"Once viruses get back to the level of actual harm, maybe people will stop clicking around willy nilly and will start to invest--on both the corporate and consumer sides--in some real security."
1. There is NO REAL security available in any form of Windows. Users will have to change from Gatesware to something that works properly.
2. The latest Windoze viruses allow a few reboots (to ensure they've spread themselves) before largely refomatting the hard drive that Windoze is on. It's pretty brutal, but is a great persuasion for Windows mugs to move to something that works!
They didn't actually have to "hack" it at all. The encryption technology is really crude (and well-known) and American frequency-hopping gear follows predetermined sequences - these are also well known.
It's trivial for any reasonably equipped and fairly savvy military radio op to monitor these transmissions.
Basically:
1. Storage of Magnetic Stripe Data
2. Missing or Outdated Security patches
3. Use of Vendor Supplied Default Settings and Passwords
4. SQL Injection
5. Unncessary and Vulnerable Services on Server
Also:
6. Use of insecure "operating system" and poor software.
Jarnis: "Vista is quite a bit more than a reskinned XP, as lots of stuff under the hood has been reworked"
Nope. It's just a reskinned XP with more DRM thrown in to the mix. Microsoft discovered that all their brilliant plans were not possible without proper programmers, so all the "improvements" were quietly dropped, and the same old crap was moved into the "new" product. It as a few extra "nag" boxes, to give the illusion of "security", but it's got even more significant holes than XP.
"Not even close to true, although it is the only current operating system with those characteristics and frankly, if you're installing XPSP2, that's not true either, because you're firewalled by default."
Actually, no. The XP "firewall" is a joke, and leaves lots available for attack. A plain XP SP2 install will be compromised within a few minutes of being connected to the 'net.
It's total nonsense - they're still using the BSD stack they stole years ago. Most of the networking implementation is historical, and the guys at Microsoft that actually knew how it worked left years ago. "Vista" has big clumps of legacy code that they're either scared to lose or incapable of replacing. There are *no* good programmers at Redmond any more:/we/ all left!
The current versions of "Vista" are full of security holes (some of which had be plugged in XP!) A "raw" install lasts less than 20 minutes when exposed to the 'net before it's utterly compromised.
The great mass of users (non-nerds) need an operating system impervious to viruses and other malware. The structure of Windows is such that it is not the right "operating system" for the vast majority of users!
You'd be very wrong to label this as redundant - there are several exploits using this approach already out there, and they all work in the latest iteration of Vista.
Microsoft HAVE NOT re-written much code at all - they've reused the same old cruft that's been there for over 10 years, because nobody left at Microsoft understands how the legacy code works! I was one of the last there with any real insight into, and understanding of, the stolen BSD code that was (and still is) used for the TCP/IP stack and in other fundamental places. Don't believe the bull about a "new" stack - they don't have anyone there capable of really writing low level code.
The current generation of Microsoft "Programmers" are point-and-click merchants who think that Visual Basic is a programming language!
Are you completely mad? ReiserFS is utterly stable and has the advantage of being fully documented. There is NOBODY at Microsoft any longer who fully understands NTFS, and it was never formally documented. As usual at MS, it's real spaghetti code, and there's not a hope in hell of ever sorting it out.
> If NTFS was even mildly documented that'd be an option.
NTFS isn't actually documented at Microsoft!! The guys who wrote it have left the company long ago, and nobody there has a real clue about it!
No. All the MS nonsense about "a completely re-written OS" are simply PR lies. In actuality, there's little that has actually been re-written - some of the legacy code from the bits stolen from BSD is still there - mostly because nobody at MS understands how it works, and too much gets broken if it's removed. The last of the programmers with any real knowledge left MS about 2 years ago - the current lot are utterly clueless.
It's just more of the same old, same old... Vista is just XP with more visual effects and the XP "security" model actually enforced. The same vulnerabilities exist, the same instabilities and even more abysmal performance. Many hardware manufacturers aren't interested in writing drivers - indeed some have started writing Linux drivers as they don't see Vista selling much and there's a burgeoning market for FOSS.
The EULA you agreed to by either unwrapping the product or clicking "accept" on a new computer, actually states that the product remains the property of Microsoft. They can, therefore, do whatever they like with it!
It won't make the slightest difference. MS/will/ be crippling Windows (more than it's crippled already) in the next three months. There will be innumerable lawsuits against MS - many from huge corporations that didn't bother with WGA for all their huge number of machines (after all, it causes instabilities).
It might be too early to predict the demise of MS, but we can all hope.....
The "patched systems" are no more vulnerable than they were before. This "virus" actually has no significant effect in a Linux system, can't propagate itself (it requires user intervention), and can't gain itself enough privelege to damage system files.
The "virus" report was a desperate attempt by Kaspersky to drum up some more fool's money for their useless products.
>>I tried firefox for a day and hated it. It loads so slow.
Your computer is probably virussed up the wazoo, so most things will be slow. Firefox here is the second fastest browser (opera is faster, but less complete). Internet Explorer is an unusable disaster.
>>Tabbed browsing was nice, but I'll be sticking with IE.
You obviously enjoy removing viruses and other malware from your machine, then.
>>Why does everyone on slash dot complain abot popups and virus, you people are supposed to be geeks, can't you figure out how to protect your systems.
You shouldn't have to "protect" your system - the operating system and browser software should do that automatically for you. Windows can't protect anything because of its fundamentally insecure nature. When you compound the problem by running IE, disaster follows swiftly!
>>All thats needed is virus protection software and common sense; don't click the add that promises a larger penis ect.
There is NO "anti-virus" software that actually works. Your operating system shouldn't be prone to viruses.
>>I have never had a virus using IE, popups went away when xp sp2 included one, guess what, no more pop ups.
You must have one of Bill Gates' special Windows builds - the ones unavailable to the general public. He must just give them out to his friends.
>> Windows computers havn't crashed since windows ME.
You DO have a special Windows build, then! Mean time to crash on the Windows versions supplied to the general public is 2 hours!
There are rumours circulating of malware that removes or wrecks "pirated" copies of some brands of software. The Windows exploits used HAVE NOT been patched yet, and probably won't be - after all it's a GREAT way for Microsoft to guarantee their income!
Every new version of Windows claims to be "completely new code", but soon enough we find the same old security flaws, instabilities and other miscellaneous stupidities. The "new" rubbish will be the same as the old rubbish, but with a shinier new look!
"The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
Big surprise. "Vista" is just another re-hash of the same old rubbish, despite all the marketing claims of it being completely new code (just like Gates always claims).
Re:but wait did the MS apologist not say
on
Two New WMF Bugs Found
·
· Score: 3, Informative
> Yes becuase breaking hundreds of people off their regular duties, tracking down 10 year old code written by someone who either doesn't remember writing it or no longer works there, correcting the code in a way that prevents the exploit, but doesn't impact functionality, testing the correction on all supported versions of windows, numerous hardware configurations, and against dozens of 3rd party software packages that use the library, then documenting the problem, the change, and the disimination of the change, then getting the whole thing wrapped up into a nice neat deployment package, is easy.
You've ENTIRELY missed the real point. Every time Bill Gates releases his "latest and greatest" product, we're told that it's a "completely rewritten, new code base". This is now shown to be complete nonsense - there is legacy code in Windows going back almost 20 years. There is obviously no proper CVS or code auditing system in place at Microsoft, which shows an astonishing ineptitude.
> Considering it went back to windows 98, i don't think they anticipated the current computing climate at all.
It actually went back MUCH further than that. It's just another example of poorly thought-out design that's carried from one Windows "operating system" to the next. It also demonstrates that Windows retains most code from one release to the next, despite Gates' claims to the contrary.
This and the next couple of major vulnerabilities (watch this space over the next month or two) will put the release of "Vista" back some months, hopefully. It should also demonstrate to the masses that Windows simply isn't up to the job (and never really was).
The next major exploits will carry code to format XP drives. That'll be fun for the slack-jawed masses without proper install disks!
Slashdot Mirror
"Once viruses get back to the level of actual harm, maybe people will stop clicking around willy nilly and will start to invest--on both the corporate and consumer sides--in some real security."
1. There is NO REAL security available in any form of Windows. Users will have to change from Gatesware to something that works properly.
2. The latest Windoze viruses allow a few reboots (to ensure they've spread themselves) before largely refomatting the hard drive that Windoze is on. It's pretty brutal, but is a great persuasion for Windows mugs to move to something that works!
This demonstrates that MS were lying when they described Vista and IE7 as having "an entirely re-written codebase".
What about the 1735265 other Windows flaws that remain unpatched?
They didn't actually have to "hack" it at all. The encryption technology is really crude (and well-known) and American frequency-hopping gear follows predetermined sequences - these are also well known.
It's trivial for any reasonably equipped and fairly savvy military radio op to monitor these transmissions.
Basically: 1. Storage of Magnetic Stripe Data 2. Missing or Outdated Security patches 3. Use of Vendor Supplied Default Settings and Passwords 4. SQL Injection 5. Unncessary and Vulnerable Services on Server Also: 6. Use of insecure "operating system" and poor software.
Jarnis: "Vista is quite a bit more than a reskinned XP, as lots of stuff under the hood has been reworked"
Nope. It's just a reskinned XP with more DRM thrown in to the mix. Microsoft discovered that all their brilliant plans were not possible without proper programmers, so all the "improvements" were quietly dropped, and the same old crap was moved into the "new" product. It as a few extra "nag" boxes, to give the illusion of "security", but it's got even more significant holes than XP.
Game Over, Microsoft
"Not even close to true, although it is the only current operating system with those characteristics and frankly, if you're installing XPSP2, that's not true either, because you're firewalled by default."
Actually, no. The XP "firewall" is a joke, and leaves lots available for attack. A plain XP SP2 install will be compromised within a few minutes of being connected to the 'net.
It's total nonsense - they're still using the BSD stack they stole years ago. Most of the networking implementation is historical, and the guys at Microsoft that actually knew how it worked left years ago. "Vista" has big clumps of legacy code that they're either scared to lose or incapable of replacing. There are *no* good programmers at Redmond any more: /we/ all left!
The current versions of "Vista" are full of security holes (some of which had be plugged in XP!) A "raw" install lasts less than 20 minutes when exposed to the 'net before it's utterly compromised.
The great mass of users (non-nerds) need an operating system impervious to viruses and other malware. The structure of Windows is such that it is not the right "operating system" for the vast majority of users!
More interestingly, spam is predominately from countries with a preponderance o fWindows computers. That should tell you something!
You'd be very wrong to label this as redundant - there are several exploits using this approach already out there, and they all work in the latest iteration of Vista.
Microsoft HAVE NOT re-written much code at all - they've reused the same old cruft that's been there for over 10 years, because nobody left at Microsoft understands how the legacy code works! I was one of the last there with any real insight into, and understanding of, the stolen BSD code that was (and still is) used for the TCP/IP stack and in other fundamental places. Don't believe the bull about a "new" stack - they don't have anyone there capable of really writing low level code.
The current generation of Microsoft "Programmers" are point-and-click merchants who think that Visual Basic is a programming language!
Are you completely mad? ReiserFS is utterly stable and has the advantage of being fully documented. There is NOBODY at Microsoft any longer who fully understands NTFS, and it was never formally documented. As usual at MS, it's real spaghetti code, and there's not a hope in hell of ever sorting it out.
> If NTFS was even mildly documented that'd be an option. NTFS isn't actually documented at Microsoft!! The guys who wrote it have left the company long ago, and nobody there has a real clue about it!
No. All the MS nonsense about "a completely re-written OS" are simply PR lies. In actuality, there's little that has actually been re-written - some of the legacy code from the bits stolen from BSD is still there - mostly because nobody at MS understands how it works, and too much gets broken if it's removed. The last of the programmers with any real knowledge left MS about 2 years ago - the current lot are utterly clueless. It's just more of the same old, same old... Vista is just XP with more visual effects and the XP "security" model actually enforced. The same vulnerabilities exist, the same instabilities and even more abysmal performance. Many hardware manufacturers aren't interested in writing drivers - indeed some have started writing Linux drivers as they don't see Vista selling much and there's a burgeoning market for FOSS.
The EULA you agreed to by either unwrapping the product or clicking "accept" on a new computer, actually states that the product remains the property of Microsoft. They can, therefore, do whatever they like with it!
It won't make the slightest difference. MS /will/ be crippling Windows (more than it's crippled already) in the next three months. There will be innumerable lawsuits against MS - many from huge corporations that didn't bother with WGA for all their huge number of machines (after all, it causes instabilities).
It might be too early to predict the demise of MS, but we can all hope.....
>> Give the guy a break, he's one of the few modern day humanitarians!
If you really believe that, you're incredibly stupid and would be better off away from Slashdot.
The "patched systems" are no more vulnerable than they were before. This "virus" actually has no significant effect in a Linux system, can't propagate itself (it requires user intervention), and can't gain itself enough privelege to damage system files.
The "virus" report was a desperate attempt by Kaspersky to drum up some more fool's money for their useless products.
>> I live in the UK! How come nobody told me about this?
Because "they" don't want you to know!
Remember - it doesn't matter who you vote for, the "government" always gets in!
>>I tried firefox for a day and hated it. It loads so slow. Your computer is probably virussed up the wazoo, so most things will be slow. Firefox here is the second fastest browser (opera is faster, but less complete). Internet Explorer is an unusable disaster. >>Tabbed browsing was nice, but I'll be sticking with IE. You obviously enjoy removing viruses and other malware from your machine, then. >>Why does everyone on slash dot complain abot popups and virus, you people are supposed to be geeks, can't you figure out how to protect your systems. You shouldn't have to "protect" your system - the operating system and browser software should do that automatically for you. Windows can't protect anything because of its fundamentally insecure nature. When you compound the problem by running IE, disaster follows swiftly! >>All thats needed is virus protection software and common sense; don't click the add that promises a larger penis ect. There is NO "anti-virus" software that actually works. Your operating system shouldn't be prone to viruses. >>I have never had a virus using IE, popups went away when xp sp2 included one, guess what, no more pop ups. You must have one of Bill Gates' special Windows builds - the ones unavailable to the general public. He must just give them out to his friends. >> Windows computers havn't crashed since windows ME. You DO have a special Windows build, then! Mean time to crash on the Windows versions supplied to the general public is 2 hours!
There are rumours circulating of malware that removes or wrecks "pirated" copies of some brands of software. The Windows exploits used HAVE NOT been patched yet, and probably won't be - after all it's a GREAT way for Microsoft to guarantee their income!
Every new version of Windows claims to be "completely new code", but soon enough we find the same old security flaws, instabilities and other miscellaneous stupidities. The "new" rubbish will be the same as the old rubbish, but with a shinier new look!
"The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista." Big surprise. "Vista" is just another re-hash of the same old rubbish, despite all the marketing claims of it being completely new code (just like Gates always claims).
> Yes becuase breaking hundreds of people off their regular duties, tracking down 10 year old code written by someone who either doesn't remember writing it or no longer works there, correcting the code in a way that prevents the exploit, but doesn't impact functionality, testing the correction on all supported versions of windows, numerous hardware configurations, and against dozens of 3rd party software packages that use the library, then documenting the problem, the change, and the disimination of the change, then getting the whole thing wrapped up into a nice neat deployment package, is easy.
You've ENTIRELY missed the real point. Every time Bill Gates releases his "latest and greatest" product, we're told that it's a "completely rewritten, new code base". This is now shown to be complete nonsense - there is legacy code in Windows going back almost 20 years. There is obviously no proper CVS or code auditing system in place at Microsoft, which shows an astonishing ineptitude.
Microsoft do not deserve any more of our money!
> Considering it went back to windows 98, i don't think they anticipated the current computing climate at all.
It actually went back MUCH further than that. It's just another example of poorly thought-out design that's carried from one Windows "operating system" to the next. It also demonstrates that Windows retains most code from one release to the next, despite Gates' claims to the contrary.
This and the next couple of major vulnerabilities (watch this space over the next month or two) will put the release of "Vista" back some months, hopefully. It should also demonstrate to the masses that Windows simply isn't up to the job (and never really was).
The next major exploits will carry code to format XP drives. That'll be fun for the slack-jawed masses without proper install disks!