Amen!
However, M$ has addressed this vulnerability last year: Microsoft Security Advisory (912840) Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Published: December 28, 2005 | Updated: January 5, 2006
Aside from reparing an old design flaw which had long been unexploited, I don't know how much more Microsoft could do.
Let the flamewar begin:)
* Block transmission of executables at the server level
When talking about home users, where is this server and who is managing it?
* Use something like CoreForce to prevent IM clients executing other programs (and switch "open this file" type actions via a privilege mux or RPC to a higher privileged system service).
When talking about home users, who is to set up this system? Most of them don't know or care how to do it
* Use operating system level services to prevent any application scripting another, restricting that privilege to accessibility applications.
When talking about home users, who is to decide which application gets the right to do that? You cannot just arbitrarily 'invent' a default list. The inconvenience you'll cause to a lot of users will be too great. So we're back to my previous question: who's to set it up?
With more than two decades of serious computing behind me, I still do not understand what "Administrative privileges" really means in Windows. Or what it is good for.
This only means that you didn't take the time to learn how it works, not that that it's broken (I'm not arguig that it is or isn't)
In U*X everything is a file and thus those magical "privileges" simply boil down to what you can do with a file (including files in/dev,/proc, directories in general, etc). There's a layer of abstraction where I understand that access to this 644 means that I can only read it, but the owner can write to it as well. That's easy
That's pretty much the way it works for the recent versions of Windows. It's true that one might find it more awkward to set up properly than in the *nix environments but this is only a matter of understanding how it works and getting used to.
In the end, the preferred way to do something that I can't do as user is to fire up cygwin and do it from the linux prompt
Again, this is a matter of what you're used to. Try having someone who knows what he's doing but never seen *nix in his life do something with cygwin. You might have the surprise to discover they're lost
My house doesn't have to be absolutely burglar-proof -- just harder to break into than my neighbors.
Anybody who has actually worked with those technologies knows how much effort it takes to make them "just work". Actually, if you're not the one spending the effort, there's no way to tell. For the average corporate user, the above is true because they've no idea how much effort took the IT stuff to make it work. From their point of view, it just works.
Using systems like OpenBSD and Solaris... Dude, that's enough. You've posted this 3 of 4 times already. Are you some kind of preacher or what?
Here's your line, corrected for you:
Using systems like OpenBSD and Solaris and Linux and Windows, PROPERLY CONFIGURED it is quite easy to provide an employee with a desktop that will not only vastly increase their productivity, but will also eliminate problems such as this.
Yup. I loaded OppenOffice about two years ago, after being told how wonderful it was. Pentium 4 with 512 megs of RAM on a fresh boot.... 60 seconds to load. More disk thrashing than I get when performing a defrag.
You might want to try that with similar versions of the 2 suites. Try to install on the same hardware OOo 2.0 and MS Office 2003. You might be surprised.
Comparing apples to oranges is not the best way to prove a point, I think.
Good point talking about prevention. Here's how it goes in this case: the Romanian government finally admitted that the dead birds in the Danube Delta had died of bird flu. So they started to take measures. The first one was to kill all poultry in the area to prevent spreading the desease. Second measure was to quarantine the entire area and to force all cars entering and leaving the area to go through a disinfection process. Now it gets a little murky. They wanted everybody to do a vaccine so that they could prevent combining bird flu and human flu. Since Romania cannot produce enough vaccine on its own and right now it's a little late to start creating it, they turned to the biggest producers. They discoverred the entire french vaccine production has been bought by the US government. As far as I know, no case of bird flu has been found in the US yet.
I wonder what publishers besides M$ are known to XPSP2...
And no, probably you don't want to trust it. Stick to IExploder, it's better this way.
You should trust the Gain family IExplore plugins:)
Have you done the same experiment with win2k pro with either SP1 or SP2?
Yup! And, unfortunately, I forgot it plugged to the internet while installing...
Before the installation was finished, I remembered to unplug it but it was too late. Code Red was already there...
The only viable combination that worked was installing it offline, install ZoneAlarm on top of it and then connect it to the network...
That might be just a new bussiness model. Invest in bandwidth to receive spam and then get your money back tenfold by sueing the spammers and winning the case...
Have you ever tried to play with actual cards? I mean, without a computer? I bet the same time based factor will make it harder to win in the afternoons even in this case...
Drink a coffee, you'll eventually play better:)
Slashdot Mirror
Where's Romania in this article? I can't seem to find any reference to it...
As the guy sayd, he tried VPC, not Virtual Server. According to this, there might be slight difference between the two: http://www.microsoft.com/windowsserversystem/virtu alserver/techinfo/vsvsvpc.mspx
However, M$ has addressed this vulnerability last year:
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005 | Updated: January 5, 2006
Aside from reparing an old design flaw which had long been unexploited, I don't know how much more Microsoft could do. :)
Let the flamewar begin
When talking about home users, where is this server and who is managing it?
* Use something like CoreForce to prevent IM clients executing other programs (and switch "open this file" type actions via a privilege mux or RPC to a higher privileged system service).
When talking about home users, who is to set up this system? Most of them don't know or care how to do it
* Use operating system level services to prevent any application scripting another, restricting that privilege to accessibility applications.
When talking about home users, who is to decide which application gets the right to do that? You cannot just arbitrarily 'invent' a default list. The inconvenience you'll cause to a lot of users will be too great. So we're back to my previous question: who's to set it up?
This only means that you didn't take the time to learn how it works, not that that it's broken (I'm not arguig that it is or isn't)
In U*X everything is a file and thus those magical "privileges" simply boil down to what you can do with a file (including files in /dev, /proc, directories in general, etc). There's a layer of abstraction where I understand that access to this 644 means that I can only read it, but the owner can write to it as well. That's easy
That's pretty much the way it works for the recent versions of Windows. It's true that one might find it more awkward to set up properly than in the *nix environments but this is only a matter of understanding how it works and getting used to.
In the end, the preferred way to do something that I can't do as user is to fire up cygwin and do it from the linux prompt
Again, this is a matter of what you're used to. Try having someone who knows what he's doing but never seen *nix in his life do something with cygwin. You might have the surprise to discover they're lost
My house doesn't have to be absolutely burglar-proof -- just harder to break into than my neighbors.
Amen to that :) Couldn't agree more.
Because they speak English (well, sort of) like "U.S users"?
It worked much faster here but with Internet Explorer. Here's the first search result:
Anybody who has actually worked with those technologies knows how much effort it takes to make them "just work".
Actually, if you're not the one spending the effort, there's no way to tell. For the average corporate user, the above is true because they've no idea how much effort took the IT stuff to make it work. From their point of view, it just works.
Using systems like OpenBSD and Solaris...
Dude, that's enough. You've posted this 3 of 4 times already. Are you some kind of preacher or what? Here's your line, corrected for you: Using systems like OpenBSD and Solaris and Linux and Windows, PROPERLY CONFIGURED it is quite easy to provide an employee with a desktop that will not only vastly increase their productivity, but will also eliminate problems such as this.
You might want to try that with similar versions of the 2 suites. Try to install on the same hardware OOo 2.0 and MS Office 2003. You might be surprised. Comparing apples to oranges is not the best way to prove a point, I think.
I believe he was bitching about the poor help.
Good point talking about prevention. Here's how it goes in this case: the Romanian government finally admitted that the dead birds in the Danube Delta had died of bird flu. So they started to take measures. The first one was to kill all poultry in the area to prevent spreading the desease. Second measure was to quarantine the entire area and to force all cars entering and leaving the area to go through a disinfection process. Now it gets a little murky. They wanted everybody to do a vaccine so that they could prevent combining bird flu and human flu. Since Romania cannot produce enough vaccine on its own and right now it's a little late to start creating it, they turned to the biggest producers. They discoverred the entire french vaccine production has been bought by the US government. As far as I know, no case of bird flu has been found in the US yet.
At least M$ is there too. They rank 4.
I wonder what publishers besides M$ are known to XPSP2... And no, probably you don't want to trust it. Stick to IExploder, it's better this way. You should trust the Gain family IExplore plugins :)
Have you done the same experiment with win2k pro with either SP1 or SP2?
Yup! And, unfortunately, I forgot it plugged to the internet while installing... Before the installation was finished, I remembered to unplug it but it was too late. Code Red was already there... The only viable combination that worked was installing it offline, install ZoneAlarm on top of it and then connect it to the network...
So that the hackers won't be bored of seeing the same visual interface all over the world?
That might be just a new bussiness model. Invest in bandwidth to receive spam and then get your money back tenfold by sueing the spammers and winning the case...
Yeah, I bet Saddam wrote it and Bin Laden launched the attack.
Have you ever tried to play with actual cards? I mean, without a computer? I bet the same time based factor will make it harder to win in the afternoons even in this case... Drink a coffee, you'll eventually play better :)
Sorry, my mistake :(
But because it's not sold in the US doesn't mean it isn't out there, does it?
Did you ever take a look at Mitsubishi Evo VI?