|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
14:18 EST/19:18 GMT | News Source:
Associated Press |
Posted By: Byron Hinson |
The FBI has reversed its advice for computer users trying to protect themselves against serious flaws in the latest version of Windows: Applying the free fix from Microsoft Corp. is adequate, after all. The bureau's top cyber-security unit, the National Infrastructure Protection Center, told consumers and companies Thursday to disregard its earlier advice to go beyond the Microsoft recommendations to protect against hackers who might try to attack Windows computers.
|
|
#1 By
3339 (206.216.3.134)
at
1/3/2002 3:56:45 PM
|
If anyone can actually say that they are using UPnP and have devices with the correct drivers for UPnP, then my mind will be changed about the FBI -- but since its unused functionality for 98% of users, I see no reason to say the FBI is wrong to say shut off the service (whether or not the patch fixes the problem).
|
#2 By
135 (209.180.28.6)
at
1/3/2002 4:07:33 PM
|
Ok, there should be a whole slew of people coming in here waiting to eat Crow. Where are they now? :)
|
#3 By
3339 (206.216.3.134)
at
1/3/2002 4:21:07 PM
|
Crow, how, soda? A glaringly pathetic and massive remote network bug is found in both corporate and consumer versions of Windows which is not dependent on the many bugs of Outlook, IE, or Hotmail but a service which for most systems is on at install but which is used by NO ONE.
The FBI and NIPC proposed the most extreme measure, kept it around for a week when MS finally fixed it, and repealed it a week later when they verified it was a safe and valid fix.
Where's the crow? Shouldn't I be pissed that NIPC and the FBI felt it was big enough that they had to get involved, that they had to get involved because MS wasn't/couldn't/shouldn't handle it themselves?
I'll eat crow when MS volunteers to pick up the bill for what was spent by my federal government.
Please! Get real!
|
#4 By
3339 (206.216.3.134)
at
1/3/2002 6:01:13 PM
|
#7, you and Bill and Steve are douche bags... If MS wasn't such a piece of S, trying to maximize revenue and bump new features instead of securing old ones, maybe the Feds wouldn't be wasting their time doing network maintenance.
Did ya eva consider that? You actually think this is the type of work they WANT to do? or HAVE to do?
|
#5 By
415 (24.10.91.91)
at
1/3/2002 6:19:23 PM
|
JDM NZ, you WERE NOT hacked. Did you look at the source of the HTML page???
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p> </p>
<p><iframe src="C:\"width="500" height="450" ><br>
</iframe ></p>
<p>Is This.. Yours.. MUWHAHAHAHAHAHAHAAHAHAHAHA</p>
<p> </p>
</body>
</html>
Notice the page has an IFRAME in it that is just showing you the C: drive, just like you are looking at it through Windows Explorer. Which, you are by the way...
It a nice trick though...
Iron
|
#6 By
2332 (165.247.1.225)
at
1/3/2002 7:27:29 PM
|
#5 - "A glaringly pathetic and massive remote network bug is found in both corporate and consumer versions of Windows..."
Um... so how about the "glaringly pathetic and massive remote network bug" found in the telnet daemon of all versions of BSD and Linux (except OpenBSD) that has been there for 20+ years, all in an open source environment?
See, while the Windows one was indeed in a service that only improves useability, the BSD/Linux hole was in a service that is basically required for nearly all installations of the OS.
People who live in glass houses... etc... blah blah.
Gimme a break people. The point of this story was to show that, just as many of us said, completely disabling the service was an over reaction since Microsoft quickly released the fix that worked fine.
|
#7 By
3339 (206.216.3.134)
at
1/3/2002 8:49:21 PM
|
RMD, why do you have to be such a pathetic linux hater -- as if making a point against MS means I'm a Nix zealot or that I am an apologist or that I am pretending they are flawless.
Well, I asked who uses UPnP and so far only one, and apparently because he (#12) is developing products that use it. He says, "Just because few people use it now, doesn't mean it won't be important in the future." No, and I never suggested it couldn't be important; what I do suggest is that it be shut off on all installations always. If and when you use it, you can turn it on.
You say, "The point of this story was to show that, just as many of us said, completely disabling the service was an over reaction since Microsoft quickly released the fix that worked fine." Well, I say the point is this incident is distinct from Nix exploits because it is based on completely useless (for the time being) functionality that shouldn't be turned on, and also, the FBI did need to get involved... there are also COngressional hearings about MS security -- so all you weenies who bitch about the cost of prosecuting them should bitch about the cost of securing their products for them since apparently our Justice Dept. (FBI not Prosecutors) and Congress feel that the lack of security in everyone's favorite monopoly OS has become an issue of national security... don't laugh, truly it is... in terms of corporate cost and data security.
My point still stands, it wasn't over the top because 98% of users don't use UPnP so what is the benefit of having it on, and simply withdrawing their recommendation a week later isn't a reversal, it's called reasonable time to verify....
Which by the way, it is true that this was discovered and reported the day before the launch of XP, 2.5 months ago.
|
#8 By
3339 (206.216.3.134)
at
1/3/2002 9:15:24 PM
|
This comment has been removed due to a violation of the Active Network Terms of Use.
|
#9 By
3339 (206.216.3.134)
at
1/3/2002 9:22:23 PM
|
Oh, I forgot, I'll get censored for calling you a dipshite even if you can call me a moron, but again, prove what? I can back my crap up, shite.
|
#10 By
2332 (165.247.2.205)
at
1/4/2002 12:18:53 AM
|
#16/Sodajerk - funny, the first sign of a weak argument is when you attack the person you are arguing with instead of attacking the argument itself.
"RMD, why do you have to be such a pathetic linux hater"
Pointing out flaws in your reasoning makes me a pathetic linux hater? I merely stating a fact that Linux has "glaringly pathetic and massive remote network" bugs just like Windows, and in this case, the Linux bug was far worse and seems to refute the claim that open source equates to security. (Not a claim that you made here, no, but one that is often made in Linux's defense.)
"Well, I asked who uses UPnP and so far only one, and apparently because he (#12) is developing products that use it."
The technology is very new, and while you're right in suggesting that there is probably little need to have it on for most users at the current time, the future will probably be filled with UPnP hardware and applications. I've been researching it (specifically because of this hole) and it seems to be a nifty idea. Because there happened to be a hole in it doesn't make it inherently bad, no more than the telnet daemon in Linux/BSD makes telnet bad.
"Well, I say the point is this incident is distinct from Nix exploits because it is based on completely useless (for the time being) functionality that shouldn't be turned on..."
Ok. Different than Unix exploits, perhaps... but I'm not sure how that makes it worse. If you're saying that services that are potentially harmful due to misconfiguration should be off by default (a practice Microsoft has never been good at), I completely agree. This, however, poses no security risk in its default configuration. It was a bug, and the bug was fixed.
As far as it being useless, I disagree. UPnP went out on my company network and discovered several other XP machines also running UPnP and enumerated their services and shares for me. At first I was confused as hell as to why there were a bunch of printers available to me that I didn't add myself, but it turned out to be quite handy. Perhaps we should praise Microsoft for their initiative in these areas, as well as criticize them for their lax coding. The two are *not* mutually exclusive.
"My point still stands, it wasn't over the top because 98% of users don't use UPnP so what is the benefit of having it on, and simply withdrawing their recommendation a week later isn't a reversal, it's called reasonable time to verify...."
Huh? Where do you get the 98% figure? How could you possibly know that? UPnP is one of those features that works transparently for the user and makes stuff "just work". Also, the FBI release was over hyped - hype you obviously bought into. It wasn't even a warning... it was the lowest level of announcement the FBI can make. Your assumption that they withdrew it because they finally got around to verifying the patch is complete speculation, which appears to be baseless as well.
On a side note, you should probably curtail your name-calling - if only to help your arguments... people tend to dismiss people who call them "pathetic" or "dipshit." It just makes you sound ignorant.
|
#11 By
135 (208.50.201.48)
at
1/4/2002 1:34:29 AM
|
Careful RMD, he may become RMDjerk. :)
|
#12 By
3339 (206.216.3.134)
at
1/4/2002 1:56:54 AM
|
My original argument about you being pathetic, RMD, is provided by #20... I could give a flying fvck about Linux, but when I argue, "this was serious," you retort, "Linux has a bug too". That's pathetic. I can sit on Slashdot and say to Linux folks, "Hah, hah, your system has a bug," or on a Mac site and say, "crap, there's a bug and it'll take them longer to fix it because they're tiny, good thing most no one will ever know about it, boy, Jobs sucks!" and I can come here and say,"Pain in the ass, another one!."
It's only here where people would jump in with a reply like: "we (MS) are not the only ones!"
Do you get why that's pathetic, RMD?
|
#13 By
1845 (207.173.73.201)
at
1/4/2002 10:22:25 AM
|
I believe that was sodajerk, not sodablue, #25. But anyway...
#20, I'm not so sure that I fully agree with your reasoning. Microsoft competes in several arens including the corporate and home desktop and the enterprise server markets. If it is true that Linux is not too viable an option in one arena, it doesn't mean that it isn't a threat in another market. Also, because it isn't a threat now, doesn't mean it won't be in the future.
Also, just because the system is sub par, doesn't mean people won't use it. I personally think Netscape Commincator 6.x is a horrible browser. I think Internet Explorer 5.x + is far superior, yet there are many that use Communicator. Why? Perhaps it is ingrained in them. Perhaps that are subborn and just hate Microsoft. Perhaps they were on the design team. The point is a lower quality product can still compete with a higher quality product because people don't use products out of logic, they make most decisions based on their emotions.
Why do I bring up emotions #25? RMD was attacked for bringing up the telnet bug in Linux/Unix. If we were evaluating Microsoft Windows objectively (that is, honestly listing pros and cons), perhaps his comment wouldn't have been appropriate. I don't think we are objectively talking about anything. Emotion says: "Microsoft screwed up again. They are a company that doesn't care about security. Even the FBI is involved in this one. Hmm, if I keep using computers, maybe I should look to someone else for software." Logic says: "Microsoft screwed up again. They have bugs in their software, but, oh, there cometitors have bugs in theirs too. Hmm, if I keep using computers I need to decide how much I care about security or security vs. features, since it is obvious that all software has bugs. Microsoft maybe bad, but it seems the competition is too - they are both in the same boat."
So, emotion aside. Microsoft released a product with a feature. It had a bug. That bug was patched. If you don't like the feature (patch or no patch), learn to use the product you bought and turn it off. If you aren't responsible enough to learn the product you purchased, then don't complain when you discover it has flaws. If you are responsible enough to learn it has flaws, then either work around the flaws or find another product. This is logic not emotion. This is the logic I used to when I decided to use Windows2000 instead of Solaris 7.x, SQL Server 2000 over Oracle 8i, VB Visual C+++ and C# over Java, and Microsoft Office instead of Star Office.
|
#14 By
135 (209.180.28.6)
at
1/4/2002 11:47:17 AM
|
#25 - I didn't say that! That was sodajerk, my imitator.
|
#15 By
1845 (207.173.73.201)
at
1/4/2002 2:07:37 PM
|
One who competes compares himself to his competitors. A smart one who competes will do this whether he is winning at the time or not. As soon as competition is over then and only then is a winner declared. You don't have a winner in an ongoing-never ending race.
|
#16 By
2332 (165.247.5.180)
at
1/4/2002 4:34:57 PM
|
Reading over my comments, I can see why some may think I bought Linux into a discussion that has nothing to do with Linux, perhaps because I am overly defensive of Windows or biased against Linux.
That was not my intention. My intention was to show that Microsoft is not the only falable player in the game, and that in may in-fact not be the worst, as Sodajerk's comment suggested.
#30 - it's funny you mention that, because I completely agree. It's not wise to trust or support those that define themselves through the faults of their competitors. Again, I was not trying to define or support Windows or Microsoft through the faults of Linux, I was trying to put things in perspective.
#32 - "The companies that dominate the competition keep an eye on the competition, sure, but they're far more focused on their own performance. As soon as the competition becomes your primary focus, you're toast."
How exactly do you measure your own performance without referencing others? I'm not sure your running analogy is a valid one.
The reason Microsoft has such a focus on Linux may be because Linux does pose a serious threat in the server market. That, coupled with the Linux media blitz and anti-Microsoft reporting, I'm not surprise it turns up so often on these boards.
|
|
|
|
|