|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
14:07 EST/19:07 GMT | News Source:
eWeek |
Posted By: Andre Da Costa |
Seriously, how many times must users and businesses be kicked in the face before they buy a clue? Before they realize that they don't have to stay in the abusive Microsoft relationship?
The answer seems to be: an unlimited number of times.
Take, for example, Internet Explorer. In the latest bad news, the newest zero-day flaw in the Internet Explorer implementation of the Vector Markup Language has opened up a gaping wound in Windows.
Through that wound, every kind of garbage imaginable—bots, Trojan down-loaders, spyware, rootkits—are pouring into Windows systems.
|
|
#1 By
20505 (216.102.144.11)
at
9/21/2006 2:43:52 PM
|
As Bugs would say “What a maroon.”
|
#2 By
15406 (216.191.227.68)
at
9/21/2006 2:54:35 PM
|
#1: What, in particular, earned that 'maroon' comment? Or this yet another ActiveWin case of "Blame the Messenger"?
|
#3 By
3653 (68.52.143.149)
at
9/21/2006 3:11:21 PM
|
latch, isn't about time for your nap?
ps... activewin. I realize you get more clicks for these kinds of stories, but really... could you be any more obvious with your veiled attempts? its an opinion piece (self-labeled) in the linux area of eweek. c'mon.
This post was edited by mooresa56 on Thursday, September 21, 2006 at 15:14.
|
#4 By
15406 (216.191.227.68)
at
9/21/2006 3:58:34 PM
|
#3: This is an interesting study in contrast. When MS publishes yet another bogus study, various Linux people easily rip it to shreds with logic, facts and references cited. When someone publishes a negative MS story, all the MS bots can do is insult the author or complain about the source. I wonder why?
|
#5 By
1401 (65.255.137.20)
at
9/21/2006 5:14:11 PM
|
This comment has been removed due to a violation of the Active Network Terms of Use.
|
#7 By
32132 (142.32.208.238)
at
9/21/2006 6:55:09 PM
|
Only a moron would recommend the insecure piece of cr*p known as Firefox. 100's of security holes so far this year. 64 acknowledged patches. Each one patching 1 or more serious compromise your system vulnerabilities.
As for Linux, over 100 serious security holes in the 2.6 kernel. How long will OSS fanatics take that kind of abuse!!!!
The .4% of the market using Linux must be idiots!!!
|
#8 By
32132 (142.32.208.238)
at
9/21/2006 7:00:18 PM
|
As for "You Can't Do Anything About It", thats not true.
1) Keep anti-virus up to date.
2) Avoid Russian porn sites.
3) Run IE with less privledges.
For example, go to the sysinternals website and download psexec to c:\sysinternals
Create a cmd file with the following line in it:
C:\Sysinternals\psexec -l -d "c:\program files\internet explorer\iexplore.exe"
Use that cmd file or a shortcut to run IE.
http://www.sysinternals.com/blog/2006/03/running-as-limited-user-easy-way.html
You can run Outlook that way as well.
It strips out the Adminstrator tokens from the process even if you are running as an Admin.
|
#9 By
12071 (203.185.215.144)
at
9/21/2006 7:38:09 PM
|
#6 "it appears apple is releasing security fixes every week now"
Outside your world (the one where you and Microsoft live in), releasing security fixes is considered a good thing! Sitting on fixes for months and months on end, only releasing the high profile fixes which directly affect your bottom line is not considered a good thing. Now if you came out and told us that Apple is refusing to release security fixes.... THAT would be a headline.
|
#10 By
32132 (64.180.219.241)
at
9/21/2006 10:43:28 PM
|
#9 "Now if you came out and told us that Apple is refusing to release security fixes.... THAT would be a headline. "
How about denying they exist?
http://www.gameshout.com/news/apple_denies_macbook_wireless_security_flaw/article8010.htm
"Aug 21, 2006
Apple released a statement which strongly denies recent claims put forth by researchers at SecureWorks that Apple's Macbook computer contains a wireless-security flaw that could let attackers hijack the machines remotely."
http://blog.washingtonpost.com/securityfix/2006/09/apple_issues_patches_for_macbo.html
"Sept 21, 2006
Apple Computer today issued a trio of software updates to fix four serious vulnerabilities located in the wireless components of a number of its Mac products.
In an advisory, Apple said flaws exist in the Airport wireless device drivers included in the Macbook Pro and other Mac products. The company said the flaws could be exploited by attackers to compromise a vulnerable system remotely just by having the wireless devices turned on and in range of the attacker.
I first wrote about this issue at the Black Hat hacker conference in Las Vegas roughly two months ago, where I witnessed security researcher David Maynor compromising a Macbook from a Windows machine remotely using what he said were flaws in the built-in wireless drivers. "
Kris, your head is pretty far up your ... well, you know where it is.
|
#11 By
32132 (64.180.219.241)
at
9/21/2006 10:48:00 PM
|
"During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported."
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
|
#12 By
8556 (12.207.222.149)
at
9/22/2006 12:44:54 AM
|
NotParker: Install Green Border and you'll be able to visit all of your favorite Russian porn sites or any other site likely to infect IE6, since you will be in a virtual space. It works great.
|
#13 By
9589 (71.71.39.105)
at
9/22/2006 1:19:35 AM
|
#3 Moroon er . . . Latch - You can't stop wondering; just read the trials and tribulations of the "infamous" open sore migration in Munich. Find some "choice" excerpts below:
By the end of the year, Munich plans to have migrated 200 computers to the open-source desktop environment. "Most of these computers are used for relatively simple office communications,"
Schiessl said."But in some cases, there can be format loss, and some documents need to be handled in a special way to avoid format conversion problems. Our guidelines address these issues."
One of the bigger challenges, Schiessl said, will be to migrate some of the public administration's larger departments with more complex processes. "Big departments with specialized processes will be a challenge, but we have a plan to tackle this and expect to achieve our goal of having around 80% of all desktop systems running on Linux by the end of 2008."
He declined to comment on the decision by the city of Bergen, Norway, to delay its Linux desktop plans by two years, citing a lack of detailed information about that decision.
|
#14 By
9589 (71.71.39.105)
at
9/22/2006 1:34:32 AM
|
NotParker, great suggestion for those people that insist on running their computers as administrators. When I have time, I help family and friends in the installation, maintenance, and optimization of their home computers. If presented with a problem case, one of the first things I do is explain the difference between limited and administrator privilege levels. Next, I set up a user with administrator privileges. Then, I set up a user or users with limited privileges. I instruct the user to only use the administrator profile when installing a program, updating, etc. Under everyday use, use the limited privilege user profile. It makes all the difference.
For example, a friend of mine brought his computer to me about a year ago. It was infected with all sorts of the usual culprits. I saved the data. Then, I reimaged it and set up the above users. He brought it to me recently. All I had to do was update some of the programs that had updates available (Adobe Reader, Flash, Jave, etc.). Windows was up-to-date because he was using automatic updates. Finally, I renewed his antivirus software, recommended that he add additional memory, and told him to keep it another year - it was a great two year old computer. It took about 20 minutes.
|
#15 By
9589 (71.71.39.105)
at
9/22/2006 1:34:39 AM
|
NotParker, great suggestion for those people that insist on running their computers as administrators. When I have time, I help family and friends in the installation, maintenance, and optimization of their home computers. If presented with a problem case, one of the first things I do is explain the difference between limited and administrator privilege levels. Next, I set up a user with administrator privileges. Then, I set up a user or users with limited privileges. I instruct the user to only use the administrator profile when installing a program, updating, etc. Under everyday use, use the limited privilege user profile. It makes all the difference.
For example, a friend of mine brought his computer to me about a year ago. It was infected with all sorts of the usual culprits. I saved the data. Then, I reimaged it and set up the above users. He brought it to me recently. All I had to do was update some of the programs that had updates available (Adobe Reader, Flash, Jave, etc.). Windows was up-to-date because he was using automatic updates. Finally, I renewed his antivirus software, recommended that he add additional memory, and told him to keep it another year - it was a great two year old computer. It took about 20 minutes.
|
#16 By
17996 (66.235.19.95)
at
9/22/2006 2:23:56 AM
|
NotParker, another one to add to your list:
4) Disable VML until Microsoft releases a patch. The security advisory (http://www.microsoft.com/technet/security/advisory/925568.mspx) describes two ways to do this, take your pick:
- Unregister vgx.dll by running the following at a command prompt:
regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
- Restrict the ACL on vgx.dll by running the following:
echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /d everyone
|
#17 By
15406 (216.191.227.68)
at
9/22/2006 9:46:28 AM
|
All this whining from the MS bots, yet no refutation of any kind of the article in question or any of its content. Just more whining. Not surprising at all. The article is about MS abusing its customers, yet Parkkker and mini-moore are talking about Firefox and Apple. I think their Ritalin doses need to be upped so they can focus. And according to Parkkker, IE is the most secure software on the planet so long as you run it with funky 3rd-party apps with cryptic command-lines, and running as an unpriviliged user. This sounds great until you realize that 98% of Windows users would have no idea about any of this, and running Windows as non-Admin is about as painful as it gets and is totally impractical for home users.
|
#18 By
13030 (198.22.121.110)
at
9/22/2006 10:13:53 AM
|
As NotParker and other MS zealots have said in the past, it's the users fault if they don't know how to operate Windows. It's kind of like giving a sling shot to a child, not showing them how it works, and then holding them responsible for knocking out a window (pun intended). I would up Latch's estimated 98% of Windows users would have no clue about what we're talking about here to something like 99.9% (at the very least). Yet, the zealots expect everyone to know the internal workings of Windows security. It's one thing to allow your OS to be customized and support your specialized business process--it's another thing to give that power as the default setting.
Get with the program zealots. Firefox has 12% of the browser market in general and over 40% of the market on technical web sites. IE browser usage drops dramatically as the technical sophistication of the user increases. What's your excuse zealots? Trust me, it's possible to be a MSFT shareholder and still use a non-MS product! The monkey dance ghost of Steve Ballmer will not haunt you at night! (And, by the way NotParker, the challenge still stands.)
|
#19 By
32132 (64.180.219.241)
at
9/22/2006 11:10:04 AM
|
#18 "As NotParker and other MS zealots have said in the past, it's the users fault if they don't know how to operate Windows."
I've never said that.
There are mechanisms to run IE (and other internet facing applications) with minimal privledges built right in the OS. There is a registry key that does the same thing as the psexec tool does.
Microsoft should have made them easier to use.
On the other hand, it would be confusing for users to download a file and not be able to run it because IE is running in no-privledge mode. Same goes for installing an ActiveX install.
Many of the those changes are being made in Vista.
On the other hand, I don't see OSS taking a security timeout to make their applications more secure.
As for the OSS zealots like you ch and coffee girl, the point I always try to make is that OSS applications have way more security holes than Microsoft software does. But the benefits of using Microsoft software and Windows are huge. Which is why Linux has .4% of the market.
Sure Firefox is doing ok ... but its Firefox on Windows. Almost no one is using Linux.
This post was edited by NotParker on Friday, September 22, 2006 at 11:11.
|
#20 By
15406 (216.191.227.68)
at
9/22/2006 11:36:50 AM
|
#19: Funny how the king of MS butt-polishing still can't come up with anything to refute in the title article, and instead just continues to whine about Firefox and Linux. OSS doesn't need to take a timeout to learn about security as they've been baking it in from the start. Security is not something that OSS only started caring about when it got tired of constant negative press and impacts to its financial bottom-line.
btw, for the zillionth time (maybe you'll eventually learn but I doubt it), every bug is not a security vulnerability. Do you think you can ever understand the subtle difference? I guess it's not in your interests to accept reality because then you couldn't come up with your ridiculous, grossly exaggerated statements.
|
#21 By
15406 (216.191.227.68)
at
9/22/2006 1:03:53 PM
|
#19: Speaking of security, don't you find it hilarious that MS can't be bothered to patch holes that are being exploited in the wild this very second while a small group of white hats is issuing patches to fix MS' problems? I know I do.
http://it.slashdot.org/article.pl?sid=06/09/22/1339230
Poor Microsoft, torn between two choices: fix major problem plaguing millions of users, or make money. Hmm, I wonder which way they'll go? I'm certain MS will issue a press release where they'll defend the glacial pace of the release of the official patch with stuff about needing to do so much testing. Then they'll eventually release the patch. Then, a month later, they'll release it again. And then maybe again.
|
#22 By
15406 (216.191.227.68)
at
9/22/2006 1:05:20 PM
|
#19: Someone should have lied and told MS that the exploit broke their DRM so that there'd be a patch in 3 days.
|
#23 By
3653 (68.52.143.149)
at
9/22/2006 1:34:32 PM
|
somebody put a sippy cup in latch's hand, so he's too busy to hit the POST comment button. 3 posts in a row? I think that qualifies as 'talking to the voice in your own head'.
|
#24 By
15406 (216.191.227.68)
at
9/22/2006 1:47:08 PM
|
#23: I have lots to say. Better that than single posts that say nothing eh Mini-moore? Parkker still has you topped though. Yesterday he posted an article that said nothing other than 'Edited by Parkkker'. And, as usual with you & Parkkker, you fumble to try & find something to complain about without addressing any points made by the article, myself or others.
|
#25 By
3653 (68.52.143.149)
at
9/22/2006 5:47:04 PM
|
latch, "posts that say nothing"... you mean like your post #24?
now go take your recess and have some fun with the rest of the SE class
|
|
|
|
|