Check out some similar questions!

Nez · Jan 5, 2006, 08:01 AM

Being as paranoid as I am,when it comes to on-line security,I could'nt help but notice these reports frm quality site,CNet News.The first involves how good,or bad,anti-virus software is:

http://news.com.com/Antivirus+makers...96.html?tag=nl

The second involves why Microsoft have failed to patch a major flaw in Windows,and are letting millions of customers suffer,till next Tuesday,and instead,third party software,from Ilfak Guilfanov,is now being used by major security firms:

http://news.com.com/Beating+Microsof...32.html?tag=nl

To add to MS woes,a first stage of "their patch" was leaked briefly onto the internet by an employee:

http://news.com.com/Microsoft+inadve...63.html?tag=nl

Later this year,Windows Vista will be let loose on a worldwide basis.Mr Gates is saying he wants to see a host of Microsoft products,integrated into everyday use.With Linux still not public mainstream,and the iMac not to everyone's taste,or budget,lets hope Google's anticipated low cost OS,and combined web browser hits the mark.I for one are sick and tired of playing Russian roulette with unpatched software,flawed promises,and the constant need to "clean" out my system,just because guys in the boardroom have lost the plot.

Curlyben · Jan 5, 2006, 08:10 AM

With this serious Windoze vulnerability floating around, I'm so glad I use Firefox, as the infected wmf files DON'T activate on page loading instead they try and download.
As Firefox asks what you want to do with it, it's a simple case of saying NO ;)

On the Google PC front, it seems it was a rumour and nothing more.
More Here.

This is one of the main reasons I surf with Paranoid mode FULLY engaged ;)
Firewalls on max (hardware AND software) Antivirus on KILL on detection, Antispyware on the same, Firefox and Fully patchs windoze box.
The only bad thing I do, as most other people do, is surf on an account that has FULL admin rights :eek:

Oh well got to give the blighters a chance ;)

NeedKarma · Jan 5, 2006, 08:32 AM

My next PC will not be a Vista OS. I'm in the beginning stages of researching Linux distributions and availability of applications.

fredg · Jan 5, 2006, 08:39 AM

Hi, Nez,
Very good post!
If one goes to Microsoft Windows Update, and see all the security patches, it is completely overwhelming.
Remember Internet Explorer 5.5? Many NewsGroups were ready to sue Microsoft, because of crashing browsers and security problems.
I guess when one is the largest, they don't have to produce quality.
Many examples are there for all to see, in regards to releasing programs before they are ready and not containing so many bugs. Maybe one day, Mr. Gates will wake up. But, that won't happen unless there is a major, significant boycott of Microsoft products, hitting him in his wallet!
Have a great day.

Nez · Jan 6, 2006, 06:53 AM

Just when you thought MS had lost the plot,out comes "That patch",which millions had been worried about.MS says the exploit was only medium,but security firms are'nt so sure.Oh yes,and if you use Windows 98,or god forbid,ME,then apparently,you are not vulnerable to attack :eek:

http://news.com.com/Microsoft+pushes...70.html?tag=nl

Good point Ben about Google.Apparently they are not bringing out an OS,and as usual,it was just media hype.

LTheobald · Jan 6, 2006, 07:35 AM

Oh joy Microsoft released a patch. But that's still a good 10 days since the bug was found. If this was an open source OS it would have been fixed a lot faster - especially it was over the Xmas period and most people would have been sitting at home allowing the turkey to digest.

As for Linux, well I have tried again and again to get Linux going on my PC permananetly but I always end up giving up. I don't won't to have to dive into online tutorials and shell consoles every time I want to install a new printer, MP3 player etc. Also at the same time, half my games don't work on Linux. I couldn't life without Black & White 2 at the moment! As Fred said, Windows is the largest OS with a small user base using Linux so why bother allowing your games to work for them?

You know, I think I might try Linux again myself at the weekend. I'll just have to dual boot for my games!

ScottGem · Jan 6, 2006, 07:44 AM

Originally Posted by fredg

Hi, Nez,
Very good post!
If one goes to Microsoft Windows Update, and see all the security patches, it is completely overwhelming.
Remember Internet Explorer 5.5? Many NewsGroups were ready to sue Microsoft, because of crashing browsers and security problems.
I guess when one is the largest, they don't have to produce quality.
Many examples are there for all to see, in regards to releasing programs before they are ready and not containing so many bugs. Maybe one day, Mr. Gates will wake up. But, that won't happen unless there is a major, significant boycott of Microsoft products, hitting him in his wallet!
Have a great day.

These comments show a lack of understanding of what is involved in building and maintaining an operating system especially one as complex as Windows. It also shows a lack of knowledge of current events.

The fact is that Mr Gates has woken up to the issues of security and has spoken very often in the last year or so about this issue. A lot of resources have been devoted to making Windows more secure. I'm not saying there isn't a lot more to be done, but its clear that Microsoft is making a distinct effort in this area. Yes its true that security was not always a prime issue with Microsoft. But that's true of much of computing. The Internet was not built with security as a priority. That lack is at the root of many security issues. DOS and earlier versions of Windows were not built with the Internet in mind. So the need for security was much lower.

Many software packages are very complex these days. The more complex the greater the possibility that bugs will slip through the testing process. Programmers are often at a disadvantage in finding bugs. That's they because they have a idea of how a program should be used, so they don't do things that might trigger a bug. That's why we have beta testing. Users will often try to do things that the programmers would never consider. Even so, until a program is out in production some bugs will never be found. This is just the nature of software, its been the case since the first computer bug was discovered.

Again, I'm not saying that there isn't more work to be done. However, I do believe that Redmond is doing a decent job at trying to deal with a world that is different from what they originally envisioned.

Scott<>

ScottGem · Jan 6, 2006, 07:52 AM

Originally Posted by LTheobald

Oh joy Microsoft released a patch. But that's still a good 10 days since the bug was found. If this was an open source OS it would have been fixed a lot faster - especially it was over the Xmas period and most people would have been sitting at home allowing the turkey to digest.

Umm, how many people were actually affected by this exploit? I don't recall reading of any. The exploit was found by a security firm that goes looking for such loopholes. So they can sell software to protect against them. They reported it to Microsoft, who rated the threat and responded accordingly. I might fault Microsoft for acting so slowly if the exploit had been found by a hacker and actually used. But that wasn't the case.

Recently, Microsoft was lambasted because they released a patch that had a side effect causing another problem. Now you are chiding them for being careful they don't do that again.

Microsoft is a big target, they deserve a lot of the darts thrown at them and I've thrown plenty myself. But I think we are jumping the gun here.

Scott<>

ScottGem · Jan 6, 2006, 08:04 AM

I just did a little more research on the WMF exploit. There seems to be some differences of opinion as to the severity of this threat. But one of the most important pieces was found here:

Originally Posted by http://www.eweek.com/article2/0,1895,1907359,00.asp

As I pointed out in an earlier piece, actual testing of 73 variants of this threat shows excellent protection common among anti-virus vendors. As of Saturday morning, the 100 percent list included AntiVir, Avast, BitDefender, ClamAV, Command, Dr Web, eSafe, eTrust-INO, eTrust-VET, Ewido, F-Secure, Fortinet, Kaspersky, McAfee, Nod32, Norman, Panda, Sophos, Symantec, Trend Micro and VirusBuster. If you're a user of one of these products and you keep your anti-virus updated, odds are good that you're protected against any exploits you're likely to see.

It seems that even if you aren't patched, your A/V will protect you.

fredg · Jan 6, 2006, 08:20 AM

Hi,
This is a quote below from a reply here:

"These comments show a lack of understanding of what is involved in building and maintaining an operating system especially one as complex as Windows."

This quote is an opinion, nothing else. It could apply to anything, as well as anyone, in many different categories.
Comments such as "This person does not have the experience to be posting in this category" is also an opinion.
Some suggest using the "disapproval" comments to indicate not approving of opinions given, by using another opinion! That is the question, concerning ratings, which probably will never be answered.
This latest "security" issue by Microsoft, as another pointed out, doesn't apply to Win98, 98SE, or ME. But, it's rather hard to find that from Microsoft unless one reads the FAQ's section of the particular site. And, from Microsoft's way of using language in writing, many don't understand it. I find some of it very confusing, mostly due to the type of writing.
If you wish to view it, it is at:
http://www.microsoft.com/technet/security/bulletin/ms
06-001.mspx
Best wishes to all.

Nez · Jan 6, 2006, 10:14 AM

This thread seems to be getting a little steamed up,so lets see if I can calm things down a little.Having a close member of the family working for MSUK,can have it's advantages,and side effects.One of these is hearing about this and that,what Media Player 11 can/can't do,what Vista looks like,although anyone can see this now:

http://www.microsoft.com/windowsvista/default.aspx

And generally getting into the "chit-chat" phase of what is going on.Obviousy,I am not privy to nearly all that happens at "you-know where",because,(a) I don't ask,and (b),I won't be told anyway.Before anyone thinks,wow,I must have access to great knowledge I do not.I am just like anyone else.Infact,as my profile shows,I work in the care field,as do a lot of family members.Except one member,who achieved a first in computer science and maths,at Aston University,Birmingham UK,achieved a masters,and now works for... er,you know who.
Often I am critical of the company.I have let rip at dinner parties,when the silence afterwards has been deafening.I've often praised Linux,praised Apple,and yes even thanked dear old Bill,for introducing me to 3.1 :D
At the end of the day,everyone has their opinions.I will give Redmond credit,where,and when it is due.I will also shake my head,when I think they have "goofed".The complexity of Windows is huge and could only be achieved by a dedicated team of experts,who really know what they are doing.Never the less,occasionally,experts need to be told,as it's "General Public" who pay the bills.

psi42 · Jan 6, 2006, 10:24 AM

Originally Posted by ScottGem

The exploit was found by a security firm that goes looking for such loopholes. So they can sell software to protect against them. They reported it to Microsoft, who rated the threat and responded accordingly. I might fault Microsoft for acting so slowly if the exploit had been found by a hacker and actually used.

There are actually multiple working malicious exploits in the wild:

http://isc.sans.org/diary.php?storyid=975

ScottGem · Jan 7, 2006, 07:00 AM

Originally Posted by fredg

Hi,
This is a quote below from a reply here:

"These comments show a lack of understanding of what is involved in building and maintaining an operating system especially one as complex as Windows."

This quote is an opinion, nothing else. It could apply to anything, as well as anyone, in many different categories.
Comments such as "This person does not have the experience to be posting in this category" is also an opinion.
Some suggest using the "disapproval" comments to indicate not approving of opinions given, by using another opinion! That is the question, concerning ratings, which probably will never be answered.

I'm not sure I understand what is being said here. True the quote expressed an opinion, as did the comments the quote referred to. I've said very often that an opinion needs to be based on some fact or logic, otherwise its invalid. Such opinions should be refuted.

I don't agree with using the ratings to show disapproval of opinions. Disapprovals should only be used to disagree with statements of fact, otherwise its an abuse of the system In my opinion.

However, I stand by my comments. As an IT pro who has been involved in application development, I do have an understanding of the complexity involved. Therefore I felt comfident in saying that the comments posted did not reflect such an understanding.

Scott<>

ScottGem · Jan 7, 2006, 07:02 AM

Originally Posted by psi42

There are actually multiple working malicious exploits in the wild:

http://isc.sans.org/diary.php?storyid=975

Reading at the link seems to indicate that while exploits have been found no machines have been infected. This appears to be because the A/V vendors moved quickly to update their products to detect and reject the exploits.

psi42 · Jan 7, 2006, 11:39 PM

Originally Posted by ScottGem

Reading at the link seems to indicate that while exploits have been found no machines have been infected. This appears to be because the A/V vendors moved quickly to update their products to detect and reject the exploits.

http://isc.sans.org/diary.php?rss&storyid=991