OSNews

I'm not sure how it gets much faster than last time, unless you just create a hacked up patch and toss it out there without testing it.

While it doesn't take long for them to create a patch, testing isn't a five second process.

"I'm not sure how it gets much faster than last time"

Someone takes it more seriously this time around. You honestly can't be telling me that a company as big as Microsoft needs that long to patch a problem in the very same code that they've only just finished working on fixing days earlier.

"Response speed
Microsoft's fix for the flaw was the quickest turnaround ever for a Microsoft patch, released only 10 days after the vulnerability was made public,"
http://news.zdnet.co.uk/0,39020330,39246273,00.htm

Consider the easy exploitation and the severity of the flaw, 10 days are just too long.

Not just is 10 days too long, it is an embarrassment !

Says something about how bad the codebase is

Nor is it a two week process. There is not enough time for that.

Better the system is broken because of the fix than the system being broken because of the exploit.

I still don't know what WMF was good for in the first place.

But was that privately made patch by Ilfanov(?) also circumvented by these 2 new exploits?

This patch disabels execution so you shouldn't worry!

... grow the eff up and stop trolling.

Any software approaching the complexity of Windows is bound to have obscure security holes that could go undetected for years.

Please? Hummmmmm, the WHM hole goes all they way back to the first versions of Windows! It wasn't complex then!

On top of that Windows is no more complex then the Mac OS, some versions of Linux and all the major versions of Unix.

Give me a break! Facts are facts! Windows is crap!

And like I said before it would be one thing if like everyone else they were putting out stuff on a regular, but 2000 has been out for 6 years and XP for almost 5 and yet week after week after week new problems crop up in the same ole code!

Flaw in your argument: at the time of early Windows, the Internet then wasn't the same it is now, and these kind of security holes weren't as important as they are now, if any awareness existed at all then.

MacOS probably has a different code for WMF, if any; same applies to Linux/Un*x.

Even as I think that MS Windows is still quite "crappy", I also think Microsoft has made great strides on last versions (2k and XP), and a genuine effort to make it more secure, as shown by the results of XP SP2 and the time they took to launch a patch to the 1st WMF flaw. So, some credit where it is due.

You're right in one point, though. If the code were properly written and checked then, it would have lot less vulnerabilities.

Man, with 50 Billion in the bank, they should be sellin the fort knox OS. LOL!

But we are talking about a 15 year old hole! And they are just finding it? I mean it was there in Windows 95 which was 11 years ago. (And that was internet ready!)

The sad part is that MS doesn't really open their code, yet OTHER people keep finding the holes! LOL!

The difference is how long it takes to solve them and how often they occur on Windows.

Windows isn't the only complex system in the world. It's just designed to be unsafe, and this is why Microsoft is fighting so hard.

ActiveX is an example of technology - developed when security was a must - and still being extremely unsafe.

There are other systems in this world equally complex as Windows without the same amount of security holes.

You like yours George Bush style, where they tell you 2 years before the war is even half way done that the mission is complete and like with Windows they are still working and still fixing and still fighting. LOL!

The funny part is the "beta" os keeps Bill Gates up at night trying to figure out if XP runs faster on old hardware then the "Beta" os. LOL!

Based on his comments I'm pretty sure he's a Mac user, I don't think I've seen any mention of him using Windows.

If you are talking about Linux is Poo, then you are almost correct.

He is primarily a Mac OSX user, however he also uses Windows and Linux.

Or so his previous posts would have you believe.

We already knew that

All maintained software is in progress. And Linux (the kernel) aren't beta.

GNU/Linux systems aren't beta either. No more than Windows 2003 Server is beta or Mac OS X is beta (well, the latter one is still at alpha stage).

It's the kernel then.

The kernel is under constant development as is the kernel in most OS'es.

You do not have to upgrade the kernel to get full functionality from a GNU/Linux system. Usually the kernel is pretty much unimportant in that regard. So if it's in beta stage it's because you chose to put it in beta stage. Besides that each kernel revision has it's own level of developlment. Like 2.6.x.y and the higher y is the more stable it is (usually).

Do like me. Don't update unless you really need it.

The fact that software is constantly being updated does no equal being in beta stage.

And no. Mac OS X is not prettier, nor more stable. Usability however, I'll grant you that one (with the exception of a few bugs in the desktop implementation).

Imagine a user downloading such a WMF to the Desktop (the default setting in most browsers) this would cause explorer.exe to show this WMF, making it crash, which basically makes the whole desktop & the taskbar crash. explorer.exe will automagically be restarted, showing the WMF on the desktop again, crashing again ... You'd end up with a pretty useless computer probably.

Well that's fixable with Knoppix or something like ERD Commander ( http://www.winternals.com/Products/AdministratorsPak/ ) , one of either should be in every computer users recovery toolbox. Basically boot from cd delete file and your done, annoying but definately not as dangerous as the first exploit.

Well that's fixable with Knoppix or something like ERD Commander ( http://www.winternals.com/Products/AdministratorsPak/ ) , one of either should be in every computer users recovery toolbox. Basically boot from cd delete file and your done, annoying but definately not as dangerous as the first exploit.

Well, that's all well and good for more savvy users (who are least likely to be hit), it is not a viable solution for the majority of computer users. Most users are at the limit of the comfort zone using their standard apps. Expecting them to be able to (or want to) fix their OS when things go wrong is expecting too much. Just like everyone that drives a car is not a mechanic, everyone that uses a computer is not a tech.

Well, that's all well and good for more savvy users (who are least likely to be hit), it is not a viable solution for the majority of computer users. Most users are at the limit of the comfort zone using their standard apps. Expecting them to be able to (or want to) fix their OS when things go wrong is expecting too much. Just like everyone that drives a car is not a mechanic, everyone that uses a computer is not a tech.

I don't believe explorer would even render the WMF on the desktop. It would instead show whatever icon is associated with WMF files. However, if it did actually render the file, you don't need Knoppix or other 3rd-party tools to fix this. You can use cmd to go to the desktop and delete the file or move it to another directory. You could also open Task Manager and do the same from it's "New Task (Run...)" dialog. There are a few possible ways of doing this as well using just what is available in the OS.

The overall scenario also discounts that such exploits would likely be stopped by AV/AS software if it is on the system and up to date, just as it did with the previous exploits.

Edited 2006-01-10 19:10

Com'on people, do not make case from this thing. Who does need all these tools here.
You have infinite loop of Explorer.exe crash due to a file... what's the problem?
ctrl-alt-del (or Ctrl-Shift-Esc) fires up task manager, select new task, run cmd, enter the file path, enter del or erase command of the file. then new task explorer.exe and all is done!!!

For Linux fanboys: do you forget how instable are Gnome and KDE???

Then you just log in as Adminstrator and delete the offending file from the "Desktop" directory in the said user's profile. Um...unless you happen to be doing your web browsing as Administrator. In that case write this off as a lesson learned and a fine opportunity to play with a Linux live CD (as the other reply suggested) to fix the problem (hmmm, do I sense irony here?). Although this could be a royal PITA if somebody got an offending Email in Outlook and had the Preview pane enabled (heaven help us all). Crash...re-open Outlook...crash...ad nauseum. Forced removal of the entire offending .pst I guess.

Perhaps a nice proofreading script that deducts a point from the post for every *Suck, *Poo, or similar. At least we'd see some more invemtive insults!

Nope I disagree. If you actually look at the userpage of Windows Sucks, you will see he is voted up more than he is voted down. This means he does make valid points.
If you were to automagically mod them down, you would miss the odd gem.

Censorship is too f--king gay

You mean the voting goes on merit? Hey - I mever noticed that! - Wow! Thanks for enlightenment!

biteydog by name - biteydog by nature

(Edit) Just excuse me - brainburn from spending a couple of hours rebuilding a Windows XP box for a client who was .wmf***ed - and I haven't touched a Windows machine since W98.

Edited 2006-01-11 10:44