
A question
I've only ever come across Browser Election in the context of a local network. Is it a purely local problem? Or can it be exploited from outside (ie for most people, from the WAN side of their router)?
Security researchers have warned of a new vulnerability afflicting older versions of Windows that could allow attackers to take complete control of machines running the operating systems. The flaw in “BowserWriteErrorLogEntry()” function within the Windows mrxsmb.sys driver “could be exploited by remote attackers or malicious …
Browser elections are caused by broadcast packets. Your WAN link onto the internet shouldn't be receiving broadcasts (your ISP shouldn't pass any on) so, unless a browser election can be caused by non-broadcast packets it's unlikely that it will work outside of the local network segment.
Furthermore, I'm pretty sure that the default settings for XP/2003 have the firewall switched on, so browser related packets/SMB packets shouldn't get to a WAN interface anyway.
Yes. Some exploits would be found, but the Unix security model is more robust than Windows so the chances are that the problems would be more limited. In addition to the security model, Linux is a less heterogeneous environment: virus writers can't assume that everything will always be in the same place regardless of the distribution.
And finally of course, it's worth pointing out that the very many millions of publicly reachable Linux servers out there have proved themselves to be pretty robust.
You're right to say that if a very large percentage of personal computers (desktops, laptops, tablets, phones etc) were running Linux there'd be more pressure, but I don't think the problems would be as bad as they are with Windows boxes. And I agree with a previous contributor who said that any problem that did arise would soon be fixed. What's more the fixes would be more likely to be applied. Updates, security or otherwise, on a Linux box are a dream compared to Windows.
Cheers
Peredur
With Windows, only State Criminals can inspect source code, which they do. With Linux, everybody can do and it means there are way fewer exploits in existence.
Also, there are Linux Security Modules, which can isolate stinking piles of application code. You only need to trust into AppArmor, not random application programs. This is a systematic approach of securely running untrusted code. The pros at NSA have SE Linux, which is similar.
This term refers to people who can break the law without sanction, because they are members of an "intelligence organization".
US cables claim Chinese Intel did exactly that with Windows source to create spearphishing torjans. US Intel can abduct and torture people. These people I am referring to. By the way, why AC ? Why can't M$ share all except their copyprotection code with everybody ?
I think you'll find that illegality that goes on within government is still punished, there are several trials on in the UK at the moment of MI6 (IIRC) staff who were alleged to be complicit in torture.
MS don't have to share their code with anyone, it's commercial software and closed source. Just because other companies/organisations do share their software doesn't mean that all have to. They made a decision, rightly or wrongly and are sticking to it. Presumably they don't supply their code to everyone because they don't want everyone knowing their techniques and algorithms.
PS Why AC? Because I don't like some of the nastier comments that happen here, many boarder on bullying. Also, which phone book will I be able to find "Ubuntu is a better slide rule" in, you're just as anonymous I don't know that you don't have multiple personas etc. do I?
I mean, the holes we'd find if Linux ran on 90% of desktops might be "very few"... he's not saying there will be the same number of problems, just that with a larger user base, more problems would come to light than with a small user base. And if you believe that a larger user base would show no more problems than a small one, then *your* lack of knowledge is showing.
In fact, all bug hunting depends on the convergence of a smaller user base approximating the real world as either time spent on test of the size of the test population increases. As either of those parameters gets larger, the frequency with which bugs are located decreases. Eventually the rate at which bugs are found in both sets are equivalent for practical purposes.
I'm not even a programmer and I learned that from the HP programming boffins back when HP actually HAD programming boffins.
...I'm assuming.
We've had vulnerabilities in Windows WordPad. A TEXT EDITOR, a CUT-DOWN TEXT EDITOR, can - could - be used to execute malicious software.
So what is it this time... a "BrowserWriteErrorLogEntry" function. Apparently a program to STORE ERROR MESSAGES can accidentally enrol your PC into a botnet. Well THANK YOU MORON DEVELOPERS.
...well done, a Peguin with sense.
However lets update it, maybe redtop stylee
Shock! 10 year old software has more secruity holes than new software!
Outrage as holes are found in old, obsolete software shocker! Dave from Dagenham says "Why should I upgrade? They shoud continue to fully support XP until the year 3097, or until at least I can get a free copy of Windows 7"
Many, many moons ago when the world was young only the very geeky kids got to play with computers and software, but in the last 25 years it has exploded on a par with a big-bang type blow-up! Software many moons ago would have been used by a small percentage of people who mostly understood it, now with an average of 3-4 PCs per household, phones, tablets, etc the amount of software we are surrounded by is just staggering. Flipping heck, even my DSLR camera comes with 3MB of software in the firmware!
The problem is that software is coded by human beings and tested by human beings, not necessarily in the same style as a simple C prog written 25 years ago but not entirely different mindsets. Software and patches are distributed not to a small handful of people anymore but millions or people get that code.
Not blaming anyone in particular in the least, we just need to understand that this is not backroom coding for a small minority anymore but a piece of code you put together today could be out there running on 60 million devices by the end of next week a staggering thought, the scale of software and gadget use needs to be remembered at all times.
Until I can just go 'install + use' I'll remain here on XP.
I need to be able to just plug in my gadgets and not arse around with various breeds of penguin.
I'm a simple human being that doesn't understand all the 'it's simple -- but sometimes . . .' that comes with the versions of 'nix.
> Until I can just go 'install + use' I'll remain here on XP.
Dear Mr. (aptly-named) Phud:
sudo apt-get install <whatever>.
Usability? Try ripping a music CD (that you legitimately posses) using any of commonly available rippers for M$ Windows -- not to be confused with X Windows, the foundation of the Linux GUI and having many environments with usability enhancements such as multiple virtual desktops (try install + use on XP for that). But I digress. Now try ripping using K3B on a Linux system. You can thank me once you get over how easy and intuitive it is.
Tired of waiting several minutes for M$ Office to load a small document? Or trying to find, then install + use a utility that will convert old-old Office files? Then do like I suggested to a colleague and apt-get Open Office (or Libre Office). He's never looked back.
And in case you're worried about the cost: it's all free. As in beer, and in speech. No need to spend money on software that tries to lock you in to a failing monopoly.
You're welcome. Literally.
But you can go back to your spot under the bridge if that's really what you'd prefer. In full disclosure I should point out that Linux doesn't need to pay people to spread FUD the way M$ does; you might lose some income.
Well, yes I am, actually.
This must surely be the most analyzed component in all of Windows. Not only is it network facing, and so naturally attracts the attention of black hats, it has been almost totally reversed engineered by the good Samba people. In short, this vulnerability has sat "undiscovered but in plain view" for half a decade or more.
No matter what your opinion of Microsoft's quality control, *that's* surprising. Who knew that the black hats were so lame?