Slashdot Mirror
Microsoft Says, Don't Press the F1 Key In XP
Ian Lamont writes "Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box."
Sheesh, blah blah blah. What your parent said isn't a talking point. His point was much better than yours in less words.
All a researcher has to do is notify MS. Give them a reasonable amount of time that you clearly specify(say a month) and then publicly disclose it.
Your disdain of MS shouldn't erode your common sense.
Support a great indie game: http://www.abaddon360.com
There is a very big difference here you miss.
You're trying to compare the Linux security model with Microsoft's lack of any security model.
The act of compromising a Linux box in any way is a very difficult task, mostly impossible unless you have direct access to the thing.
Windoz on the other hand is the script kiddies wet dream.
Very few windoz users have the knowledge to secure the their boxs and this is clearly evident by the percentage of M$ boxes pwnd by the botnets and variety of worms/viruses/trojans/malware running rampant in the wild.
Give me a break. Pressing the F1 key will kill your system? WTF is going on in redmond? Are these losers all on crack?
"Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
They think malware and other system compromises are an inherent aspect of owning a computer.
They are. In the 1990s, despite "Windows boxes in the internet" (if you had a SLIP connection), all of the exploits that I saw were targetting SunOS and BSD. They were going after Apache. When Aleph One was writing about buffer overflows, do you think he was working with Windows apps?
Computers are insecure. Networked computers are even more insecure. Windows is the low hanging fruit. I know it sounds tired, but if Linux had the same market share as Windows, you'd see the same kind of cat and mouse game going on between security researchers and malware programmers. If you put Ubuntu 9.10 on 80% of computers connected to the internet, and loaded it up with the 10 or so typical apps that people use (word processors, web browsers, Flash, etc), within six months you'd see vulnerabilities popping up left and right.
At the end of the day, it's all software running on an x86 processor. All it takes is one lazy coder, one tired QA guy, or one bad library and you have a zero day exploit. Computers need to execute code. You can only run so many checks on any given input. You can only limit the functionality of a module so much before it becomes useless. You can only bug users with "Are you sure you want to run this?" prompts so many times.
If you want an idea of a secure operating, turn your web browser security settings to Prompt/Ask. JavaScript, HTML, XML, EVERYTHING set to prompt. Spend a week browsing the web in that configuration. Let me know how you like it.