"Most people who don't get Windows pre-installed have to install it themselves."
Well yeah, but what eprcentage of people don't get Windows pre-installed? 1%? I don't see your point.
"Well, lets see - linux was harder to install than Windows then, whereas linux is now EASIER to install. That's a big difference."
I don't know about that. I remember trying Mandrake back wround the time XP was released and it was extremely easy to install. The problem then was that the applications sucked compared to their Windows equivalents, and of course there was the issue of games. I use FreeBSD as a desktop today, and the situtation with apps is still pretty much the same. *nix desktop apps have gotten better, but apps on the Windows side have too, so there really isn't a compelling reason for average folks to not use Windows. And there is still the issue of games.
"...its a safe bet that Vista will be even more prone to malware, given the constant rejuggling its undergone."
That certainly is an opinion. Regardless of how the malware situation is affected by Vista, you are making the big (and common) mistake of assuming that people have security at the top of their list when evaluating an OS or application. For the vasy majoroty of the people, functionality is number one, probably followed by ease of use, cost and then maybe security. An obscure desktop OS like linux has the security and cost angles nailed down, but in the big picture they end up not mattering to 90 out of 100 people. Look at Internet Explorer for example. IE is the most exploited app in the history of computing, yet many people's reason for sticking with it is that "some websites don't work with other browsers". Other's don't even know what a browser is, let alone an operating sytsem.
Yes, I know how GPO templates work, but the submitter doesn't exectly sound like a seasoned IT pro. I would think the GUI way of doing it would be welcomed for some one who is probably not accustomed to using regedit and/or the reg command.
"If your current car has an engine that doesn't run properly, requires a lot of maintenance, and periodic expenditures for a new, buggier engine every few years to that same manufacturer, and someone else is offering you a free new engine, with free upgrades, and the chance to try it, again at no risk, you're going to try it."
With the caveat that you have to install the engine yourself and there is absolutely no support - unless of course you want to count support as asking your buddy at work who likes to work on cars to help you, and waiting a few days before he has the time.
"XP is the end of the line for Microsoft. Vista is alreasy shaping up to be both a support nightmare (too many versions, too many rewrites, too much hardware required for a decent "user experience", too many features cut, too many intentional holes in the "new security model", too much maintenance, too much money when compared to the competition). Remember, linux live DVDs are already good enugh for libraries and schools and anyone else who wants to surf the web, and they're only going to get better."
*yawn* People like you were saying the same things when XP came out. What happened?
There should be no registry changes involved. The Group policy settings can be set on the client machines by opening up mmc and addings the "local group policy" snap-in. From there, you can add the WSUS settings to each machine.
As for XP support, I'm pretty sure WSUS will not install on *any* of the desktop OS's.
"Oh, and no exploit on any non-Windows system has ever allowed an attacker to get administrator access by looking in a fracking picture like one MS exploit did."
The WMF vulnerability did not escalate priviledges. It ran code with the rights of the logged on user. As for non-Windows systems, there have been plenty of vulnerabilities that can be trigggered by looking at a picture, like this, and this, and this and this. I'm sure I could have found more, but I didn't feel like going past page two of my Google search.
"Either way, I mostly use FreeBSD now anyways."
As long time FreeBSD user, I must say I'm sorry to hear that.
"It's a pain in the neck when you do this to install a program, and it installs it only to that (Say, the Administrator account) users start menu.
Or if you want to save a document from a program that requires it, you save it to My Documents, right? Go to open it later, open up My Documents in Windows Explorer and wow! It's gone!"
1) Click on my sig
2) Go to the useful tools section and grab one of the "sudo" type programs. Sudo WN is my favorite. The sudo tools solve the problems you mentioned above.
"For example, the games that insist on installing a kernel mode driver for the sake of copy protection just to run an application, something that non-idiot unix users would never permit."
Speaking of games, and what users of Windows will put up with, I used to play America's Army on FreeBSD until discontinued development of the linux port. In Windows, punkbuster (and therefore the game) would require admin privileges to run, but in FreeBSD it would run just fine as a normal user.
The justification that punkbuster needs admin access so that the user can't circumvent it is complete bullshit, as the user already has admin rights over their PC in the first place.
"It's partly the lack of market share. That's offset to a large degree by the extra l33t points accruing to the guy who manages to release the first malware to get widespread penetration into those "invulnerable" systems."
The days of writing malware just for fun are certainly not gone (and never will be), but do you really think the number of people doing it for fun are even remotely comparable to the number doing it for money? It seems for every virus that destroys/spreads and nothing else, there are a hundred others that are written specifically to recruit computers into botnets - which are then used for monetary gain. And that leaves out spyware of which none is written "for fun". OS X doesn't come with any daemons listening by default, so the ability to infect OS X machines without user interaction is virtually nil. Network based worms that infect vulnerable daemons are the only type of malware that are not hampered by the number of vulnerable hosts, so the only option in infecting OSX boxes is to get everyone to infect themselves via some form of social engineering. In order to lure people into infecting themselves, you have to reach them some way. How would you reach all of the OS X users on the net and then get them all to run your virus?
"It's in large part inherent system design. The basic design point: the separation between ordinary users and the administrative user (root). That separation means that, even if you do get infected with malware, the malware can't spread into the system itself..."
Malware need not "spread into the system" to take advantage of the system's resources. It only needs access to the user's home directory.
"It can't tie into system libraries, it can't have itself started at system startup,
I'm not sure what you mean by "tie into system libraries", but malware certainly does not need root to start itself up at system startup. Ever hear of crontab? ~/.kde/autostart? ~/.profile? ~/.shrc? The options for starting processes up at startup or logon in unix-type systems are plentiful.
"it can't hide itself from the administrative user."
For the competent, cleanup certainly is easier if malware is restricted to the user's home, but if your average non-techie desktop user is the administrator, I don't think it would be very hard to hide something from them.
The only thing privilege separation does is protect the system from non-root users and non-root users from other non-root users. It makes sense because that's the only thing it was designed to do.
Application sandboxing (SELinux, Novell's AppArmor, and Vista's Application ACLs) all come much closer to being the "silver bullet" everyone is looking for - at least in regards to protecting users from exploits, but the patch for stupid still eludes everyone.
"Notice that it does not say 'has zero exploits'."
Do not put words in my mouth. I never said that IIS6 had no vulnerabilities. I said it had no critical vulnerabilities. The highest rated vulnerability listed on that secunia page is listed as moderately critical - It only poses a DoS threat. By critical, I simply meant none that could lead to the server being compromised. I actually clarified that point waaaaaaay back in this post, but apparently you missed it. You missing things seems to be a common theme.
"Why not trying out others security experts websites? I'll bet you'll find that IIS is affected by other exploits as well. Gee, didn't I say this to begin with?"
Secunia is a pretty well respected resource in the security community. Are you saying there are other known vulnerabilities for IIS6 that secunia doesn't have listed? If so how many do you think they are missing for Apache 1.x and Apache 2.x. I hope not many as both versions of Apache have had quite a few more vulnerabilities (two of them "critical" by my definition) discovered than IIS6 in the last three years.
Yes, you attempted to find other vulnerabilities, but you failed. but all you found was a fake vulnerability, and a few that were not actually IIS6 vulnerabilities. Yes, you found some vulnerabilities that could be exploited via IIS6 (like the Exchange one), but the fact remains that they were not native components of IIS6 - just like php/mysql are not native components of Apache.
You are confusing me now. You say that I live in a 'fantasy world'. That would imply that I've said and believe something that is not true. What have I said that is untrue? My main point has been that IIS6 has never had any serious vulnerabilities since it was released. Is secunia living in a fantasy world too?
"In the face of overwhelming evidence, denial is still the default state."
The only thing I've seen overwhelming evidence of, is that you don't have very good reading comprehension, you view open source software as a panacea, and you are a card carrying member of the ihatemicro$oft club.
"One must admire you ability to equate fact with zealotry."
I'm equating your denial of facts with zealotry. By posting exchange 2003 vulnerabilities and claiming that they are IIS vulnerabilities, you are not being honest with yourself. Should I post links to a ton of mysql and php and perl vulnerabilities and claim that they make Apache in insecure? No of course not. Even though Apache would be the prime avenue of exploitation for the above vulnerabilities, that would be dishonest as they are not really problems with Apache. I've meticulously destroyed every single one of your points by pointing out obvious errors ([b]the proof being in the very links you posted![/b]) in them, and instead of addressing my points you've replied with a post reeking of faux confidence saying that I'm a zealot and living in a dreamworld.
Oh, BTW, are you finally going to admit that you were duped by and posted a fake vulnerability? For all the talk you spew about denying facts, I would expect you to jump right out and acknowledge such an obvious blunder.
You make too many assumptions about me. I administer both Apache and IIS machines. IIS5 was crap (I hated looking after those boxes), but IIS6 is decent. I've never had any issues with Apache. I'm just happen to not a zealot* like some other people.
And BTW. You should not talk about denial. That first exploit is not real. It was posted as a joke to troll gullible people like you. Why don't you actually read the exploit carefully, and if you're still not sure read the *reply* to the posting.
*like the fuckhead who modded my first post flamebait. Gee, I happen to have five mod points right now. Perhaps I'll find a story I don't care to post in and mod down opinions I don't agree with.
That list counts every vulnerability in Win2k3 since it was released, and is not relevant. IE/Media PLayer/Flash/SMB vulnerabilities cannot be exploited via IIS6.
Hmm. The first is a IIS5 vulnerability. Try reading past the first line next time.
The second one is not an IIS6 or IIS5 vulnerability. Not sure WTF you posted that for.
The third one is an Exchange Vulnerability. Exchange != IIS6
"Lets also not forget that....several vulnerabilities to underlying systems and Dlls caused IIS6 to be vulnerable as well."
Just because some dll or binary is vulnerable in Windows does not necessarily mean it can be exploited via IIS. You are grasping for straws here.
So lets sum your glorious rebuttal to my claim that IIS6 has had no critical vulnerabilities.
* You've posted a fake (Here's your sign!) vulnerability. * You've posted a list of all of the vulnerabilities in Win2k3, and insinuated that they all can be exploited via IIS6 * You've posted two vulnerabilities that had nothing to do with any version of IIS, and one IIS5 vulnerability. * You repeatedly brought up IIS5, when in fact I never brought up IIS5 and was specifically talking about IIS6.
"...the fact still remains that Apache is far better, far faster and far more secure than Microsoft has ever been... which is why they have always had the market."
Better? What exactly do you mean by "better"?
Faster? Perhaps, but by who's measure? I've never seen a useful (yes, Microsoft's don't count as useful) Apache/IIS performance comparison.
More secure? Why do you think that? IIS6 has never had a critical vulnerability discovered for it. In the same time frame you can't say that for Apache 1.x and 2.x.
Since you claim that your assertions are "facts", I can only hope that you've got some "facts" to back it up, right?
"WAY too low a level....0.1 was much more of a realistic BAC. Geez...have a couple of glasses over a quick dinner and you're 'legally' drunk? I think not..."
I think BAC might be a tad overrated as far as telling if someone is "impaired".
I saw a special on one of those news magazine shows several years ago. They took two guys around 30 years old and had them drink a bunch of alcohol. One guy a medium build - around 175lbs. The other was taller and more bulky - around 230lbs. Both were physically fit and both drank occasionally. Over the course of several hours, they gave them various drinks from a bar. In between drinks, they fed them food. They gave the smaller guy more food than the bigger guy (Had something to do with the "smaller people can't handle as much alcohol" theory I think), but neither had an empty stomach at the end of the night. After every drink, a police officer would give them a breath test and measure their BAC. IIRC, it took them seven drinks before one of them reached 0.08 BAC. After seven drinks, both of them were completely smashed. Both reported having double vision, and one of them had trouble even walking. Neither could have come close to passing a sobriety test. The point was, that the guys' BAC meant very little. By the fourth or fifth drink, both of them were not fit to drive a vehicle, yet their BAC was well under the legal limit.
Now, I imagine (or hope that) the magic level of 0.08 was arrived via *some* sort of testing to see what level a person would be when they were impaired, so I don't see why some people might exibit the opposite of the two test subjects described above, and be perfectly fit to drive with a BAC content of well above 0.08.
Simple. Websites need to stop being lazy and host ads on their own servers. Yes, there would beed to be a way for the advertisers to track hits, but there should be a way to do that while keeping the potentially dangerous content off the advertisers site.
No, I've seen the same thing. We have two cats and over the last four years we've had four others (that have died) and my wife has never had a problem with any of them. However, recently when visting some relatives who had a Siamese cat, every time the cat would enter the room she would start sneezing uncontrollably. They ended up having to locking the cat in a back room until we left.
Slashdot Mirror
...""wuauclt /detectnow:...
Thank you. I never caught that when we updated to WSUS, and still thought you had to use the registry hack to get clients to check for updates.
"Most people who don't get Windows pre-installed have to install it themselves."
Well yeah, but what eprcentage of people don't get Windows pre-installed? 1%? I don't see your point.
"Well, lets see - linux was harder to install than Windows then, whereas linux is now EASIER to install. That's a big difference."
I don't know about that. I remember trying Mandrake back wround the time XP was released and it was extremely easy to install. The problem then was that the applications sucked compared to their Windows equivalents, and of course there was the issue of games. I use FreeBSD as a desktop today, and the situtation with apps is still pretty much the same. *nix desktop apps have gotten better, but apps on the Windows side have too, so there really isn't a compelling reason for average folks to not use Windows. And there is still the issue of games.
"...its a safe bet that Vista will be even more prone to malware, given the constant rejuggling its undergone."
That certainly is an opinion. Regardless of how the malware situation is affected by Vista, you are making the big (and common) mistake of assuming that people have security at the top of their list when evaluating an OS or application. For the vasy majoroty of the people, functionality is number one, probably followed by ease of use, cost and then maybe security. An obscure desktop OS like linux has the security and cost angles nailed down, but in the big picture they end up not mattering to 90 out of 100 people. Look at Internet Explorer for example. IE is the most exploited app in the history of computing, yet many people's reason for sticking with it is that "some websites don't work with other browsers". Other's don't even know what a browser is, let alone an operating sytsem.
To clarify, I should have said "there should be no need to edit the registry manually", rather than "there should be no registry changes involved".
Yes, I know how GPO templates work, but the submitter doesn't exectly sound like a seasoned IT pro. I would think the GUI way of doing it would be welcomed for some one who is probably not accustomed to using regedit and/or the reg command.
"If your current car has an engine that doesn't run properly, requires a lot of maintenance, and periodic expenditures for a new, buggier engine every few years to that same manufacturer, and someone else is offering you a free new engine, with free upgrades, and the chance to try it, again at no risk, you're going to try it."
With the caveat that you have to install the engine yourself and there is absolutely no support - unless of course you want to count support as asking your buddy at work who likes to work on cars to help you, and waiting a few days before he has the time.
"XP is the end of the line for Microsoft. Vista is alreasy shaping up to be both a support nightmare (too many versions, too many rewrites, too much hardware required for a decent "user experience", too many features cut, too many intentional holes in the "new security model", too much maintenance, too much money when compared to the competition). Remember, linux live DVDs are already good enugh for libraries and schools and anyone else who wants to surf the web, and they're only going to get better."
*yawn* People like you were saying the same things when XP came out. What happened?
There should be no registry changes involved. The Group policy settings can be set on the client machines by opening up mmc and addings the "local group policy" snap-in. From there, you can add the WSUS settings to each machine.
As for XP support, I'm pretty sure WSUS will not install on *any* of the desktop OS's.
I adminster an EPO server. It works great, it's not confusing to me, and it gets the job done. Each to his own I guess.
"Oh, and no exploit on any non-Windows system has ever allowed an attacker to get administrator access by looking in a fracking picture like one MS exploit did."
The WMF vulnerability did not escalate priviledges. It ran code with the rights of the logged on user. As for non-Windows systems, there have been plenty of vulnerabilities that can be trigggered by looking at a picture, like this, and this, and this and this. I'm sure I could have found more, but I didn't feel like going past page two of my Google search.
"Either way, I mostly use FreeBSD now anyways."
As long time FreeBSD user, I must say I'm sorry to hear that.
"All others get a special copy of the same and the games that you run can change them at will.
UNIX apps being statically bound come with their own libraries, and hence you do not need to share anything.
Windows comes ONLY with shareware stuff (NOT shareware), so that all applications depend on that copy for everything."
Wrong.
"It's a pain in the neck when you do this to install a program, and it installs it only to that (Say, the Administrator account) users start menu.
Or if you want to save a document from a program that requires it, you save it to My Documents, right? Go to open it later, open up My Documents in Windows Explorer and wow! It's gone!"
1) Click on my sig
2) Go to the useful tools section and grab one of the "sudo" type programs. Sudo WN is my favorite. The sudo tools solve the problems you mentioned above.
You are an idiot.
You don't have to install Itunes to get quicktime. ON the download page, click on the link that says "Quicktime Standalone Installer"
*Whooooosh*
"For example, the games that insist on installing a kernel mode driver for the sake of copy protection just to run an application, something that non-idiot unix users would never permit."
Speaking of games, and what users of Windows will put up with, I used to play America's Army on FreeBSD until discontinued development of the linux port. In Windows, punkbuster (and therefore the game) would require admin privileges to run, but in FreeBSD it would run just fine as a normal user.
The justification that punkbuster needs admin access so that the user can't circumvent it is complete bullshit, as the user already has admin rights over their PC in the first place.
"It's partly the lack of market share. That's offset to a large degree by the extra l33t points accruing to the guy who manages to release the first malware to get widespread penetration into those "invulnerable" systems."
The days of writing malware just for fun are certainly not gone (and never will be), but do you really think the number of people doing it for fun are even remotely comparable to the number doing it for money? It seems for every virus that destroys/spreads and nothing else, there are a hundred others that are written specifically to recruit computers into botnets - which are then used for monetary gain. And that leaves out spyware of which none is written "for fun". OS X doesn't come with any daemons listening by default, so the ability to infect OS X machines without user interaction is virtually nil. Network based worms that infect vulnerable daemons are the only type of malware that are not hampered by the number of vulnerable hosts, so the only option in infecting OSX boxes is to get everyone to infect themselves via some form of social engineering. In order to lure people into infecting themselves, you have to reach them some way. How would you reach all of the OS X users on the net and then get them all to run your virus?
"It's in large part inherent system design. The basic design point: the separation between ordinary users and the administrative user (root). That separation means that, even if you do get infected with malware, the malware can't spread into the system itself..."
Malware need not "spread into the system" to take advantage of the system's resources. It only needs access to the user's home directory.
"It can't tie into system libraries, it can't have itself started at system startup,
I'm not sure what you mean by "tie into system libraries", but malware certainly does not need root to start itself up at system startup. Ever hear of crontab? ~/.kde/autostart? ~/.profile? ~/.shrc? The options for starting processes up at startup or logon in unix-type systems are plentiful.
"it can't hide itself from the administrative user."
For the competent, cleanup certainly is easier if malware is restricted to the user's home, but if your average non-techie desktop user is the administrator, I don't think it would be very hard to hide something from them.
The only thing privilege separation does is protect the system from non-root users and non-root users from other non-root users. It makes sense because that's the only thing it was designed to do.
Application sandboxing (SELinux, Novell's AppArmor, and Vista's Application ACLs) all come much closer to being the "silver bullet" everyone is looking for - at least in regards to protecting users from exploits, but the patch for stupid still eludes everyone.
"Notice that it does not say 'has zero exploits'."
Do not put words in my mouth. I never said that IIS6 had no vulnerabilities. I said it had no critical vulnerabilities. The highest rated vulnerability listed on that secunia page is listed as moderately critical - It only poses a DoS threat. By critical, I simply meant none that could lead to the server being compromised. I actually clarified that point waaaaaaay back in this post, but apparently you missed it. You missing things seems to be a common theme.
"Why not trying out others security experts websites? I'll bet you'll find that IIS is affected by other exploits as well. Gee, didn't I say this to begin with?"
Secunia is a pretty well respected resource in the security community. Are you saying there are other known vulnerabilities for IIS6 that secunia doesn't have listed? If so how many do you think they are missing for Apache 1.x and Apache 2.x. I hope not many as both versions of Apache have had quite a few more vulnerabilities (two of them "critical" by my definition) discovered than IIS6 in the last three years.
Yes, you attempted to find other vulnerabilities, but you failed. but all you found was a fake vulnerability, and a few that were not actually IIS6 vulnerabilities. Yes, you found some vulnerabilities that could be exploited via IIS6 (like the Exchange one), but the fact remains that they were not native components of IIS6 - just like php/mysql are not native components of Apache.
You are confusing me now. You say that I live in a 'fantasy world'. That would imply that I've said and believe something that is not true. What have I said that is untrue? My main point has been that IIS6 has never had any serious vulnerabilities since it was released. Is secunia living in a fantasy world too?
"In the face of overwhelming evidence, denial is still the default state."
The only thing I've seen overwhelming evidence of, is that you don't have very good reading comprehension, you view open source software as a panacea, and you are a card carrying member of the ihatemicro$oft club.
"One must admire you ability to equate fact with zealotry."
I'm equating your denial of facts with zealotry. By posting exchange 2003 vulnerabilities and claiming that they are IIS vulnerabilities, you are not being honest with yourself. Should I post links to a ton of mysql and php and perl vulnerabilities and claim that they make Apache in insecure? No of course not. Even though Apache would be the prime avenue of exploitation for the above vulnerabilities, that would be dishonest as they are not really problems with Apache. I've meticulously destroyed every single one of your points by pointing out obvious errors ([b]the proof being in the very links you posted![/b]) in them, and instead of addressing my points you've replied with a post reeking of faux confidence saying that I'm a zealot and living in a dreamworld.
Oh, BTW, are you finally going to admit that you were duped by and posted a fake vulnerability? For all the talk you spew about denying facts, I would expect you to jump right out and acknowledge such an obvious blunder.
You make too many assumptions about me. I administer both Apache and IIS machines. IIS5 was crap (I hated looking after those boxes), but IIS6 is decent. I've never had any issues with Apache. I'm just happen to not a zealot* like some other people.
And BTW. You should not talk about denial. That first exploit is not real. It was posted as a joke to troll gullible people like you. Why don't you actually read the exploit carefully, and if you're still not sure read the *reply* to the posting.
*like the fuckhead who modded my first post flamebait. Gee, I happen to have five mod points right now. Perhaps I'll find a story I don't care to post in and mod down opinions I don't agree with.
When I said critical I meant vulnerabilities that could cause the server to be compromised. IIS6 had never had any.
e /2005-April/033445.html"
0 /7882.aspx"
Now lets analyze your last post...
"How about a buffer overflow exploit? Doies that count?
http://lists.grok.org.uk/pipermail/full-disclosur
Sorry, but that one does count because it's not real.
"How about this long list as compiled by a Microsoft MVP?
http://msmvps.com/blogs/bernard/archive/2004/06/1
That list counts every vulnerability in Win2k3 since it was released, and is not relevant. IE/Media PLayer/Flash/SMB vulnerabilities cannot be exploited via IIS6.
"How about these honorable mentions as well?
http://www.aqtronix.com/Advisories/AQ-2003-02.txt (unannounced by Microsoft)
http://isc.sans.org/diary.php?date=2005-10-11
http://www.securityfocus.com/bid/9409"
Hmm. The first is a IIS5 vulnerability. Try reading past the first line next time.
The second one is not an IIS6 or IIS5 vulnerability. Not sure WTF you posted that for.
The third one is an Exchange Vulnerability. Exchange != IIS6
"Lets also not forget that....several vulnerabilities to underlying systems and Dlls caused IIS6 to be vulnerable as well."
Just because some dll or binary is vulnerable in Windows does not necessarily mean it can be exploited via IIS. You are grasping for straws here.
So lets sum your glorious rebuttal to my claim that IIS6 has had no critical vulnerabilities.
* You've posted a fake (Here's your sign!) vulnerability.
* You've posted a list of all of the vulnerabilities in Win2k3, and insinuated that they all can be exploited via IIS6
* You've posted two vulnerabilities that had nothing to do with any version of IIS, and one IIS5 vulnerability.
* You repeatedly brought up IIS5, when in fact I never brought up IIS5 and was specifically talking about IIS6.
"...the fact still remains that Apache is far better, far faster and far more secure than Microsoft has ever been... which is why they have always had the market."
Better? What exactly do you mean by "better"?
Faster? Perhaps, but by who's measure? I've never seen a useful (yes, Microsoft's don't count as useful) Apache/IIS performance comparison.
More secure? Why do you think that? IIS6 has never had a critical vulnerability discovered for it. In the same time frame you can't say that for Apache 1.x and 2.x.
Since you claim that your assertions are "facts", I can only hope that you've got some "facts" to back it up, right?
"WAY too low a level....0.1 was much more of a realistic BAC. Geez...have a couple of glasses over a quick dinner and you're 'legally' drunk? I think not..."
I think BAC might be a tad overrated as far as telling if someone is "impaired".
I saw a special on one of those news magazine shows several years ago. They took two guys around 30 years old and had them drink a bunch of alcohol. One guy a medium build - around 175lbs. The other was taller and more bulky - around 230lbs. Both were physically fit and both drank occasionally. Over the course of several hours, they gave them various drinks from a bar. In between drinks, they fed them food. They gave the smaller guy more food than the bigger guy (Had something to do with the "smaller people can't handle as much alcohol" theory I think), but neither had an empty stomach at the end of the night. After every drink, a police officer would give them a breath test and measure their BAC. IIRC, it took them seven drinks before one of them reached 0.08 BAC. After seven drinks, both of them were completely smashed. Both reported having double vision, and one of them had trouble even walking. Neither could have come close to passing a sobriety test. The point was, that the guys' BAC meant very little. By the fourth or fifth drink, both of them were not fit to drive a vehicle, yet their BAC was well under the legal limit.
Now, I imagine (or hope that) the magic level of 0.08 was arrived via *some* sort of testing to see what level a person would be when they were impaired, so I don't see why some people might exibit the opposite of the two test subjects described above, and be perfectly fit to drive with a BAC content of well above 0.08.
Simple. Websites need to stop being lazy and host ads on their own servers. Yes, there would beed to be a way for the advertisers to track hits, but there should be a way to do that while keeping the potentially dangerous content off the advertisers site.
Or SudoWin
No, I've seen the same thing. We have two cats and over the last four years we've had four others (that have died) and my wife has never had a problem with any of them. However, recently when visting some relatives who had a Siamese cat, every time the cat would enter the room she would start sneezing uncontrollably. They ended up having to locking the cat in a back room until we left.