Somewhat related to the topic of google's continued expansion into new product areas -- how does google make money?
I love the company, and I hope they continue doing what they are doing, but looking at their stock I get unpleasant flashbacks to the tech bubble of the late 90's, where companies with high coolness factor but low profits had skyrocketing stocks. Are ads and 'google appliance' sales enough to drive the $189 per-share stock price?
Agreed! I'm consistently awed by the 'blanks' some farkers submit for people taking part in photoshop contests.
You can clearly make out where the people used to be in the edited photos on this story. And quite frankly the outline still visible on the bed freaks me out a bit.
Note that the latest version of Internet Explorer, as patched by Windows XP Service Pack 2, is not vulnerable to the installations shown in my video and discussed above.
Furthermore, the only reason the malware was able to install itself on the machine pre-sp2 was because IE was run as Administrator.
Run as Limited User, and back in July '04 the malware may have been able to execute it's code through the security hole, but XP's ACL's would have kicked in and no modifications would have been possible to program files, to your host file, or to any system directory.
Again, I'm not saying that vulnerabilities do not exist. IE is bug-ridden and I rather like running Firefox. You are not a looney (as far as I can tell:}). But XP is a solid OS. People who get infected practice unsafe habits (like running everything as administrator), and so this solidifies the original poster's point. Would you run your linux or your mac box as root all the time? Probably not!!
I'm not naive. Yes, seriously. What spyware was this? Unless you give names you won't get very far convincing me.
I believe you that malware does certainly exist, and it can be very nasty. But on a updated SP2 system, it requires (a) user intervention to install, (b) the user be administrator for it to do anything of any significance.
When was the last time spyware or a virus exploited any kind of vulnerability in IE? Active-X is a travesty and should be disabled. After that, there is no risk of infection short of user intervention.
So this author goes on to exemplify the 'suckiness' of Windows XP by relating his experience one year ago??
After all, after his SO buys an iBook "in a year of solid use, she has yet to have a single problem."
XP had some serious flaws. Redmond pretty much ground to a halt and the OS was overhauled with security in mind. Pretty late in the game, but Windows doesn't quite suck that much anymore.
If the author could find a SP2 machine that gets owned, we'll talk.
Why is my response off-topic? Notice all the responses before me at the same level of the thread. Except for the response confusing irony with sarcasm, they were all interpreting the parent as being serious.
So they say... But you'll notice the caveat is that you can't have run an anti-spyware program or tried to remove LOP on your own. Given that my little sister brings me her laptop, now laden with some unkown spyware^H^H^H^adware, I do the only sensible thing and install/run Ad-Aware, SpyBot, et al... each of which detects it and tries to remove it. Only after a day of frustration do I track down that it's LOP and Messenger Plus is the culprit (and now M+'s uninstall does little to clean up the spyware^H^H^H^adware). They want to be honest? Put an icon on the desktop that says 'remove icons, searchbar, etc...' and have it fire up the uninstaller. They give themselves an out by saying 'oh, you didn't run M+'s uninstall when you saw the hijackers on your machine?! Tough'
Because they have "adware", not "spyware". A ridiculous distinction that allows many companies to morally justify their inclusion of such horrible pieces of code in their products.
Just peek at Messenger Plus v3 (an add on for MSN Messenger) -- they include LOP in their installer, which hijacks your browser, your searches, adds a toolbar, and adds icons to your desktop, and is one of the most annoyingly difficult things to clean on your own. The Plus 'company' justifies it in that it's "adware", not "spyware", and that the user opted in when installing by not un-checking the default install option. What comes next is a hellish exercise of peering into the most obscure parts of the registry to kill the re-spawners that make the spyware^H^H^H^Hadware come back on reboot when things look clean./end rant
Re:So much easier to knock down than to build up
on
Top 10 Apple Flops
·
· Score: 1
I just think it's a bit sad to concentrate on someone's failures.
Couldn't agree more. Now lets get back to M$ bashing!!:)
Mac mini arriving will allow me to eagerly switch from MS's world to that of Apple Macs
I've always found it quite interesting that people choose to switch from MS products to Apple products. Apple is quite possibly the most restrictive company of the three. They don't only lock you in with their software, but they lock you in with hardware as well! They force high hardware prices on people because there are no alternatives (although many mac zealots, suprisingly, love to defend the high profit margins Apple pulls in for hardware). Their software practices just as much lock-in and integration as MS. Yes you can run unix apps on OSX, but you can do the same in Windows. Don't kid yourself, if Apple had the market share of MS, they'd be slapped with a massive anti-trust lawsuit too.
If you are leaving MS on principle, move to Linux. A fantastic, full-featured OS, with none of the capitalist 'dirtyness' to marr it.
No ratboy, I didn't say it can't be fixed. What I'm pointing out is that it's not surprising that a hotfix hasn't immediately been released by the group. I would be surprised if a fix isn't released very soon. But the fact is, this isn't fixing a buffer overflow. This is a fundamental change in an algorithm, and any change would be pretty major. The modifications have to be fully tested and the ramifications to backward compatibility have to be explored. If you've ever been involved in an an application with as deep a history, as wide an adoption, and as intrinsic to business as Office, you'd understand.
Uhm... yes, they REALLY care. I can tell you that being on the inside. Every project was halted and all employees took secure coding technique seminars. Right now security is a top priority for all MS products. We are now forced to undertake arduous Threat Modeling of our applications, and undergo repeated security checkpoints along the way. Once things are 'ready to ship' they first need to go through a dedicated security group that audits the source and the threat models and either turns away the software or allows it's release. So anyway, yeah, there's a hell of a lot of work around here when it comes to security. And it's very noticeable if you see the software coming out of here post- 2003.
As to whether they 'care' about this encryption thing. They are obviously looking into it. But the fact is Office is run by millions of people, so they can't just overhaul the encryption system and release a hotfix without breaking lots of stuff. So these things take time. I do hope they change their methods, though.
Given the dearth of games on current Apple systems, it would be too huge a leap to intend to go from no games at all, to a game platform. Also, console makers generally lose money on the hardware, and recoup it on the games. Apple has shown they are very happy keeping a high margin of profit both on hardware and software.
I don't know... the unix model of security seems adequate, if not sufficient, for most (all?)security needs. The problem comes when users get thrown in the mix. It's an eternal battle between usability and security.
Is this different from script callbacks in ASP.NET? It allows you to hit the server on an already loaded page and selectively update its contents. While the full abstracted implementation will be available in ASP.NET 2.0, you can easily implement it in the current ASP.NET 1.x.
Slashdot Mirror
Somewhat related to the topic of google's continued expansion into new product areas -- how does google make money?
I love the company, and I hope they continue doing what they are doing, but looking at their stock I get unpleasant flashbacks to the tech bubble of the late 90's, where companies with high coolness factor but low profits had skyrocketing stocks. Are ads and 'google appliance' sales enough to drive the $189 per-share stock price?
At what point in marketshare would Linux need on the client before Microsoft would start porting their applications over to it?
I ask this because it won't be long before the Linux client marketshare will be greater than the Macintosh...
Fantastic question! Lets hope the mods don't miss it!
Agreed! I'm consistently awed by the 'blanks' some farkers submit for people taking part in photoshop contests.
You can clearly make out where the people used to be in the edited photos on this story. And quite frankly the outline still visible on the bed freaks me out a bit.
From the page you link to:
:}). But XP is a solid OS. People who get infected practice unsafe habits (like running everything as administrator), and so this solidifies the original poster's point. Would you run your linux or your mac box as root all the time? Probably not!!
Note that the latest version of Internet Explorer, as patched by Windows XP Service Pack 2, is not vulnerable to the installations shown in my video and discussed above.
Furthermore, the only reason the malware was able to install itself on the machine pre-sp2 was because IE was run as Administrator.
Run as Limited User, and back in July '04 the malware may have been able to execute it's code through the security hole, but XP's ACL's would have kicked in and no modifications would have been possible to program files, to your host file, or to any system directory.
Again, I'm not saying that vulnerabilities do not exist. IE is bug-ridden and I rather like running Firefox. You are not a looney (as far as I can tell
I'm not naive. Yes, seriously. What spyware was this? Unless you give names you won't get very far convincing me.
I believe you that malware does certainly exist, and it can be very nasty. But on a updated SP2 system, it requires (a) user intervention to install, (b) the user be administrator for it to do anything of any significance.
When was the last time spyware or a virus exploited any kind of vulnerability in IE? Active-X is a travesty and should be disabled. After that, there is no risk of infection short of user intervention.
So this author goes on to exemplify the 'suckiness' of Windows XP by relating his experience one year ago??
After all, after his SO buys an iBook "in a year of solid use, she has yet to have a single problem."
XP had some serious flaws. Redmond pretty much ground to a halt and the OS was overhauled with security in mind. Pretty late in the game, but Windows doesn't quite suck that much anymore.
If the author could find a SP2 machine that gets owned, we'll talk.
Why is my response off-topic? Notice all the responses before me at the same level of the thread. Except for the response confusing irony with sarcasm, they were all interpreting the parent as being serious.
Am I the only one that things blakestah was being sarcastic?
So they say... But you'll notice the caveat is that you can't have run an anti-spyware program or tried to remove LOP on your own. Given that my little sister brings me her laptop, now laden with some unkown spyware^H^H^H^adware, I do the only sensible thing and install/run Ad-Aware, SpyBot, et al... each of which detects it and tries to remove it. Only after a day of frustration do I track down that it's LOP and Messenger Plus is the culprit (and now M+'s uninstall does little to clean up the spyware^H^H^H^adware). They want to be honest? Put an icon on the desktop that says 'remove icons, searchbar, etc...' and have it fire up the uninstaller. They give themselves an out by saying 'oh, you didn't run M+'s uninstall when you saw the hijackers on your machine?! Tough'
Because they have "adware", not "spyware". A ridiculous distinction that allows many companies to morally justify their inclusion of such horrible pieces of code in their products.
/end rant
Just peek at Messenger Plus v3 (an add on for MSN Messenger) -- they include LOP in their installer, which hijacks your browser, your searches, adds a toolbar, and adds icons to your desktop, and is one of the most annoyingly difficult things to clean on your own. The Plus 'company' justifies it in that it's "adware", not "spyware", and that the user opted in when installing by not un-checking the default install option. What comes next is a hellish exercise of peering into the most obscure parts of the registry to kill the re-spawners that make the spyware^H^H^H^Hadware come back on reboot when things look clean.
I just think it's a bit sad to concentrate on someone's failures.
:)
Couldn't agree more. Now lets get back to M$ bashing!!
Mac mini arriving will allow me to eagerly switch from MS's world to that of Apple Macs
I've always found it quite interesting that people choose to switch from MS products to Apple products. Apple is quite possibly the most restrictive company of the three. They don't only lock you in with their software, but they lock you in with hardware as well! They force high hardware prices on people because there are no alternatives (although many mac zealots, suprisingly, love to defend the high profit margins Apple pulls in for hardware). Their software practices just as much lock-in and integration as MS. Yes you can run unix apps on OSX, but you can do the same in Windows. Don't kid yourself, if Apple had the market share of MS, they'd be slapped with a massive anti-trust lawsuit too.
If you are leaving MS on principle, move to Linux. A fantastic, full-featured OS, with none of the capitalist 'dirtyness' to marr it.
No ratboy, I didn't say it can't be fixed. What I'm pointing out is that it's not surprising that a hotfix hasn't immediately been released by the group. I would be surprised if a fix isn't released very soon. But the fact is, this isn't fixing a buffer overflow. This is a fundamental change in an algorithm, and any change would be pretty major. The modifications have to be fully tested and the ramifications to backward compatibility have to be explored. If you've ever been involved in an an application with as deep a history, as wide an adoption, and as intrinsic to business as Office, you'd understand.
Uhm... yes, they REALLY care. I can tell you that being on the inside. Every project was halted and all employees took secure coding technique seminars. Right now security is a top priority for all MS products. We are now forced to undertake arduous Threat Modeling of our applications, and undergo repeated security checkpoints along the way. Once things are 'ready to ship' they first need to go through a dedicated security group that audits the source and the threat models and either turns away the software or allows it's release. So anyway, yeah, there's a hell of a lot of work around here when it comes to security. And it's very noticeable if you see the software coming out of here post- 2003.
As to whether they 'care' about this encryption thing. They are obviously looking into it. But the fact is Office is run by millions of people, so they can't just overhaul the encryption system and release a hotfix without breaking lots of stuff. So these things take time. I do hope they change their methods, though.
The creator of PGP is dissatisfied with an alternative closed source encryption implementation?! What is this world coming to! :)
Lets home MS drops their flawed encryption algorithm. How do the Office alternatives stack up in this respect?
Ah, but would it run Tux Racer?
Given the dearth of games on current Apple systems, it would be too huge a leap to intend to go from no games at all, to a game platform. Also, console makers generally lose money on the hardware, and recoup it on the games. Apple has shown they are very happy keeping a high margin of profit both on hardware and software.
I don't know... the unix model of security seems adequate, if not sufficient, for most (all?)security needs. The problem comes when users get thrown in the mix. It's an eternal battle between usability and security.
True. Similar capabilities exist in Windows. Which is why I did not understand why Windows was being called out here.
Now, if only somebody would take their idea and implement it in C++ (or some other language with a goal other than portability).
p illars/avalon/default.aspx
Avalon?
http://msdn.microsoft.com/Longhorn/understanding/
You mean to access the file system? How would this be any different on a ext3 linux partition?
Then again, if you're running windows -- passwords can be bypassed.
Uhm... how?
http://msdn.microsoft.com/msdnmag/issues/04/08/Cut tingEdge/
Is this different from script callbacks in ASP.NET? It allows you to hit the server on an already loaded page and selectively update its contents. While the full abstracted implementation will be available in ASP.NET 2.0, you can easily implement it in the current ASP.NET 1.x.
t tingEdge/
http://msdn.microsoft.com/msdnmag/issues/04/08/Cu