Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

3 New Windows Security Problems Found

timothy posted more than 9 years ago | from the now-wait-for-the-baffling-no-problems-in-years-claimants dept.

Security 190

DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."

cancel ×

190 comments

Sorry! There are no comments related to the filter you selected.

first post! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11181143)

first post!

In other Words (4, Funny)

Prince Vegeta SSJ4 (718736) | more than 9 years ago | (#11181145)

Merry X-Mas from your friends in Redmond! Geez do they even search for flaws on their own?

Re:In other Words (0)

Anonymous Coward | more than 9 years ago | (#11181171)

Geez do they even search for flaws on their own?

Only in things like consent decrees and government judgments against them.

Re:In other Words (2, Funny)

DanielJosphXhan (779185) | more than 9 years ago | (#11181204)

Wow, I've gotten everything I wanted for Christmas now, except maybe a home invasion, or rape or something.

Re:In other Words (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11181369)

lol winsodz susxxxxxxxxxx

Linux Flaws (-1)

Anonymous Coward | more than 9 years ago | (#11181382)

Just curious, Slashdot seems to post every windows flaw. Do you also post all linux flaws?
I mean I am just curious what the ratio of flaws is; 1 to 5? 1 to 100? 1 to 1?
Whenever I look at source code more than half the patches I see are security fixes. Yes, I know that means they are fixed, but it also means at one time they were not.
Take Subversion for example - there are 5 security fix releases since May.
Before you go arguing subversion isn't part of linux, remember, .hlp files aren't part of Windows either. I am just subversion as the most recent example I looked at. If you counted all the tiny never finished OSS projects the ratio would be like 90 gadzillion OSS bugs to 1.
So where should the line be drawn; Windows/Linux/Closed/Open and what are the true numbers?

Re:Linux Flaws (5, Insightful)

upsidedown_duck (788782) | more than 9 years ago | (#11181518)


There is no way to compare flaws in Windows and Linux, and every attempt to do so is misguided. The reason is that the politics behind disclosure for Microsoft is entirely different than for Linux, so there is no way to link them statistically.

From the classic "there is one error for every thousand lines of code in a mature program" logic, a person could estimate how many bugs are present in both code bases and look at the number of published bugs to see who is covering their butts more. I'd guess Microsoft has more to lose from bad PR, so odds are they have internalized most knowledge about bugs.

Re:Linux Flaws (1)

upsidedown_duck (788782) | more than 9 years ago | (#11181528)

...a person could estimate how many bugs are present in both code bases and look at the number of published bugs to see who is covering their butts more.

Just to reinforce my point: the above research still could not be used for any serious arguments. There are just too many unknowns.

Re:Linux Flaws (3, Informative)

m50d (797211) | more than 9 years ago | (#11181538)

hlp files (or rather the engine which handles them) are part of windows. Microsoft has said as much in statements in court under oath. Subversion has never been installed on my (linux) computer, so you can't count it as part of linux. If a program is installed by default on most of the "big seven" distros, or just the majority of linux installs (but how would you ever check?) I suppose you could count it as part of linux, but that's probably rather unfair since those distros are far more functional by default than windows is. Finally, slashdot does tend to post flaws in major OSS. Whenever I've had to do a security upgrade, I've always found the story on /..

Re:In other Words (4, Funny)

upsidedown_duck (788782) | more than 9 years ago | (#11181406)

Geez do they even search for flaws on their own?

I'm sure Microsoft has an internal issue tracking system. Actually, I'd bet that's what motivated them for putting 64-bit support in Windows!

Open Source Christmas present (2, Informative)

DrunkenPenguin (553473) | more than 9 years ago | (#11181519)

Yeah! Tell me about it. Nice present from Redmond guys. But let me tell you a happy story! Open Source world gave me the nicest Christmas present I could ever imagine! (well.. I had to download some software and compile a few libraries to make it work, but..)

Linux audio community gave me Yamaha DX-7 [vintagesynth.org] synthesizer! This is my dream come true, I can now play some great tunes that made this synthesizer one of the most well known synthesizers. This synthesizer was used on U2's Unforgettable Fire and The Joshua Tree albums. This synthesizer was used by these artists: the Crystal Method, Kraftwerk, Underworld, Orbital, BT, Talking Heads, Brian Eno, Tony Banks, Mike Lindup of Level 42, Jan Hammer, Roger Hodgson, Teddy Riley, Brian Eno, T Lavitz of the Dregs, Sir George Martin, Supertramp, Phil Collins, Stevie Wonder, Daryl Hall, Steve Winwood, Scritti Politti, Babyface, Peter-John Vettese, Depeche Mode, D:Ream, Front 242, U2, A-Ha, Enya, The Cure, Astral Projection, Fluke, Kitaro, Vangelis, Elton John, James Horner, Toto, Donald Fagen, Michael McDonald, Chick Corea, Level 42, Queen, Yes, Michael Boddicker, Julian Lennon, Jean-Michel Jarre, Sneaker Pimps, Greg Phillanganes, Stabbing Westward and Herbie Hancock to name a few.

Can you imagine that? And all this for FREE! Thanks to you guys who made that software synthesizer for Linux!

Wanna have it? Here's [sourceforge.net] where to start.

You see, sometimes the best Christmas presents can be free! Happy Christmas and thank you very much, Open Source world!

first post (0, Offtopic)

maryjanecapri (597594) | more than 9 years ago | (#11181146)

oh my gosh - this is a first for me. and all i can say to this story is - like i'm surprised!!!!!

Re:first post (0)

Anonymous Coward | more than 9 years ago | (#11181307)

Not to be picky, but automobiles pay road taxes in the form of taxes applied to gasoline purchased and therefor they go further in supporting the cost of roadways. Bicycles do not. Bicycles belong on designated biking paths not riding on sidewalks, between cars, etc.

Re:first post (0, Offtopic)

NotoriousQ (457789) | more than 9 years ago | (#11181544)

Wrong! Most states classify bikes as a vehice, and therefore they can go on roads and obey rules just like any other vehicle. They have to use turn signs, even obey lanes. (driving between cars is not considered OK in the US). The only restrictions on bikes is that they have to obey minimum speed limits when posted, and do not drive on self-propelled restricted roads (most roads with on-off ramps).

So, yes, if I want to be an ass, I can occupy a whole lane (just like a slow moving tractor can), and the cars will be either forced to wait, or have to pass. Most of the time I use as little of the road as possible, just to be nice.

Owners do not pay taxes because they are considered to not be a substantial burden on the road, and the cost is simply taken from the general tax (usually property/land), or taxes for cars.

As far as riding on sidewalks -- that is prohibited in most states. However, in areas where sidewalks are not everywhere, and pedestrians are a complete rarity, one can try to claim that a sidewalk is actually a bike path if stopped by a cop.

Just make sure you are wearing a helmet to give police less chance to stop you. Many times they will not, as they can not evven issue you a ticket, as you do not have to have identification. In that case they probably have to arrest you or trust you, and they really do not want to do that.

BTW, what does this have to do with XP vulnerabilities?

Dupe! (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11181154)

Dupe!

Tihi :) (1)

trezor (555230) | more than 9 years ago | (#11181241)

  • Apparently there are issues, even for a Windows XP system patched with Service Pack Two.

Dupe or not, the emphesized part still brings out the giggles in me.

Re:Tihi :) (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11181287)

You mean like DJB Announces 44 Security Holes In *nix Software [slashdot.org]

But I dont know what amazes me about it.

Re:Tihi :) (1)

lintux (125434) | more than 9 years ago | (#11181456)

IIRC none of those bugs were in any kind of Unix operating system, but all in obscure little tools. So that's not really the same thing. You don't want to count the number of security problems in random Windows freeware programs either, I'm afraid.

Breaking news from the Sahara desert! (5, Funny)

Ligur (453963) | more than 9 years ago | (#11181155)

Millions of grains of sand found!

Blah blah blah. (4, Funny)

jamesgray (824292) | more than 9 years ago | (#11181156)

"Microsoft Corporation's popular Windows desktop operating system product."
What? Is there a minimum number of characters for a /. headline?
Ha.

Re:Blah blah blah. (5, Funny)

mattdm (1931) | more than 9 years ago | (#11181223)


"Microsoft Corporation's popular Windows desktop operating system product."
What? Is there a minimum number of characters for a /. headline?


Look, not everybody instantly recognizes the names of every random computer program in existence. There's millions of 'em out there, and, especially for this one with its generic and not-very-descriptive name, it's good to provide some context. Sure, you might be a Microsoft Windows expert, but not everyone here is, y'know? How would you like it if there were a story about something called "Linux" without explaining what that was?

MOD PARENT UP (0)

Anonymous Coward | more than 9 years ago | (#11181240)

Biggest laugh today

Re:Blah blah blah. (0)

Anonymous Coward | more than 9 years ago | (#11181250)


Don't know what computer is. Please define?

What is a program?

What does generic and context mean?

What really is "Linux"?

Please explain. Much appreciated! Thanks!

Did I just find some odd race condition in /. ? (0)

Anonymous Coward | more than 9 years ago | (#11181157)

The requested URL (it/04/12/25/1433236.shtml?tid=172&tid=128&tid=201 &tid=1) was not found.

upon clicking the "comments" link...

Re:Did I just find some odd race condition in /. ? (0)

Anonymous Coward | more than 9 years ago | (#11181297)

Did I just find some odd race condition in /. ?
Actually, this happens a lot lately. But, in the spirit of the season (goodwill toward all people, etc.), you shouldn't try to turn it into a race issue.

This concerns only old people in korea (-1)

Anonymous Coward | more than 9 years ago | (#11181158)

Since everyone else switched to knoppix, when it was anounced to be the best gaming platform for the PC

Re:This concerns only old people in korea (0, Offtopic)

gentoo_user (843424) | more than 9 years ago | (#11181238)

Not only that but if you use gentoo with the correct CFLAGS, you can find security holes upto 20% faster.

ANI... (5, Informative)

Stile 65 (722451) | more than 9 years ago | (#11181159)

According to a report on eWeek.com, one of the three vulnerabilities involves image handling, which has posed problems for Windows and Unix systems in the past. The other two vulnerabilities involve Windows' Help system and its .hlp files, and Windows' ANI (Automatic Number Identification) authentication capabilities.

That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.

Besides, these vulnerabilities were announced yesterday morning on Slashdot!

Re:ANI... (3, Informative)

the unbeliever (201915) | more than 9 years ago | (#11181360)

When in the case of Windows NT/2k/2k3 server, ANI authentication also means the number(s) that people are allowed to dial in remotely from, so the article text is correct.

Re:ANI... (1, Informative)

Anonymous Coward | more than 9 years ago | (#11181365)

The actual vulnerability is in the ANImated cursor file parser. so the article text is not correct.

Re:ANI... (2, Insightful)

Stile 65 (722451) | more than 9 years ago | (#11181381)

If you look at the actual vulnerability, the problem is when a frame number in an animated cursor file is set to zero. Therefore, the article is still wrong.

Winbloze Security Problems: +1, Who Cares (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11181162)


are as old as "President" George W. Bush's Peace Efforts [whitehouse.org]

Bring 'em on.

Thanks for nothing,
Kilgore Trout, CEO

less than a day (1, Redundant)

neoform (551705) | more than 9 years ago | (#11181164)

and somehow they dupe the story..

i mean camman, just read back 10 posts and you'll see the exact same story...!

Re:less than a day (1)

DogDude (805747) | more than 9 years ago | (#11181182)

It's Crimbo. Slow day. They figured that nobody would notice.

Re:less than a day (1)

adeydas (837049) | more than 9 years ago | (#11181284)

so true... looks like /. editors needs memory pills...

oh my! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11181167)

my anus flutters like an m$n butterfly!

Re:oh my! (0)

Anonymous Coward | more than 9 years ago | (#11181283)

I told you! I told you not to eat that sauerkraut, but you wouldn't listen.

Who do we trust here? (1, Redundant)

TFGeditor (737839) | more than 9 years ago | (#11181172)

"A Chinese security group reports..."

Why does this not inspire confidence?

"Users are urged to block e-mail attachments arriving with .hlp files attached and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage."

This is new advice? Jeez, now my whole mail paradigm is hosed.

Re:Who do we trust here? (0)

Anonymous Coward | more than 9 years ago | (#11181200)

"A Chinese security group reports..."

Why does this not inspire confidence?


Because you're prejudiced? Would you react differently had it been, "A Japanese security group reports..." or "A Swiss security group reports..."?

Re:Who do we trust here? (1)

wo1verin3 (473094) | more than 9 years ago | (#11181225)

Because you're prejudiced?

Give the guy a break, it's China for gods sake. They don't exactly impress us with technical knowledge and high quality goods.

Re:Who do we trust here? (0)

Anonymous Coward | more than 9 years ago | (#11181242)

Keep digging that hole you're in...

Re:Who do we trust here? (1)

Red Pointy Tail (127601) | more than 9 years ago | (#11181512)


Give the guy a break, it's China for gods sake. They don't exactly impress us with technical knowledge and high quality goods.


This was the sort of complacency the Romans and British were squatting on, just before their glorious empires kiss dirt. I'd say, watch out for the Chinese.

OMG, an OS with security issues... (-1, Redundant)

Jugalator (259273) | more than 9 years ago | (#11181173)

This sucks!

Can someone show me the way to an OS with no security issues, please?

Or if that's not possible, tell me why this is news?

Re:OMG, an OS with security issues... (2, Funny)

Rosco P. Coltrane (209368) | more than 9 years ago | (#11181184)

Can someone show me the way to an OS with no security issues, please?

Do FORMAT C: /S /Y then reboot. Voilà! No more virus or worm.

Re:OMG, an OS with security issues... (0)

Anonymous Coward | more than 9 years ago | (#11181289)

Unless, of course, the system files you copied to the hard drive weren't infected...

Re:OMG, an OS with security issues... (2, Funny)

JustinXB (756624) | more than 9 years ago | (#11181205)

Human 1.0 has no known security issues. Isn't always too stable, however. And, like always, it can depend on the administrator.

Re:OMG, an OS with security issues... (5, Funny)

GigsVT (208848) | more than 9 years ago | (#11181258)

Human 1.0 is a buggy piece of crap. Apparently there's a hard coded uptime limit of somewhere around 16-48 hours, and rebooting takes up to 12 hours, but usually 8.

There are hundreds of DDoS attacks, including something as trivial as a potassium injection attack.

All in all, I can't recommend Human 1.0 for production use yet.

Re:OMG, an OS with security issues... (1)

JustinXB (756624) | more than 9 years ago | (#11181416)

But there's a patch for the uptime limit. It usually comes in the form of 8oz. cans.

But you can fight off the attacker who uses the patassium.

Ain't nothing better than Human 1.0. Perfect? No.

Re:OMG, an OS with security issues... (3, Funny)

Anonymous Coward | more than 9 years ago | (#11181277)

Actually, models of the human 1.0 that recieved the "Y" chromosome are vulnerable because they will readily accept forbidden fruit packets without verifying the original senders identity. Transmitting such packets via a model of the Human 1.0 bearing only "X" chromosomes ensures 100% deliverability of any packets. This flaw exists because the "Y" model of the Human 1.0 only uses waist-level firmware when interactiong with the "X-only" model.

GNU/Linux (0)

Anonymous Coward | more than 9 years ago | (#11181239)

It's called, a GNU/Linux distribution.

Re:OMG, an OS with security issues... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11181244)

Mac Classic OS had/has very few security issues. Keep apple share turned off, that's about it. No remote exploits, very few viruses, and probably not many released in the past few years for that matter so most likely not even being spread much. And it still has thousands of decent useful apps available, and machines that will run it are cheap used now relatively speaking. Any old G3 tower and 8.6 or the 9 series OS on the web is pretty darn secure out of the box and inexpensive to buy. Still has most any windows or any linux beat for that matter with a default install. And yes, you can run and develop code and use scripts with it.

Re:OMG, an OS with security issues... (2, Insightful)

linguae (763922) | more than 9 years ago | (#11181305)

Can someone show me the way to an OS with no security issues, please?

Try MS-DOS. No remote root exploits in over 23 years. No new viruses in a decade. No malware. No worms.

Of course, you have other options. You have the classic Mac OS, CP/M, Apple DOS, etc.

My point? Every OS that provides services to the Internet isn't 100% secure. Sure, Linux and *BSD may be more secure than Windows, but Linux and *BSD aren't perfect.

3 New Windows Security Problems Found... (5, Funny)

Anonymous Coward | more than 9 years ago | (#11181190)

...two turtle doves and a partridge in a pear tree!

A Microsoft Christmas (-1)

Anonymous Coward | more than 9 years ago | (#11181405)

...

5 billion bucks

4 spam bots

3 email worms

2 root exploits

And a giant turd for a GUI.

Re:3 New Windows Security Problems Found... (0, Troll)

yellowstone (62484) | more than 9 years ago | (#11181421)

On the 12 days of bootmas, Microsoft gave to me:
  • 12 default settings,
  • 11 managers reassuring,
  • 10 urgent memos,
  • 9 infected networks,
  • 8 users downloading,
  • 7 crashed machines,
  • 6 admins patching,
  • 5 security flaws,
  • 4 service packs,
  • 3 hot fixes,
  • 2 schedule delays,
  • and a buffer overflow exploit!

"Issues"? (4, Insightful)

John Hasler (414242) | more than 9 years ago | (#11181191)

> Apparently there are issues...

What has become of the word "problem"? "Issue" is marketdroid-speak.

Re:"Issues"? (2, Interesting)

glomph (2644) | more than 9 years ago | (#11181210)

Microsoft degrades technology, the concept of business fairplay, and The English Language, too [around.com] .

Re:"Issues"? (1)

Animats (122034) | more than 9 years ago | (#11181434)

Hewlett-Packard used to use the word "defect", by policy.

That ended some years ago.

dupe (1, Informative)

Anonymous Coward | more than 9 years ago | (#11181197)

dupe. [slashdot.org]

Santa says: (1)

glomph (2644) | more than 9 years ago | (#11181199)

Good Tidings to all, and HO! [yahoo.com] HO! [yahoo.com] HO! [yahoo.com]

Surprise, Surprise... (3, Funny)

NotTheEgg (839387) | more than 9 years ago | (#11181206)

Apparently there are issues, even for a Windows XP system patched with Service Pack Two.

*Gasp* Oh my god! Not SERVICE PACK 2, the horror ...

Re:Surprise, Surprise... (1)

Deathlizard (115856) | more than 9 years ago | (#11181480)

and the SP2 one isn't really an exploit as much as it is a stupidity check.

"Gee! Bob from Accounting sent me this brand spankin' new Help file in my E-mail for Christmas! He's So Helpful! I'd better click on it because Bob told me to in his E-mail!"

I mean come on. At this point everyone and their uncle should know not to open attachments unless you were expecting it from someone considering the media coverage these types of viruses get. In fact, Outlook Express blocks .hlp files by default, Of course most people turn that security setting off anyway.

Generally speaking, SP2 has been impressive security wise VS SP1 and below. there hasn't been too many exploits that have affected this SP release so far. Of course SP1 was an absolute joke security wise so just about anything would be an improvement.

to HTML, or not to HTML? (5, Funny)

Gaima (174551) | more than 9 years ago | (#11181214)

Users are urged to ... and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage.

....

Sign up to receive our free Tech e-newsletter and get the latest tech news, Hot Sites & more in your inbox.

E-mail:

Select one: HTML [x] Text [ ]


err....?

Tantamount to suicide (2, Interesting)

Sensible Clod (771142) | more than 9 years ago | (#11181217)

Every time new vulnerabilities are announced, they say, "don't do this, don't download that, don't use this or that program/feature/bug". Enough of this has gone on that every program that was of any use in Windows is now unusable for fear of remaining undiscovered holes/patches that didn't take.

Let's now compile a list of these to give to people in order to convince them to switch to Linux. Meanwhile, so much functionality has been rendered unusable that when the next hole is found, they'll have to tell people not to use Windows at all ;-)

Hey, I can dream, can't I?

Re:Tantamount to suicide (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11181320)

Umm, a larger list of "do not use this program/feature" exists for Linux moron.

Re:Tantamount to suicide (0)

Anonymous Coward | more than 9 years ago | (#11181502)

I think you're thinking of "you cannot use this program/feature"

Re:Tantamount to suicide (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11181349)

"Let's now compile a list of these to give to people in order to convince them to switch to Linux."

Sorry bud, but most people like using software more than they like recompiling it everytime the system decides to take a shit.
Then again, if the software I use were to be available for Linux, I may be compelled to switch back.

News flash (3, Insightful)

SQLz (564901) | more than 9 years ago | (#11181228)

....even for a Windows XP system patched with Service Pack Two.

Hey, let me give you all a tip.....even if the future service packs for XP reaches version 10, it will alway be insecure and full of critical issues that are discovered by people other than Microsoft.

At least with Linux, the community usually discovers them first and before the problem is made public there is already a patch available. Now, these poor saps with Windows machines will probably have to wait weeks for a patch. Meanwhile, thier machines are being zombified as I type and turned into spam gateways.

Re:News flash (0)

Anonymous Coward | more than 9 years ago | (#11181281)

the same can be said for linux, and theres a lot more versions of the kernel than there are of windows (even with service packs)

im not disagreeing, windows sucks, but dont compare linux to windows when talking about service packs/versions

Sickening (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11181304)

Ah, yes.

It was only a question of time before the sickening, self-righteous, holier-than-thou comments of the True Believers would appear.

Linux isn't any better for "these poor saps" than Windows because. Neither Linux or Windows installation will upgrade itself unless THE USER sets it up so. Most Windows users won't bother and the more popular Linux becomes, the more you'll get "poor saps with RedHat Linux" who won't bother registering for the update/upgrade service.

Re:News flash (0)

Anonymous Coward | more than 9 years ago | (#11181428)

You might want to check your sig there, Einstein. Nvivia?

Re:News flash (1)

Khuffie (818093) | more than 9 years ago | (#11181472)

SP2 sets it up by default to automatically download patches. You can have it to do everything in the background (default), let it inform you of updates, or do it manually And Microsoft is darned good at releasing patches for their software to boot.

MERRY CHRISTMAS (-1, Flamebait)

argoff (142580) | more than 9 years ago | (#11181236)


Microsoft users :)

Linus (0, Offtopic)

mboverload (657893) | more than 9 years ago | (#11181248)

Merry Christmas Linus

--Windows; (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11181253)

Linux++;

YES! 7P (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11181256)

numbe8s continue [goat.cx]

People could still use internet safety education (2, Insightful)

VanillaDeath (825103) | more than 9 years ago | (#11181276)

...urges users not to download .hlp files from email attachments.

Yet people will continue opening strange attachments.
I hardly blame Microsoft for this with people uneducated enough to open a .hlp file attachment, or any random attachment that reaches their inbox.
Merry Christmas, learn how to use the technology you spend your cash on, etc. Love Wilson.

Re:People could still use internet safety educatio (1)

John Hasler (414242) | more than 9 years ago | (#11181341)

> I hardly blame Microsoft for this with people
> uneducated enough to open a .hlp file attachment,
> or any random attachment that reaches their
> inbox.

Why can you not blame Microsoft for distributing an MUA that executes attachments when they are "clicked" on?

People could use a 2x4 upside the fuckin' head. (0)

Anonymous Coward | more than 9 years ago | (#11181376)

learn how to use the technology you spend your cash on

Or, spend a little more cash on the technology at time of purchase, and reap the benefits down the line-- i.e. buy a Mac, you cheap fucks, and spend more time using your computer instead of making sure some scumbag spammer can't use it.

Re:People could still use internet safety educatio (1)

AnamanFan (314677) | more than 9 years ago | (#11181378)

Have you ever tired to educate such a user?

Give it a Rest, Please! (5, Funny)

dingletec (590572) | more than 9 years ago | (#11181288)

Even with the daily list of vulnerabilities, viruses, BSOD's, lock-ups, Windows Protection Errors, Ooga-Booga dances to keep the machine running, Windows XP is still the best OS out there! Linux may be stable, virus-free, more secure by design, have tons of free software available, frequent updates, and no restrictions on how many times you install it or where, but it is definitely not ready for the desktop. I mean, it may have more features than Windows, easily connect to just about any type of network service, but really, who can say that it's ready for people to use? So what if it takes under 20 minutes to install a full system with more software than I would ever want to use. Five hours of installation, patching, inserting software cds, installing and updating virus protection, installing effective firewall software, finding device drivers, entering license numbers for an equivalent system in Windows is a small thing compared to what you get with Windows, whatever that means... So what if there are Linux desktops that have not needed rebooting in nearly 2 years, and the only work performed on them was to type "apt-get upgrade dist"? That's just too boring and predictable! What fun is there in that? So what if you can install or upgrade all currently installed software over the internet with one command or by selecting it and clicking install? I'm sorry, but Linux is not ready for the primetime, not "Enterprise" ready. I'm not sure what that means, and frankly I'm not sure anyone else who says that does either, but they are absolutely correct! I can vouch for it.

Re:Give it a Rest, Please! - mpu (1)

caino59 (313096) | more than 9 years ago | (#11181319)

good laugh mpu

Re:Give it a Rest, Please! (-1)

Anonymous Coward | more than 9 years ago | (#11181337)

When the biggest selling feature of Linux is supposed to be security (and even then, security holes for Linux are discovered daily) then that doesn't say much for your software.

Re:Give it a Rest, Please! (1)

ElaineN (93949) | more than 9 years ago | (#11181387)

I distinctly remember that it took me almost an hour to install Fedora Core 3 to my machine. Of course, this included all the development and server components, as well as the normal desktop components.

Oh c'mon. (4, Funny)

Deal-a-Neil (166508) | more than 9 years ago | (#11181316)

This is old news. If we're going to have articles about security issues with Windows, we might as well just have a static link to Microsoft.com on Slashdot's front page.

Here's one of the permanent security bulletins to put on that static link description: Do NOT open any attachments in Outlook, at all. I mean, this is becoming one of the basic rules like, "Don't touch the stove, little Jimmy.. HOT! Very hot."

Happy Christmas, Harry! Happy Christmas, Ron.

Better make that 4 (0)

Anonymous Coward | more than 9 years ago | (#11181324)

I got a 3G Motorola C975 on the 3 network for Christmas and it's just completely locked up while connected. It's running Micro$oft :(

Dupe it.. (0)

Anonymous Coward | more than 9 years ago | (#11181332)

Dupe it good!

NX != security (2, Informative)

generationxyu (630468) | more than 9 years ago | (#11181338)

SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap, which can be just as bad. Also, if the return address is simply changed to an address on the heap, code in the heap can be executed. The heap has the executable bit, because of dynamic libraries loaded into the heap.

Re:NX != security (2, Informative)

hobo2k (626482) | more than 9 years ago | (#11181493)

Two things: SP2 supports NX only where available. Not many people have hardware that supports it.

Secondly, dlls are not loaded into "The Heap". In fact, the entire dll is not even executable. The PE header of a dll or exe specifies which segments are executable and which are not.

www.prcview.com has a program which will show you the layout permissions for a process's memory.

You are certainly correct that no one thing will solve all security problems. But everything else in your post is plain wrong.

And you're probably not interested ... (1)

Pegasus (13291) | more than 9 years ago | (#11181361)

... in 10 Oracle exploits posted on Bugtraq earlier. It's holiday time anyway, those DBs can wait.[/sarcasm]

Re:And you're probably not interested ... (1)

John Hasler (414242) | more than 9 years ago | (#11181469)

The DBadmins already know about them, and they won't result in the creation of another 100,000 spamming zombies.

And the purpose (1, Interesting)

BCW2 (168187) | more than 9 years ago | (#11181362)

of shit pack 2 was what? I guess to just add more ineffective bloat ware to everyones computer.

On one customers laptop (auto update allowed) SP2 changed the language to Boznian. Format re-install, dis-able auto screw up.

SP2 and Norton Internet Security 2003, or 2004 will almost always cause enough conflicts to require a R&R.

Alternative to MS Help Viewer? (1)

DoktorSeven (628331) | more than 9 years ago | (#11181377)

Even before this, I've been wondering if there is an alternative to the MS Help viewer (hh.exe) for CHM files, like xCHM in Linux?

I did get xCHM running under Cygwin but for some reason the images don't show up...

Dupe, dupe, dupe // dupe of url (0, Redundant)

YU Nicks NE Way (129084) | more than 9 years ago | (#11181399)

We've seen this one [slashdot.org] before.

But last time, the submitter at least got the comments right.

Windows Security Issues (2, Funny)

handy_vandal (606174) | more than 9 years ago | (#11181402)

USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product.

Accurate, but not accurate enough for my taste.

The post should actually read:
... a story that outlines three
Security Issues (TM) in Microsoft Corporation's popular Windows ...
-kgj

SP2 Correction (1)

tshak (173364) | more than 9 years ago | (#11181437)

SP2 is not vulnerable to the ANI or LoadImage exploits that the article describes. It is however vulnerable to a variation of the hlp heap overflow exploit.

Why is this news? (0, Flamebait)

AhBeeDoi (686955) | more than 9 years ago | (#11181439)

Let me know when MS does something right. That will be news.

Re:Why is this news? (0)

Anonymous Coward | more than 9 years ago | (#11181541)

Oh, Winblowz does have one thing right...

Start->Turn Off Computer->Restart

Boot from CDROM...install favorite distro

Battered spouse comparison (5, Funny)

Tengoo (446300) | more than 9 years ago | (#11181506)

You know how on that show Cops, you'll occasionally see some redneck guy being stuffed into a police car? Then, in the background, you can hear his bloodied and bruised other half screaming (usually in a southern accent) 'I love him, don't you take him away!'

This runs through my mind each time another friend of mine replaces his dead Windows box with another. I believe Windows users like to be hit.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>