Microsoft rushes out emergency fix for critical Windows bug Microsoft on Monday rushed out an emergency patch for a critical vulnerability that criminals are exploiting to install malware on all supported versions of the Windows operating system. As promised Friday, Microsoft released the update outside of its normal patching schedule because the vulnerability is being actively …
..I'll stick with Windows and it's availabilty of software and drivers.
There, that's the pointless statement balanced out.
Of course I'm sure you already know that Open Source software has 0 bugs and 0 vuls. That's why there have been 0 security updates for the likes of Linux & Firefox for the last 10 years. Correct?
Open Source has plenty of bugs. And Linux may well be full of security holes, but since it's less popular than MS OS's, there are very few exploits doing the rounds. I'm sure if we all switched to Linux based machines, it'd only be a matter of time before we were back to our usual routine of patching holes every other day.
And as for your use of Firefox as an example, no, there hasn't been many security updates for it, but there have been plenty of bugs patched over the last few years.
Say all you want about IE, it may not display web content properly, or conform to any known standards, but at least it left the inflated memory usage to the operating system ;)
"I'm sure if we all switched to Linux based machines, it'd only be a matter of time before we were back to our usual routine of patching holes every other day."
Very true. At least the repository system employed by many Linux distros would make that task much, much easier and there'd be no need to reboot the machine (well...rarely a need, kernel updates).
Isn't it a tad more accurate to say that MicroSoft was the attack on SCADA; and the inevitable repercussion was SCADA systems that are vulnerable to all manner of compromise... The SCADA suppliers shoulder the blame as well; but it is hard to believe that many companies would make the decision to switch platforms had the inherent design flaws of Windows been admitted.
I've read this article, and followed links to 2 previous articles and the nearest I can find to useful information in any of them is that "even fully patched Windows 7 machines are vulnerable".
Does this mean that all Windows machinea from 2.0 onwards are affected? What about x64 versions?
Come on Reg, if you're going to report this stuff at least give us useful information. I look after systems running everything from 2000 onwards in all desktop and server flavours - throw me a bone here!
it was used to attack "systems that control sensitive equipment at power plants, gas refineries, and other other critical infrastructure" -- now what idiot would use Windows on any system connected to THAT?!?!
(Yes, I know, your nearest electricity company... *sigh* Another reason why admins should make software acquisition decisions, and not the fatheads up yonder where they don't even have the faintest idea what they're doing to us admins...)
Coat, beer, exit stage left...
The trouble with getting admins to choose which software to run is that Windows admins will always choose Windows, Linux admins will always choose Linux, AIX admins will always choose AIX etc. etc.
You need to have senior engineering/design staff who know all the systems in use in a company and all those available, they can then take appropriate advice from vendors, management, others experienced in the field and make an appropriate decision. Guess what? Sometimes the correct answer is Windows. SCADA can run happily on Windows, it's when it is connected to public networks or if removeable media is allowed, that this becomes a problem (the same with any other system running SCADA).
So-labelled "Windows admins," "Linux admins," and so on are usually hired by the same imbeciles who soak up the relevant advertising talk-up by the respective suppliers.
There actually are simple, straight "admins" out there whose only aim is to run the rigs as best possible. If that means that, because of user preferences, the office workstations run Windows, so be it. More maintenance, but the better user relations usually make up for that. But on mission critical systems, the plain admins (myself included) will only install Windows (or any of several other security-impacted systems, including certain Linux and BSD distributions) if directly ordered to, and hand in their resignations during the process.
I know that older versions of Windows used to specifically state in their T&C that they shouldn't be used for mission critical systems. I think they even mentioned nuclear facilities by name. Anyone know if that's changed recently?
As a casual user I can be blasé about such things but I would expect those operating critical plant would take things like that far more seriously. If MS continues to advise against mission critical use of Windows then it's the facility operators fault for inappropriate use of tools.
If so that would make Vista and Windows 7 fairly(*) secure out of the box. Until the user gets annoyed with the dialogs and some interweb commentard shows them how to disable UAC. Come to that it would mean XP could be made fairly safe but you have to be a bit of a masochist to run as a limited user on that OS :)
(*)Yeah I know - a poxy dialog with 'Yes'/'No' buttons isn't very secure. Having to enter a different user's credentials is better but tbh even I don't bother with that. Still - as long as Windows asks first that's a big improvement.
I go both ways, I use Windows but use a lot Open Source software on it. I even have Ubuntu too. I'm Bi-OS!
I'm thinking of even posibly trying a bit of the old Apple too! So I guess that means i'll be into threesomes if I do! Yeah, I'm a computer slut! But apparently apple stuff if the best and I will be a better person if I use their stuff!
Can we just agree that all computers and all software are shit?
Well, I've just called my Mum and she says she didn't look at it. So I guess that your claim that everyone else looked at this article is an "epic fail, n00b, lolz."
I read the technet post, my point was that the Reg could have outlined the affected sytems in their articles.
Now, if you're going to be an acerbic twat at least have the bollocks to do it without posting anonymously.
"Well, I've just called my Mum and she says she didn't look at it. So I guess that your claim that everyone else looked at this article is an "epic fail, n00b, lolz."
I don't think he did claim that everyone else looked at the article. I think he claimed that he would have expected anyone involved in systems management to look at it, and the associate tech net page.
I would expect anyone involved in systems management on Windows to keep up to date with at least Microsoft Security reports. I would not expect anyone who isn't involved in systems management, and is not interested, to keep up to date.
So, unless your mum is a systems admin, I doubt she would have read the article.
It annoys me all the silly comments from the Penguin lovers out there!
The steady stream of security patches for Windows is more to do with its market dominance, particularly in the home user area and the typical user base. Linux has enjoyed a good period of security by obscurity for a long time and is generally used by the more intelligent user, who is less likely to be compromised by falling for daft malware scams, where as Windows used by countless numpties in almost every home.
But as, and probably when, Linux really breaks into the mainstream market that Windows dominates in a big way that will change and there will no doubt be a steady stream of security patches for Linux too.
As many people have pointed out there is already a steady stream of updates/patches for Linux distros. The main difference is that they come out at any time as soon as a problem is fixed or a new version becomes available. The major distros can automatically update, if that's what you want, and because rebooting is not required (except for kernel upgrades) the only way a user will know is if the logs are read or an application notifies such as a Firefox upgrade page.
A superior system
Actually, as I read previous posts; all but two seemed to be Windows fans; the very first being overtly 'Linux rools and Window$ suck$' variety.
Perhaps the correct mode of reponse is 'let's try and produce this effect on Linux desktop icons' from all the Windows fans.
Yes. Linux does have security issues; my updater routinely updates a number each week. Perhaps MS could start a resarch project into Linux/Unix security failings and publish them, (with the evidence that Windows does not have the issues)?
As I've previously posted
http://www.kb.cert.org/vuls/id/940193
"Microsoft Windows fails to safely obtain icons for shortcut files. When Windows displays Control Panel items, it will initialize each object for the purpose of providing *dynamic icon functionality*. This means that a Control Panel applet will execute code when the icon is displayed in Windows. Through use of a shortcut file, an attacker can specify a malicious DLL that is to be *processed within the context of the Windows Control Panel*, which will result in arbitrary code execution."
And no - as far as I'm aware there's no possibility that Linux desktop icons are susceptible to this sort of nonsense.
I would assume we are all professionals here, so here's an idea to chew on...
1) No matter what OS you're running - Someone will ALWAYS create a way of exploiting it
Hell, those pesky aliens in Indepandance day flew 50 million light years to have a computer virus installed on them by pesky humans lol....
*Paris - cos come on....she gotta be infected, exploited and more.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
