Slashdot Mirror
Microsoft Plugs a Record 26 Security Holes
An anonymous reader writes "Microsoft today released ten patches to fix at least 26 separate security holes, including a whopping 16 flaws in Microsoft Office and its constituent apps. According to Washingtonpost.com's Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack. Also of note, six of today's updates apply to fully patched Windows XP systems, and two of the flaws are actually present in Windows Vista."
I remember when Windows 95 came out, with its weak, obviously-an-afterthought "web browser" (IE 3.0). It was painfully obvious that Microsoft had missed the Internet boat, and shortly thereafter, Bill Gates sent his historic all-hands memo pointing the company in the direction of the Internet.
It took them some time to get it right, but eventually IE took over. Now, you'd have a hard time finding a Microsoft product more complex than Minesweeper or calc.exe that doesn't connect to the Net somehow. And let's not forget that Netscape provided Microsoft with some much-appreciated help in taking over the Web, by screwing up their own release schedule so badly that there never was a Netscape 5.0.
Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.
Make no mistake, this kind of event is exactly what a company that wants to get secure should be doing. Thomlinson's comments about how seeing their code exploited "hits people in the gut", and the fact that "he was glad to see the crowd of engineers taking things personally" -- these things are right on the money. These things say to me that, within a few years, we're going to see some really damn secure stuff coming out of Microsoft.
In the meantime, Firefox exploits are cropping up at a seemingly greater pace. This worries me. It looks like a repeat of 1997, when Netscape lost huge amounts of ground to IE by producing a product that wasn't as good as the competition. SP2 wa s huge leap forward in security for Windows and for IE, and Blue Hat makes it obvious that Microsoft is just going to get better at it. In the meantime, Firefox appears to be standing still on the security front, or maybe even losing a little ground. Sure, it's still miles ahead of IE's security, but if IE keeps up the pace, it will overtake Firefox sooner or later -- probably sooner.
Is there any way the Firefox development team (and the OO.o team, and anyone else who's working on high-profile F/OSS projects) can take a lesson from Blue hat? Can we get together events like this of our own?
If we don't, I can already see that by 2009 or so, at the latest, I'll be telling clients to go with Microsoft products, because they're more secure than F/OSS. And I don't want to see that happen.
Where does it say that the Mac version only has one bug? From here it looks like it says one of the flaws is only present in the mac version. In other words, the Mac version has a bug that the Windows version doesn't (which, considering how different OSX is from XP, is perfectly understandable); it doesn't say "The only bug in the Mac version was patched". Given the amount of such posts I've already seen in this thread, I'm pretty suprised you're latching onto this 'only one bug' thing, instead of the 'only one bug found, but how many more are still there / created from the fix' shtick.
and no factor more effective.
maybe almost 70% of the internet users do not know what a "browser" is, and there are other browsers out there.
This is because microsoft easily pushes its own browser as a "os feature".
majority of casual computer users by then were, now the majority of the casual internet users, those who are not interested in doing something else than using mail, going to a few sites, chatting with some friends and playing some backgammon around the net, are not in a level, proficiency, or desirous to research and explore the intricacies of what they are using.
They are just buying a computer, windows comes installed within, there are stuff there, and they use it.
THIS was the way microsoft have villainishly monopolized the browser arena, and nothing more. Not security, not features, not the "mis-schedule" of netscape releases and nothing more. And certainly, definitely not the "far-sight" or "visionary genius" of bill gates and his memos.
They used the power of market reach, to "sell" something to people who didnt know if any alternatives existed.
Read radical news here
That "incremental update," as you ignorantly call it (nice nick, by the way), was a major version release with a whole new version of OS X, new features, and new technologies. It wasn't some minor service pack.
And that massive update in September isn't so massive when you point out that it's the most we'll see all year. Meanwhile, Microsoft released an IE patch, then released a patch to fix the patch, then released a patch to fix THAT patch. And you wonder why people complain about Microsoft?
"Sufferin' succotash."
Microsoft went to a hacker convention a little while back to find out what they had to fix.n line/5413792.stm
http://newsvote.bbc.co.uk/2/hi/programmes/click_o
It works just fine with WebDAV. In fact, it works better with WebDAV than the Web Folders thing does. Add "SVNAutoversioning on" to your Subversion repository config and have fun, just for one example.
>It's a more complex issue that simply how many vulnerabilies each camp discloses.
Also it is a time for the standard stock quote, "Past performance is not a direct indicator of future performance."
I think their is no way to interpert which is more bug free product, from past security issues. If you assumed the two products started out with identical # of critical faults, then the product with the most patches is likely the most secure. Even if your trying to win a bet on which was more secure on 10-11-2006, you would have to assume both were equally secure at some date (say 2009) and look at which had the most bug patches between the two time periods.
You could deterime which company is more dedicated to support from current patch cycles. Actualy it is probably safe to say that InternetExplorer is a product that is much more difficult to support than firefox, because MS seams very dedicated to supporting their product, but are unable to safely release patches as quick as firefox. But even that is influenced by which support group has a more risk adverse nature, and which team is more familure with their product.