Microsoft Plugs "Drive-By" and 14 Other Holes 189
CWmike writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel, and Word, including one that will probably be exploited quickly by hackers. None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.' Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows except Windows 7 and its server sibling, Windows Server 2008 R2. 'The Windows kernel vulnerability is going to take the cake,' said Andrew Storms, director of security operations at nCircle Network Security. 'The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario.' Richie Lai, the director of vulnerability research at security company Qualys, agreed. 'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'"
Well... (Score:3, Informative)
Re:Well... (Score:4, Insightful)
Too bad so many XP users don't opt-in to patching
This is Microsoft's fault for not offering a security only patch channel and pushing WGA ,etc through as windows updates.
I know this is probably comes across as trolling but it's not just Microsoft bashing for the sake of it.
+5 informative? (Score:4, Informative)
Good grief. MS offers ALL security patches to EVERYONE, including pirates, and also offers many other patches such as stability and performance updates to everyone as well.
---
"There seems to be a myth that Microsoft limits security updates to genuine Windows users," wrote Microsoft's Paul Cooke, who works in Windows Client Enterprise Security. "Let me be clear: all security updates go to all users."
----
From http://www.tomshardware.com/news/windows-pirate-bootleg-security-patches,7666.html [tomshardware.com]
Re: (Score:2)
I'm not talking about pirates, there are many cases where legitimate users do not what to apply all patches to their system, but applying only security patches is acceptable.
For example a company that has ie6 only Intranet sites don't want to test against ie7/ie8 but still want security patches for ie6, without having to comb through all the updates and pick out the security ones.
e.g. the equivalent of using debian and having the security repo enabled but not backports.
Re: (Score:2)
If the company has WSUS, they can configure it to grab all the patches required by client machines, and either automatically approve only security updates (explicitly denying IE7/IE8), or holding everything for a sysadmin to approve.
Windows Update is fine, but businesses should *never* have their production machines point to it. Instead, the machines should be fed off a hardened internal box which stores updates, and where the IT department can control releasing patches in stages (a production replica gets
Re: (Score:2)
Using it manually you can, however AFAIK using it automatically there is no way to apply only security updates.
Re:Well... (Score:5, Insightful)
No, this is the fault of people who pirate their operating system and then expect it to be supported. Some things have a price. Pay the price if it is worth it to you. Don't use it if the price is not worth it to you. Some people call that "vote with your wallet". Just taking it for free and then expecting support is ludicrous and the height of hypocrisy.
While I do agree that pirating a piece of software and expecting support is unreasonable, Microsoft is only increasing the number of botnets when they refuse updates to pirated software. Refuse software and hardware updates, but at least include security updates. With the increased number of botnets, that's more computers out there trying to infect others and it will without a doubt hit legitimate systems owned by users who just ignore that little yellow shield with the exclamation point on their taskbar. It is also their fault, but some people just don't know better.
Re: (Score:2)
Re: (Score:2)
There's a further reason for MS to want to update pirated machines: like it or not, they contribute to the general "impression" of Windows. If there are millions of PCs slowing to a crawl and unusable due to adware or other problems then like it or not, people who encounter those computers attribute it to Windows, not the fact that the Windows installation is illegal.
If I was MS I'd actually go further: I'd say, if your installation isn't legit, you are FORCED to take updates immediately and have NO say
Re:Well... (Score:5, Insightful)
Let's think about this not from a moral perspective, but from a business one
Ok, lets do that.
As Microsoft software is the single most predominately used OS in the world, having large numbers of these installations being vulnerable to botnets is not only putting the efficient working of the global networks at risk, costing large sums as innocent ISPs upgrade their infrastructure to cope with the deluge of useless spam traffic and and virus payloads; costing businesses large sums to protect themselves from the deluge of virus, phishing and spam that routinely attacks their users; costing consumers vast sums as they attempt to protect themselves from the same deluge of attacks; but also puts the economy at risk with phishing attempts and other fraudulent and criminal activities that at best reduce people's confidence in using it for economic activity.
Given the above, the government should step in and force Microsoft to be more responsible for securing the national infrastructure from these attacks. Infrastructure that the modern economy depends upon. They keep telling us how many billions of Dollars are lost to virus attacks, how much conficker cost business, etc. Imagine how much the economy would suffer if there was a really big botnet/virus that did more than inconvenience users.
You can ignore moral aspects here and focus on the purely economic. We did that with banker's bonus-driven practices, and look how well that turned out. By ignoring the 'moral' aspects of Microsoft's monopoly and their self-interested lack of securing their OS, we may yet suffer similar problems.
(this isn't really Microsoft bashing, its more monopoly bashing)(though, I recall someone senior at MS saying they liked piracy because it made developers and users become accustomed to Microsoft software which had a beneficial effect to them - perhaps it is Microsoft's fault after all).
Re: (Score:2)
Meanwhile, various problems with Windows updates are conveniently forgotten. Of about 7 machines that I updated to XP SP3, one was a "Gotcha" from Microsoft. The eternal reboot thing. That didn't bother me terribly - it was a minor inconvenience to wipe and reinstall. But, what about the non-technical great-grandma who had no backups? All her pictures of grandchildren and great grandchildren were probably lost when her dorky grandson started muddling with her old, outdated system. How much you want to
Re: (Score:2)
Re: (Score:2)
Software piracy may be wrong, but allowing those computers to sit on the Internet spreading vulnerabilities is too. Microsoft should either disable non-genuine versions altogether or offer the security patches to them for the sake of the rest of us.
Re: (Score:2)
Re: (Score:2)
Apparently [slashdot.org] windows offer update to pirates too, but that is not my point. My point is that i should be able to auto-install security updates without having to worry about other patches and software being downloaded with it. IIRC ie7 and/or ie8 were installed via automatic updates (and set themselves as default browsers), there are situations where that is not acceptable.
If you look at debian/fedora there is always the option of keeping an entirely stable (no new software/bugfixes*) except for security patch
Re: (Score:2)
"Opt-in" Is The Wrong Term (Score:3, Interesting)
It isn't quite true to suggest people don't "opt-in to patching" on any Windows product. It is more the case the process is arcane and confusing to some users. And worse still, the system trains the rest of the users to blindly accept things that look like "official updates" when they are really malware. I've lost track on the number of times someone asked me what was going on when the WGA thing pops up. The way it is worded and framed seems to freak users out and I see why: Going for months with a legi
Re: (Score:2)
It was quite messy on XP (especially as WGA was introduced late in its lifetime), but on Vista or 7, you simply get a screen during setup which says "Do you want to enable automatic updates?". The default option is to enable both download and installation, so you'll have it even if you just keep clicking "Next" all the way. And after you do that, it will handle the rest with no user intervention needed.
Re: (Score:2)
If you patch, you're safe. Too bad so many XP users don't opt-in to patching, a lot of them will be infected, but it's a good thing MS started auto-patching by default with Vista, also since Vista has a lot of anti-exploit code (DEP, ASLR, Protected Mode Sandboxing, etc.) it probably won't see very many infections, although I thought I saw on another site that Vista wasn't affected.
Many people turned it off because of the automatic reboot.
I can't count the number of times I'll be playing a game with someone, and then *poof*, they're gone.
Re: (Score:2)
Many people turned it off because of the automatic reboot.
I can't count the number of times I'll be playing a game with someone, and then *poof*, they're gone.
Automatic reboot, with default settings, is configured to happen at 3am. Or rather check for updates is configured for 3am, and reboot is after it finishes installing.
It may be that you're playing with people for whom staying up at that time is a norm, but I think that, on large scale of things, "many" is probably quite an overstatement.
Yay, tight integration of browser with OS... (Score:3, Insightful)
Anybody else think something is integrated with something else in a deeply, deeply wrong way here?
Re:Yay, tight integration of browser with OS... (Score:5, Funny)
Anybody else think something is integrated with something else in a deeply, deeply wrong way here?
I most certainly do! This is unfair! When will Firefox and Opera have such privileged access to kernel space. It results in a bad user experience when the Javascript code I slave over can only help you manage your user files, registry keys and kernel libraries if you're using IE.
Yours truly,
Crafty McStealsYourShit
Re: (Score:2)
Come now. If you, say, run the EOT plugin for Firefox from PDMS, FF can be used to exploit the vulnerability. Clearly the answer is to drive-by install that software to improve the l33t exploiter experience.
In all seriousness, the issue isn't that IE has access to the kernel, but that IE can request that an EOT font be rendered. Apparently, something about the EOT font rendering pipeline hits win32k.sys, and if that EOT font is properly constructed, it can cause remote code execution at that point. Any prog
Re: (Score:2)
Re: (Score:2, Interesting)
According to Microsoft, the Windows kernel improperly parses Embedded OpenType (EOT) fonts, which are a compact form of fonts designed for use on Web pages.
One question: Why is the kernel parsing fonts?
Re: (Score:3, Informative)
From what I understand: GDI functions are in the kernel for speed reasons - constantly switching to usermode just to draw things slows down the system.
Vista moved it into userspace, and lots of users complained about slowness. Looking at the vulnerability details, this just gives you privilage elevation on Vista (and related servers), not remote code execution.
For Windows 7, MS moved GDI back into the kernel, with some redesign. So they apparently fixed this issue when they returned GDI to user mode.
Again
Re: (Score:2)
Perhaps to draw them on the screen when rendering text?
I thought GDI was supposed to that? Or is GDI in kernel-space now?
Re:Yay, tight integration of browser with OS... (Score:5, Informative)
Anybody else think something is integrated with something else in a deeply, deeply wrong way here?
No, not really, at least, not in the way you're insinuating. The Win32k kernel mode driver is essentially the major component of the Windows kernel responsible for kernel-mode graphics related processing. Put more succinctly by MS from the MS09-065 [microsoft.com] security bulletin:
Win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager, which controls window displays; manages screen output; collects input from the keyboard, mouse, and other devices; and passes user messages to applications. It also contains the Graphics Device Interface (GDI), which is a library of functions for graphics output devices. Finally, it serves as a wrapper for DirectX support that is implemented in another driver (dxgkrnl.sys).
The handling of EOT (Embedded OpenType) fonts is apparently (at least partially) handled by the kernel and presumably a component of the GDI system. IE supports EOT fonts and presumably just hands them off to the kernel, after all, it is delegated the responsibility of handling them, so why re-implement it in IE? The flaw is not really in IE but in buggy code in the relevant processing. There is an argument to be made that IE really shouldn't be explicitly processing these fonts by default in an untrusted network (and this can be changed in the preferences, but is not the default), but the flaw itself is in the system call code itself; the latter is merely about reducing attack surface in the case of exploits such as this arising.
My point is, this isn't really a case of IE being "overly" coupled into the system (which isn't to say it isn't, just that I don't view this as an example of it). Whether it's sensible engineering to have the kernel handle this stuff is probably a far more interesting and valid argument. Protecting against system call vulnerabilities is pretty tough, as you do expect the kernel to be trusted, indeed, if you can't trust the kernel you have serious problems. A quick google seems to suggest Firefox doesn't support EOT fonts, and I'm not sure if any other browsers do either, but if they did, they may well have their own exploit situations as well.
Re: (Score:2)
Minor correction:
This isn't necessarily limited to EOT fonts, but is a flaw in the font parsing code in the kernel in general. EOT fonts are just the exploit vector as specific to IE, but other font types can be used for less likely exploit vectors, such as TTF fonts in a Terminal Services setup. The point is this is a flaw in a kernel system call and IE's use of this system call + default settings makes it vulnerable to exploitation.
Re: (Score:2)
Did you read my original post?
Whether it's sensible engineering to have the kernel handle this stuff is probably a far more interesting and valid argument.
Re: (Score:2)
Well, tbf, I think the GP's point is that there is *no* argument for handling fonts in kernel space. ie, it's not an "interesting" argument since it's one you shouldn't even be having.
Re: (Score:2)
The handling of EOT (Embedded OpenType) fonts is apparently (at least partially) handled by the kernel and presumably a component of the GDI system.
Interesting. So this actually goes even deeper than IE being integrated with the OS, and demonstrates why things like font handling should *not* be done in kernel space.
'course, this wasn't always the case. There was a time when the video subsystem was largely a userspace component, but during the NT days, they decided to move a lot of video-related functional
Re: (Score:2)
It would be deeply, deeply wrong if IE was the only way to get infected. The vulnerability [vupen.com] is quite interesting -- it can be invoked by crafting a special Embedded OpenType (EOT) font file, which then exploits a vulnerability in kernel mode driver that parses font code. So you can be exploited using Microsoft Office, Wordpad -- anything that can display EOT-embedded fonts. All you have to do is open a document containing the offending font. Of course, IE is easy to exploit because all you need to do is put
Re: (Score:2)
Note that Windows 7, in which most drivers are back in user space, is not vulnerable to this exploit. Killer reason to upgrade, imho. This is also the reason most video driver crashes don't crash Windows 7 -- the display is simply re-initialized.
This seems like a no-brainer, but they must have had some reason for putting all those things in kernel space before. Perhaps performance? But isn't the Win7 performance better anyway?
Re: (Score:3, Informative)
NT 3.x supported user-space drivers and was criticized by reviewers for poor graphics performance (especially those who wanted to run visualisation/CAD apps on it). But it was rock-solid, as you can imagine.
NT 4 introduced kernel-mode display drivers, which helped it become very popular with engineers who needed these apps (remember, the only other 'mainstream' OS on the market at this time was Win95/98 and System 8/9; NT was rock-solid by comparison and Linux didn't have many commercial apps at this time).
Re: (Score:2)
was just going to say... aaaaaaand that's what you get for hooking the kernel to your web browser ... idiots.
"windows security" isn't just an oxymoron, it's the oxymoron. They just... never... learn.
Re: (Score:2)
Turn in your geek card. The integration began with IE 4 and the active desktop feature in Win98. At that point, we were screwed, blued and tattoo'd by MS.
Re: (Score:2)
Rendering fonts in kernel space to make it faster is like removing the the wall between engine and passenger compartments of a car to reduce its weight. Not to mention seatbelts.
That's shocking! (Score:3, Interesting)
They thank someone from Google for helping them spot the vulnerability! It's in the acknowledgements:
http://www.microsoft.com/technet/security/Bulletin/MS09-065.mspx [microsoft.com]
Re: (Score:2)
They thank someone from Google for helping them spot the vulnerability! It's in the acknowledgements
They always do that. It is in Microsoft's interests to publicly acknowledge the people who send them security reports because they want to encourage people to do that. It is preferable to what happened in the recent story [slashdot.org] where the guy posted the bug in a blog rather than telling them directly.
The accepted practice is to privately tell the company about a bug and give them time to fix the problem before posting about it publicly.
It's Still Windows (Score:3, Insightful)
No wonder my home system was such a dog this morning. It was pulling the latest patches and updates.
Meanwhile, it's still Windows. There's only so much improvement you can make when the manufacturer insists on packing so much into the "kernel." I was always taught that the OS kernel is the one piece that provides the interface between all software and all hardware. File systems, GUIs, internet browsers and lesbian Pr0n are all just forms of software that should be clients to the ultimately optimized but minimalist kernel.
Re:It's Still Windows (Score:5, Informative)
So in trying to bash Microsoft you're saying that Linux sucks?
Linux is a monolithic kernel. Windows is a hybrid kernel. Linux puts a lot more into kernel mode/real mode than Windows does. Many drivers in Windows are user mode drivers, for example, particularly printers. The only thing I can think of that runs in kernel mode in Windows and not in Linux is the graphics system -- which is why the screen flickers and changes resolutions slower in Linux and Windows tends to run full screen games and video better with DirectX, but it also rarely brings the system down... not that a system you can't get desired display output from is useful entirely.
Re: (Score:2)
Oh come on now, "hybrid" kernel is nonsense marketspeak; all the high-level services such as networking and filesystems and drivers run in the same address space. How they chat to each other is irrelevant here, NT is a monolithic kernel. And what the hell is a configuration database, the Registry, doing as a kernel service? And then there's GDI etc. --- (up until recently used to be) a kernel service.
Re: (Score:2)
Linux is a monolithic kernel. Windows is a hybrid kernel. Linux puts a lot more into kernel mode/real mode than Windows does. Many drivers in Windows are user mode drivers, for example, particularly printers.
Uh, just FYI, printer drivers are usermode in Linux as well. Furthermore, until recently (ie, the Vista pedigree), the Windows drivers were built against the KMDF, and so ran in kernel mode.
Secondly, your statement that "the only thing I can think of that runs in kernel mode in Windows and not in Linu
Re: (Score:2)
Re: (Score:2)
No, that was me (Score:2)
No, that was me, driving my Mac Truck(tm) Lorry Load(tm) Malware Package through the gaping holes in your operating system. The patch you think you applied is just a little eye-candy to make you feel all warm, snug, and safe. It's working. too. :-)
Turn off Automatic Updates's download and install! (Score:2)
You can leave it on to notify you or just download them manually when MS releases them (your job to keep track like reading security news or check MS Updates every second and fourth Tuesdays of each month; don't forget emergency releases once in a while!).
Would the big customers know more? (Score:5, Interesting)
But while Storms speculated that Microsoft knew the EOT font flaw was a security issue -- and waited until now to patch older Windows -- Lai thought that Microsoft didn't realize until recently that it was also a security vulnerability in editions prior to Windows 7. "I think they fixed this bug as part of the code sanitization during [Windows 7's] development cycle. It was actually only publicly disclosed recently, and then they patched it in other Windows
The article is speculating what did Micrsoft know and when did it know it etc. Microsoft's standard line defending its security through obscurity policy is, "we are not providing any details because it is going to help the hackers". But what about its big customers? Almost all businesses do not care much about its small customers. So forget small timers. But Microsoft has to coddle its big Fortune500 company customers. Would they be informed, even under confidentiality agreements and non disclosure agreements, which platforms and applications are vulnerable?
How do these big companies justify being so meek and acquiescing to Microsoft? If these Fortune 500 companies chip in 100,000$ a year, they can create an Institute of Software Interoperability and go towards reducing their switching costs. Microsoft has total revenue of more than 25 billion dollars, and a significant chunk comes from these big companies. They pay off has to be enormous for these companies.
Re: (Score:2, Informative)
Yes, the appropriate contacts in such organizations get informed. Chiefly, the CIOs and their assorted assistants down the IT chain. What they then do with that information is up to them. There's a reason these companies pay for their overpriced support contracts and license aggreements with Microsoft.
I know the major security vendors like Symantec are also informed.
This has been addressed several times (redundantly, I might add) in Slashdot articles over the years, and can probably even be confirmed by you
Fourteen? (Score:5, Funny)
So sore.
and what, pray..... (Score:2)
Seriously tough, I think that when people choose to use a browser that messes with system internals above other browsers that are NOT messing with the kernel, they get what they ultimately deserve. I remember a particularly buggy period that really had me going definitely over to Firefox: whenever IE crashed, I had to reboot. With firefox, killing the program would su
Mac, Linux, anything but Microsoft (Score:2)
Re: (Score:2)
The primary vulnerability was mitigated by using Firefox and Open Office. The drive by needs IE or Powerpoint or Word to execute.
Re: (Score:2)
Re: (Score:2)
And yet, Apple's default browser Safari has a pretty terrible security record, the latest OS X release contained a bug that nuked account data, and OS X consistently falls behind both Linux and Windows in defence-in-depth security mitigations. While Apple might like to boast about its operating system security, this doesn't appear to be due to any particular "hardened" design versus other mainstream operating systems and in fact lacks solid implementations of various security features that have been standar
Re: (Score:2)
snow leapard has been out for 2 months and service pack 2 has just been released. the fixes are for some pretty obvious stuff that should not have made it past QA like the Flash performance issues.
Re: (Score:2)
Re: (Score:2)
Apple A-
Microsoft F-
Sounds like the choice is Cupertino over Redmond, all the way.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You people who are in b
Re: (Score:2)
All our Macs came with VMWare boot camp to allow us to run Windows but no one does.
Its irrelevent what you in particular are doing. The point is that even Apple reconizes that they don't have many applications, and felt compeled to offer as a feature the ability to boot into MS Windows. They offered it because many are rightly concerned about being able to run ALL the software they currently do on Windows. Or do you think Apple is actually trying to help MS sell copies of Windows?
The major reason we swit
Re: (Score:2)
Whatever speed improvements were made in Vista or Windows 7 are irrelevant as we dumped MS with XP.
I find it amusing to see how you Microsoft-users bend over backwards to accept all the problems that come with the MS ecosystem.
As for what I do in my free time, I will wait until the thriller novel I just turned into my agent Oct 25th is published. At one time I played games and wat
OK, just a second now... (Score:3, Interesting)
'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'
Why aren't users of other browsers on the older Win platforms vulnerable? Is there some other risk or problem that is being ignored or even concealed?
Man, I can't believe I got that out without laughing...
Re:OK, just a second now... (Score:5, Informative)
I discovered this bug (check the credit section [microsoft.com] in the advisory), so can explain. The bug is in parsing a component of TTF files, which are handled by the GDI kernel subsystem in Windows. Anything that tries to load fonts can be used to exploit this vulnerability, as they will eventually reach this code, Internet Explorer just happens to be the easiest way to reach it remotely.
Other browsers _are_ affected, the difference is that there's only one level of indirection before the vulnerable code in Internet Explorer, and at least two in other browsers. This is because IE supports EOT files directly, which via TTLoadEmbeddedFont() are decoded and passed straight to GDI, where as other browsers take a TTF input, convert it into an EOT and then pass that to TTLoadEmbeddedFont, so you have to convince three different chunks of code your input is valid (the browser, t2embed, then gdi), instead of just two in IE.
If you use any browser that support @font-face on Windows (Safari, Firefox 3.5+), you should still patch and reboot.
Re: (Score:2)
Legal generalization: (Score:2)
Anyone running IE [Internet Explorer] is at risk here,
That statement is still true, even when the rest of it is missing. ^^
Then again, what does it give us, to help those, who were chosen by natural selection, to be punished?
Wouldn't it make more sense so block all packets coming from IE users?
Use the drive-by hole, to put a trojan on those systems, whose only purpose it is, to block all outgoing traffic, except Microsoft servers and their DNS mappings, until the system is updated. If the system is updated, the trojan restores everything, and deletes itself.
I
Why only MS patches... (Score:2)
Re: (Score:2)
Good for them (Score:2)
Awesome, now this means my xp version is even more insecure then I thought,
I am still waiting until they offer free patching for pirated copies.
Microsoft releases eight critical new holes (Score:2)
After what was expected to be an unusually quiet Patch Tuesday, Microsoft has released eight patches for applications with an insufficient number of security holes.
“Our market is the enterprise,” said Microsoft security marketer Jonathan Ness. “Information technology professionals know that Windows is the greatest IT job creation scheme in history. Without Patch Tuesday, there’s no reason for the experienced IT worker to spend his time hiding out in the server room watching progres
Be Done With It (Score:2)
None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.'
Critical and important patches but none affects Windows 7.
Solution?
Simple. Offer Windows 7 as a patch option (and keep it as only an option because some machines don't have enough hardware). It's hypothetical though due to the monopoly and antitrust problems of Microsoft.
After all the patching your XP or Vista or whatever becomes more and more like Windows 7 anyways.
How many of the people who've
Re:And the others? (Score:4, Funny)
They're not fixes. They're just there to introduce more vulnerabilities that will "encourage" people to shift to Windows 7 ;)
Re: (Score:2)
Sir, thank you for a good Huxley quotation (your sig).
Re: (Score:2)
Not sure the real level of facetiousness here, but I think that's a pretty insightful comment.
In what way? They just fixed bugs all the way back to Windows 2000. That says to me that there is still life left in the old OS yet. If they wanted to encourage people to upgrade, they wouldn't back port all of the fixes.
Re: (Score:3, Insightful)
Not fixing would backfire. Would you buy a product from a company that totally abandons the existing product as soon as they release a new one?
Re: (Score:2)
Name a single Loonix distro that backports security fixes to a version of their distro that is 9 years old and you might be able to make something resembling a point.
The difference is that you can upgrade to the latest fully patched versions of Linux distros for free.
Sorry this is so late, I just happened to notice it just now because of the crazy guy having an argument with me below :s
Re: (Score:2)
Why do I get the feeling ForeDecker (an MS mgt. person here, whom I addressed with these points 3-4 times now & he just "evades them") OR, that I am just going to be "adhominem" attacked, rather than my points here being confronted &/or disproved instead?
Probably because the way you've written this, you've made it bloody annoying to read, and nobody can be bothered.
Re: (Score:2)
Hahahahahahaaa... yeah, good one. No, it just has incredibly fucking annoying overuse of bold font, and why put every sentence in its own double spaced paragraph? Annoying. Not to mention completely offtopic. You need to find a more appropriate context for your little crusade. I have better things to do with my time than go through a mess like that.
And I didn't actually read it, just checked over to see if it was one of those randomly generated posts (it *really* looks like one from the offset due to the st
Re: (Score:2)
Huh? Yes it's deep within the thingy, but I didn't actually have the patience to try to parse everything up to there, I just noticed that bit *shrug* I got quite far through your little tirade there since it was kind of amusing, but got bored when you assumed that I'd actually read the first one. So out of spit I haven't read the read.
PS, ever heard of 'irony'? And do you REALLY have nothing better to do than check up on all your AC posts? Jeez..
Re: (Score:2)
Deja vu. Somehow you remind me of someone who posted moronic AC rants before, had a three letter pseudonym like "AWC" or somthing. I could easily keep replying forever, I tend to not be able to help feeding the trolls..
I don't know why you're referring to me as illiterate, your style of writing strikes me as that of someone who doesn't have English as their first language. PS - ever heard of 'paragraphs'? You practice the non-existend brand of them badly. Do you enjoy repeating everything people say? I neve
Re: (Score:2)
ahhhh, APK that's it! Someone mentioned your name in the thread you linked. I agree that you need some kind of medication or councelling.. you always post offtopic rants, and then get aggressive whenever people reply o_0 and you always have to have the last word. Haha :) I like the last word too, but in this case, since you seem to be doing it to several people and you've wasted my time in the past, I'm not going to bother with you anymore. Good day, sir.
Re: (Score:3, Insightful)
Dude. Yes I'm talking even tho I said I wouldn't but I've been thinking about this a lot.
Don't you wonder *why* you upset *everyone* every time you talk online? Think about it. You are the one who is acting like a troll. A quick google of your name (which I did because you called a slashdot account "easily trackable", even though I don't use this name anywhere else, but you have registered APK accounts all over the place, plus I found your email address and physical mailing address) brought up several threa
Re: (Score:2)
Who the fuck cares if they have a PHD? Once again you are acting like a paranoid weirdo, after posting a bunch of shit in reply to a *joke* I made and trying to pretend like it's being on topic and not just flamebait/trolling? Start your own thread next time please, this is the second time you've pulled this offtopic bullshit in reply to one of my comments.
People don't need a PHD to know if someone is not right in the head. Plus, I did study psychology for a couple of years anyway, and have read a lot into
Re: (Score:2)
PS what the hell are you talking about here
"That's funny: I used your own words against you, via quotes, right here as did others apparently... it seems YOU are the one who is not liked here @ all. OR, aren't the other replies here indicative of that, when they were directed YOUR way?? I see others quoting your words and turning them against you, with relative ease."
I have seen no such thing. You didn't quote me, you were just asking me stuff like "have I got nothing better to do" after I asked you the exac
Re: (Score:2)
Dude, you are still the one being aggressive and making all these accusations. Most people don't have their dad die 6 weeks before they leave for University (ie first time they are going to be living on their own), and the fact that I did Computer Science was just reminding me of my dad all the time, I ended up pretty depressed. If you want to be insulting about it then go ahead, I called you crazy too, but I still stand by that. You have some serious social issues at least since you feel the need to lash o
Re: (Score:2)
You are so weird o_0
Re: (Score:2)
I did not give you guff, you copy and pasted a massive essay to a joke I made. The massive sprawling style is similar to all those weird GNAA posts etc, so I at first assumed it was just a troll (and I still think it qualifies as at least flamebait, even if you did not intend it as trolling), then after I realised it wasn't I just pointed out to you that you need to write in a more reasonable manner if you want people to *read* wha you write? Isn't that your intention? I don't need a degree in English or Ps
Re: (Score:2)
Again, all your bullshit applies moreso to yourself than me. You are the one who is posting endless wall of text spams online on multiple websites, and picking fights for no reason when someone rightly points out that you are spamming/trolling. It's almost like you *want* people to get pissed of at you so you can try to argue and pretend you're better than everyone else. Funny how everyone you pull this shit on ends up assuming that you're retarded (and we still haven't established that you're not, you have
Re: (Score:2)
Oh, btw I just looked up the meaning of your latin quote..
"By the power of truth I have conquered the universe"
BWAAAAHAHAHAHAHAHAHAHAHAHAAAaaa.. oh man, you really are insane xD that is so hilarious that you complain about "ad hominem" attacks, and then when you just ignore everything I say and then quote someone else's insult, you think you are master of the universe. You really do have mental issues dude.
Re: (Score:2)
Dude, the joke was not the so called "attack" on yourself. The joke was about Windows 7, and you posted a bunch of spam in reply to it.
Talking of dealing in reality, you are doing this kind of thing on many forums across the internet, and I see lots of other people complaining about it. What is more real - *your* version of reality, or the one that everyone else has? Like I said, why don't you just put up your massive posts on a blog, and then link to that in your signature or something? It would help to st
Re: (Score:2)
http://www.thorschrock.com/2008/05/19/how-to-respond-when-people-threaten-to-sue-you-on-the-web/ [thorschrock.com]
Read that page. Pretend that the APK posts are by someone else. Now ask yourself if his actions look reasonable or sane.
This Thor guy is being perfectly reasonable. He doesn't cave in to your empty threats, and he is trying to be nice about getting the spyware status of your software revoked. Then for no apparent reason you start insulting his character. How do you think acting like a dick is going to make him wa
Re: (Score:2)
"and, neither did other repliers"
Please, provide some evidence for your lies, instead of simply repeating them to convince yourself that they are true? I dare you.
We can go through all your lies one at a time if you would like.
Don't bother replying if you are not going to provide some real evidence instead of making shit up.
Re: (Score:2)
Yup, another "GOOGLE KNOWS" (but, you surely don't & this proves you are nothing more than a "I CAN GOOGLE IT" addict): The literal translation is this ->
"By the power of truth, I, while living, have conquered the universe"
(Note the "vivas" part? That the part your GOOGLING missed in translation)
Yes, in somersault? We have yet another "wannabe" trying to play "smart" with me, & "GOOGLING IT" because he lacks an educated background & then? LOL, he still screws up massively... lmao!
Nobody know everything. What difference does it even make if part of the quote is missing? I didn't copy and paste, I just looked it up and then wrote what I remembered from the wikipedia article.
Why do you keep talking about me in the third person as if other people are reading this? And repeating all your crap about English and psychiatry instead of providing justification for your spam. You have no leg to stand on here, so you end up trying to insult my intelligence - as if you somehow know everything an
Re: (Score:2)
Why do you keep copy and pasting stuff you have already said?
My point here was not whether or not you write spyware, it was simply me taking issue with the *way* you go about things. You don't seem to have any respect for people.
I have said a couple of times that my comments to you have not been jokes. I have been quite serious the whole time. The joke was my original post about Windows vulnerabilities, which you then just pasted some offtopic spam in reply. Again, no respect. You could have at least wrote
Re: (Score:2)
Umm.. and can you prove that those posts weren't you? They're all AC, the first two could be more of what I presume are your cut and paste insults that other people have used against you, and the third one especially is in your style "prove that you have a PHD, blah blah".
How can I "ignore" anything you say, when I quote each thing you state & reply to each quote?
You often ignore or twist what I actually says, or show a complete lack of understanding (thinking that depression is the same as insanity for instance). You seem to ignore that there are many other people who doubt your own grasp on reali
Re: (Score:2)
Dude, stop pretending to be other people, it's sad. You claimed before that it was other people that were posting, however in both of those posts you mentioned "not having PHDs in english or psychiatry", which is something you do all the time as APK. You even did it again in this post. I was not a "psychiatric case", I got anti-depressants from my general practitioner.
I am not the one tripping over and contradicting myself. Remember when you said that people with slashdot accounts are "easily tracked fools"
Re:And the others? (Score:5, Informative)
What about the fourteen other fixes?
The article talks about them at the end (on the second page):
Microsoft also issued critical updates for Vista and Server 2008 [microsoft.com], as well as for Windows 2000 Server. On the latter, which harbors a bug in its implementation of the License Logging Server [microsoft.com], a tool originally designed to help customers manage Server Client Access Licenses (CAL), Storms urged users of that aged operating system to apply the patch pronto, even though the machines are probably well-protected.
"Windows 2000 Server has the logging server enabled by default, but those systems are likely behind multiple firewalls, and people running [Windows 2000 Server] are pretty cognizant of the fact that it's an older version and will act accordingly."
Excel and Word also received patches today. Eight vulnerabilities were addressed in Excel in MS09-067 [microsoft.com] and one in Word with MS09-068 [microsoft.com]. Both updates also affected the Mac editions, Office 2004 and Office 2008.
For more info, check out the top six listings here [microsoft.com].
Re: (Score:2)
And they say AI isn't ready for real-world applications yet. pfft.