly cos something's interfering? Another £10/hour. Haven't GOT antivirus/firewall/updates? Another £10/hour.
Got up-to-date antivirus, a good firewall, an "alternative" web browser, scheduled anti-spyware, no visible signs of infection prior and somehow STILL got something nasty? (even if you accidentally clicked a link you didn't mean to, so long as you TELL me you did that) The price drops dramatically to the point where people don't say... "Uh, ok, I'll er... call you sometime." but instead say "Yes, please, if you could."
Users aren't getting educated, they're getting ignorant. They KNOW it's a virus/spyware and they choose to ignore it and continue with their work (which, incidentally, is not only usually private and confidential but usually vital to the running of the school they work for). When you're telling headteachers that X got on the system because supplier Y didn't issue an update, they just carry on regardless. They don't stop to consider what MIGHT have happened to the data (in complete breach of Data Protection laws I might add) or where it might currently be floating, even when informed.
The best customers in the world are the ones who KNOW NOTHING but ADMIT to knowing nothing and look to you for advice. They're the ones that you can TEACH how to use a computer safely. Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you
With respect to:
"We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
I think anyone who is still running windows 98 would be better off switching to Linux. I would have to beleive most software running under 98 could be run under Linux using Wine/Crossover Office, or alternatives found. More than likely, most 98 users just have some office type applications and never upgraded because they didn't need the fancy new OS. My old office still has 98 on many computers just because the people using them run basic apps that get by with what they have, and upgrades would be costly (relative of course, some small businesses would be hurt by 10K in computing upgrades). With so many security holes are known, and support is ending, AND newer Linux distros are pretty darn close to "it just works", we may see small pockets of Linux migration.
So even though Microsoft have stated that they support 98 and ME until 11th July 2006, they will not support those two OSes today?
Yes, people are crazy if they rely on 9x in anyway, but when Gates says he'll support it until a date I'd expect support to be provided, even it means some changes to the shell. And we all know how much exageration is used when a job is being avoided... ("major re-write of the Windows Explorer").
Car analogies break down.
I find it interesting that illegal copies of Windows aren't able to update the fix for the legal settlement. Microsoft have finally changed their WGA tool to "Do not allow update unless user PC submits 'Yes it's valid'" from "Do not allow update unless user PC submits 'No i'm not valid'", i thought it was odd the way their system worked before.
This is why i'm using Autopatcher XP (Annoying forum-based website), you can download the updates off them, see the details and unselect all the crap you don't want, without having to go through Microsoft and Windows validation. You just have to wait a while before they release the newest version.
Great comment and definitely correctly moderated as Insightful! (OK - does this qualify me as fulfilling my meta-moderating for the day? lol)It reminds me of a great page I saw on a friend's web site.
It was so on target I asked his permission to publish it on another blog I write for.
BTW, my friend is also an amazing photographer as well - check out his photography site if you have a chance."Let us raise a standard to which the wise and honest can repair" - George Washington
Holy crap! Watch your step getting off that horse; it's a high one!
When my current PC outlives its usefulness, I'll be a "switcher" too. And look out, because there are going to be a lot of us pretty soon. Whether we meet you high, exacting standards is moot. Thanks to current Windows trends, Mac is about to become a lot more popular.
And I guess MacSnobs wouldn't know Clarus from Claris. Maybe the word of the day is Pretender .
Find environmentally and socially responsible products on http://buy-right.net
Only one thing though: I just checked Microsoft Update right now (0654 hours PDT on 13 June 2006) and I don't see any Critical updates to be downloaded. I did get a .NET Framework 1.1 update last Tuesday but I didn't see anything else. (scratching head)
The funny part is these "unfixable" vulnerabilities have been there since day one.
I love it. Each and every one of you out there using Windows XP should truly understand that one day, MS will say the same thing about XP, too.
"It's so broken we can't fix it. Buy a new computer."
Only in a Microsoft world would still-supported products be abandoned since they were, "just too broken." But the irony is that this "breakage" is not something that appears over time; it's not bitrot. These are security vulernabilities that have always been present.
The Microsoft patch cycle is a joke. Needing a torrent of patches in order to stay "secure" means that you probably aren't secure anyways. Within 100,000 issues waiting to be 0-day'd, and with a significant fraction of those both _critical_ and _unfixable_ (EOL, or now, it seems, "near EOL"), how the hell can you sleep at night, unless you fix computers?
And if you are an MS maintenance drone, I guess you can sleep really well at night.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
What makes you thin IT managers have a choice?
When the decree comes down from "the powers that be" that fact that the decree was uniformed or even foolish has little to do with the IT manager's ability to do the right thing as opposed to the decreed thing.
Hell most people don't really need to be on the open Internet at all. They only visit a couple of sites and pick up email from the grandkids. You shouldn't have to expose yourself to international terrorism for that. Maybe we should just go back to the local BBS days or something...
At some point people are going to get sick of it, though, and start considering safer alternatives. I'm pretty sure Microsoft realizes this, too. They started mumbling about security when Linux came on the scene, but the mumbling got a lot louder when Apple released OSX. Sure you still have to worry with OSX. You have to worry with anything you connect to the Internet. But you have to worry a lot less. I'm telling any of my relatives that they can't afford not to make the switch when they ask me for upgrade advice. Oh hackers will start targetting the platform eventually, sure, but they still won't be able to do much damage. And once corporations start realizing that they could divert a lot of their IT effort away from their security efforts by switching I think we'll start seeing some big customers switching from Dell to Apple. Hell, Sun requires you to justify having a windows machine at your desk -- otherwise you a Solaris box. There were always some chuckles on my floor whenever a Windows virus notification came out.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
But a real Mac user is born, not made.
That's what they kept telling me when I was an Amiga user. I still have a fondness for my old Amiga(s). It's unfortunate Commodore didn't market it directly to a single industry for a while (like Macs with the desktop publishing). They barely marketed it at all. Who knows what direction things would have went if Tramiel didn't leave. He didn't stop in to take back control of C= when it was faltering. At least Jobs stepped up to put Apple back on track again.
Many times it has nothing to do with how bad the OS is, but rather how much more expensive a *nix/*BSD admin will be.
It's not the IT staff it's the manager and the users that doesn't want to switch. Too hard to learn some others habits and you're the only one who get screwed at the end, your job isn't their concern, they don't even think about it when they screw something by being stupid. For them Windows is perfect, it's pretty, there's word, excel and powerpoint on it, they can listen bad music(tm) internet radio with it and most importantly process easyly their photos etc. The other problem is the attitude of the Linux community, the "get bent, the documentation is in the source code, read it" answer you get each time you dare ask something doesn't suit too well with the non computer literate end-users.
malheureusement la stupidité n'est ni curable, ni mortelle.
Wow, that was inappropriate... that should be big PERSON words.
And I guess MacSnobs wouldn't know Clarus from Claris.
Given the link you provide for Clarus, perhaps pretender is indeed the word of the day.
A company closed associated with ours (a very large telecoms company in Europe) seems to have fallen off the map since about 12.30 today.
Coincidence?
Get your own free personal location tracker
They just haven't been released yet. Keep checking here: http://www.support.microsoft.com/gp/securityitpro
What if the Hokey Pokey really is what it's all about?
Whaaa...?
What does storybytes.com have to do with clarus.com? Whatever, here's the Google search result for Clarus.
Find environmentally and socially responsible products on http://buy-right.net
"Presumably the Windows Orks at work..."
Wow, I didn't even know Windows had an LOTR version.
Or by Orks, did you mean PHB's? Jus' checkin'.
What if the Hokey Pokey really is what it's all about?
I think every IT support guy will agree. Users don't care as long as their system is still usable. The most common reply I get is "I don't use my PC for Internet banking and so have nothing to loose." I try the "If your computer is vulnerable it could be used by organised crime" But I'm not a salesman for Security, just a repair man.
Because you always need a smart fox!
Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back...
What scares me is that some people seem to see this as a badge of honor, to the point of bragging about how "infected" their system is and everyone should praise their ability to slog through the mire and still get their work done.
Its like a geek bragging about having genital warts because it proves he's had sex with someone -yeah, someone with a communicable disease.
Not the first time that a Netware fix got broken by a Windows fix
But I'm sure Microsoft didn't do that ON PURPOSE.
Don't Tread on Me
You're going to have to wait probably at least 12 hours before WGA is cracked, so you can keep doing whatever-it-was wrong.
My turnips listen for the soft cry of your love
crap-free, printer-friendly view to aid in long week of patch craziness (yay)
Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety
He probably heard 'windows' in Palo Alto, and gee, what a great idea! Brilliant!
Brilliant!
rick
deleting the extra space after periods so i can stay relevant, yeah.
You may wish to actually read the link. A summary in case you don't: the linked page gives the history of Clarus, the "dogcow," named when a stray dingbat character in one of the original Macintosh fonts provoked confusion about whether it depicted a dog or a cow.
There's a certain irony in a person unfamiliar with Clarus labeling a Mac user a "pretender."
In Redmond Tuesday starts at 10AM PDT ...
"A gun is a tool, Marian. No better, no worse than any other tool. An axe, a shovel, or anything." Shane (1953)
Commodore did not WANT Tramiel to step in, to begin with. The parting of the ways was mutual.
The owners at the end did not care about the company, about growth, or technology, and would not have even considered bringing Tramiel's genious back in. They were far too busy engaging in insider trading and embezzlement than caring about their employees, stockholders, and the industry at large.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Mod parent up +1 hilarious :D
--
~= scwizard =~
The name "Windows" was chosen because Microsoft was selling vapour to forestall purchase of a product called "VisiOn".
Just another "Cubible(sic) Joe" 2 17 3061
The fact that I can install a linux kernel and still boot the old one, install a new apache and leave the old one, replace pretty much everything and still have the old one working makes things a lot easier.
Also, the fact that I can grab the testing branch of my distro and try it weeks or even months in advance makes things a lot easier.
The fact that I don't have to buy $5000 worth of licenses coupled with the $5000 worth of hardware makes things a lot easier.
Go troll elsewhere.
nah, you are gonna lube up and take it like the rest..... seriously, I service hospitals and health centres, and the majority of the computers in them run Win98 or WinME on the desktop served by either Linux or Novell..... Microsoft has some arrogance expecting companies to go out and upgrade all their computers, just to run their latest pile of bloated shite. Microsofts attitude to its customers can be summed up in the world of Jay and Silent Bob..... "Fuck them, fuck them up their stupid asses... they are fucking clown shoes"
The whole diatribe sounds to me like a critical examination of the message in Apple's advertising. You could sum it up more quickly though, it's SOP for most everyone: "Be different, just like everyone else." All advertising is intended to make you act like sheep, after all.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Oooh, that was not pretty. You just got schooled.
Why yes, I AM a rocket scientist!
No. If Linux, *BSD, or some other opensource operating system gets number one this IS NOT going to be the same.
...).
Because most opensource operating systems comply to open standarts and you can imagine cohabitation of various different OS and distro.
It won't exactly be Linux becoming #1 standart, but POSIX as represented by various Linux distributions, and BSD variants, being standart.
Open-source code can rather easily get to cross compile across different *nix as long as they are standart compliant, and thus most needed software can be provided in the distribution.
Whereas malware, because it must find way to circumvent protection and operate without the user noticing it, must exploit very specific bugs and is highly dependant on the specific flavor on which it must run (versions of kernel/libraries/apps, CPU, compiler architecture,
So yes, cRak3rz will still be able to program viruses, except that those viruses will only be able to attack opensuse 14.3, maybe fedora core 8, but not debian 3.3 because they all depend on a bug found in the linux kernel version 2.12.5.1, and the binary only work with EM64T architecture, not SPARC10 or ARM11, and *BSD are out of question.
And thus only certain users (those who use those specific distros) certain corporation (as long as they use only 1 single distro) will suffer from the virus.
Compare this to the current situation, where an overwelming number of individual and corporation are running Windows XP variant : a single virus is almost able to "Shutdown teh intreweb ! OMG!!11" (as nearly seen with some recent out break like Sasser or MyDoom).
In the past, when market wasn't so strongly dominated by wintels, you had very bad viruses at that time too, mostly copied through BBS, warez on floppies and such. There were a lot of badies back then, but none of them could just wipe out every home computer, because even if it could target every PC clone, meanwhile Atari, Amiga and other weren't affected.
OpenSource is about the freedom of choice. It's about being able to choose whichever Distribution/OS/software/whatever you want.
And freedom of choice brings diversity, which in itself makes it a harder target. But because opensource software tends to use open standarts, you won't end up with multi-platfomr madness of the Atari/Amiga era, and you won't end up locked into an isolated dead-end platform like the current windows situation is.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Oh, you are tempting the mods today. You may as well say that Apple iPods suck.
You are, however correct. Other will point out that those dime-a-dozen MCSEs can't manage a system worth a damn, and if you got a competent IT admin for Windows they'd be just as expensive as a competent *nix admin. Which is also true. But sometimes all you need in a small IT department is someone who can follow the install prompts, check to make sure the components are plugged in, and wipe the users asses when they make a mess. A truly competent admin would get bored and look for a challenging oppotunity, but a shit-dumb MCSE who can press enter to continue will be happy working 4 hours a day and surfing the other four, even if the wages aren't the best.
Is it just my observation, or are there way too many stupid people in the world?
Point taken, 'pretender' comment withdrawn.
'MacSnob' comment still stands.
Find environmentally and socially responsible products on http://buy-right.net
Can't get on the net?
That's a paddlin'.
Can't load any program?
That's a paddlin'.
Interfering with the antivirus?
That's a paddlin'.
Not having antivirus/firewall/updates?
Oh you'd better *believe* that's a paddlin'.
</jasper>
I tell my clients that I don't use Windows myself, since nobody pays me to repair my own systems all the time... That tends to make them think!
The only reason my notebook is dual booting, is to be able to support other people, so I can test out fixes, or walk through the menus of some incomprehensible program with a client. I don't actually use Windows for anything.
Oh well, what the hell...
I use three browsers (Opera/Firefox on Linux and IE/Firefox on Windows)
:-) Actually, I use Opera on all platforms (primary desktop is Linux) and have IE on "standby" for stuff that demands it (erm... Windows Update basically). IE, in itself, doesn't have to be dangerous, no, but other browsers are a damn sight better at stopping anyone (casual user or expert) from doing something silly.
Why not Opera on Windows?
There were a lot of security problems that read "visit this link in IE". Think about that again... "visit a link". Not many other browsers will do more than crash or hang on the best coded page but in IE it can infect and run executable code as the user. And I'm not talking about expertly-tailored, perfectly formed buffer overruns that by a series of ever-more-complex crashes, faults and errors eventually run something but about visiting a link that then can directly execute code in the browser. I've seen several proof-of-concepts from a year or two ago that literally had a line similar to exec("c:\windows\notepad.exe") in them that perform the main damage.
Yes, I can turn EVERYTHING off on my IE and then every other site will demand I turn it back on to work, the Windows Update website will stop working etc. and I'm still not guaranteed that it'll work (most IE flaws are some sort of Zone bypass somewhere along the way). Opera, for me, has a better reputation. It doesn't do stupid things in the first place and, believe it or not, I can actually safely browse any website with the default settings so long as I keep it up-to-date (a disclaimer which, on my own personal systems, is a given anyway). It's a browser and it should not be executing code in any way - ActiveX was a damn silly concept. Opera understand this and haven't even TRIED to implement or replicate ActiveX or anything like it. It processes HTML and puts it on my screen and that's all I want a browser to do.
Most of the problems with IE come from ActiveX or the abilities that were put into the browser scripting language. Don't have those abilities present and, surprise, nobody can take advantage of them by tricking you into thinking that it's running in a different zone etc. Other things like buffer overflows in HTML parsers are rare yet Opera fixes them as soon as they appear on Secunia or similar websites. With IE, you have to wait until "mega-patch-Tuesday", if they even BOTHER to fix it.
"Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical"
"The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x. This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details. Currently, 0 out of 13 Secunia advisories, are marked as "Unpatched" in the Secunia database."
That's the difference right there and it's been that way for an awful long time. And that's why I won't use IE or recommend it's use to even the most expert of people.
Same here. Unfortunately the message doesn't get through and a lot of people don't even know that you can have anything non-Windows (a select few are aware of Apple Macs but only on the scale of "you can't play games on them or anything"). Computers=Windows where I work, so you tell them that you don't run Windows at home and you just get blank looks like you've said "my car doesn't have an engine or tyres". When you show them on a LiveCD, they ooh and aah but then just walk away to go click on more popups.
> The bottom line is Microsoft is a marketing company. It is not a company that prides itself on building superior technical solutions.... A technology driven company would have put preference on the technically superior solution ...Microsoft being a marketing company has done and is doing the exact opposite.
This is *exactly* what's wrong with Micro$oft (among so many other disgusting examples in the marketplace) -- the name means more to them than the game, which is to provide what the people want:
"Software comes and goes. What we're selling is Microsoft, not the individual products." -- Bill Gates
Remember that wretched Time issue way back in the Eighties, the one showing a smug Gates balancing a 5.25" floppy disk on one finger? That was just one of many instances where Micro$oft duped the media into believing the corporate hype, that M$ products were by far the best and most innovative in the market.
Never mind that M$ software was (and still is) buggy as hell. Forget that M$ frequently buys other developers' software, slaps shit all over it, then labels it as M$ product. All that matters is that Gates pushes his brand further and further throughout the market and into people's minds.
With priorities like that, it's no wonder M$ and its offerings are so fucked up.
"All hands, BRACE FOR IMPACT!"
Let me guess, you don't know what Carl Sagan is either, do you?
And now, a PSA from David Lynch.