Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Windows Operating Systems Software Bug Security IT

13 New Windows Security Vunerabilities 410

Posted by CowboyNeal from the focused-on-security dept.
Petree writes "Microsoft has given advance notice that on February 8th, they will be releasing patches for 13 vunerabilities. Happily a day later they'll have a nice little webcast so answer questions about the vunerabilities. Windows users, don't forget to run WindowsUpdate first thing Monday morning."
This discussion has been archived. No new comments can be posted.

13 New Windows Security Vunerabilities More

13 New Windows Security Vunerabilities

Comments Filter:

  • "Run WindowsUpdate first thing Monday morning" (Score:5, Informative)

    by Anonymous Coward on Saturday February 05, 2005 @11:27AM (#11582509)
    And then again on Tuesday when the actual updates come out.

    • Redundant? (Score:5, Informative)

      by Anonymous Coward on Saturday February 05, 2005 @11:29AM (#11582529)
      The summary is wrong, and this is pointing out that fact. Running Windows Update on Monday won't get you anything since the updates come out on TUESDAY, aka the 8TH.

      • Re:Redundant? (Score:2, Funny)

        by Anonymous Coward
        Interesting. So you would suggest that the "moderators" actually read the "news" they put on their "site"? Weird.

    • Set it to auto update so you don't have to worry about it.

  • Booooring... (Score:4, Insightful)

    by Majorachre ( 115493 ) on Saturday February 05, 2005 @11:28AM (#11582517)
    Another day another vulnerability. This is getting old. What's the point in continually reporting this drivel? We all know MS has their issues - but frankly I'm getting tired of all the wasted space on /.
    You're preaching to the choir!!
    • You may have a point about "preaching to the choir," but here, much like in real life, people continue to do so. Besides, any day could be someone's first day on Slashdot, and we certainly wouldn't want this person to get the wrong idea.
    • If I recall correctly, the /. tagline is "News for Nerds. Stuff that matters." I believe, despite your objection and concern about the size of the /. article database (i.e. "wasted space") that this article fits the general area of interest. I might suggest that the next time you encounter something that bores you, you don't take the time to read it and comment on it, as that tends to muck up your boredom experience.
      • The first time this was news, the original article did fit the general idea of interest. Since it's become repetitive and hence waste of everyone's time (rather than space).

        Then again, even repetitive "good news" like this probably makes the day of many a MS-basher...
    • Perhaps to inform the many number of Windows user who read Slashdot that updates will be available on February 8th so that our systems can be kept up to date rather than have those unsecured systems we all love to hate.
    • Well, this is news for nerds. Patch your co-workers systems on Tuesday morning, or spend weeks fixing their wasted systems a month later.

    • The part that's newsworthy isn't "another Windows exploit discovered". The part that's newsworthy is that the way Microsoft is handling the issue is a complete about-face from the usual way that they handle it.

      Usually, a security hole is discovered by someone who then spends a considerable amount of time advising Microsoft about the vulnerability. Microsoft will then acknowledge receipt and mention something about fixing it some day. In the worst case, Microsoft completely ignores the reporter. One day

      • Re:Booooring... (Score:3, Interesting)

        by chris_mahan ( 256577 )
        What I want to know is this:

        Are the holes real?

        (I mean, I know there are so many holes in windows the swiss cheese manufacturing association is suing)

        Since the great unwashed masses are going to buy windows. (They are, trust me) and Microsoft, knowing this, wants to boost sales.

        They announce, in this order:

        A) We don't support windows 2000, 98, ME, for new vulnerablities, you need XP sp2.

        B) We are not going to provide windows updates to non-legal installations of the software.

        C) There are now lots and
    • Sort of. I too, get annoyed with all the Windows related "news" on /. But, the fact is that most Slashdot users are Windows users. As much as they go on about Linux or BSD or the GPL, they tend to be Windows users with only a smattering of experience in any other OS. I'd hazard a guess that about 80% of the readers are Windows users almost 100% of the time. 10% are mixed users who use Windows as their desktop and *nix for their servers at home. And the last 10% are *nix (including Mac OS X) users near

    • Re:Booooring... (Score:3, Insightful)

      by Malc ( 1751 )
      Another day, another anti-Microsoft zealot on /.

      Here are some recent security announcements from one of Linux's more reliable and secure distros:

      04/02/2005
      [DSA 667-1] New PostgreSQL packages fix arbitrary library loading
      *[DSA 667-1] New squid packages fix several vulnerabilities
      *[DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access

      02/02/2005
      [DSA 664-1] New cpio packages fix insecure file permissions

      01/02/2005
      *[DSA 663-1] New prozilla packages fix arbitrary code execution
      *[DSA 662-

      • Re:Booooring... (Score:5, Insightful)

        by Espectr0 ( 577637 ) on Saturday February 05, 2005 @02:33PM (#11583864) Journal
        Here are some recent security announcements from one of Linux's more reliable and secure distros:

        How many of those vulnerabilities are actually tied to the OS?

        Zero.

        How many of the windows vulnerabilities are tied to the OS?

        Mostly all of them.

        So do you want to count for example bsplayer's bugs so we can have a fair comparison against xine bugs?

      • Re:Booooring... (Score:4, Interesting)

        by Too Much Noise ( 755847 ) on Saturday February 05, 2005 @03:42PM (#11584458) Journal
        Attempting to draw sort of a line between "OS" and "irregular tools":

        [DSA 664-1] New cpio packages fix insecure file permissions
        It has been discovered, that cpio, a program to manage archives of files, creates output files with -O and -F with broken permissions due to a reset zero umask which allows local users to read or overwrite those files.
        Annoying, but hardly "critical"

        *[DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities
        This is actually a mixed bag.
        The Debian package accidently installed its configuration file /etc/pam_radius_auth.conf world-readable.
        rather embarassing, but Deb-specific.
        Leon Juranic discoverd an integer underflow in the mod_auth_radius module for Apache which is also present in libpam-radius-auth.
        more general, indeed.

        and even (assuming a KDE desktop):
        [DSA 660-1] New kdebase packages fix authentication bypass
        Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session.

        This problem has been fixed upstream in KDE 3.0.5 and is thereforefixed in the unstable (sid) and testing (sarge) distributions already.


        The rest are additional packages installed on a per-need basis. You don't argue MSSQL vulnerabilities are Windows vulnerabilities, do you? Or those of the compiler? (f2c indeed - that must be highly critical for home users)

        Contrast this with the Windows anouncement where the 10 vulns affecting the OS are rated Critical.

  • Why? (Score:5, Interesting)

    by Sophrosyne ( 630428 ) on Saturday February 05, 2005 @11:28AM (#11582518) Homepage
    Can't they roll them into one cumulative security update?

    • Re:Why? (Score:5, Funny)

      by drmaxx ( 692834 ) on Saturday February 05, 2005 @11:30AM (#11582537)
      they try - it's called Longhorn - they are just soooo many of them...

    • Re:Why? (Score:2, Interesting)

      by amberp ( 852278 )
      for 2 reasons
      1. There are too many (known and unknown) of vunerabilities.
      2. Even the known ones are too much to be fixed for various reasons.

    • Re:Why? (Score:4, Informative)

      by Zocalo ( 252965 ) on Saturday February 05, 2005 @11:43AM (#11582621) Homepage
      Mostly because not every one might appreciate having to download a huge patch for something they don't have installed. Also because the patches are covering multiple Windows versions, and EDS can tell you all about what happens [theregister.co.uk] when you apply a patch for one Windows varient over another...

      • Re:Why? (Score:3, Interesting)

        by totoanihilation ( 782326 )
        Every time I visit family, I make it a point to bring all the updates they could possibly need for their computer. (That, and bringing along new versions of firefox). It's a pain trying to figure out which updates they have, and which ones they don't and I end up spending an hour locating them all.
        Unfortunately, most of those I visit don't have broadband, so downloading 200 megs from WU doesn't work.

        On the other side of the fence, MacOSX updates always have a Combo version containing ALL previous updates,
        • It is possible to do something similar with Windows, namely integrate updates with the install image which can then be used to patch systems. I can't remember the exact name they give it, but I've done it in the past to get a fully patched XPSP1 install CD.
        • A year ago Microsoft released a patch CDROM for Windows 98/Me/2000 and (I think) XP that had cumulative updates for the operating systems up to that point. The CDROM was available free for the asking (and is real nice if you need to reinstall a machine)

          It would be nice if they released another one this year.

  • Damnit (Score:2, Funny)

    by mao che minh ( 611166 )
    And I just got done updating three or four ZEN images. I can't wait for the hundred times I'll be asked next week "can I click OK on the update thing or is that spyware?".
    • You know, at first I would be somewhat gladdened to hear an end user being careful of clicking a link, but I just realized that it really shows that spyware companies have basically become the terrorists* of the web. It's sad that people should have to worry about every link they click, even when a site seems like it's on the level.

      *Sorry for bringing that word into it, I just couldn't think of anything more descriptive.

  • At least they are actively patching... (Score:5, Interesting)

    by jmcmunn ( 307798 ) on Saturday February 05, 2005 @11:30AM (#11582534)

    Come on Slashdot, at least they are actively fixing their shit. You all bad mouth them for not fixing stuff fast enough, and then when they announce they are releasing a patch you try to find some way to bad mouth them for that?

    We're all bored of hearing how much people hate MS here...we KNOW you don't like them. Just leave it at that, and instead of reading and posting 600 replies here about how they suck, have some sort of intelligent conversation instead.
    • Yeah, OK, that's fine.

      But as others have said already, do we really need to hear about it every time?
    • While I largely agree that Microsoft is making an effort, they are still well short of where they ideally need to be. For instance, take a look at this [eeye.com], which is a remote exploit in a default Windows 2000 install allowing an attacker to gain full control over the system. That has to rate as a "Critical" on Microsoft's scale, and yet we are now six months and counting since eEye notified Microsoft of the problem and still no patch.

      Perhaps they need to make that idea they had of spending a month just squa

    • Ok, so we can bash them when the exact same thing happens for the next version, right? I mean we forgive them for everything XP and before, then hit them then? At what point is fixing errors not enough?

      • If you're telling me there is a bug free version of OS X or Linux anywhere out there, I'd like to see it. Every OS patches, and every OS has bugs. There is no point where fixing errors is going to stop. We WANT them to fix the errors, in fact most people only complain that they don't fix them faster.

        For all of those out there saying they have to "go get updates every N months" why not turn on Auto Update? You know how often I go get updates? Never. And yet I am always 100% up-to-date...man that is to
        • Finding a bug due to some ass not doing bounds checking is one thing. Finding it several times a week is another. Is this quantity of bugs permissible? How many security holes can an online game of chess have before it's no longer safe? In an OS?

          I hope people will at least be taken aback when we get security fixes for longhorn that we've already had for XP (that is, fixing the problems already patched in XP which weren't fixed or even noticed in the longhorn release). Also if there's a single new (i
    • The nice thing is at least Microsoft is taking their security problems seriously nowadays and are making patches available on a regular basis.

      Which does remind me: how does various commercial Linux distributions (Mandrake, SuSE, Linspire, etc.) provide patches for known code vulnerabilties? Do they use a system something akin to Windows Update?
      • Most of them have an automatic update service you can choose to run on a regular basis.

        The thing I find interesting is that during my time in the past as a Linux user the amount of security and bug updates being downloaded was very high compared to the amount of stories listed on Slashdot showing these updates.

        Hmm, wonder why that would be.

    • Seriously. Damned if they do and damned if they don't. I update atleast two or three software packages a day in Gentoo (most of them version revisions with bugfixes) and it's not all over the news.

  • Is this sort of thing still interesting to /. (Score:5, Insightful)

    by Chess_the_cat ( 653159 ) on Saturday February 05, 2005 @11:32AM (#11582548) Homepage
    I mean this is how the process works for any OS. Name the OS or system that doesn't require patches? I just don't see the point of this submission except to imply a Nelson-esque "Ha-Ha" where one isn't required. I run a dual-boot system and surprise, surprise, Linux likes to download fixes as well. In short: Who cares? Next stories: You may have a new e-mail in your inbox: Better check. Or how about: Make sure your version of Quicktime is current.

    • Tomorrow's Slashdot headline:

      5 New Linux Security Vulnerabilities

      Gentoo has given advance notice that 5 packages have problems and will be updated. Happily within the week they will explain them in the next Gentoo Weekly Newsletter. Gentoo users, don't forget to run 'emerge sync' in 15 minutes when your local Portage mirror is updated.

      Um, as you can see the same thing happens to any OS. The difference is that Gentoo does this: 1. write a patch to fix current version so users are safe, then 2. put

  • They don't need to (Score:5, Informative)

    by Jugalator ( 259273 ) on Saturday February 05, 2005 @11:34AM (#11582560) Journal
    Windows users, don't forget to run WindowsUpdate first thing Monday morning.

    These days, Windows users don't need to "run" Windows Update to grab security updates; the Windows service do that job, so they don't have to remember to do anything special on Tuesday. However, you need to actively visit windowsupdate.microsoft.com if you need other stuff than security updates.

    • Re:They don't need to (Score:2, Informative)

      by mosch ( 204 )
      Clearly you have no actual systems admin experience. Auto-update is a fantastic way to automatically take down your whole corporate network. Occasionally one of the updates will be incompatible with something, like say... an ethernet driver. Now if you have that ethernet card in your machine, you're offline. Not a huge problem, but annoying. If you have that ethernet card in every machine in your 2,000 employee company... huge, gigantic, enormous problem.
      • What the fuck is wrong with you. I just answered another troll in that I don't condone this system, I'm just telling you how it works. The truth is one again: Windows users don't need to actively "run" any special tool to grab security update, the service does that for you. However, if that's good or bad, I'm not even talking about.
    • Of course, the editor doesnt actually mean it, its just a taunt. This stupid "my patches vs your patches" game is ridiculous and further cements slashdot as a "teen hangout" than anything resembling a tech site.

      Not to mention running an update on most linux distros demands a serious amount of patching.

      If slashdot would stop taunting for two minutes, they would realize that MS has a policy of patching on the first tuesday of each month and once auto-updates are enabled this becomes a non-issue.

      Its getting
  • For those who are more knowledgeable...are we in the regime of Microsoft's Trusted Computing? I know Microsoft will continue to spew out info emphasizing a renewed effort in secure computer environments.
    • For those who are more knowledgeable...are we in the regime of Microsoft's Trusted Computing? I know Microsoft will continue to spew out info emphasizing a renewed effort in secure computer environments.

      Hm, trusted computing was their initiative with DRM in e.g. Office and WMP, the whole thing about the "Fritz" circuit, Palladium, etc. AFAIK, no WMA or Word Document DRM etc has been exploited, so I can't really see what that has to do with these news.
    • To have a "trusted computing" environment as they want it, we need hardware to ensure that software is what it says it is.

      Usually it involves having key (as in RSA) locked down in a temper-proof hardware chip, and the computer use that key to assert that the software it is about to run is indeed signed by and for that key. For example, a Linux kernel could be signed by such a key, and at boot time the system would validate it and if it passes, we can assume that it is not compromised by a virus or somethin

  • Every second Tuesday (Score:2, Informative)

    by NaCl ( 414038 )
    Microsoft releases updates for Windows XP every second Tuesday of the month, Windows users should be aware of that, as there always is something fixed.

  • PC Benchwarming (Score:4, Insightful)

    by bigskank ( 748551 ) on Saturday February 05, 2005 @11:40AM (#11582596)
    "Windows users, don't forget to run WindowsUpdate first thing Monday morning."

    Not just to rag on MS, but I will NOT be running my PC monday morning. Given microsoft's less-than-stellar history of patch releases (Service Pack 2 still gives me night terrors), I'll wait at least a week or so to see what problems these patches create.

    It's unfortunate that many PC users (including myself) would rather risk having their PCs zombified or their data erased for a while longer instead of installing the latest MS patch. For me, past experience has shown me it's less of a risk to just sit it out for a while and see what new holes these patches open.
    • Congratulations, you're the first person I know who has had problems with Service Pack 2.
    • The only SP2 installs I had fail on me were one custom CPU I own and one where the laptop was unpluged and the battery cut.

      But for hotfixes, patches, and lesser updates, I've never had a problem personally or with the hundereds of CPUs that come in to the desk [emerson.edu].

      Now, I find OS X updates as a whole better to deal with as Apple will milestone their updates. Something I wish Redmond would do more often. But to be honest, I've had some quick OS X updates fail on me more than Windows updates.
      • That's funny... Service Pack 2 shouldn't let you install unless you're running on AC power - gives you an error message. Of course, I usually install from the 450mb redistributable version, not Windows Update.

    • Re:PC Benchwarming (Score:2, Interesting)

      by jwcorder ( 776512 )
      What in the hell are you talking about? It's been at least 2 years since we have had a patch crash our machine here on a 5000 workstation environment.

      Not the mention that SP2 works great unless you happen to be running a in house application that was coded in basic back in 1942. Then you will have some problems. I have it running on about 10 workstations and I have had no problems except for once when I rolled back the install and corrupted a file. The only reason we haven't deployed it to all 5000 of o

  • New Slashdot format (Score:5, Funny)

    by EaterOfDog ( 759681 ) on Saturday February 05, 2005 @11:41AM (#11582605)
    10 Print New Awesome Mac Product 20 Print New Windows Security Problem 30 Goto 10
  • I'm not that much into windows, but this windows-update thingy seems like a great idea. My only question is - why don't they just release the patches once they're done? I mean - setting a specific date is like a release plan; we don't release just yet, but we estimate that we're ready on monday with it all.

    Especially security patches should be released immediately when they're done. Distributing the releases would probably also take some load of the servers. Or am I missing something about windows update?
    • Their corperate customers have asked them to schedule updates in this manner unless they absolutely must be pushed out in a hurry. MS previously released weekly on Tuesdays, now due to input from large corperate customers who like to plan downtimes and patches they do it once a month.
    • This was decided some time ago when there were so many patches that people started to notice how leaky the system is, and wondered why they had to go to Windows Update once or twice every week.

    • Re:Explain this to a non-windows guy (Score:4, Informative)

      by Emperor Skull ( 680972 ) on Saturday February 05, 2005 @11:58AM (#11582714)
      Past experience has shown that exploits are developed very quickly after a patch is released. Without advance notice admins can't schedule or plan to deploy updates. I test and approve patches for about 3000 Windows machines. I'm also in Louisiana where this happens to be a 4 day weekend because of Mardi Gras. Had a critical patch been released on Thursday or Friday I probably wouldn't get to even look at it before next Wednesday. If an exploit was released before then, then well my first day back is going to be a real bad day. While the second Tuesday of the Month might not be perfect for everybody, at least we can plan for it. I know I'll remote in and approve the patches for deployment to my test lab sometime on Mardi Gras day (and watch bugtraq and other places to help determine how important it is to deploy these quickly.) ES

  • Idiots (Score:3, Informative)

    by essdodson ( 466448 ) on Saturday February 05, 2005 @11:43AM (#11582620) Homepage
    1) It's Tuesday not Monday; afternoon rather than morning as they seem to release about noon time PST.
    2) This is a repeat.

  • AntiSpyware (Score:3, Informative)

    by inertia187 ( 156602 ) on Saturday February 05, 2005 @11:46AM (#11582638) Homepage Journal
    If you haven't done it already, go to microsoft.com and search for antispyware. Install Microsoft AntiSpyware (beta). You'd be surprised how many trojans and spyware it will find on your "secure" Windows boxen.

    Microsoft didn't write it. It's GIANT AntiSpyware with a new label. It may think some of your legitimate apps are spyware, like VNC, but it usually marks them as ignore by default anyway. It's great if you forgot they were there or someone else installed them without your knowledge.
  • While you're patching your lovely Windows box and doing the reboot parade, why not switch over [iogear.com] to your Mac Mini [apple.com] and catch up on some Ruby tutorials [ibm.com]? =)
  • Some Windows users (like myself) shut off the "Automatic update" service (along with many others) in order to have less system resources used (and less vulnerabilities) while doing what really matters...surfing for porn! Although I can understand the disgust with constantly hearing about patches, there are some people who might not hear about them any other way.

  • A couple of the updates (Score:3, Funny)

    by Sophrosyne ( 630428 ) on Saturday February 05, 2005 @12:01PM (#11582745) Homepage
    # Windows XP Media Center Edition may unexpectedly crash while being shown before large audiences.
    # User may 'hijack' Internet Explorer settings, this update will reset your Internet Explorer start page and search settings to the new and improved MSN Search.
    # Fixes vulnerability that allows users to view old Teen-Beat photographs that may contain images that could shock your system!
  • Anyone got any tips for remote updating office installs? SUS only works for Windows updates.

    There's various methods for updating office, some that appear to require the user to have admin privs, keeping a local copy of office install source on the computer at all times, etc, etc...

    It's all a mess if you have various versions of office out there... :-(

  • Did You RTFA? (Score:5, Informative)

    by Rolan ( 20257 ) * on Saturday February 05, 2005 @12:14PM (#11582819) Homepage Journal
    1) The 8th is TUESDAY and the SECOND TUESDAY of every month is when Microsoft does their patch releases (unless they're so critical they release them out of cycle).
    2) It's not 13 patchs for windows. As the article could not state any clearer it's:

    9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.
    1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.


    3) Read before you submit.
    • Rolan so eloquantly said:
      2) It's not 13 patchs for windows.
      Ummm...I ask you to name any one other operating system than Windows that these should be applied to.

      a.) the last time I checked, 9+1+1+1+1 = ...wait for it... 13

      b.) these are only for machines running Windows.

      Therefore, 13 new Windows security vulnerabilities.

      • No, that would be 10 for windows, and 3 for things that run on windows, and other OSes for that matter. I know at least one person who got SharePoint running on a linux machine.

  • Making a more secure Windows (Score:3, Informative)

    by The Fifth Man ( 99745 ) on Saturday February 05, 2005 @12:17PM (#11582833)

    IE always seems to be the weak point, or the HTML subsystem... Even if it isn't, I've got instructions on removing several subsystems [vorck.com] from Windows that will make it more secure.

    Check out my page on Windows patches [vorck.com], I think it's a convincing argument to rip all of this stuff out of Windows. Just download the files, drag-drop-replace, burn, and install.

    XP subsystem removal software [msfn.org] here.

  • Linux vulnerablities reports appear at about the same frequency as Windows ones.
    But where Linux vulnerablities are reported one per report, with Windows you get a 3-15 bundles with Windows... Maybe this kind of tactic, you hear about Linux problems at least as often as about Windows, so it leaves you with impression they are the same level...

    When was the last time Linux developers shipped 13 different vulnerablity patches at once?
  • The people that actually keep up with these updates are the same people that use McCaffee and that enable encryption on their WIFI routers; they are the slightly-savvy citizens of the Microsoft community, and are a minority--and are probably already protected from these exploits beforehand, by some third-party software somewhere. While everyone else, that doesn't have the time or know-how to protect their PCs are the ones getting hurt the worst by these vulnerabilities. I think updates should be forced by
  • Windows users, don't forget to run WindowsUpdate first thing Monday morning.
    Virus writers, don't forget to exploit these vulnerabilities before then.

  • aspell, anyone? (Score:4, Informative)

    by kernelistic ( 160323 ) on Saturday February 05, 2005 @12:42PM (#11583012)
    Come on guys, how hard could spelling "Vulnerabilities" correctly be?

  • The problem with windows is (Score:3, Insightful)

    by CastrTroy ( 595695 ) on Saturday February 05, 2005 @12:46PM (#11583051)
    The real problem with windows is that every 2-3 years they come out with a new version and have to go through all this crap all over again. Just when they've fixed most of the bugs, they come out with a new version, get everyone to upgrade, and we're back to the beginning. Windows 98 runs just about everything. And at this point most of the bugs have been patched. I knew guys that were still using windows 95 osr2 in 2000 because it was one of the most stable and streamlined systems available.

    • Re:The problem with windows is (Score:5, Interesting)

      by ledow ( 319597 ) on Saturday February 05, 2005 @02:35PM (#11583876) Homepage
      I have to agree with CastrTroy here... I run 98SE for the exact reason he has stated. I provide tech support to 6 different schools in my area and I'm having to turn new job offers down because I just don't have enough hours in the week to do them.

      Everyone is surprised that I run 98 but, especially now, I know the problems that it has and I have systems in place to stop them. I know it crashes a lot but I also know how to fix it. I've never lost a windows 95/98/me installation yet. However, the XP and 2K machines that I support will lock into all sorts of reboot loops and cryptic stop messages that I can nothing about but restore from backup.

      The schools I work for were stung big-time by things like Sasser, they were taken completely off-guard and all reached a critical state within a few days when not one of their PC's would stay up for more than a few minutes.

      Because of my setup and because of the way that viruses are now only targeting the new vulnerabilities, I'm pretty safe. I've NEVER, repeat NEVER, had a virus on any computer that I own and for many years didn't even bother with an antivirus.

      Nowadays, the only reason I have antivirus is so that I can scan emails from people who forward me crap and ask "is this a virus/trojan etc?". Most of the time, it's a yes before I even bother to scan it.

      Virus writers are not targetting me, they'd have a very hard time if they did because I'm not stupid.
      My IE is up-to-date and never used, because I realised many years ago what a mistake it is to use it. IE is installed purely for Windows Update.

      I have people who I support who are still happily running 98, even 95, some of whom are years behind on updates and they don't have a problem because they are educated, firewalled, know what not to do and have established measures in place, have had for years.

      Only the 2000/XP computers that I support have problems with such junk because, like Sasser, there was little a user could do to prevent it as it came out of the blue. That's what 98 was like many years ago but we've since established a routine that prevents that.

      There is NOTHING WRONG with running an older Windows OS, even an out-of-date, not-updated OS. Sure, I wouldn't use it as a server but then I wouldn't use Windows as a server given half a choice, precisely because of it's many problems.

      Windows "automatic update" has screwed up many a machine that I support, and given all sorts of weird problems becuase of it installing crap and hogging internet connections.

      Windows 98 works for me, does everything I need to, is blindingly fast (but you don't notice that until you use it after using XP), behind a suitable set of protective measures is as safe as a Windows 2000/XP machine behind the same measures, easy to recover and suffers less problems overall.

      Experiment for the adventurous: Get a Windows 3.1 box, install TCP/IP and put it on the net. Wait for it to be compromised. Perform similar action on XP/2K, even with latest updates.

      One of my firewalls is still running a Linux 2.0 kernel because it's simple, safe, and works. Old decrepid. Old = tried and tested.

      Ask NASA why they won't put a Intel with XP controlling the space shuttle. Now ask them why they would use a Z80 with something like CP/M or Unix.

  • Safe Surfering (Score:3, Insightful)

    by Mybrid ( 410232 ) on Saturday February 05, 2005 @01:37PM (#11583480)
    It is trivial to run Microsoft without anit-virus software or anti-adware software safely.

    Let's call this safe surfing.

    The answer is to surf the web as user "Guest".

    There are a lot of things to be said about this but the most important is that Microsoft doesn't care about security because they don't educate this or default to this.

    As a computer consultant every day I get asked about safe computing. My answer on windows is this:

    1. Don't use Microsoft Express or Outlook at home. Instead use web email clients like Yahoo.
    2. Don't click on email links. Instead, cut-copy-paste the text of the displayed link into a new browser window.
    3. Log out as your account and log in as Guest whenever you 1.) use Windows Media Player or 2.) or 2.) surf unfamiliar web sites.

    People squawk about having to log out and log in as a different user. I tell them safe computing is no different than safe sex. You need to take responsibility. You need to decide how important being safe is to you.

    By enabling the Guest account and suring the web as guest, virus and adware can't install software, touch the registry, or write to anywhere on the disk other than the account folder for Guest. If the Guest account ever gets corrupted just delete it and create a new one.

    However, unlike with Unix, Windows is a hostile environment for mixing users.

    On Unix its easy. Just enable "sudo". Your default security mode is one of no access, user mode. You have to make a conscience choice to run with sudo.

    It is very unsatisying to run as "Guest" in Windows and then "Run As" a secure user and hardly anyone does it. It's almost futile to install software as an user on Windows other than someone with admin privileges. Almost every major software vendor's install willl fail unless admin privileges are used. By contrast, no such barrier exists in Unix. The "--prefix" option to most software will allow you to run from your home directory. And it's not always just the big things, but little things too. Unix uses the "~/username" shortcut to easily afford copying files between accounts.

    It is possible even in today's Microsoft environment to guarantee yourself the impact of a virus or adware can be contained to a sandbox, Guest user account.

    The fact that Microsoft doesn't make "RunAs Guest" the default security model as does Unix is something that Microsoft should be held accountable for.

    But the reality is Microsoft just doesn't care about security. The only care enough to give it lip service.

  • Instead of the Following... (Score:5, Funny)

    by Master of Transhuman ( 597628 ) on Saturday February 05, 2005 @02:57PM (#11584052) Homepage
    "Windows users, don't forget to run WindowsUpdate first thing Monday morning."

    I think he meant to say:

    Install Linux first thing Monday morning...

    I say: Why wait? Use the weekend wisely...

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close