Slashdot Mirror
June Windows Update To Be Biggest in a Year
Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."
...a long week.
I do like programming things that work super quickly, especially when they work super quickly, super quickly.
Just when XP is nice and patched and secure, they'll release Vista and start the process all over again.
Yummy.
More
How much in lost revenue is all this Microsoft Patching costing the real economy?
...genuine advantage failure doesn't mean unpatched windows. Security updates will still be downloaded if you select "automatic updates", you just can't download nice addons like windows defender, media player etc.
I am NaN
The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.
Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.
-Jar.
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
US Democracy:The best person for the job (among These pre-selected choices...)
Of course it's broken, it's Windows.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
"I can't think of any of them that have had any sort of virus or spyware disaster in months."
If that isn't an epic example of foreshadowing, I don't know what is.
foreshadow: To present an indication or a suggestion of beforehand; presage. ex. see Slasdot post by Anonymous Coward, Tuesday June 13, @08:57AM
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
And in the absence of GWA enabling Automatic Updates and blindly accepting all patches Microsoft deems "critical" [i]isn't[/i] allowing Microsoft to execute arbitrary code on your machine?
I was sitting here wondering why my laptop hadn't started to automatically update....
Then I realised I was booted into Ubuntu.
*slinks off into the night*
I don't feel windows sending critical updates should cause any flare-ups. Putting your system on automatic updates and let windows update the system is easy enough. One thing I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6
[ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]
But I cannot understand why ppl raise a huge hue and cry when MS finally manages to update the OS. Same people alternate between Damn-you-fix-the-bloody-flaw-TODAY or go-rot-in-hell-i-WONT-apply-this-update mentality. I'm a mac guy,but lets give credit where it is due.
I work in tech support for six different schools and dozens of people for whom I do private jobs.
Your comment is just not true. I get calls EVERY week with someone wanting me to clean their computers (all of them XPSP2 at least). The problem is that the first thing that sort of junk does is stop Automatic Updates from working for everything from Windows to Antivirus to even targetting AdAware etc., so from then on even if the user "cleans" their machine, they aren't getting the updates they need (even though sometimes it looks like they are) and thus they are open to every future problem too (including those fixed in patches like this one).
People are still dumb, they still click, they still don't learn, no matter what it ends up costing them. Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back but so long as I don't do X, I don't notice", "Yeah, I've been getting these random popups for the past few months, if you have a minute could you have a look at them sometime?", etc. Personally, I'd be doing damage control the second I spotted one of these on my own personal computers but it's just tolerated by the average joe. They can literally put up with it for months.
I'm ALWAYS being told that "machines slow down when they get older", don't they? Makes sense to them but to me I'm just thinking "Yeah, only if they are slowly filling with junk". And that's how people work. They keep using it until it gets to the point of being unusable (which for people who used to run older PC's is actually totally unbearable). Then they might casually bring it up in conversation with me, not do anything for several weeks, then try to book my time to clean it up etc.
Come on, a few days ago there was a major news story about the head of Microsoft itself not being able to clean his friend's PC of spyware. I work with people who can't drag-and-drop, you really think they stand a CHANCE of even seeing that they've been infected, cleaning it themselves etc.? And with the growing spate of targetted spyware/viruses, I can't even rely on putting on a nice automated cleaning system (like Adaware/Spybot/AVG scripted to auto-update and then full scan) onto their systems.
The reason I don't hear about it any more? I raise my prices depending on how bad it seems when I hear about it. Can't get on the net at all? That's an extra £10/hour. Can't load any program? Another £10/hour. Antivirus isn't functioning properly cos something's interfering? Another £10/hour. Haven't GOT antivirus/firewall/updates? Another £10/hour.
Got up-to-date antivirus, a good firewall, an "alternative" web browser, scheduled anti-spyware, no visible signs of infection prior and somehow STILL got something nasty? (even if you accidentally clicked a link you didn't mean to, so long as you TELL me you did that) The price drops dramatically to the point where people don't say... "Uh, ok, I'll er... call you sometime." but instead say "Yes, please, if you could."
Users aren't getting educated, they're getting ignorant. They KNOW it's a virus/spyware and they choose to ignore it and continue with their work (which, incidentally, is not only usually private and confidential but usually vital to the running of the school they work for). When you're telling headteachers that X got on the system because supplier Y didn't issue an update, they just carry on regardless. They don't stop to consider what MIGHT have happened to the data (in complete breach of Data Protection laws I might add) or where it might currently be floating, even when informed.
The best customers in the world are the ones who KNOW NOTHING but ADMIT to knowing nothing and look to you for advice. They're the ones that you can TEACH how to use a computer safely. Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you
With respect to:
"We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
I think anyone who is still running windows 98 would be better off switching to Linux. I would have to beleive most software running under 98 could be run under Linux using Wine/Crossover Office, or alternatives found. More than likely, most 98 users just have some office type applications and never upgraded because they didn't need the fancy new OS. My old office still has 98 on many computers just because the people using them run basic apps that get by with what they have, and upgrades would be costly (relative of course, some small businesses would be hurt by 10K in computing upgrades). With so many security holes are known, and support is ending, AND newer Linux distros are pretty darn close to "it just works", we may see small pockets of Linux migration.
So even though Microsoft have stated that they support 98 and ME until 11th July 2006, they will not support those two OSes today?
Yes, people are crazy if they rely on 9x in anyway, but when Gates says he'll support it until a date I'd expect support to be provided, even it means some changes to the shell. And we all know how much exageration is used when a job is being avoided... ("major re-write of the Windows Explorer").
Car analogies break down.
I've successfully done patches on a test system and had it fail on the production server. The fact that everyone tells me what boils down to "Run two parallel networks, with the same load and same traffic types" does not bode well for Microsoft's lower TCO argument, nor does it make you look any smarter. In the real world, the SME's don't buy racks and racks of identical servers. They buy one server to do what they need.
Patching for the SME resembles this: Read everything about the patch, what it is fixing, and how to mitigate the damage or exploit. Image the server. Wait 1-3 weeks for ISV's to verify that the patch won't affect anything critically. Image the server again, install patch. Cross fingers, then reboot.
You don't go to a car dealership, find the car that you want, and then say "Great. I'll take two", and you shouldn't have to with servers.
I find it interesting that illegal copies of Windows aren't able to update the fix for the legal settlement. Microsoft have finally changed their WGA tool to "Do not allow update unless user PC submits 'Yes it's valid'" from "Do not allow update unless user PC submits 'No i'm not valid'", i thought it was odd the way their system worked before.
This is why i'm using Autopatcher XP (Annoying forum-based website), you can download the updates off them, see the details and unselect all the crap you don't want, without having to go through Microsoft and Windows validation. You just have to wait a while before they release the newest version.
Come now....Windows 98/98SE/ME use a kernel (DOS FOLKS!) that has not been impotant for quite sometime now. Do any Linux Kernel developers still work on the 2.0 kernel?? Does Red Hat still patch Red Hat 6?? NO!
Everyone ASSUMES that Microsoft is dropping support just because it's too broke and that probably isn't even CLOSE to the truth. The real reason is likely a combination of the two. From the archtecture basis, Windows 98/98SE/ME are UNSECURE! Microsoft has a much better chance of securing things with XP. That's not to say there's no holes in XP....there is. But the reason software is dropped from support is merely a business reason. When 99.9 percent of thier support calls are likely Windows XP or 2003 Server related, what sane person would choose to continue to patch something almost NOONE uses!
Gorkman
Wow, that was inappropriate... that should be big PERSON words.
A couple things. First, everything you do on the internet, unless you are in the habit of traversing the web by numeric IP addresses, involves the DNS servers, and even if you do, involve hosting servers, and intermediate hubs. Secure your computer all you want, if the NSA is that concerned about which pr0n site you've been to lately, they'll find it. Ok, maybe they won't, but I'm convinced at this point they could. Call me paranoid.
Second, the concern about WGA's ability to execute code, and not be uninstallable, is very valid. Microsoft has repeatedly proven that it cannot produce robust, unhackable code (Windows, cough cough). And the sheer number of hacks around to disable this thing already leads me to believe that the only reason we aren't all on botnets right now is the mere good graces of the hacking community. Here's a strange idea: why not give the user of a computer the ability to choose what code gets run on his own system? I'm pretty sure it hasn't been patented yet, jump on it!! (Yes I know, that's *nix)
These anti piracy conventions make about as much sense as anti-gun laws: the principle is nice, but in the end, all you do is hurt the civilians. The pirates will still crack the OS, and the criminals will still have guns. I seriously want to see a financial statement from Microsoft showing any noticable gain in the number of licensed operating systems as a result of the advent of the "genuine advantage".
You can get 15 minutes of fame, but you can go down in history for infamy.
crap-free, printer-friendly view to aid in long week of patch craziness (yay)
Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety