Patch your machines - serious MS vulnerability

[n0cmonkey]

When does Microsoft start getting fined for consistantly poor coding?

 

[WinkOsmosis]

Why don't you guys set your updater to check for updates automatically?

 

[yoda291]

Originally posted by: n0cmonkey
When does Microsoft start getting fined for consistantly poor coding?

never...because people make a conscious decision to live with the poor code in order to have the "convenience" of windows.

 

[n0cmonkey]

Originally posted by: yoda291

Originally posted by: n0cmonkey
When does Microsoft start getting fined for consistantly poor coding?

never...because people make a conscious decision to live with the poor code in order to have the "convenience" of windows.

Not prudent on production servers.

 

[n0cmonkey]

Originally posted by: yoda291

Originally posted by: n0cmonkey
When does Microsoft start getting fined for consistantly poor coding?

never...because people make a conscious decision to live with the poor code in order to have the "convenience" of windows.

According to Mr. Gates, code quality isn't important.

 

[gordy]

1) most MS patches dont need reboot - just stop, patch and restart service - read the accompanying text

2) have a look at freshmeat over the course of week and see how many qmail, postfix, proftpd , apache, BIND, sendmail, et all "updates/patches/bugfixes" there are

3) the number of people trying to break win32 is directly porportional to the number of users of win32

 

[BChico]

Thanks

 

[n0cmonkey]

Originally posted by: gordy

2) have a look at freshmeat over the course of week and see how many qmail, postfix, proftpd , apache, BIND, sendmail, et all "updates/patches/bugfixes" there are

And this proves what? How many Windows applications get security patches? How many are released daily? If we are going to track all programs that work on Linux, we should also track all programs that run on Windows. Do you really want to get into that?

 

[gordy]

hmm, since those are some core production server services which windows has comparable counterparts, yes... but i suppose if you were just running the nix kernel and bash it's pretty usesless, but secure..

your point went from squat to squat and a half, neferder

 

[n0cmonkey]

Originally posted by: gordy
hmm, since those are some core production server services which windows has comparable counterparts, yes... but i suppose if you were just running the nix kernel and bash it's pretty usesless, but secure..

your point went from squat to squat and a half, neferder

I've gone through this several times in this forum alone. But I'll do it again.

First, many different groups release security information for the same daemons. So just looking at the number of, say sendmail, security e-mails does nothing. Many of them are repeats.

Second, several of the same type of service is listed.

qmail, postfix, and sendmail are all mail servers. Most people don't run multiple mail servers on the same machine. So, I'll just choose one. qmail. No advisories listed on security focus. On another site I see one possible exploit for vpopmail, and a couple of DDoSes, many of which can be solved by setting up the server properly.

BIND: Use djbdns.

Apache: IIS has it's share of exploits, I don't think this is worth going into.

ProFTP: Choose something else then. PureFTP maybe. But yes, each has exploits out there for various versions. Again, IIS has had it's share of exploits.

I don't want to have to go through every 3rd party Windows program looking for advisories. But, if there are a few that we should mention, feel free to list them.

Again, looking at ALL 3rd party applications when it comes to *nix but ignoring 3rd party applications for Windows is not a fair assessment. Again, my point is valid.

 

[Shuxclams]

Originally posted by: gordy
1) most MS patches dont need reboot - just stop, patch and restart service - read the accompanying text

2) have a look at freshmeat over the course of week and see how many qmail, postfix, proftpd , apache, BIND, sendmail, et all "updates/patches/bugfixes" there are

3) the number of people trying to break win32 is directly porportional to the number of users of win32

Easiest way to settle this score is to simply point out that Windows is trying desperatly to be looked at seriously as a "data center" OS... which it isnt and likely will never be as that space is alomost completly *NIX of some form. Not only is that important in the fact that more than 75% of all "real" computing happens in the data center, is also makes up 80% of the total profits for all servers.... so in reality, the fact that Windows install base is so large really only goes to show that there is a need for an OS specifically targeted for marginally compitent administrators and users. As for security and the direct proportionality you suggest, then you might want to look at basic facts about what is the largest/fastest growing segment of installed OS's and the amount of services/applications being served from those OS's. That said you are now free to go back to your job and stare at your MCSE cert that is woefully useless outside of impressing your boss.










SHUX

 

[Silex]

Thanks, but won't it download automatically with the update prog with XP?

 

[draggoon01]

there's a new critical update posted

 

[Jeff7]

Originally posted by: ChefJoe
http://forums.winxpcentral.com/showthread.php?t=7807&foo=New%20Microsoft%20Patches%20Causing%20Problems.%2011--17

http://www.eweek.com/article2/0,4149,1382912,00.asp

The Cumulative Security Update for Internet Explorer, which addresses numerous security flaws in Internet Explorer 6, introduces bugs involving the scrollbar. After the patch is applied, the page scrolls up or down twice when the user clicks once in the empty areas of the scrollbar. Clicking on the scrollbar arrows or dragging the scrollbar thumb works correctly.


-----
Glad to know it's not something that I messed up in my XP machine. I noticed this happening within the past few days and figured my MX duo was acting up.

Any idea when they're going to get around to fixing this irritating bug? It's not only the double-scroll thing - I can't drag the scroll-bar thing for more than a full page sometimes. Then it just turns into a little crossed-circle (whatever that's called), stops scrolling, and when I release the button, it takes me to the end of the page.

 

[tooltime]

you know sw manafacturers have to win this battle

 

[tooltime]

you know sw manafacturers have to win this battle

 

[Alex]

Originally posted by: EyeMWing
Oh joy of joyous joys. My machine is on at home and connected to the internet. $10 says that I'm infected by the time I get home.

dont be a dumbass.
this bug was discovered today, not "created" today. so everybody's been vulnerable up to now so if you havent been "infected" yet, theres a good chance you wont be in the next couple hours

 

[n0cmonkey]

Originally posted by: franguinho

Originally posted by: EyeMWing
Oh joy of joyous joys. My machine is on at home and connected to the internet. $10 says that I'm infected by the time I get home.

dont be a dumbass.
this bug was discovered today, not "created" today. so everybody's been vulnerable up to now so if you havent been "infected" yet, theres a good chance you wont be in the next couple hours

Can you verify that it was discovered today (or the day of the post you quoted)? Many bugs go unpatched for a while before the vendor releases anything. Plus there are always the vulnerabilities that aren't public. And as far as getting infected with worms, there have been several that successfully infect machines immediately after the initial REBOOT. It is definitely possible someone can get infected in a couple of hours.

 

[FelixDeCat]

Originally posted by: n0cmonkey

Originally posted by: yoda291

Originally posted by: n0cmonkey
When does Microsoft start getting fined for consistantly poor coding?

never...because people make a conscious decision to live with the poor code in order to have the "convenience" of windows.

According to Mr. Gates, code quality isn't important.

And you know this how? Right, you dont.

 

[n0cmonkey]

Originally posted by: FelixDeKat

Originally posted by: n0cmonkey

Originally posted by: yoda291

Originally posted by: n0cmonkey
When does Microsoft start getting fined for consistantly poor coding?

never...because people make a conscious decision to live with the poor code in order to have the "convenience" of windows.

According to Mr. Gates, code quality isn't important.

And you know this how? Right, you dont.

You're right, I screwed up the quote.

Here is the real one:

ITB: Security starts with the developer. What do you think that developers can do to harden their apps and how is Microsoft helping with tools?

BG: You don't need perfect code to avoid security problems.

From here.

My bad.

 

[dnuggett]

BG-

"But there are two other techniques: one is called firewalling and the other is called keeping the software up to date. None of these problems (viruses and worms) happened to people who did either one of those things. If you had your firewall set up the right way ? and when I say firewall I include scanning e-mail and scanning file transfer -- you wouldn't have had a problem. "

Damn that sounds familiar.

 

[Bateluer]

Originally posted by: XZeroII
Major linux vulnerability! Everyone running linux, download this patch, untar it, patch your machine, recompile your kernel... oh wait. No one uses Linux at home! 😱

I resent this post. Firstly because I do run linux at home. Secondly, because you don't have to recompile your kernal to install a simple patch. 😛

 

[tiejiba]

thanks for the heads up

 

[techwanabe]

Originally posted by: RossGr
Win 98 gets better every day!

Win 98 saved my A$$ when MSBlaster hit a few months back. Now I'm running 2000 tho