Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Kicks Off Third-Party Bug Warnings

Posted by Soulskill on from the somebody's-got-a-case-of-the-patch-tuesdays dept.

Pigskin-Referee writes "Microsoft has expanded its vulnerability disclosure policy to include not only those in its own products, but also flaws in third-party software that runs on Microsoft operating systems. These will follow the same practices as the advisories issued for Microsoft's products, and it makes sense, because many users look to Microsoft to ensure that their computers are secure, even when the problem lies with a third-party program. The company will contact and coordinate with the third-party vendor before an advisory is issued."

2 of 86 comments (clear)

  1. Java's and Adobe's updates suck. by Anonymous Coward · · Score: 2, Informative

    Ah Java and Adobe!

    Ya see, I run my XP box as user. The Admin account is used only for Admin. Now, in my user mode, the Java and Adobe update icons show up in the tray and when I click on them, after a while of them doing their thing, I get the "You have to have administrative privileges to perform this update." Can I do a "Run as" on those updates? Nope. Gotta log-off and log back on as the admin. "Switch User"? Turned it off for performance reasons.

    Then in Admin mode, gotta re-download all of the updates again and then do the install.

    So, what if your customers, or least the people using those machines, don't have admin access?

    Oh, I don't have that problem with any of Microsoft's products, btw.

    iTunes on Windows sucks too.

    Listen Windows devs, not everyone runs their machines as Admins all the time! Geeze!

    And no, you shouldn't have to be an admin to install a fucking document viewer.

    1. Re:Java's and Adobe's updates suck. by Anaerin · · Score: 1, Informative

      Ya see, I run my XP box as user. The Admin account is used only for Admin. Now, in my user mode, the Java and Adobe update icons show up in the tray and when I click on them, after a while of them doing their thing, I get the "You have to have administrative privileges to perform this update." Can I do a "Run as" on those updates? Nope. Gotta log-off and log back on as the admin. "Switch User"? Turned it off for performance reasons.

      So, let me get this straight, you have enabled a high(er) security policy, and are now complaining when the higher security policy you have implemented gets in the way of something you want to do. Let's try looking at this another way:

      Stupid lock makers! I installed deadbolts in my doors for security, but when I'm outside and I see I've left a light on I have to unlock my doors again to turn that light off! Can I do a "teleport into the room"? Nope. Gotta walk to the door and unlock it! X10? Didn't get the wireless option for performance reasons

      It's the same kind of argument you're trying here. Some might say that the Java updater should change it's prompt if you don't have administrative rights (and/or change it's behaviour, so it doesn't bother downloading an update you can't install), but that is STILL not Microsoft fault. And, in fact, in Vista and 7, with UAC, have enabled you to do exactly as you intend, and given that XP's support is being sunset shortly, it would behoove you to update. And, for reference, Windows 7 with Aero disabled has comparable (or better) performance than Windows XP. Oh, and you CAN do a RunAs, you just need to do it from Windows - The "Update notifier" applications don't have that capability, but if you find where it downloaded the installer to, you can install it using RunAs from there.

      Then in Admin mode, gotta re-download all of the updates again and then do the install.

      Because it's a completely different user, and for security reasons one user's programs can't access another user's area

      So, what if your customers, or least the people using those machines, don't have admin access?

      You find someone (your IT manager, or the person who implemented the higher security policy) who does have admin access.

      And no, you shouldn't have to be an admin to install a fucking document viewer.

      Why the hell not? Software is software, no matter what it does. Your "Fucking document viewer" might have any number of other functions, including formatting the entire system if it so desires, not to mention adding files to the system (DLL/COM components/Default associations) and making all kinds of changes. The OS has no idea what a program is and what it does, just that it's something new and therefore needs approval. Or do you want an "Evil" bit to be set in programs. Just how well do you think that would work?