|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
09:09 EST/14:09 GMT | News Source:
CBS Marketwatch |
Posted By: Chris Hedlund |
Microsoft Corp. released five security bulletins Tuesday to fix flaws that could allow an attacker to take complete control of someone else's computer system.
The security flaws rated "critical" - Microsoft's highest threat level - affect the company's Windows computer operating system, Internet Explorer browser, MSN Messenger, Microsoft Word software and Exchange server system.
"News of critical flaws in Microsoft Windows is becoming a regular occurrence," says CBS News Technology Analyst Larry Magid. "Still, it's important not to become complacent. Failure to download the latest software fix could leave you vulnerable to an attack that could jeopardize your security."
|
|
#1 By
8556 (12.217.161.186)
at
4/13/2005 9:20:00 AM
|
"News of critical flaws in Microsoft Windows is becoming a regular occurrence"
'The preceding message was brought to you by Apple Computer. We at Apple have problems also but we're so small that no one cares.'
|
#2 By
1642 (66.208.6.173)
at
4/13/2005 10:26:37 AM
|
"regular occurance"
Regular has multiple definitions. The fact that MS is sticking to their process of updates on the second Tuesday of every month is a good thing. The fact that it occurs on a regular schedule has made my IT work easier than when MS put out updates randomly.
|
#3 By
13030 (198.22.121.120)
at
4/13/2005 10:30:50 AM
|
Uncle!
|
#4 By
15406 (216.191.227.90)
at
4/13/2005 10:53:46 AM
|
#3: I suspect that the "regular occurrence" applies to MS critical flaws, not their patches. I notice a pattern where flaws in other vendors products lead to DOS, BSOD or data exposure. MS flaws seem, more often than not, to give up ownership of your box.
|
#5 By
8556 (12.217.161.186)
at
4/13/2005 12:14:35 PM
|
NameInUse: My reference to Apple was cynical, not factual.
|
#6 By
15406 (216.191.227.90)
at
4/13/2005 1:05:49 PM
|
#6: what can I say, it's a slow day and I was hoping to wake up the sheep. Where is Parkker and the other 5 people in his head anyway? Or is he making his yearly pilgrimage to Redmond?
|
#7 By
15406 (216.191.227.90)
at
4/13/2005 2:49:37 PM
|
#9: don't worry Parkker, it will be patched in a day or two. As for the *ahem* "customers" in your head, put both of your fingers in your ears for optimal clarity and tell them that they don't have to patch if they don't want to. They're certainly entitled to their opinion and nobody will force them to upgrade if they don't want to. If they ever turn tack, you can sign them up for MS's Software Assurance program (or whatever it's called this year) where they CAN get told when, where and how they are going to upgrade.
|
#8 By
15406 (216.191.227.90)
at
4/13/2005 4:55:59 PM
|
#12: you know, you could at least make an attempt at apples & oranges. To compare bug rates, you can't compare Windows & Open Source unless you include ALL Windows programs that can run under current Windows OSes. Or if that's too hard for you, only count equivalent apps. For instance, Windows comes with a calculator, so you could compare the calc widget with most Linux distros. As for your last sentence, it would figure that an MS apologist would feel uncomfortable telling his customer that they have a choice and that the decision is in their hands.
|
#9 By
12071 (203.185.215.149)
at
4/13/2005 8:55:50 PM
|
#16 "I think the fair way to do it is to count all the apps that come installed by default in the distro"
The fair way is to penalize the distro with the kitchen sink installed by default? I'm curious as to how you arrived at that. I agree with Latch, you either compare like for like or you don't bother comparing at all - sure a particular distro may come bundled with 3 office suites but the majority of users will not use install all 3. And at the same time, don't just compare numbers, include a measurement of severity in there... I'd rather my spreadsheet have 2000 minor security issues than my browser having 5 remote holes. At least if you're going to do your "fair" comparison then do the flip side too - compare the MINIMAL installs!
As for OpenHeaded/LinuxIsTheft/etc. they are all Parkker - he can't help but be himself. And someone who has that many split personalities (not forgetting his lack of reading, comprehension and counting abilities) is not in any frame of mind to suddenly come out and tell you the truth.
Also, further to our discussions earlier in the month, does this month's list of 8 patches (http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx) cover the flaws eEye found (http://www.eeye.com/html/research/upcoming/index.html) ?
|
#10 By
12071 (203.217.72.18)
at
4/14/2005 7:56:31 AM
|
#19 "because that's how I can get some accountability"
Can you please explain how you LOSE accountability by doing a minimal install for instance? And in the same way, how is it that you lose accountability if you simply compare 1 office suite to another office suite, instead of 3 office suites to no office suite? I'm having a dificult time trying to understand your definition of "like for like". Surely you would have to concede that a default install of Windows XP, OSX and let's pick the Ubuntu distro (since that seems to be popular at the moment) are "like for like" in terms of them all being default installs of an operating system and that's fairly much where it ends! All 3 offer varying degrees of options when it comes to applications and all 3 come with applications that the other ones do not have a comparable application of. Given this, how is it "like for like"? Even if you included Office, SQL Server, Visual Studio etc it still wouldn't really be "like for like" because your whole argument would boil down to "MS' 1 compiler has less bugs than the 30 compilers that come with Ubuntu" - even though you do not need to install a single compiler but have the choice of installing as many as you like at install time.
"not 200 different, conflicting standards"
My favourite quote has always been "The wonderful thing about standards is that there's so many to choose from!" :) There's a limit to just how many standards you can effectively work with, but I will always choose open standards over closed ones!
"I completely agree that # of bugs alone do not a metric make. Of course we have to weigh severity."
That was more for Parkker's benefit than yours. Believe it or not you'd be suprised at how many people believe that only having XX bugs means an application is more secure! Which is why every now and then Parkker comes jumping in to remind us all of how many bugs there are in (insert open source application here) only to then be shown that most if not all of those are fixed and shown IE bugs unfixed since 2003 for comparison. And it goes downhill from there!
"And I'll pay up too, just let me know how to do it!"
I don't want your money quux, I told you that I thought it was silly to start betting over such things, but it's been fun :)
#20 "so I believe you"
You also believed him when he claimed that he wasn't LinuxIsTheft...
|
#11 By
12071 (203.217.72.18)
at
4/14/2005 12:12:13 PM
|
#23 "but you didn't answer my main point 'default should be secure'"
Apologies, I didn't realise I had to answer points as well as questions. Next time I'll write you an essay :) But since you're so keen on having me answer your point, then I agree that the default install SHOULD be secure. But that it a completely different point to comparing "like for like" as far as I am concerned, because you are either comparing like for like or you're not - there's not really much place for shades of grey there. Now how about you go back and answer my questions rather than ranting about default installs - it might be seen an hypocritical to complain about me not answering your points when you completely disregard my questions.
"If distro maintainers were to take even part of the responsibility for the security of their distros, you'd see them trending towards minimal installs (as OpenBSD has done) over time."
I see this as a catch-22, where no matter what the distro makers can't "win" against the Microsoft fans/zealots/etc. If they provide minimal default installs, they will come out and complain Linux is useless as you can't do anything with it. If they provide actual choice (you know where you can actually select what you want and what you don't want installed) then they complain that there are too many packages in Linux. And of course distro makers go with the second option to try and show users that they have a choice - which the Microsoft crowd then complain about as being confusing to the user. If you ask me then I'd say that there are far too many different distro's as it is - with every man and his dog creating their own distro - but I guess that's just the environment. Linux, in a mainstream sense, would do much better with a single distro, but everyone using it wants things their own way.
"And now we have OpenHeaded saying you also post as sodajerk"
And if you remember/search back then you will find that Parkker using the LinuxIsTheft alias made similar accusations about person x using login y to try and throw the scent off him. I guess you could just ask the AW admin to tell you whether or not they are one and the same person. I'll be greatly suprised if they are not - it's difficult to find someone quite the same as Parkker.
|
#12 By
7754 (216.160.8.41)
at
4/14/2005 3:23:09 PM
|
OpenHeaded, you'd have much more credibility if LinuxIsTheft and Parker/Parkker were still posting on AW. But they aren't... they're mysteriously gone as soon as you started posting--in the very same style, manner, and method as the Parker we all know. You denied it before and were called on it by the AW staff. You'd also have more credibility if you denied it in some other way than to feign incredulous... "Who is this Parkker person of which you speak???" Yeah, right! You know, it's a shame, because you occasionally make good points, and it's all lost because you discredit yourself.
Chris and Quux... the whole "default install" vs. "minimal install" etc.--is it really even a question worth asking? You've both already pointed the complexity in attempting to assess security using those methods; essentially, it's always going to be an apples and oranges debate. The real question is more like an assessment of an RFP--you define the scenario and application set, then look at the existing security issues, vendor responsiveness, maintenance, and viability of workarounds. Maybe there's some money to be made here--come up with a "Desktop Standard ABC" with a given set of apps, then come up with a score (sort of like a J.D. Power test for OSes + application suites). A potential issue is that vendors would put too much emphasis on securing those products and slack off on others. In a sense, I think Microsoft's products have benefitted from the default installs in the past, because it created greater exposure for the products and forced Microsoft to rethink security. For example, IIS might not have come around the way it has if it hadn't been part of the default NT install. It got put head-first in the fire, and it's better because of it.
|
#13 By
23275 (68.17.42.38)
at
4/15/2005 12:59:36 AM
|
I wonder where Halcyon-12 went?
Haven't seen his posts in a long while.
I don't know what the big deal is over being known - personally, I use my real name.
I've never liked to hide behind a thing and always appreciate it when people step up and take a stand - no matter what their position is.
No one will ever agree with any one of us all the time and it would be really cool to see people of different opinions disagree with the respect desired of their own opinions and ideals.
I think getting to that point requires the thoughtfulness attached when one's own name is on the line. Behind an unknown handle there is no consequence - no satisfaction in having one's logic sustain scrutiny - all that is left is mediocrity according to a ever declining standard.
|
#14 By
12071 (203.217.72.18)
at
4/15/2005 7:13:17 AM
|
#24 "I knew there would be no denial that you are sodajerk"
Feel free to ask any of the admins here to verify for you whether or not sodajerk and I are the same person and then get back to us.
"why should my customers trust an open source distro"
You don't have any customers Parkker, I'd even be suprised if you have any friends based on the way you act (note that aquaintences are different to friends).
"will not aid them in securing the application the distro makers implicitly claim are secure by supplying them on the distro?"
Not quite sure how you leap from "inclusion of application x" = "claiming application x is secure", but let's be honest for a second here, logic has never been your strong point! The distro makers WILL aid you and your school mates with all the applications included in their distro, even if you do decide to install all 3 office suites. However you, being the responsible person you are, should tell your mates to only install applications they will use, regardless of what OS they choose.
#26 Our whole discussion was just to put forward our thoughts on what could be described as an apples to apples comparison - because unless you're comparing like for like, you may as well not bother! This is why so many "independent" studies have been dismissed or otherwise had their defects shown for all to see. Quux and I just have different views on how to go about a fair apples to apples comparison - and there's nothing wrong with that - we're both just trying to understand the other person's point of view.
#27 "I don't know what the big deal is over being known - personally, I use my real name"
It's part of the whole Internet "anonymity" thing.
|
|
|
|
|