Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT shop might have validated the patch by now. Remember... patches break stuff.
Still not protected: that laptop that's been sitting in a drawer waiting for the position at that empty desk to be filled. The road warrior whose third party firewall blocks Windows updates.
Still not fixed: Autorun.
Blaming the victim isn't going to get you anywhere here. We know better.
Apparently Microsoft hires the brightest minds on H1B visas from around the world, draining the IQ of the planet on their way to spending $9 Billion a year on research and development. One must presume that they know how and that they don't care.
This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.
In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.
If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.
Generally I phrase that as "anything a program can do, another program can do". I think I got it from Wirth but it may date back to Turing, or even further.
I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" and "Mojave Project". Or generally puking all over everything in IT. Or paying folks like SCO to sue decent folk who are just trying to use decent software. Or... oh screw it. None of that is ever going to happen. Never mind.
How else are they going to get Gartner to report rabid adoption rates? Without these phantom installs and the SA license upgrades and the "pre-downgrade" seat count inflation people might find out what adoption rates really are. That won't do.
It's really thorough documentation that tells the compiler how to make the machine code for the software.
But the compiled software is machine readable too or it wouldn't run. The physical machine requires code in its own well documented format. Naturally this means that closed source is only less convenient to reverse engineer, not impossible. Relying on this inconvenience for security is not Best Practice. It doesn't make your computer more secure any more than the practice of restricting maintenance manuals keeps thieves from stealing your car.
The smaller feature sizes bring power savings as well. So they're taking the server of yesteryear and putting it in your pocket. They're delivering the technology that'll bring the next billion users online because those folks don't have the watts to burn that we do.
They're also working to solve the whole I/O problem with servers that happens when you get too much processing power in one box.
In fact, they're pretty well focused on not just learning new things and creating new products, but in delivering new technologies that improve the way we work and live. And then letting go of it so we can figure new ways to use it that haven't occurred to them.
That's so different from the next story down where another company is getting raked over the coals for dumping money into R&D, because that other company is so famous for clinging to every ounce of leverage they can get out of every vague interpretation or use of their innovations and so toxic to deal with that they could deliver an all electric hovercraft that cured cancer and nobody would want to partner with them.
A worm/virus that can compromise the machine can also alter that machine's DNS settings.
A swarm with 15 million zombies would also have little trouble knocking OpenDNS offline. Since this is typically what the operators of these systems do to security researchers who get too nosy and purveyors of block lists and patch tools, it's a logical next step.
Now all you have to do is get all 13,000 City of Houston employees to do that and that part of the problem is solved. At least it is for city of Houston employees. But then there's all the other installation methods including RPC. And the other million pieces of malware. And the millions of other computers.
Many linux distros now can be installed to a bootable pendrive. This is really handy - when you get a desktop that's a festering pile of malware you can boot to the pen, copy the files to the pen, wipe and install directly and put the files back. The Rescue Pen. It's great. The ultimate malware cleaner on your keychain.
Then the cure will be worse than the disease.
No. I also heard it doesn't run on Macs. Something about Apple having taste.
Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT shop might have validated the patch by now. Remember... patches break stuff.
Still not protected: that laptop that's been sitting in a drawer waiting for the position at that empty desk to be filled. The road warrior whose third party firewall blocks Windows updates.
Still not fixed: Autorun.
Blaming the victim isn't going to get you anywhere here. We know better.
When MS learns how to write secure code....
Apparently Microsoft hires the brightest minds on H1B visas from around the world, draining the IQ of the planet on their way to spending $9 Billion a year on research and development. One must presume that they know how and that they don't care.
This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.
In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.
If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.
Silly me. I thought the price was $699.
They must have got a slamming discount for volume.
Generally I phrase that as "anything a program can do, another program can do". I think I got it from Wirth but it may date back to Turing, or even further.
I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" and "Mojave Project". Or generally puking all over everything in IT. Or paying folks like SCO to sue decent folk who are just trying to use decent software. Or... oh screw it. None of that is ever going to happen. Never mind.
Slashdot is never going to like Microsoft.
The MS bounty program has been running since 2003. Thus far they have paid out only one award of $250.
How else are they going to get Gartner to report rabid adoption rates? Without these phantom installs and the SA license upgrades and the "pre-downgrade" seat count inflation people might find out what adoption rates really are. That won't do.
Many of us would agree they could do no better. But that is not the same thing as thinking the product doesn't suck.
It's really thorough documentation that tells the compiler how to make the machine code for the software.
But the compiled software is machine readable too or it wouldn't run. The physical machine requires code in its own well documented format. Naturally this means that closed source is only less convenient to reverse engineer, not impossible. Relying on this inconvenience for security is not Best Practice. It doesn't make your computer more secure any more than the practice of restricting maintenance manuals keeps thieves from stealing your car.
The smaller feature sizes bring power savings as well. So they're taking the server of yesteryear and putting it in your pocket. They're delivering the technology that'll bring the next billion users online because those folks don't have the watts to burn that we do.
They're also working to solve the whole I/O problem with servers that happens when you get too much processing power in one box.
In fact, they're pretty well focused on not just learning new things and creating new products, but in delivering new technologies that improve the way we work and live. And then letting go of it so we can figure new ways to use it that haven't occurred to them.
That's so different from the next story down where another company is getting raked over the coals for dumping money into R&D, because that other company is so famous for clinging to every ounce of leverage they can get out of every vague interpretation or use of their innovations and so toxic to deal with that they could deliver an all electric hovercraft that cured cancer and nobody would want to partner with them.
Sweet.
"First they ignore you, then they ridicule you, then they fight you, then you win." -- Mahatma Gandhi
They're getting scared now.
It's the best answer you can give.
The US. It's called "Windows".
You sound fat.
You obviously don't mean the city of Hoston.
Apparently lots of people don't do all of the best practice mods before they clone. Those people shold get a mac - for their protection and ours.
A worm/virus that can compromise the machine can also alter that machine's DNS settings.
A swarm with 15 million zombies would also have little trouble knocking OpenDNS offline. Since this is typically what the operators of these systems do to security researchers who get too nosy and purveyors of block lists and patch tools, it's a logical next step.
$239, free shipping.
Now all you have to do is get all 13,000 City of Houston employees to do that and that part of the problem is solved. At least it is for city of Houston employees. But then there's all the other installation methods including RPC. And the other million pieces of malware. And the millions of other computers.
It's easier just to get a mac.
10 million zombies can't be wrong.
It's amazing what can happen when you "lose" a few dozen pen drives with downadup at various strategic places.
Many linux distros now can be installed to a bootable pendrive. This is really handy - when you get a desktop that's a festering pile of malware you can boot to the pen, copy the files to the pen, wipe and install directly and put the files back. The Rescue Pen. It's great. The ultimate malware cleaner on your keychain.
And Toys-R-Us even.