-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
IE Exploit Lets Attackers Plant Programs on SP2 ...
- Thread starter Brutuskend
- Start date
MercenaryForHire
Lifer
And mirrors. Can't forget the mirrors.
- M4H
- M4H
spyordie007
Diamond Member
There are some pretty big mitigating factors to this kind of attack, for example you would have to both be using IE viewing a malicious website and than perform a drag-and-drop operation.
Everyone just wants to assume the sky is falling. Fact of the matter is pretty much every modern OS that is running any number of software packages (IE, Office, etc.) will require patching as things like this are discovered. SP2 is a big step in the right direction, however it is not a magical fix-all pill.
VirtualLarry
No Lifer
No, those are what Microsoft's many fans are for.
VirtualLarry
No Lifer
Several people apparently did. To which I had to reply to those threads with the known defects at that time, of which they were seemingly intentionally unaware of them. Go figure.
The bigger question should be: If MS is really serious about security, and if they were truthful about their statements that only bugfixes, and not features, would be rolled out in future sevice packs, then why didn't they release: 1) a seperate bugfix service-pack for XP, and 2) a seperate point version upgrade for IE, to increase it's security, on all platforms that MS has shipped IE6 for. Face the truth people, unless you are running MS's latest and greatest, you are unsupported, whether they explicitly say so or not. MS isn't interested in fixing bugs, nor increasing security, unless those fixes also help to sell upgrades.
Yes that is the only thing that realy stood out glaringly obvious was IE's security patches and upgrades.
Unless your using WinXP SP2, your not going to get access to those security upgrades, meaning that if your using W2k your S.O.L. on some things.
So basicly security upgrade from MS costs around 400 dollars or so (retail WinXP pro).
See:
http://www.technewsworld.com/story/36892.html
I am suprised that more people are not pissed off at this sort of thing, it's pretty blatent.
Other then that SP2 is decent enough sort of thing, it's better then what was before. If your running WinXP and you don't have SP2 installed, then your a idiot. Unless you have some pretty darn good reasons not too.
IMO if SP2 can't be safely installed on your computer for some reason (say it won't boot up), then you should reformat and restore and install SP2 until it works. Seems to me, you don't have any other choice.
Unless your using WinXP SP2, your not going to get access to those security upgrades, meaning that if your using W2k your S.O.L. on some things.
So basicly security upgrade from MS costs around 400 dollars or so (retail WinXP pro).
See:
http://www.technewsworld.com/story/36892.html
I am suprised that more people are not pissed off at this sort of thing, it's pretty blatent.
Other then that SP2 is decent enough sort of thing, it's better then what was before. If your running WinXP and you don't have SP2 installed, then your a idiot. Unless you have some pretty darn good reasons not too.
IMO if SP2 can't be safely installed on your computer for some reason (say it won't boot up), then you should reformat and restore and install SP2 until it works. Seems to me, you don't have any other choice.
Phoenix86
Lifer
Drag, I agree with your end reasoning, but not the logic you go through to get there. Yes, MS is putting the screw to non-XP owners. However, it's not by releasing security FIXES to one OS versus the other. It's by ADDING features that COVER security problems, see infobar. See infobar doesn't prevent activeX exploits, it just lets you know they are about to run before hand, see it just provides info. The firewall is a little bit tougher, however, again, it fixes no code. It only covers it up. This is key.
If it were replacement code it would be expected for all version, however since when does a new feature get applied to older OSes? RARELY. I don't see the themes service in 2k, what about fast user switching? Nope... See, if they were FORCED to offer new features to older OSes, you would never have to upgrade. You would always have the current OS, because you would have all the features in an update (which, BTW I don't think is a bad was of doing things, 1 OS anyone?, however that would also require subscriptions).
If it were replacement code it would be expected for all version, however since when does a new feature get applied to older OSes? RARELY. I don't see the themes service in 2k, what about fast user switching? Nope... See, if they were FORCED to offer new features to older OSes, you would never have to upgrade. You would always have the current OS, because you would have all the features in an update (which, BTW I don't think is a bad was of doing things, 1 OS anyone?, however that would also require subscriptions).
Microsoft's position is that new FEATURES added to MSIE via SP2 will not be available to non-XP users of MSIE. Microsoft will continue to offer actual security "fixes" and patches for MSIE on 98, ME, and W2K until at least 2006.
Those new features are Security Center Applet (centralizes many options that were already there, just not all accessible in the same place), pop-up blocker (Google has a comparably effective product for free), Internet Explorer Information Bar (glorified IE Status Bar), Download Monitor (nothing new, more behaviors are now enabled by default), more restrictive IE Security Zone settings (again, more behaviors enabled by default, nothing that can't be done manually), Internet Explorer Add-On Manager (this is somewhat new, but has little to do with security), and 10 new dialogue boxes warning users every time they enter, navigate, and leave a website. Windows Firewall and the Advanced Networking Pack are components of the OS, not MSIE.
The latest MSIE security "fixes" are precisely what will be included in Microsoft's continuing updates and patches for MSIE running on all recent MS platforms.
Well if you considure good security a extra feature that you should install, then I would agree with you.
However I think that for all the thousands of companies that bought and continue to pay support for their Windows 2000 OSes should have a reasonable expectation that MS would do everything they can to make sure that their operating systems are safe to use (which by saying that win2k isn't receiving enhancements that WinXP has, they are adminiting that it isn't).
After all it's not like W2k is realy that much different from WinXP. For them they are pretty much the same OS. So it's not difficult to think that any security "features" would take minimal effort to backport.
Hell, how many programs you installed lately on WinXP that were not compatable with W2k? How many people have successfully used W2k drivers in WinXP (or visa versa)?
Windows 2000 is still a fully supported operating system. WinME/Win95/Win98 I can understand not bothering with, they should die.
However I think that for all the thousands of companies that bought and continue to pay support for their Windows 2000 OSes should have a reasonable expectation that MS would do everything they can to make sure that their operating systems are safe to use (which by saying that win2k isn't receiving enhancements that WinXP has, they are adminiting that it isn't).
After all it's not like W2k is realy that much different from WinXP. For them they are pretty much the same OS. So it's not difficult to think that any security "features" would take minimal effort to backport.
Hell, how many programs you installed lately on WinXP that were not compatable with W2k? How many people have successfully used W2k drivers in WinXP (or visa versa)?
Windows 2000 is still a fully supported operating system. WinME/Win95/Win98 I can understand not bothering with, they should die.
Phoenix86
Lifer
Drag, how many new features are added to older OSes (any)? I don't see much if any in the windows world, not sure about linux, but I'd bet new features are rolled out with new OSes, no?
Again, these are not fixed, they are blankets. Want to make 2k just as secure as XP? It's possible. Do you think SP2 makes XP so much more secure than 2K? What can XP do that 2K can't?
I agree they are putting the screw to these customers, but they jump through a few extra hoops and make it just as secure. As mentioned, actual fixes to code will still continue, even for W98.
Again, these are not fixed, they are blankets. Want to make 2k just as secure as XP? It's possible. Do you think SP2 makes XP so much more secure than 2K? What can XP do that 2K can't?
I agree they are putting the screw to these customers, but they jump through a few extra hoops and make it just as secure. As mentioned, actual fixes to code will still continue, even for W98.
Zugzwang152
Lifer
leave it to the linux fanboys to come out of hiding here :roll:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
