All Things Microsoft > Microsoft as a Company

SP2 Fails in security

<< < (2/3) > >>

Refalm:

quote:Aloone: You would have to be an idiot for these exploits to affect you.

http://www.heise.de/security/artikel/50051
--- End quote ---


You'd be surprised. I've had people comming to me with a complaint: "there's some application that won't open". Turns out, they where trying to open an e-mail attatchment called "YourDocument.doc.vbs" by someone called "Mr. V1agra". Luckily for them, the virus scanner stopped their stupidity before I had to get the Norton Ghost diskette (again).

Orethrius:
...and it's things like this that make me wonder why Microsoft doesn't just include some filename-scanner-icon-viewer thingy in the next incarnation of Outlook.  Nothing big, just five lines of code that scan the last four characters of the file path for ".vbs" and displays an icon to the effect of "THIS IS A VIRUS, DIPSHIT!  DO NOT OPEN IT IF YOU VALUE YOUR DATA!" if they're found.  Shouldn't be THAT HARD to do.

EDIT:  Or better yet, just have it remove the damned things!  I mean seriously, who bothers emailing VBS scripts these days?  Little Timmy trying to be a 1337 script kiddy h4x0r?

[ August 19, 2004: Message edited by: Midnight Candidate/BOB ]

hm_murdock:
Imagine that. They found a bug in software.

Say it isn't so.

I just love the fatalistic title: SP2 FAILS IN SECURITY. How convenient that you forget that there was once four exploits found for Linux within days after a kernel release. And then, also convenient that you failed to mention the string of holes found in OS X over the course of a week following the release of 10.2.2.

'Tis software, and no software is perfect. All software has bugs. You know what would be cool? If instead of blabbing the details of exploits to the whole world, they only told the people who make the software and then they released a patch.

That would make the world a better place, and I said it so this is how it should be done.

flap:

quote:Originally posted by JimmyJames: GenSTEP Founder:
You know what would be cool? If instead of blabbing the details of exploits to the whole world, they only told the people who make the software and then they released a patch.

That would make the world a better place, and I said it so this is how it should be done.
--- End quote ---


No it wouldn't. The idea behind telling people about vulnerabilities before they've been fixed is that they then have a chance of implementing workarounds or turning off affected services.

solarismka:

quote:Originally posted by JimmyJames: GenSTEP Founder:
Imagine that. They found a bug in software.

Say it isn't so.
--- End quote ---


There is a big difference between a bug aand an exploit that can take down the whole machine!

 
quote:
I just love the fatalistic title: SP2 FAILS IN SECURITY.
--- End quote ---



Yep, me too.  Has a lot of truth to it.

 
quote:
 How convenient that you forget that there was once four exploits found for Linux within days after a kernel release.
--- End quote ---



What exploits.  Alll of them were NOT threats to the end user.  They were fixed imediatly and they didn't threaten the end user in anyway.  

 
quote:
 And then, also convenient that you failed to mention the string of holes found in OS X over the course of a week following the release of 10.2.2.

--- End quote ---


Whats to mention.  Again.  Mac OSX fixed those sploits and again there was no threat to the end user.  Second the upgrades and implimintation of those programs were FULL upgrades.  Not just shoddy patches.  The patches that fixed those mistakes did NOT take down the whole machine and did NOT open up even more holes.


 
quote:
'Tis software, and no software is perfect. All software has bugs.
--- End quote ---


Of course.  I agree.  But there is a difference when a bulti billion dollar company, that has been around for a long time, keeps making the same mistakes.


 
quote:
 You know what would be cool? If instead of blabbing the details of exploits to the whole world, they only told the people who make the software and then they released a patch.

--- End quote ---


Hence why M$, I think is in trouble.  At least when an exploit is released in the wild.  It has full disclosure, so they have the understanding of the workings of the exploit, thus they can fix it.

 
quote:
That would make the world a better place, and I said it so this is how it should be done.
--- End quote ---



I disagree.

[ August 19, 2004: Message edited by: kn0wn / BOB ]

Navigation

[0] Message Index

[#] Next page

[*] Previous page