I only read the article because it looked like big news that Microsoft were recommending users use something else. Obviously this was not the case, as shown in the quote...
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
Well yeah, you can circumvent the patch delivery system and download each patch manually, then install them all manually. But the majority of simpler users aren't going to do this!
Disabling the use of Windows Update will mean the nice graphical pointy clicky thing will not be available, and they'll either have to go for all updates (via automatic update) or just manual ones. And with automatic update, you can't get any of the driver updates or extra features that aren't considered critical updates.
Anyway, I wouldn't trust security updates picked up via random websites!
I know they are not doing all they can, but that announcement was only posted a couple of days ago. I know that at least some of plusnet's ADSL address range is or has been blacklisted at some point, but their mailserver wouldn't be in the same space. This way all of the legitimate users can e-mail using plusnet's relay, and anyone who wants to run their own SMTP, dodgy or otherwise, runs the risk of being blacklisted.
I think the only situation that will work 100% is if checks are placed on the ISP's outbound server (host-based, number of messages-based, content based etc), and port 25 is blocked for other addresses. I also acknowledge that this is unlikely to happen due to people wanting to run their own mailserver.
And the next generation of zombie programs will do a simple DNS lookup for the mailserver of the current domain and start sending spam through the ISP's mailserver.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
I don't think this is a problem. Once this becomes widespread, the ISPs can just put measures to block individual customers who start sending large enough volumes of e-mail, or even spam filtering outgoing mail. This is already being done by at least one UK isp that I know of. Their reasoning is that they don't want their entire mailserver blacklisted, so will prevent the customer from sending the spam in the first place. I am not aware whether they block outbound 25.
I agree- this should definitely be on the client end. Otherwise you end up breaking things without realising, such as the spam filters in this incident. Having a search in the browser (most importantly, one that you can disable/customise like in IE) is a much better way of doing things.
It may cost $1B to get a drug to market, but it strikes me that it would be a lot cheaper to test an electronic device than a drug- and the testing process shouldn't take as long either (I doubt there are many long term side-effects of using an electric wheelchair!)
Slashdot Mirror
But Microsoft counselled against taking such action. "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
Well yeah, you can circumvent the patch delivery system and download each patch manually, then install them all manually. But the majority of simpler users aren't going to do this!
Disabling the use of Windows Update will mean the nice graphical pointy clicky thing will not be available, and they'll either have to go for all updates (via automatic update) or just manual ones. And with automatic update, you can't get any of the driver updates or extra features that aren't considered critical updates.
Anyway, I wouldn't trust security updates picked up via random websites!
I know they are not doing all they can, but that announcement was only posted a couple of days ago. I know that at least some of plusnet's ADSL address range is or has been blacklisted at some point, but their mailserver wouldn't be in the same space. This way all of the legitimate users can e-mail using plusnet's relay, and anyone who wants to run their own SMTP, dodgy or otherwise, runs the risk of being blacklisted. I think the only situation that will work 100% is if checks are placed on the ISP's outbound server (host-based, number of messages-based, content based etc), and port 25 is blocked for other addresses. I also acknowledge that this is unlikely to happen due to people wanting to run their own mailserver.
I agree- this should definitely be on the client end. Otherwise you end up breaking things without realising, such as the spam filters in this incident. Having a search in the browser (most importantly, one that you can disable/customise like in IE) is a much better way of doing things.
It may cost $1B to get a drug to market, but it strikes me that it would be a lot cheaper to test an electronic device than a drug- and the testing process shouldn't take as long either (I doubt there are many long term side-effects of using an electric wheelchair!)