Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Critical Patch Fixes 8 Vulnerabilities

CmdrTaco posted more than 5 years ago | from the your-server-is-sick dept.

Security 202

nandemoari writes "A hole allowing hackers to take control of Microsoft Exchange was just one 'critical' issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer browser, Office, and its SQL Server. Three of the eight vulnerabilities patched yesterday were marked 'critical.' The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be exploited when a user opens or previews an email in the Transport Neutral Encapsulation Format (TNEF)."

cancel ×

202 comments

Doesn't Sound so Bad (5, Funny)

segedunum (883035) | more than 5 years ago | (#26814273)

Many people would love to outsource management of Exchange server, and it's even better if someone wants to do it for free.

Re:Doesn't Sound so Bad (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26814921)

I'd like a free message to Think about your breathing

Re:Doesn't Sound so Bad (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26815315)

wat

Re:Doesn't Sound so Bad (0)

Anonymous Coward | more than 5 years ago | (#26815591)

I breath with...*pshhhhhht*...a mechanical...*pshhhhhhht*...ventilator you...*pshhhhhht*...insensitive clod! *pshhhht*

Re:Doesn't Sound so Bad (0)

Anonymous Coward | more than 5 years ago | (#26816071)

Son of a bitch.

Re:Doesn't Sound so Bad (1)

urbanriot (924981) | more than 5 years ago | (#26815325)

Why? If a company with in house IT can't administer an Exchange server, there's something seriously wrong with their staff selection.

Re:Doesn't Sound so Bad (2, Interesting)

SatanicPuppy (611928) | more than 5 years ago | (#26815641)

Maybe their budget doesn't stretch so far as to be able to employ 1 guy to do nothing but manage a mail server.

Exchange is a big pain in the ass, and it doesn't scale very well. I hate it, and all I have to do with it is keep it from ever touching the web directly.

Re:Doesn't Sound so Bad (1)

DarkOx (621550) | more than 5 years ago | (#26815969)

E2k7 is a major leap forward in terms of scalability and touch requirement's. Its probably easier to architect correctly as well compared with e2k3. E2k3 and prior could actually scale pretty well but you had to be an exchange guru to do it right and spend a lot of energy managing the environment. They also worked ok for small single server shops out of box with little touch. It was the vast space in the middle they handled poorly.

E2K7 strikes me as something that would be a bit of bare for anyone not and IT professional to handle. Its architecture is much better and encourages better deployment design so a non expert can probably do a good job with it, even as things get pretty big. I doubt many part time admins in the small business would would have much success at all though.

Re:Doesn't Sound so Bad (2, Interesting)

SatanicPuppy (611928) | more than 5 years ago | (#26816109)

Let me start by saying that I never want to see the words "bare" and "it professional" in the same sentence. Ew. Ew. Ewwwwwwwwwwww.

That being said, I'll acknowledge that Exchange is actually improving pretty dramatically between releases. Even 2k3 is so far ahead of earlier Exchange releases as to be almost unrecognizable. We run about 300 users on a pretty small hardware footprint, and, provided you run everything through an antivirus before you send it to the users, it all works with little supervision.

I used to spend time trying to ween people off of Exchange, but it's practically impossible. Nothing else on the market compares...Even the big commercial competitor Lotus is a joke compared to Exchange.

Re:Doesn't Sound so Bad (0, Offtopic)

NatasRevol (731260) | more than 5 years ago | (#26816341)

I run Mac OS X mail server (cyrus/postfix) with about 400 users on a small server with no problems, a simple interface(ServerAdmin), a complicated interface if you want it(CLI), and a shit load less cost than 400 CALs.

I'd say it compares quite nicely to what you have.

Re:Doesn't Sound so Bad (0)

Anonymous Coward | more than 5 years ago | (#26816487)

There is a big difference between 'mail server' and 'exchange'.

Re:Doesn't Sound so Bad (5, Insightful)

SatanicPuppy (611928) | more than 5 years ago | (#26816493)

I've run it, and it doesn't. That you put them on the same page shows you've never run Exchange because Exchange is not about email.

I'll tell you what I tell everyone: you need to go use Exchange for a while. Sit behind some manager and watch them fuck with their goddamn calendars for a while. Watch how neatly the calendars integrate with the email. Watch how it integrates with Office for document collaboration.

There is no one product that handles all those features so well and so seamlessly.

All those features can be had from a half dozen different OSS apps, and when you've laboriously cobbled them together into a working whole and presented it to management, they will give you a look like you handed them a plate full of dogshit, and then they will give you a list of things that aren't as good.

And when you go back to your office you'll go over the list and you will grind your teeth because the fuckers are right. You will never convince people to ditch exchange until you can provide a product that is just as good.

Re:Doesn't Sound so Bad (0)

Anonymous Coward | more than 5 years ago | (#26815935)

path of vector j:
==============>

* <-- your position relative to j

Re:Doesn't Sound so Bad (1)

gid (5195) | more than 5 years ago | (#26815467)

Might not be a bad option for small IT shops--If you promise to keep our exchange server running smoothly, you can send all the spam you want.

Re:Doesn't Sound so Bad (1)

geckipede (1261408) | more than 5 years ago | (#26815727)

Until your mail server gets added to a load of blacklists and you find yourself unable to contact half of your clients.

Re:Doesn't Sound so Bad (0)

Anonymous Coward | more than 5 years ago | (#26815947)

Just use a different server for outgoing smtp. :)

yes and update deletes files (0)

Anonymous Coward | more than 5 years ago | (#26814277)

it seesm the updates delete some critical files from the reports I have seen

Is it that easy? (4, Interesting)

UnknowingFool (672806) | more than 5 years ago | (#26814317)

I don't know anything about Exchange but you mean to tell me that someone sending an email to an Exchange server can allow it to take over the server? It's one thing for hackers to rely on social networking and fool a user into executing an attachment. It's another thing to be able to takeover simply by sending a message.

Re:Is it that easy? (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26814673)

Like sendmail has never had critical vulnerabilities in its address parsing code?

The irony is that the error is in MS's proprietary TNEF format. This is a binary format so it should be easy to parse.

Offtopic, but why can't slashdot link to the meat [microsoft.com] rather than some ad-laden rehash?

Re:Is it that easy? (1)

RiotingPacifist (1228016) | more than 5 years ago | (#26815343)

yeah but qmail hasn't :p

Re:Is it that easy? (4, Interesting)

Just Some Guy (3352) | more than 5 years ago | (#26815715)

yeah but qmail hasn't :p

Of course, it has about 5% of the features of Exchange or Postfix or Exim or Sendmail or...

Re:Is it that easy? (1)

GooberToo (74388) | more than 5 years ago | (#26815893)

Sendmail is infinitely more configurable and complex than Exchange Server's SMTP MTA. Don't get me wrong, I'm not defending sendmail's history, but using flaws in something as complex as humans to justify flaws in unrelated bacteria doesn't cut it.

Re:Is it that easy? (2, Informative)

gzipped_tar (1151931) | more than 5 years ago | (#26814707)

It is possible... this is usually the symptom of buffer overflow error in the server code. An attacker discovers the hole, takes advantage of the vulnerable buffer to "smash the stack", and dupe the process to execute the shellcode (concise machine code that does whatever an attacker wants) planted in the "specially crafted" mail text.

There are other possibilities but buffer overflows are among the most common ones. I didn't RTFA and neither do I know whether this is one but yes, taking over the server by malicious input *is* possible without social engineering, provided the service code is bad enough to be exploited.

Re:Is it that easy? (1)

DiegoBravo (324012) | more than 5 years ago | (#26815709)

> this is usually the symptom of buffer overflow error in the server code.

I really don't understand much about MS technologies, but why their Exchange server is not rewritten in C# so at least buffer overflows can be avoided?

Re:Is it that easy? (1)

Low Ranked Craig (1327799) | more than 5 years ago | (#26815863)

It's not that scalable now, wait until it's written in .Net...

Properly written C and C++ code can and should trap all exceptions. There is no excuse for untrapped buffer overflows in mature commercial code.

Microsoft's method is to wait until a vulnerability is discovered, then patch it, as opposed to rigorous code reviews to proactively identify potential untrapped errors.

It's not like the cause of overflows is a complete mystery. Well... maybe it is to Microsoft.

Re:Is it that easy? (5, Insightful)

gzipped_tar (1151931) | more than 5 years ago | (#26815991)

Properly written C and C++ code can and should trap all exceptions. There is no excuse for untrapped buffer overflows in mature commercial code.

Buffer overflows are programmer errors, not program exceptions that signal some kind of event. They can't be "handled" -- they must be eliminated from the source code.

Re:Is it that easy? (1)

MightyMartian (840721) | more than 5 years ago | (#26815309)

Thank goodness my Exchange server is behind a firewall *and* a Postfix SMTP proxy running on a Linux box. There's no direct exposure of Exchange to the outside world.

Re:Is it that easy? (3, Informative)

lukas84 (912874) | more than 5 years ago | (#26815367)

Unluckily for you, this vulnerability will still affect you. If you read the security announcement by Microsoft, a possible workaround is to block all TNEF / winmail.dat attachments, which will break all incoming RTF mail. Depending on what your business exactly does, this might not be a viable workaround.

Re:Is it that easy? (3, Funny)

SatanicPuppy (611928) | more than 5 years ago | (#26815719)

Wow, you have a firewall that stops email from getting to a mail server! I gotta get me one of those...It would reduce my workload by 95%! Since I don't answer any of my phones, the only way people could contact me with problems would be by ambushing me on the way to the bathroom.

It would keep the CEO from ever contacting me, that's for sure. God knows he'd never be caught down here with people who do work.

Re:Is it that easy? (1)

MightyMartian (840721) | more than 5 years ago | (#26815987)

No, I have a Postfix server exposed on port 25, while the Exchange server sits unexposed behind the firewall. The Postfix server receives, processes (if necessary, to turf spam, etc) and then passes on mail to the Exchange server. The Exchange server then passes mail off to the Postfix for outgoing transmission.

Re:Is it that easy? (2, Interesting)

DarkOx (621550) | more than 5 years ago | (#26816061)

Well the firewall won't help you with this vulnerability because even after the message is handled though the other mail gateway it can still be a threat. It is however very common to not let exchange speak directly the the outside world. I for one block all smtp at my edge firewall except to and from a cluster of Barracuda Spam filters. They also used to be configured as a smart host in the E2K3 world. In 2k7 i simply don't use the edge transport rule and let the hub transport server treat them as a send connector, for * address space.

I know lots of other people with the same setup.

Re:Is it that easy? (1)

SatanicPuppy (611928) | more than 5 years ago | (#26816227)

I was more referring to the firewall aspect; struck me as funny. I once went to a property to do a security audit, and found that their firewall literally blocked EVERYTHING. No ports open at all inbound OR outbound. They paid for a broadband connection, but the individual computers were all on dialup, because they thought that's just how teh interwebs worked.

We run a secure proxy for OWA, sendmail proxy for DMZ'd email handling, a SAV gateway for virus scanning, and upstream of our internal systems we pay for Postini to handle spam and other virus stuff.

We run really anal rules on top of that. Haven't had any virus problems in a while.

Re:Is it that easy? (1)

thePowerOfGrayskull (905905) | more than 5 years ago | (#26816015)

If your exchange server will handle this message in the routing chain, you're vulnerable.

Stop spreading FUD (4, Funny)

Fred_A (10934) | more than 5 years ago | (#26814319)

It's all closed source, so there aren't any real vulnerabilities. Even the certified professionals [slashdot.org] say so. They're certified what more do you need !

As if you could spread havoc through email [google.com] on a proprietary system. Bah.

Re:Stop spreading FUD (0)

Anonymous Coward | more than 5 years ago | (#26815407)

Closed source is better, at least in Microsoft's case. We DON'T want to know what runs Windows. We DON'T want to know what demonic code is stored in the source files on some secure Microsoft server up in Redmond.

Re:Stop spreading FUD (4, Funny)

Fred_A (10934) | more than 5 years ago | (#26816327)

We DON'T want to know what demonic code is stored in the source files on some secure Microsoft server up in Redmond.

Hmmm...

Did you know that if you boot Windows backwards you can hear satanic APIs ?

Oblig. Quote (4, Funny)

Anonymous Coward | more than 5 years ago | (#26816427)

That's nothing! If you boot Windows forwards, it loads Windows!

I love the small of hot-fix patches in the morning (-1)

Anonymous Coward | more than 5 years ago | (#26814323)

And I love a parade! Go Microsoft!! I don't see any of you linux lusers getting patches each and every month!!

Re:I love the small of hot-fix patches in the morn (-1, Flamebait)

El Lobo (994537) | more than 5 years ago | (#26814397)

Don't worry. Here is the latest Ubuntu patch:

http://software.silicon.com/os/0,39024651,39275144,00.htm [silicon.com]

"Ubuntu became the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel that could have left the door open for hackers to find their way into users' machines."

The only "problem" here is that you don't read about this on /. (or any other place, for that matter). False sense of security is the worse security.

Re:I love the small of hot-fix patches in the morn (0, Flamebait)

Anonymous Coward | more than 5 years ago | (#26814649)

OH Heavens! A local vulnerability which could leave to privilege escalation!

The exchange bugs in question were remote hole mr troll.

Re:I love the small of hot-fix patches in the morn (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26814767)

Oh! hey! Someone got mad :P

Re:I love the small of hot-fix patches in the morn (2, Informative)

Ash Vince (602485) | more than 5 years ago | (#26815219)

There is a difference between the hole you posted and the one that is being discussed though, a very big difference.
The security hole in the Kernel that Ubuntu fixed required local access to the machine in question, the exchange bug could be exploited by sending the server an email so not access what so ever was required.

Privilege escalation vulnerabilities are generally considered to be of a lower priority to fix and not as severe as you must have modicum of trust in order to give someone a shell account. No trust is required to send someone an email.

Re:I love the small of hot-fix patches in the morn (1)

GooberToo (74388) | more than 5 years ago | (#26816013)

The verbiage there is mind numbingly stupid. I quote, "Ubuntu became the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel". In other words, a kernel fix was made available and it was applied. They make it sound like it has far reach consequences and by have multiple distros, the problem is somehow made far, far worse.

Huge difference between local and remote exploits. The fact you seem to not understand the difference squarely places you into your own worst scenario, "False sense of security is the worse security."

Since I'm the only user on my box I don't think I have to worry about me exploiting my self and doing unknown harm.

Re:I love the small of hot-fix patches in the morn (1)

ByOhTek (1181381) | more than 5 years ago | (#26815261)

Of course not, they get them on a daily bases, per app.

I wouldn't surprise me if the sum development time on the core system and apps of any given Linux install was greater than that of any given MS install, for any given duration.

Oddly enough... (3, Informative)

smooth wombat (796938) | more than 5 years ago | (#26814409)

the IE fix ONLY affects IE 7. If you're running IE 6 (or even 5) on any platform, you don't have a patch to install.

Could it be, *gasp*, that IE 6 is more secure than IE 7? The mind wobbles.*

*For you yungins, go look up Kelly Bundy and the above phrase.

Re:Oddly enough... (1)

slackoon (997078) | more than 5 years ago | (#26814863)

mmmmmmmmmmmmmmmmmmmm.....Kelly Bundy. Rembmber that episode ehere she wore "The Belt"? Oh yeah, we're supposed to be talking about MS Exchange...sorry..sorry, got distracted

Re:Oddly enough... (5, Funny)

whyareallthenamestak (892876) | more than 5 years ago | (#26815183)

*For you yungins, go look up Kelly Bundy and the above phrase.

I just did. The top result [google.com] is your post!

Re:Oddly enough... (3, Funny)

Anonymous Coward | more than 5 years ago | (#26815539)

And the next thing we will hear is that Kelly Bundy has been citing smooth wombat for all these years.

Re:Oddly enough... (1)

smooth wombat (796938) | more than 5 years ago | (#26815951)

That is both hilarious and scary. Thanks!

Re:Oddly enough... (1)

QuantumRiff (120817) | more than 5 years ago | (#26815333)

Kelly Bundy.. hmm, can't remember how I know that name....

Re:Oddly enough... (1)

Amazing Quantum Man (458715) | more than 5 years ago | (#26815789)

Oh geez, Peg, why can't you remember that? I'm going to the Nudie Bar.

Re:Oddly enough... (1)

TheThiefMaster (992038) | more than 5 years ago | (#26815403)

Or it could be that they no longer support IE 5 and 6 and so won't release a patch even if they are affected?

The other possibility is that the bug is in the code responsible for the much better standards compliance in IE7, in which case IE5 and IE6 are only more secure because they don't support the feature, which doesn't really count.

Re:Oddly enough... (1)

owlnation (858981) | more than 5 years ago | (#26816283)

Could it be, *gasp*, that IE 6 is more secure than IE 7? The mind wobbles.*

Is a bear catholic?

Use Ninnle instead of patching! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26814597)

With Ninnle Linux, patching is never needed, thanks to the 1024 bit encryption available throughout. So why use Windoze at all?

Why can't Microsoft ever get this right? (2, Insightful)

msblack (191749) | more than 5 years ago | (#26815085)

Why in the world would an e-mail delivery system ever consider executing external code? Exchange should simply look at the delivery address. If it is a local address, place the message in the user's mailbox. If an external address, forward to the next hop. What's so difficult with that task?

CommuniGate Pro has never had this problem. IronPort appliances don't have this problem. Exchange should stick to its sole job as a delivery agent and stop trying to be so smart.

Can't we live without OLE?

Re:Why can't Microsoft ever get this right? (5, Informative)

Anonymous Coward | more than 5 years ago | (#26815361)

Why in the world would an e-mail delivery system ever consider executing external code?

Exploits such as the ones mentioned aren't because the system is executing external code intentionally, rather, a carefully crafted message will overflow a buffer and change the values of some CPU registers. If the values change in such a way that a pointer moves execution to a part of the carefully crafted message, that message is now external code that is being run.

Re:Why can't Microsoft ever get this right? (1)

lukas84 (912874) | more than 5 years ago | (#26815417)

Exchange is a Groupware Server, not just an MTA.

Re:Why can't Microsoft ever get this right? (1)

operagost (62405) | more than 5 years ago | (#26815491)

Why in the world would an e-mail delivery system ever consider executing external code?

It's not intentional [wikipedia.org] .

Re:Why can't Microsoft ever get this right? (1)

quickOnTheUptake (1450889) | more than 5 years ago | (#26815571)

I read the article a while ago, but I think it had to do with previewing or viewing the message. Not just delivering it.

Re:Why can't Microsoft ever get this right? (0)

Anonymous Coward | more than 5 years ago | (#26815771)

If you actually understood the vulnerability, you would know it is just another typical buffer overflow. It has nothing to do with "external code", "delivery addresses", OLE, etc. This vulnerability exists far below any of those layers. It's actually pretty slick in that all it requires is sending a specially crafted email to the server, but this is how a lot of buffer overflow exploits work (sending a specially crafted object to a service). For God's sake, when will people learn to validate external input and internal buffer lengths?

Re:Why can't Microsoft ever get this right? (1)

ACMENEWSLLC (940904) | more than 5 years ago | (#26816175)

Exchange needs to be so smart so that it can open up the TNEF document and scan it for content which would route it depending on a user rule, an Antivirus scan need, or a content filter the admin may have.

And yes, CommunicateGate PRO has had it's share of serious problems just like almost any software;
http://secunia.com/advisories/search/?search=CommuniGate [secunia.com]

One of these allows file access as root.

Its really time to spread the word: (-1, Troll)

mlwmohawk (801821) | more than 5 years ago | (#26815173)

To all you Windows users, we feel your pain. Seriously, you don't even know how bad you have it. What's worse, you have been sucked into a mind set that, on one hand, you hate your computer because of all the problems you have with it, but think you *need* windows because of all the programs you feel you can't live without.

You don't need Microsoft Office, you can go to http://www.openoffice.org/ [openoffice.org] and download a fully functional office suite that, in many ways, is better than Microsoft Office. What's even better, is that it runs on system other than Windows!

Linux is a system, more similar to the macintosh than it is to Windows, and it will run on your PC. It replaces Windows completely. Not only that, out of the box, it is slick, beautiful, and easy to use, and if you like to tinker, there is absolutely no limit to what you can change.

Best of all its free! That's right, free!

Go to http://www.ubuntu.com/ [ubuntu.com] and look around. (There are other vendors for Linux too, so you are not stuck with only one.)

I know, you ask "How can it be free?" Well, you know how your friends who know about cars will sometimes fix your car as a favor? That's because they enjoy working on cars. Well, with the internet, millions of guys who know about computers started working on a system in the '80s that was eventually called Linux. The software comes from places like IBM, Sun, U.C. Berkeley, MIT, HP, and a whole list of other companies and organizations. It is a collaborative system that is put together, not to make money for Microsoft, but to make computers more usable for everyone. In fact, a lot of the web sites you visit every day run Linux.

So, if you are fed up with your computer and Windows, now is a great time to start a new adventure. Try something new, learn something new! It won't be hard, but not too easy either, as a lot of things are different than what you are used to, but once you get the hang of it, you'll realize that sometimes "different" is the only to get "better."

Re:Its really time to spread the word: (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26815257)

when i can play every game i've purchased in the last 15 years out of the box NATIVELY without having to run it in wine, cedega, crossover or whatever the fuck the new "emulator" is these days, then i'll consider switching to linux. but until then, kindly shut the fuck up. your OS is not for everyone. especially gamers. not everyone gets a chub from compiling the newest unstable snapshot of your OS' kernel. :)

Re:Its really time to spread the word: (1)

mlwmohawk (801821) | more than 5 years ago | (#26815625)

when i can play every game i've purchased in the last 15 years out of the box NATIVELY without having to run it in wine, cedega, crossover or whatever the fuck the new "emulator" is these days, then i'll consider switching to linux.

When you can do that in Vista or Windows 7, let us know. Most programs written in 1994 won't even run correctly on Vista or XP. A lot of programs written prior to 2002 for DOS Windows (95,98,98SE,ME) have difficulty on the NT kernel line.

Re:Its really time to spread the word: (1)

ByOhTek (1181381) | more than 5 years ago | (#26815999)

You know what the difference between Wine and the layer in Windows that lets you use 9x applications is?

Most people who use Wine know it exists and what it does.

Aside from that, you can throw out any game made before 2000 or 2002 as it is not run natively on Windows 2000/XP/Vista/7 either.

Re:Its really time to spread the word: (0)

Anonymous Coward | more than 5 years ago | (#26816397)

Out of the 5 pre-2000 games I have cared to load up on my Vista x64 box, 4 have run natively w/ very minimal tweaking.

Re:Its really time to spread the word: (1)

nomadic (141991) | more than 5 years ago | (#26816521)

You know what the difference between Wine and the layer in Windows that lets you use 9x applications is?

The Windows layer actually WORKS? Wine doesn't work well. It has never worked well. There are millions of people who will tell you that it works well. They are liars.

Re:Its really time to spread the word: (2, Funny)

techamed (1025213) | more than 5 years ago | (#26815303)

Hang on I'll send an email

Re:Its really time to spread the word: (0, Troll)

lukas84 (912874) | more than 5 years ago | (#26815341)

You realise that the topic is about Exchange.

None of the products mentioned provide the functionality Exchange has.

Re:Its really time to spread the word: (0, Troll)

mlwmohawk (801821) | more than 5 years ago | (#26815559)

You realise that the topic is about Exchange.

None of the products mentioned provide the functionality Exchange has.

The topic is about patches to Windows and its services, and this indirectly about the piss poor reliability and quality of Windows.

Re:Its really time to spread the word: (1)

lukas84 (912874) | more than 5 years ago | (#26815913)

I'd prefer to have a non-optimal tool to fulfill a job than no tool at all.

But for those that see open source as a religion instead of a means to an end, they'll prefer to have no tool and just the moral high horse.

Re:Its really time to spread the word: (0)

Volante3192 (953645) | more than 5 years ago | (#26815397)

One minor quibble, though: there is still no full fledged open source replacement for the entire Exchange+Outlook functionality suite.

Crackberries and other PDAs sync with Exchange and Outlook. BES requires Exchange. You can make public and personal calendars shared across the company.

There just aren't open source equivalents yet for all the bells and whistles these sales guys and CxOs have come to rely on and until you do, Exchange will not get replaced.

Re:Its really time to spread the word: (1)

lukas84 (912874) | more than 5 years ago | (#26815469)

BES supports all three major groupware suites:

http://na.blackberry.com/eng/services/server/ [blackberry.com]

Re:Its really time to spread the word: (1)

Volante3192 (953645) | more than 5 years ago | (#26816557)

Gah, I edited out part of my post... I originally had "(or those...other two)" in there.

What I was aiming for was that it'd take more than sendmail to get blackberry users happy.

Re:Its really time to spread the word: (0)

Anonymous Coward | more than 5 years ago | (#26815441)

My time is valuable. I don't have all night to sit up recompiling to get the thing to work. Oh, and don't forget the legions of friendly, helpful Linux users who will be glad to listen to my problems and recommend a solution.

Re:Its really time to spread the word: (1)

mlwmohawk (801821) | more than 5 years ago | (#26815541)

My time is valuable.

So is everybody else's.

I don't have all night to sit up recompiling to get the thing to work.

FUD alert FUD alert FUD alert.

Oh, and don't forget the legions of friendly, helpful Linux users who will be glad to listen to my problems and recommend a solution.

There are legions of helpful companies who will charge you money to support you and it will still cost less than Window$

Re:Its really time to spread the word: (1)

CannonballHead (842625) | more than 5 years ago | (#26815643)

Hehe, after posting a negative response to your original post ... I have to say that not only are there helpful companies who will charge less than supporting Windows, but there ARE quite a few helpful Linux users. It seems to vary by distro.

Re:Its really time to spread the word: (1)

operagost (62405) | more than 5 years ago | (#26815555)

As others posted, there is no open source application that has the features of Exchange.

Well, with the internet, millions of guys who know about computers started working on a system in the '80s that was eventually called Linux.

No, it was called Linux very early on, somewhere around 0.9, by one person, in 1991 (not the 80s); and the number of developers involved is still quite short of "millions of guys".

Re:Its really time to spread the word: (1)

mlwmohawk (801821) | more than 5 years ago | (#26815683)

No, it was called Linux very early on, somewhere around 0.9, by one person, in 1991 (not the 80s); and the number of developers involved is still quite short of "millions of guys".

What is now Linux started, possible as early as the lat 60s, but definitely by 1984 in the form of GNU. The Linux kernel didn't come on the scene until 1991.

Re:Its really time to spread the word: (0, Offtopic)

CannonballHead (842625) | more than 5 years ago | (#26815561)

OO.org is pretty cool. Some parts of it are definitely NOT as good, definitely ont better, than MS Office. MS Office is actually, in my opinion, a pretty good product. Impress vs. PPT, PPT wins hands down. Writer vs. Word ... well, writer is actually pretty good, though Word 2007 has some default nice-looking document stuff going for it. Me personally? I use OO.org. But I can definitely see how it isn't for everyone.

Slick, beautiful, and easy to use. Let's see, I just installed openSuSE 11.1 on a Dell E1505. It works pretty well (had 10.3 before that, by the way). First problem: knetworkmanager and WEP: fail. It wouldn't put in the write key; had to use iwconfig to manually configure it. Has never worked for me. Windows could do WEP fine. (note: I use WEP just to keep my neighbors off. I know it's easily cracked, I've cracked WEP myself). Second problem: ATI Mobility x1400 drivers. Downloaded ATI installer; fail. Tried various things. Finally installed RPM, that worked. I think what happened was the kernel source wasn't installed, thus the ATI installer didn't compile the driver, etc. But all I got was a black screen. Oh, you want users to dig through logs in random directories? Easy to use... Windows drivers worked fine.

Third problem: can't turn off the annoying PC speaker. I could with Windows. Fourth problem: Suspend to Disk doesn't work with Compiz/XGL, it comes back up with a black screen and a mouse cursor. Have to kill X and start it again. It worked fine with Xorg but not with XGL. Unfortunate, too, since I kinda like suspending and have to do it to disk because the battery is completely dead. Windows worked fine.

It's working now, and I like it. I've always liked Linux. Interestingly, though, my wife said this (she is not a tech person): "I don't think I like Linux... it doesn't do what you expect it to." She can use it, when it's working. When it stops working, she has no clue what to do. When X doesn't boot up for whatever reason, she doesn't know the "startx" command. If that doesn't work, she doesn't know about the kernel bootoption "x11failsafe." Easy to use!

I haven't tried Ubuntu specifically on my laptop, so I can't comment on its compatibility.

All this to say: switching completely from Windows to Linux is NOT for the person who doesn't have time to fiddle with stuff (i.e., spends maybe an hour a day on their computer) and doesn't have someone that can do it for them/fix it for them. Me? I can use Linux, and my wife can, because I can fix it. My parents? Same thing. I can set it up and fix it. Other people may not be able to.

(*waits for mod -5 Doesn't support Linux in all situations. :) )

Last final note: I work with Linux all day at work, and I've used quite a few versions (including Puppy Linux, tinyMe, Mandrake, SuSE, RedHat, Ubuntu, Fedora, Knoppix, Slackware, and a few others that I tried out on some old hardware to see which ran best). I really like it. I have also used Windows 3.1, 95, 98, 2000, XP, XP x64, 2003, 2003 x64, 2008, 2008 x64, Vista, Vista x64, and 7 x64.

Lastly, Wine does not work for all applications, virtualization is not "easy" to use, and I have a few other gripes about the easy to use camp but this is long enough :) hehe.

I sound bitter. Oh well, I'm not. I'm happily using Linux+KDE4.2+XGL+Amarok as my cool little media center!

Re:Its really time to spread the word: (1)

mlwmohawk (801821) | more than 5 years ago | (#26815779)

OO.org is pretty cool. Some parts of it are definitely NOT as good, definitely ont better, than MS Office.

This is a subjective evaluation and very open do debate. Since the two products are not from an "identical" specification, it is impossible to evaluate how one is better than another based on a side by side comparison. We have to weight the features of one against another, factor in quality, and weight the feature sets. MS Office does have more features, but by and large, not features the 99% of the users will ever care about.

For me, the built in "Export to PDF" is a huge feature.

Re:Its really time to spread the word: (1, Informative)

SatanicPuppy (611928) | more than 5 years ago | (#26815971)

You can debate it all you like, but the simple fact that the free product has practically no marketshare compared to the product that costs 500 bucks a license is pretty fucking telling.

Firefox proves decisively that the superiour product will make strong gains even against an entrenched monopoly. That OO.org is still languishing in obscurity has more to do with it's flaws than some gigantic conspiracy of users who just can't think of anything better to do with their money.

Re:Its really time to spread the word: (1)

CannonballHead (842625) | more than 5 years ago | (#26816103)

Export to PDF *is* a pretty good feature. Huge? Not so much. It's easy enough to print to PDF, do a postscript printer to file output and convert it to PDF, etc.

99% of the users will never care about most MS Office features? What was that about subjective evaluation? :)

What really has to be weighted is user usability/user usage efficiency, right? what is important in an "office productivity suite" is how productive a user can be with it. My own experience (no, I haven't done a double blind study of "never used productivity suite before" people or something, hehe) is that Office 2007 (and Office 2003 before that... I think it was 2003...) was easier to use and easier to create nice-looking documents right off the bat. It was also much more expensive. I found OO.org good for word documents and spreadsheets. I found Powerpoint far superior with presentations (and, ironically, faster and less jerky with far fewer quirks ... I am not at all impressed [pun not intended] with Impress).

Re:Its really time to spread the word: (1)

SatanicPuppy (611928) | more than 5 years ago | (#26815849)

Posting this sort of bullshit on Slashdot just comes off as being unbearably smug and condescending. Go take it to a windows forum or Expert Sexchange or wherever. Everyone here knows about Linux.

On top of that, like a lot of smug amateurs, you don't have any knowledge whereof you speak. Lack of Exchange is a deal breaker for a huge chunk of the business world.

Until there is a real Exchange/Outlook replacement that is available open source, people are never going to drop it, because, for them, the functionality outweighs the cost. Whining about viruses and crap is meaningless to them because they've been conditioned to expect viruses, and because the maintenance costs (and the blame for failures) are borne by the IT staff. Not management. Not users. Not microsoft.

It's all clear now! (0)

Anonymous Coward | more than 5 years ago | (#26815207)

Now I know why Microsoft calls it "Exchange"!

Dear Slashdot, (0, Redundant)

mbstone (457308) | more than 5 years ago | (#26815225)

I don't use Outlook but it's on my box, do I have to patch it?

Re:Dear Slashdot, (-1, Offtopic)

amclay (1356377) | more than 5 years ago | (#26815291)

No.

incase anyone is wondering... (1, Informative)

Anonymous Coward | more than 5 years ago | (#26815277)

the exchange fix is part of exchange rollup 6 which showed up in wsus yesterday:
http://support.microsoft.com/kb/942846

specifics about the vulnerability:
http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx

Bandwagon (1)

Demonantis (1340557) | more than 5 years ago | (#26815399)

Microsoft has gotten a large amount of heat for its operating system. In large part due to the number of well crafted viruses that exploit weaknesses in the programming. Apple was long toted to be virus free. That was only due to the obscurity of the system and people's willingness to write viruses for it. I don't think we should bash the quality of Mircosoft's code because anyones code can be full of holes when people work at breaking it. I think Microsoft's issue is updating. Update when the exploit is found not the second Tuesday of the month after the exploit has been abused for a while.

Re:Bandwagon (2, Interesting)

rawr_one (1474675) | more than 5 years ago | (#26815651)

You're not looking at the actual history of Microsoft Windows, though. Windows was (and still is, to a large part) built off what was originally a single-user system that would exist ENTIRELY as a standalone unit that was never connected to any other computers. UNIX, on the other hand, started with that kind of functionality in mind. So, while UNIX has been building off of that original multi-system support, Microsoft had to build up theirs (this becomes especially important with netcode) on top of a system that wasn't made to work like that. To put it simply, Microsoft started with a shoe and tried to make a hat.

Re:Bandwagon (4, Informative)

drsmithy (35869) | more than 5 years ago | (#26815843)

You're not looking at the actual history of Microsoft Windows, though. Windows was (and still is, to a large part) built off what was originally a single-user system that would exist ENTIRELY as a standalone unit that was never connected to any other computers.

No, it's not. Windows NT was designed from the start to be a multiuser, networked OS.

UNIX, on the other hand, started with that kind of functionality in mind.

Actually, no. The very first versions of UNIX were single user. The multiuser stuff was added later, which is probably why it still had (and still has, in most configurations today) the concept of a superuser, even when other OSes had moved on.

Re:Bandwagon (1)

DarkOx (621550) | more than 5 years ago | (#26816317)

I still think their should be a super user. It should be the only shared account, and only shared between a small group of people in the org that are both willing and by need trust each other entirely anyway.

The other options generally don't make sense because:
* You never can have total separation of powers someone always has to have the ability to get access to someone else fife should something happen to that person. Continued..

*If multiple accounts exist that can grant themselves new privileges at will they might just as well have had that access in the first place.

*Multiple super user accounts are worthless. Nobody should be using the account except when the are, that is to say admins should not be reading e-mail from the privileged account for example.

*Multiple super users does not provide a better audit trail because that user is privileged enough to alter the audits anyway. At the top of the tree trust has to be implicit.

*Multiple super accounts could pose a risk of making it unclear who can actually get into what. Old accounts might go unnoticed. Better to have one account where the password changes often and *anytime* *anything* happens those people also get together and change the password.

Re:Bandwagon (1)

dedazo (737510) | more than 5 years ago | (#26816301)

Windows was (and still is, to a large part) built off what was originally a single-user system that would exist ENTIRELY as a standalone unit that was never connected to any other computers

True for Win9x (and their predecessors). Not so for NT.

Re:Bandwagon (1)

Mr. Firewall (578517) | more than 5 years ago | (#26816491)

I don't think we should bash the quality of Mircosoft's code because anyones code can be full of holes when people work at breaking it.

Yeah, I guess that's why OpenBSD is so full of holes...

Apple was long toted [sic] to be virus free. That was only due to the obscurity of the system and people's willingness to write viruses for it.

No, it's due to the design. This notion that all OSen are equally vulnerable and 'Doze only gets attacked because it's the most popular -- is total M$-funded BullFUD and needs to die.

If that FUD were true, we'd be seeing many more compromised Apache servers than IIS -- and even more compromised Sendmail servers than Exchange.

But we're not. And this is because the simple truth is that 'Doze gets attacked the most BECAUSE IT IS THE WEAKEST! Hello????

MS Proprietary Protocols have a history of flaws (2, Insightful)

compusci (1058692) | more than 5 years ago | (#26815801)

I am not surprised by the announcement of these major flaws, many directly related to MS proprietary components/protocols. Microsoft has a history of manipulating open standards into MS proprietary protocols in order to prevent development outside Windows. However, as a result, Windows OS's become less compatible with other OS's and do not reap the benefit of improvements to open source alternatives made in the open source and standard organization communities. Several examples of flawed Windows proprietary technologies: WMI (no longer supported in newest Windows Servers), Direct X (unstable and high overhead compared with OpenGL), UAC (worst Vista feature) and Windows Automatic Updates (incremental updates with multiple reboots to update, memory leaks and high resource consumption under idle conditions).

Re:MS Proprietary Protocols have a history of flaw (0)

Anonymous Coward | more than 5 years ago | (#26816381)

Well, this little Slashbot has certainly been studying his talking points. I'm sorry to inform you, but this flaw is not in the underlying protocol; it is in the implementation.

As for your other allegations...

WMI is not only supported in Windows Server 2008, but additional providers have been added. This is the most ridiculous of your claims as it has absolutely no basis in reality whatsoever.

I don't know enough about DirectX to comment on your assertion, but I suspect you are probably equally delusional.

UAC is just a band-aid; it is better than nothing, but it doesn't fix the underlying problems.

I do agree that rebooting for Automatic Updates is a pain. However, I've never even heard of anyone complaining about memory or resource usage or leaks while using it.

Re:MS Proprietary Protocols have a history of flaw (1)

tignet (1303483) | more than 5 years ago | (#26816533)

Let me start with saying that I'm no fan of MS. I'm Open Source friendly -- I have several projects on SourceForge, and have contributed effort to several additional projects. But what you've stated is FUD.
  • WMI is supported on the newest Windows Servers, including Windows 2008.
  • DirectX is stable (although the same can not be said for all video drivers) and is a fantastic API for games, with excellent documentation and examples available. Quite the opposite for OpenGL.
  • UAC being the worst Vista feature is not only subjective, it offers no support for your argument.
  • Automatic Updates may not be perfect, but it's not uncommon for an OS to require multiple updates (and reboots) to complete the patch cycle -- like Solaris 10 without LiveUpdate.

So having addressed the FUD, look at your main point. "Windows OS's become less compatible with other OS's and do not reap the benefit..." Windows has never tried to be compatible with other OS. When it comes to Windows compatability I would go so far as to say they've done a damn good job (possibly *too* good) considering the mess with which they're keeping backward compatibility and the crud that keeps getting carried forward.

Microsoft may have many faults, but you seem to have missed the mark.

So.... (5, Funny)

Trashman (3003) | more than 5 years ago | (#26816233)

....What "carefully crafted message" would I need to send to take over an Exchange Server?

To: ExchangeServer@company.com
Subject: H3ll0

I 0wn you Now. Please reply back with passwords.

Regards,
Hax0r

We installed it ... (3, Interesting)

humph2 (1248316) | more than 5 years ago | (#26816541)

... and Exchange 2003 stopped delivering messages to mailboxes.

Rolled it back, and everything worked fine ^H^H^H^H just as it used to.

I may be missing the point of these "fixes", but surely "security updates" should actually be tested at some stage?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...