Diff'rent strokes for diff'rent folks... I only really enjoyed the third and fourth books of the series, actually. The first one bored me, and the second one, while more interesting, didn't interest me enough to make me want to re-read it. I've read the third and fourth several times since and enjoyed both immensely.
I found the very concept of time running down during humanity's lifespan both challenging and thought-provoking. I think Blish handled the concept very well. The eventual outcome is also satisfying, without being condescending (although I guess it depends upon how much you "like" Amalfi [sp? - it's been a while since I last read it]).
But it seems to me that the major long-term problem associated with cutting oneself off from the "real":) world is to do with socialising.
Sure, there are on-line communities, but currently these are limited as per the contrainsts of the web itself: limited rich content, low bandwidth, audio and visual information only.
Why is it harder to carry out a conversation via email than it is face to face? (Aside from the extra time taken in typing, of course:) Because human beings typically only exchange about 20-30% of the information in a conversation via the spoken word. The rest is the _way_ the words are spoken (pitch, rhythm [sp?]), the body language, nuances, other senses.
Email and other web-based communication techniques that rely on the written word rather than the spoken word can only communicate a minority of the contextual information that a human being typically expects to receive during a conversation. For work or academic related stuff where specifications are clear this may be fine, but for a social conversation email and the like aren't there yet.
Until the web (or its offspring) can transmit non-written conservation like language pitch and context, and body language - "rich conversation" - I don't think it's going to feasible to cut oneself off entirely from the outside world.
Actually, I think it's a little different from VNC, although the goals do overlap. My (limited?) understanding of the two is this:
1. VNC captures a bitmap of a server desktop (or, at least, the parts of the desktop that have changed) and sends _this bitmap_ down to a client viewer.
2. VNC's display, therefore, is only as multi-user as the base OS... under Unix, VNC can serve out multiple distinct desktops, but under Windows VNC can only serve out one desktop.
3. VNC can't share out an individual app - it shares the whole desktop.
Now, compare this with GraphOn's product (or, at least, my understanding of it):
1. GraphOn server on Windows NT intercepts GDI calls and translates these calls into a language which is then passed to a client which renders the GDI call at the client end.
2. Because the application is never actually displayed on the NT side, it's possible for GraphOn to serve out multiple distinct copies of the app simultaneously.
3. GraphOn serves out on an application-by-applicaton basis, not the whole desktop.
'Course, I could be wrong - it wouldn't be the first time. But the above is my understanding of the differences between the two...
BTW the patent that GraphOn acquired is _extremely_ specific; there was a discussion about it on the VNC list recently and the conclusion was that the patent didn't really apply to VNC.
So you're saying, if the tables were reversed you'd side against Microsoft? So given the current situation, why won't you side against AOL?
Microsoft's past history is irrelevant just for this moment. This issue is about AOL breaking stuff on purpose just because they can, and no matter who gets hurt (be it Microsoft or anybody else), AOL is in the wrong.
When Microsoft documents their proprietary protocols, they will have earned the right to ask other companies to do the same.
Let's kill two birds with one stone here...:)
On DCOM, the following should get you started. It took about 20 seconds to find on MSDN, but I couldn't be bothered reading any more indepth (the basic premise is that the protocol is called "Object RPC", the link below returns all MSDN documents on it - there are quite a few!):
So the issue is not one of protocol documentation, but protocol _control_ (he who owns the protocol has the right to change it arbitrarily), and that's the contentious (and, from Microsoft, hyprocritical) part...
They cry for a standard when it's not theirs. What about clearly MSOffice file formats, hmmm?
Yeah, that's a good point. Ok, I'll bite and play devil's advocate...
(a) MS has never tried to promote the file formats as "standards" (i.e. it "just kinda happened 'cause we sold a heap of product" a.k.a de facto standard) (that's a contentious argument, I know:) (b) Said file formats are fully documented in MSDN. Does anybody know if/where the AOL messenger protocol is documented?
[Offtopic: It's my understanding that the killer with the MS Office formats is the binary OLE gobbledegook that's in 'em... effectively ties the file format to Windows, making it really hard for anybody to port to another OS. Non-MS office apps tend to have a better time importing office docs under Windows than under other OSes (no, I don't have any proof, but haven't the rest of you noticed this?)]
Ok, so *now* they want standards that work... how about writing a browser that reads a standard called HTML properly?
Boy, you must have a taste for irony... surely everybody here is adult enough to just admit that IE is a hell of a lot closer to W3C compliance than Netscape is? They both suck, but IE sucks less.
Even AOL/Netscape must think that Communicator is crap, otherwise why would they have trashed the Communicator code base for Gecko?
or how about one called JavaScript?
(a) JavaScript is not a standard. (Since when does Netscape set standards? Their "standards" are the primary reason half of the world's web pages don't work in all of the available browsers.) (b) IE runs JavaScript just fine - at about twice the speed of Communicator.
And how about some APIs that work the way they are documented to?
Huh? You mean the argument's changed from "the APIs aren't documented"? Gee... the argument's evolving... a moving target!
Sorry, I must have eaten something bad a lunch, 'cause I'm sure in an argumentative mood. Didn't mean to take it out on you. Apologies:)
One intesting thing for you to look up is the Windows 40 day bug, or something like that. Basically if you were able to keep a Windows machine up for 40 days straight without rebooting it would crash because of over-writing something. It wasn't discovered for several years because NO ONE WAS ABLE TO KEEP A Windows MACHINE UP THAT LONG!
Yes, that's true, although don't forget that's Windows 95/98, _not_ Windows NT/2000.
The bug is in the OS's tick counter, which is only a 32 bit counter... after ~47 days, the counter suffers an overrun, and the machine crashes. This has been fixed in 98 SE, I believe.
with NT rapidly spreading through fortune 500, government and military, along with the requisite exchange server (go ask the MCSE to turn on pop3 or imap, he'll spit on you), which defaults to a proprietary protocol for messages, calendars, etc. I see linux losing a lot of ground -- rapidly.
...
please, i'd like to hear from someone how this will be stopped?
Write something better. Simple, really:)
Exchange is a compelling choice for a lot of businesses because (a) it integrates with their current environments [i.e. NT, Office]; (b) it is scalable; (c) although it does perform optimally only with proprietary protocols it does interoperate smoothly (out of the box) with foreign messaging systems [SMTP, X.400, Notes, CC Mail] and clients [LDAP, POP3, IMAP, even a frames-based HTML/Java client]; (d) the client software [Outlook] offers virtually unparalleled integration of email, tasks, calendars and contacts in a single application. I'm not an MS fan, particularly, but Exchange-Outlook really is a killer combination. The nearest competitor, Notes, is pretty pale in comparison.
Want to prevent Linux losing ground in the groupware market? Then write some groupware... currently there's nothing integrated out there, and I agree with you that this is an issue that requires resolution if Linux (less specifically, open source in general) wants to make inroads into this market.
Go read Drake's equation.... Solve for 1 and see the numbers that are required, just to prove the point.
Not possible. You can only solve an equation when you are missing only one variable. Since Drake's Equation relies on the values of 11 variables, and you're specifying one, you're left with trying to simultaneously solve for 10 independent variables. I think we can safely put that in the "too hard" basket:)
I'm not so sure that SP is only for kiddies... I think it's one of those comedies that works on two levels - a base one for kids and a higher level for adults.
I consider myself an adult:) yet I find SP bloody funny...
My fault for having those filters enabled in the first place.
Oh, I don't know that you should blame yourself... I think a strong argument can be made for Microsoft making their software installers default to minimal installations rather than complete installations (particularly for products where security is an issue, e.g. NT server, IIS).
I believe it is far more interesting that the R5 spread the word as quickly as they did where as Microsoft wasn't even going to mention anything about their IIS 5.0 'problem' until they had a fix.
1. It's IIS 4.0, not 5.0. 2. The problem with IIS 4.0 is nothing to do with viruses or worms. 3. Microsoft posted a workaround to all members of its security mailing list about 5 hours ago; NTBugTraq posted the same message shortly afterwards. Every NT sysadmin who's anyone has plugged this hole by now.
Please stop spreading FUD, it does you a disservice.
The following is a Security Bulletin from the Microsoft Product Security Notification Service.
Please do not reply to this message, as it was sent from an unattended mailbox. ********************************
Microsoft Security Bulletin (MS99-019) --------------------------------------
Workaround Available for "Malformed HTR Request" Vulnerability
Originally Posted: June 15, 1999
Summary ======= Microsoft has released a patch that eliminates a vulnerability in Microsoft (r) Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
Microsoft has issued this bulletin to advise customers of steps they can take to protect themselves against this vulnerability. A patch to eliminate this vulnerability is being developed, and an update to this bulletin will be released to advise customers when it is available.
Issue ===== IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. A vulnerability exists in ISM.DLL, the filter DLL that processes.HTR files. HTR files enable remote administration of user passwords.
The vulnerability involves an unchecked buffer in ISM.DLL. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an.HTR file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be restarted. The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of.HTR files.
While there are no reports of customers being adversely affected by this vulnerability, Microsoft is proactively releasing this bulletin to allow customers to take appropriate action to protect themselves against it.
Affected Software Versions ========================== - Microsoft Internet Information Server 4.0
What Microsoft is Doing ======================= Microsoft has provided a workaround that fixes the problem identified. The workaround is discussed below in What Customers Should Do.
Microsoft also has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service. See http://www.microsoft.com/security/services/bulleti n.asp for more information about this free customer service.
What Customers Should Do ======================== Microsoft highly recommends that customers disable the script mapping for .HTR files as follows: - From the desktop, start the Internet Service Manager by clicking Start | Programs | Windows NT 4.0 Option Pack | Microsoft Internet Information Server | Internet Service Manager - Double-click "Internet Information Server" - Right-click on the computer name and select Properties - In the Master Properties drop-down box, select "WWW Service", then click the "Edit" button . - Click the "Home Directory" tab, then click the "Configuration" button . - Highlight the line in the extension mappings that contains ".HTR", then click the "Remove" button. - Respond "yes" to "Remove selected script mapping?" say yes, click OK 3 times, close ISM
A patch will be available shortly to eliminate the vulnerability altogether.
Customers should monitor http://www.microsoft.com/security for an announcement when the patches are available.
Microsoft recommends that customers review the IIS Security Checklist at http://www.microsoft.com/security/products/iis/C heckList.asp
More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS99-019, Workaround Available for "Malformed HTR Request" Vulnerability (The Web-posted version of this bulletin), http://www.microsoft.com/security/bulletins/ms99-0 19.asp. - IIS Security Checklist, http://www.microsoft.com/security/products/iis/Che ckList.asp
Obtaining Support on this Issue =============================== If you require technical assistance with this issue, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/def ault.asp.
Revisions ========= - June 15, 1999: Bulletin Created.
For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security
Slashdot Mirror
Diff'rent strokes for diff'rent folks... I only really enjoyed the third and fourth books of the series, actually. The first one bored me, and the second one, while more interesting, didn't interest me enough to make me want to re-read it. I've read the third and fourth several times since and enjoyed both immensely.
I found the very concept of time running down during humanity's lifespan both challenging and thought-provoking. I think Blish handled the concept very well. The eventual outcome is also satisfying, without being condescending (although I guess it depends upon how much you "like" Amalfi [sp? - it's been a while since I last read it]).
... and even then, would you really want to?
... not that I'm saying that's not important.
:) world is to do with socialising.
:) Because human beings typically only exchange about 20-30% of the information in a conversation via the spoken word. The rest is the _way_ the words are spoken (pitch, rhythm [sp?]), the body language, nuances, other senses.
But it seems to me that the major long-term problem associated with cutting oneself off from the "real"
Sure, there are on-line communities, but currently these are limited as per the contrainsts of the web itself: limited rich content, low bandwidth, audio and visual information only.
Why is it harder to carry out a conversation via email than it is face to face? (Aside from the extra time taken in typing, of course
Email and other web-based communication techniques that rely on the written word rather than the spoken word can only communicate a minority of the contextual information that a human being typically expects to receive during a conversation. For work or academic related stuff where specifications are clear this may be fine, but for a social conversation email and the like aren't there yet.
Until the web (or its offspring) can transmit non-written conservation like language pitch and context, and body language - "rich conversation" - I don't think it's going to feasible to cut oneself off entirely from the outside world.
Actually, I think it's a little different from VNC, although the goals do overlap. My (limited?) understanding of the two is this:
1. VNC captures a bitmap of a server desktop (or, at least, the parts of the desktop that have changed) and sends _this bitmap_ down to a client viewer.
2. VNC's display, therefore, is only as multi-user as the base OS... under Unix, VNC can serve out multiple distinct desktops, but under Windows VNC can only serve out one desktop.
3. VNC can't share out an individual app - it shares the whole desktop.
Now, compare this with GraphOn's product (or, at least, my understanding of it):
1. GraphOn server on Windows NT intercepts GDI calls and translates these calls into a language which is then passed to a client which renders the GDI call at the client end.
2. Because the application is never actually displayed on the NT side, it's possible for GraphOn to serve out multiple distinct copies of the app simultaneously.
3. GraphOn serves out on an application-by-applicaton basis, not the whole desktop.
'Course, I could be wrong - it wouldn't be the first time. But the above is my understanding of the differences between the two...
BTW the patent that GraphOn acquired is _extremely_ specific; there was a discussion about it on the VNC list recently and the conclusion was that the patent didn't really apply to VNC.
NT 4 is POSIX 1003.1 compliant.
What the heck? It _is_ true, stop saying it isn't!
So you're saying, if the tables were reversed you'd side against Microsoft? So given the current situation, why won't you side against AOL?
Microsoft's past history is irrelevant just for this moment. This issue is about AOL breaking stuff on purpose just because they can, and no matter who gets hurt (be it Microsoft or anybody else), AOL is in the wrong.
Cheers
Alastair
In my opinion, all these new messangers are just trying to reinvent their own proprietary wheel.
Of course. Because the issue is control. If you own it, you can profit from it.
Cheers
Alastair
When Microsoft documents their proprietary
:)
= true&Boolean=PHRASE&submit1=search&chkM= on&qu=ORPC
protocols, they will have earned the right to
ask other companies to do the same.
Let's kill two birds with one stone here...
On DCOM, the following should get you started. It took about 20 seconds to find on MSDN, but I couldn't be bothered reading any more indepth (the basic premise is that the protocol is called "Object RPC", the link below returns all MSDN documents on it - there are quite a few!):
http://search.microsoft.com/us/dev/r esults.asp?SearchArea=&SearchArea=%2C+%2C+%2C+&nq
Now, back to being on-topic: AOL have also documented their protocol as part of Tik:
http://www.aim.aol.com/tik/
So the issue is not one of protocol documentation, but protocol _control_ (he who owns the protocol has the right to change it arbitrarily), and that's the contentious (and, from Microsoft, hyprocritical) part...
Cheers
Alastair
(e.g. ICQ)
We all know, of course, I meant IRC... *blush*
So who is Slashdot going to go for?
Hopefully neither. Both protocols are proprietary. Better to take an open standard based on an RFC (e.g. ICQ) and make it better.
Cheers
Alastair
They cry for a standard when it's not theirs. What about clearly MSOffice file formats, hmmm?
:)
Yeah, that's a good point. Ok, I'll bite and play devil's advocate...
(a) MS has never tried to promote the file formats as "standards" (i.e. it "just kinda happened 'cause we sold a heap of product" a.k.a de facto standard) (that's a contentious argument, I know
(b) Said file formats are fully documented in MSDN. Does anybody know if/where the AOL messenger protocol is documented?
[Offtopic: It's my understanding that the killer with the MS Office formats is the binary OLE gobbledegook that's in 'em... effectively ties the file format to Windows, making it really hard for anybody to port to another OS. Non-MS office apps tend to have a better time importing office docs under Windows than under other OSes (no, I don't have any proof, but haven't the rest of you noticed this?)]
Cheers
Alastair
MS is getting a taste of their own medicine
Go AOL (gosh I hate em but oh well).
Wiser people than me have already said it -
Cheers
Alastair
Ok, so *now* they want standards that work... how about writing a browser that reads a standard called HTML properly?
:)
Boy, you must have a taste for irony... surely everybody here is adult enough to just admit that IE is a hell of a lot closer to W3C compliance than Netscape is? They both suck, but IE sucks less.
Even AOL/Netscape must think that Communicator is crap, otherwise why would they have trashed the Communicator code base for Gecko?
or how about one called JavaScript?
(a) JavaScript is not a standard. (Since when does Netscape set standards? Their "standards" are the primary reason half of the world's web pages don't work in all of the available browsers.)
(b) IE runs JavaScript just fine - at about twice the speed of Communicator.
And how about some APIs that work the way they are documented to?
Huh? You mean the argument's changed from "the APIs aren't documented"? Gee... the argument's evolving... a moving target!
Sorry, I must have eaten something bad a lunch, 'cause I'm sure in an argumentative mood. Didn't mean to take it out on you. Apologies
Cheers
Alastair
One intesting thing for you to look up is the Windows 40 day bug, or something like that. Basically if you were able to keep a Windows machine up for 40 days straight without rebooting it would crash because of over-writing something. It wasn't discovered for several years because NO ONE WAS ABLE TO KEEP A Windows MACHINE UP THAT LONG!
Yes, that's true, although don't forget that's Windows 95/98, _not_ Windows NT/2000.
The bug is in the OS's tick counter, which is only a 32 bit counter... after ~47 days, the counter suffers an overrun, and the machine crashes. This has been fixed in 98 SE, I believe.
Cheers
Alastair
with NT rapidly spreading through fortune 500, government and military, along with the requisite exchange server (go ask the MCSE to turn on pop3 or imap, he'll spit on you), which defaults to a proprietary protocol for messages, calendars, etc. I see linux losing a lot of ground -- rapidly.
:)
...
please, i'd like to hear from someone how this will be stopped?
Write something better. Simple, really
Exchange is a compelling choice for a lot of businesses because (a) it integrates with their current environments [i.e. NT, Office]; (b) it is scalable; (c) although it does perform optimally only with proprietary protocols it does interoperate smoothly (out of the box) with foreign messaging systems [SMTP, X.400, Notes, CC Mail] and clients [LDAP, POP3, IMAP, even a frames-based HTML/Java client]; (d) the client software [Outlook] offers virtually unparalleled integration of email, tasks, calendars and contacts in a single application. I'm not an MS fan, particularly, but Exchange-Outlook really is a killer combination. The nearest competitor, Notes, is pretty pale in comparison.
Want to prevent Linux losing ground in the groupware market? Then write some groupware... currently there's nothing integrated out there, and I agree with you that this is an issue that requires resolution if Linux (less specifically, open source in general) wants to make inroads into this market.
Cheers
Alastair
Go read Drake's equation. ... Solve for 1 and see the numbers that are required, just to prove the point.
:)
Not possible. You can only solve an equation when you are missing only one variable. Since Drake's Equation relies on the values of 11 variables, and you're specifying one, you're left with trying to simultaneously solve for 10 independent variables. I think we can safely put that in the "too hard" basket
Cheers
Alastair
I'm not so sure that SP is only for kiddies... I think it's one of those comedies that works on two levels - a base one for kids and a higher level for adults.
:) yet I find SP bloody funny...
I consider myself an adult
Cheers
Alastair
- if the alternative is FREE
"Linux is only free if your time has no value" - Jamie Zawinski
VNC is cool as well; it's cross platform and open source.
http://www.uk.research.att.com/vnc/
Cheers
Alastair
Win95 will run in only 4 mb, but you don't get any networking features with that footprint.
No, they're not.
My fault for having those filters enabled in the first place.
Oh, I don't know that you should blame yourself... I think a strong argument can be made for Microsoft making their software installers default to minimal installations rather than complete installations (particularly for products where security is an issue, e.g. NT server, IIS).
Cheers
Alastair
I believe it is far more interesting that the R5 spread the word as quickly as they did where as Microsoft wasn't even going to mention anything about their IIS 5.0 'problem' until they had a fix.
1. It's IIS 4.0, not 5.0.
2. The problem with IIS 4.0 is nothing to do with viruses or worms.
3. Microsoft posted a workaround to all members of its security mailing list about 5 hours ago; NTBugTraq posted the same message shortly afterwards. Every NT sysadmin who's anyone has plugged this hole by now.
Please stop spreading FUD, it does you a disservice.
Cheers
Alastair
Here's the full text:
.HTR files. HTR files enable remote administration of user
.HTR file could overflow the buffer, causing IIS .HTR files.
i n.asp for more
C heckList.asp
0 19.asp. e ckList.asp
f ault.asp.
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
Microsoft Security Bulletin (MS99-019)
--------------------------------------
Workaround Available for "Malformed HTR Request" Vulnerability
Originally Posted: June 15, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in Microsoft
(r) Internet Information Server 4.0. The vulnerability could allow denial
of service attacks against an IIS server or, under certain conditions,
could allow arbitrary code to be run on the server.
Microsoft has issued this bulletin to advise customers of steps they can
take to protect themselves against this vulnerability. A patch to eliminate
this vulnerability is being developed, and an update to this bulletin will
be released to advise customers when it is available.
Issue
=====
IIS supports several file types that require server-side processing. When a
web site visitor requests a file of one of these types, an appropriate
filter DLL processes it. A vulnerability exists in ISM.DLL, the filter DLL
that processes
passwords.
The vulnerability involves an unchecked buffer in ISM.DLL. This poses two
threats to safe operation. The first is a denial of service threat. A
malformed request for an
to crash. The server would not need to be rebooted, but IIS would need to
be restarted. The second threat would be more difficult to exploit. A
carefully-constructed file request could cause arbitrary code to execute on
the server via a classic buffer overrun technique. Neither scenario could
occur accidentally. This vulnerability does not involve the functionality
of the password administration features of
While there are no reports of customers being adversely affected by this
vulnerability, Microsoft is proactively releasing this bulletin to allow
customers to take appropriate action to protect themselves against it.
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
What Microsoft is Doing
=======================
Microsoft has provided a workaround that fixes the problem identified. The
workaround is discussed below in What Customers Should Do.
Microsoft also has sent this security bulletin to customers
subscribing to the Microsoft Product Security Notification Service.
See http://www.microsoft.com/security/services/bullet
information about this free customer service.
What Customers Should Do
========================
Microsoft highly recommends that customers disable the script mapping for
.HTR files as follows:
- From the desktop, start the Internet Service Manager
by clicking Start | Programs | Windows NT 4.0 Option
Pack | Microsoft Internet Information Server | Internet
Service Manager
- Double-click "Internet Information Server"
- Right-click on the computer name and select Properties
- In the Master Properties drop-down box, select "WWW Service",
then click the "Edit" button .
- Click the "Home Directory" tab, then click the "Configuration"
button .
- Highlight the line in the extension mappings that contains ".HTR",
then click the "Remove" button.
- Respond "yes" to "Remove selected script mapping?" say yes,
click OK 3 times, close ISM
A patch will be available shortly to eliminate the vulnerability altogether.
Customers should monitor http://www.microsoft.com/security for an
announcement when the patches are available.
Microsoft recommends that customers review the IIS Security Checklist at
http://www.microsoft.com/security/products/iis/
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-019,
Workaround Available for "Malformed HTR Request" Vulnerability
(The Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms99-
- IIS Security Checklist,
http://www.microsoft.com/security/products/iis/Ch
Obtaining Support on this Issue
===============================
If you require technical assistance with this issue, please contact
Microsoft Technical Support. For information on contacting Microsoft
Technical Support, please see
http://support.microsoft.com/support/contact/de
Revisions
=========
- June 15, 1999: Bulletin Created.
For additional security-related information about Microsoft products,
please visit http://www.microsoft.com/security
Cheers
Alastair