Linked by Thom Holwerda on Wed 9th May 2007 10:15 UTC, submitted by anonymous
Microsoft Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology and the whopper of them all, the zero-day vulnerability in the DNS Server's use of RPC. The DNS remote code execution vulnerability affects server-grade operating systems, including Windows 2000 and Windows Server 2003, and only those that have the DNS service enabled, such as Domain Controller, DNS Server or Microsoft Small Business Server configurations.
Order by: Score:
Love or loathe Microsoft
by Laurence on Wed 9th May 2007 10:53 UTC
Laurence
Member since:
2007-03-26

Every OS will have it's vulnerabilities and some could argue that Windows has more than most (I don’t want to get into an OS flame war), but full credit to Microsoft for their regular patch release schedule.

Reply Score: 5

RE: Love or loathe Microsoft
by SlackerJack on Wed 9th May 2007 11:02 UTC in reply to "Love or loathe Microsoft"
SlackerJack Member since:
2005-11-12

Yes but the shear amount of security flaws in the last six years in XP is just incredible and now 14 critical ones. Surely after six years they would be ontop of this.

It's really no wonder that Microsoft want people on to Vista and quick.

Reply Score: 4

RE[2]: Love or loathe Microsoft
by Laurence on Wed 9th May 2007 11:08 UTC in reply to "RE: Love or loathe Microsoft"
Laurence Member since:
2007-03-26

Most of these flaws are not the OS, they're Microsoft applications / services that sit on top of the OS.

Plus I suspect the move to Vista is more a financial one

Edited 2007-05-09 11:17

Reply Score: 5

sbergman27 Member since:
2005-07-24

"""
Most of these flaws are not the OS, they're Microsoft applications / services that sit on top of the OS.
"""

Well, it seems like every time someone does one of those silly vulnerability counting "analyses" they want to include Gimp vulnerabilities right along side Linux kernel ones.

So I'm not inclined to cut MS much slack just because some vulnerabilities happen to be in *apps* that most Windows users use by default, and not in the system libraries or the kernel.

Reply Score: 2

RE: Love or loathe Microsoft
by Almafeta on Wed 9th May 2007 18:51 UTC in reply to "Love or loathe Microsoft"
Almafeta Member since:
2007-02-22

That's one of the major reasons why I consciously choose to use Windows over other operating systems. I know I'll be getting patches and fixes regularly, and that these patches will be obtained in the background for me to install at my leisure.

To be honest, I don't even know how many patches I've got since I bought XP, because they're largely invisible to me, something I skim over and approve or deny as part of my regular maintenance.

Reply Score: 0

RE[2]: Love or loathe Microsoft
by Punktyras on Wed 9th May 2007 21:37 UTC in reply to "RE: Love or loathe Microsoft"
Punktyras Member since:
2006-01-07

I know I'll be getting patches and fixes regularly, and that these patches will be obtained in the background for me to install at my leisure.

Poor me - it's so different in Linux. There are updates for OS and any software you happen to install from repositories. Alas we don't have patch tuesdays - updates are frequent and we have no pleasure to stay with whopping security holes for month. And yes, we are depressed because we don't have to reboot everytime update is applied for any component...

Reply Score: 4

RE[3]: Love or loathe Microsoft
by Almafeta on Thu 10th May 2007 03:01 UTC in reply to "RE[2]: Love or loathe Microsoft"
Almafeta Member since:
2007-02-22

Poor me - it's so different in Linux.


Then why don't you switch back?

Reply Score: 1

RE[4]: Love or loathe Microsoft
by raver31 on Thu 10th May 2007 07:55 UTC in reply to "RE[3]: Love or loathe Microsoft"
raver31 Member since:
2005-07-06

emmmmm... was your sarcasm detector switched off ?

Reply Score: 2

RE[2]: Love or loathe Microsoft
by smitty on Wed 9th May 2007 21:45 UTC in reply to "RE: Love or loathe Microsoft"
smitty Member since:
2005-10-13

That's one of the major reasons why I consciously choose to use Windows over other operating systems. I know I'll be getting patches and fixes regularly, and that these patches will be obtained in the background for me to install at my leisure.

OK, now just tell me how that's actually different from what any modern Linux distro does. Except for the fact that in Windows it only applies updates for Microsoft software instead of everything you've installed. There are plenty of reasons to choose Windows, but automatic updates isn't one of them.

Reply Score: 3

RE: Love or loathe Microsoft
by kaiwai on Wed 9th May 2007 20:25 UTC in reply to "Love or loathe Microsoft"
kaiwai Member since:
2005-07-06

Every OS will have it's vulnerabilities and some could argue that Windows has more than most (I don’t want to get into an OS flame war), but full credit to Microsoft for their regular patch release schedule.


Although some nuts here scream about the perils of security in Windows and how their operating system of choice is superior, what I can assure you is that the position of most people here don't sit that camp.

The issue isn't the vulnerability but the length of time between the vulnerability and the patch being issued - take DNS vulnerability, for example. It was found in April, a exploit was developed, and the patch wasn't developed until today - I don't know about you, but that is terrible; what are companies meant to do who rely on that piece of functionality?

If vulnerabilities were found, there was a fast turn around with the patch, and the patch didn't cause further problems - there would be no issue, but it seems that with Microsoft you either get a patch that is quickly but problematic, or late, but quality - but at the risk of exposure to exploits that exist out there.

Reply Score: 3

RE[2]: Love or loathe Microsoft
by butters on Thu 10th May 2007 01:19 UTC in reply to "RE: Love or loathe Microsoft"
butters Member since:
2005-07-08

A few weeks from discovery to pushing out service isn't incredibly bad. It's better than the pathological case where a bad patch turns an obscure VB macro vulnerability into a system that won't boot. I'm not a fan of Patch Tuesday, but you can't generally push out service within a week of defect discovery. You might hit a hot streak and get it right a bunch of times in a row, but you're gunna pay for that haste eventually.

Big software vendors keep track of how many times they blew it and issued a bad fix. This is just about the worst thing that can happen from a quality perspective, worse than having the original bug in the first place. Besides being embarrassing, it's a surefire way to lose customers.

There are two main ways to put out a fix. If the problem is really critical and customers are yelling and screaming, you can rush the fix and allow voluntary application with loud disclaimers about being not-so-well tested. Otherwise, you have to do everything in your power to make sure the fix will get rid of the problem without causing any new ones. There's no middle ground here, and little room for error.

You make the fix available as soon as it's ready, no sooner, and certainly no later. That's why Patch Tuesday makes no sense to me. If the customer wants to apply service on the second Tuesday of each month, that's an understandable policy. But it's not for Microsoft to decide. If it's ready, why are they waiting to ship it?

Reply Score: 2

wow
by meto1 on Wed 9th May 2007 10:55 UTC
meto1
Member since:
2007-05-09

i love it, isn't windows the most secure os ever?

Reply Score: 0

RE: wow
by Nelson on Wed 9th May 2007 11:17 UTC in reply to "wow"
Nelson Member since:
2005-11-29

The only one even remotely related to Vista is the IE7 update.

Microsoft touts Vista as the most secure Windows OS ever, and that may very well be true.

What, does [insert your operating system here] have no bugs?

Reply Score: 5

It´s really funny
by kicolobo on Wed 9th May 2007 11:16 UTC
kicolobo
Member since:
2006-05-23

When Microsoft releases a security patch, everybody complain.
When Apple (or any other company) releases a security patch, almost nobody says anything against the company.

It´s amazing how terrible is Microsoft´s public image today. That will probably be one of the causes of its demise.

Reply Score: 5

RE: It´s really funny
by RawMustard on Wed 9th May 2007 11:38 UTC in reply to "It´s really funny"
RawMustard Member since:
2005-10-10

Not really, not many people liked jack the ripper either. And if he apologised a thousand times, I'd still call him a murderer!

Their track record is pathetic, it would take a thousand years for people to forget how bad they've been!

Reply Score: 5

RE[2]: It´s really funny
by Laurence on Wed 9th May 2007 11:48 UTC in reply to "RE: It´s really funny"
Laurence Member since:
2007-03-26

"

Not really, not many people liked jack the ripper either. And if he apologised a thousand times, I'd still call him a murderer!
"

That's a very very poor analogy.

Reply Score: 3

RE[3]: It´s really funny
by raver31 on Wed 9th May 2007 11:51 UTC in reply to "RE[2]: It´s really funny"
raver31 Member since:
2005-07-06

Depends...

How many businessmen have been so stressed out by Windows screwing up, that they jumped off the building ?

Is there any sites that count these people ?

Not exactly murder on Microsofts part, but if it came out in a court, it would be manslaughter.

Reply Score: 1

RE[4]: It´s really funny
by dagw on Wed 9th May 2007 11:58 UTC in reply to "RE[3]: It´s really funny"
dagw Member since:
2005-07-06

How many businessmen have been so stressed out by Windows screwing up, that they jumped off the building ?

If you can find me even one verified case of that happening I'll be very very surprised.

Reply Score: 3

RE[5]: It´s really funny
by raver31 on Thu 10th May 2007 08:02 UTC in reply to "RE[4]: It´s really funny"
raver31 Member since:
2005-07-06

Of course I cannot find a verified case, or even a theoretical one. It was an example.
Sometimes people take things a little too seriously.

Reply Score: 2

RE[4]: It´s really funny
by Laurence on Wed 9th May 2007 12:02 UTC in reply to "RE[3]: It´s really funny"
Laurence Member since:
2007-03-26

"

How many businessmen have been so stressed out by Windows screwing up, that they jumped off the building ?
"

If Windows has lead to them killing themselves, then I'd suggest that they had other stresses in their lives as well (or they were so ill equipped to handle the real world that they would have taken their own lives inevitably anyway)

To blame deaths down to stress caused by Windows is like blaming Ford for the deaths of irresponsible drivers.

Edited 2007-05-09 12:02

Reply Score: 1

RE[5]: It´s really funny
by stestagg on Wed 9th May 2007 21:01 UTC in reply to "RE[4]: It´s really funny"
stestagg Member since:
2006-06-03

That's an even worse analogy.

Reply Score: 2

RE[3]: It´s really funny
by RawMustard on Wed 9th May 2007 12:28 UTC in reply to "RE[2]: It´s really funny"
RawMustard Member since:
2005-10-10

Yeah, dunno why I wrote that, must have had a brain fart.
You know what's really funny though? It got me a vote up ;) Go figure? ROFL!

Reply Score: 1

RE: It´s really funny
by xsun on Wed 9th May 2007 11:41 UTC in reply to "It´s really funny"
xsun Member since:
2006-12-11

That image was created by the Microsoft itself. So don't complain about it. They have what deserve.

Reply Score: 5

RE: It´s really funny
by Kroc on Wed 9th May 2007 12:17 UTC in reply to "It´s really funny"
Kroc Member since:
2005-11-10

I'm not uninstalling Spyware from people's Macs on a daily basis.

Reply Score: 5

RE[2]: It´s really funny
by hollovoid on Wed 9th May 2007 12:35 UTC in reply to "RE: It´s really funny"
hollovoid Member since:
2005-09-21

not trying to be flamish, but whats the point of even writing spyware for a mac. it may be different where you live, but where I am its easier to find a nuclear warhead in someones house than a mac (ok exaggeration, but you get the point), and malware writers know this. Not to say thier security isnt better, it has an excellent bsd-ish base to go by AFAIK, but people go for what they can target, and chances are, windows pcs are the easiest to find.

Windows suffers from years of ignoring that allowing its user total access for general computing is utter stupidity, and let everybody else base thier products around that model before deciding it might be a good idea to keep a lock on what programs can and cant do in userspace.

Reply Score: 4

RE[3]: It´s really funny
by jack_perry on Wed 9th May 2007 13:18 UTC in reply to "RE[2]: It´s really funny"
jack_perry Member since:
2005-07-06

not trying to be flamish, but whats the point of even writing spyware for a mac.


Lots of people who don't want to know how the computer works, and don't want to mess with the internal details of the system, own Macs. They almost certainly haven't locked down their systems, and (since they bought a Mac) they almost certainly have an average disposable income higher than the average PC user's.

Dunno about you, but if I were a spyware author, I'd want into that market big-time.

Reply Score: 3

RE[4]: It´s really funny
by hollovoid on Wed 9th May 2007 16:08 UTC in reply to "RE[3]: It´s really funny"
hollovoid Member since:
2005-09-21

"not trying to be flamish, but whats the point of even writing spyware for a mac.


Lots of people who don't want to know how the computer works, and don't want to mess with the internal details of the system, own Macs. They almost certainly haven't locked down their systems, and (since they bought a Mac) they almost certainly have an average disposable income higher than the average PC user's.

Dunno about you, but if I were a spyware author, I'd want into that market big-time.
"
I see your point, macs are generally more expensive and the people who use them and buy all the extras for them would generally have more money and would be a more lucrative adventure for any malware author. but not all chances to phish someones machine, or to trick them into buying something bogus work, so say you reel in 5 macs in an hour, and 50 windows machines, and half your attempts on each successfully lure in cash, your still pulling in way more targeting the pc market. there needs to be numbers, and attention, and apple does get the attention, but not for thier computers. The marketshare doesnt really exist in comparison.

somewhat offtopic
too bad, because the newer macs look very nice, and macosx looks slick, it would be nice if they opened the hardware up to 3rd parties again (remeber that?) so the average person could actually buy a nice mac, instead of refinancing thier mortgage and dropping 5 grand, when you could build a pc much faster for half that.

Reply Score: 1

RE[5]: It´s really funny
by evangs on Fri 11th May 2007 08:54 UTC in reply to "RE[4]: It´s really funny"
evangs Member since:
2005-07-07

instead of refinancing thier mortgage and dropping 5 grand, when you could build a pc much faster for half that.

Macs cost 5 grand? Wow, I must be real lucky to find mine for under a grand.

1999 just called. They want their crappy excuse back.

Reply Score: 3

RE[6]: It´s really funny
by hollovoid on Fri 11th May 2007 12:24 UTC in reply to "RE[5]: It´s really funny"
hollovoid Member since:
2005-09-21

instead of refinancing thier mortgage and dropping 5 grand, when you could build a pc much faster for half that.

Macs cost 5 grand? Wow, I must be real lucky to find mine for under a grand.

1999 just called. They want their crappy excuse back.

I didn't say all macs cost 5 grand, I said one comparable to a quite powerful pc cost that or more. sure you can buy a mac for under 1000 dollars, with a smaller screen, and middle to low range performance, which is fine, and there is a market for it. but if you want something made for serious computing, your in for a financially devistating adventure. I was actually able to configure one for over 10 grand recently, where at dell the same specs came around 5k with a much bigger lcd screen and a tb more of storage. I know its hard to compare the two, but when you look at numbers alone its quite substantial.

oh and btw they had macs for under a grand in 99' as well, so im not sure what excuse you are talking about. I dont hate macs, I just dont see where all the extra cost comes from, brand name hype should not be associated with cost. But thats Ilife ;)

Reply Score: 1

RE[4]: It´s really funny
by stestagg on Wed 9th May 2007 21:03 UTC in reply to "RE[3]: It´s really funny"
stestagg Member since:
2006-06-03

Heh. I have a mac and my income is certainly not enough to be disposable. This idea that Macs are only for the rich is absurd. I bought a MacMini for £300. You can't buy much of a PC for less than that, AND it came with a full software set. (No crapware either [see: crapware allows OEMs to reduce the cost of PCs])

Reply Score: 2

RE[3]: It´s really funny
by Nathan O. on Wed 9th May 2007 13:44 UTC in reply to "RE[2]: It´s really funny"
Nathan O. Member since:
2005-08-11

Lots of people know how to get rid of spyware on a Windows box. If your Mac was running spyware, what would you do? What tools would you use to verify your system was clean? How often does a Mac user take his machine in to a shop that's going to be scanning for this stuff? It'd be forever before anyone even knew there was spyware out there for the Mac and it'd be even longer before there was a systematic fix.

At least that's my guess. Windows DOES have a huge piece of the market.

Reply Score: 1

RE[4]: It´s really funny
by D3M0N on Wed 9th May 2007 14:04 UTC in reply to "RE[3]: It´s really funny"
D3M0N Member since:
2005-07-09

You don't have to worry about it in the first place. Once I start seeing random pr0n popups in Safari and such, I'll be convinced.

Reply Score: 1

RE[5]: It´s really funny
by Nathan O. on Wed 9th May 2007 14:11 UTC in reply to "RE[4]: It´s really funny"
Nathan O. Member since:
2005-08-11

Very true, but that's adware. Spyware is generally better at hiding. No, it isn't out now, and it probably wont be out for a long time, but it'll more than likely happen some day.

Reply Score: 1

RE[4]: It´s really funny
by Doc Pain on Wed 9th May 2007 18:30 UTC in reply to "RE[3]: It´s really funny"
Doc Pain Member since:
2006-10-08

"Lots of people know how to get rid of spyware on a Windows box."

I may tell you from Germany: Most of them do not know. They don't know what spyware is and what it does, they don't know how to check. So they can't tell if they're running spyware. If they knew, they would not care anyway. At least that's the usual way among "Windows" users here. The majority is not able to do system updates and security fixes. They don't do them or leave it to somebody else. That's why "Windows" is so easy to use. :-)

In difference, Mac users do know spyware exists, but they seem to be sure their systems cannot be affected. They seem to be aware if the system acts different, maybe this is because of the consistency of the Mac OS X GUI?

Reply Score: 2

RE[5]: It´s really funny
by Nathan O. on Wed 9th May 2007 18:40 UTC in reply to "RE[4]: It´s really funny"
Nathan O. Member since:
2005-08-11

Very true, definitely most people don't know much about SpyWare or how to remove it.

Reply Score: 1

RE[6]: It´s really funny
by DeadFishMan on Wed 9th May 2007 20:40 UTC in reply to "RE[5]: It´s really funny"
DeadFishMan Member since:
2006-01-09

Right. And when they eventually realize that there is something wrong with their computers, they will blame viruses immediately and then whine that the antivirus couldn´t catch that one and then sing praises to those "all-in-one monsters" (firewall, antivirus and antispyware thing that does nothing other than slow down the machine) that Symantec and McAfee push down their throats.

Actually, I used to get into heated discussions just because I dared to say that some of those free antivirus apps out there are much better than Symantec´s or McAfee´s expensive ones. Nowadays, I just don´t bother anymore and let them turn their brand new Core Duos into Pentiums 1...

Reply Score: 2

RE[7]: It´s really funny
by Nathan O. on Wed 9th May 2007 21:28 UTC in reply to "RE[6]: It´s really funny"
Nathan O. Member since:
2005-08-11

There are professionals who prefer the suites? Oxymoronic!

Reply Score: 1

RE[4]: It´s really funny
by stestagg on Wed 9th May 2007 21:06 UTC in reply to "RE[3]: It´s really funny"
stestagg Member since:
2006-06-03

Well, I run Sophos on my Mac, it has a number of Mac virus definitions, and provides links to online articles on removing any viruses that are found (not that any have been so far).

Unfortunately, Sophos does not market to the home user.

Reply Score: 3

RE[2]: It´s really funny
by brewmastre on Wed 9th May 2007 16:29 UTC in reply to "RE: It´s really funny"
brewmastre Member since:
2006-08-01

I'm not uninstalling Spyware from people's Macs on a daily basis.


Yeah, its 14 years and counting for me with no anti-virus on my Mac. I'm sure that there have been plenty of vulnerabilities since MacOS 7 but it hasn't caused me any heartache.

On an article related note though; my biggest problem is not that MS doesn't patch there systems, they do. But what I see happening in my corporate environment is that our WSUS server is doing a really bad job of actually getting the patches out to the workstations.

Reply Score: 2

RE[3]: It´s really funny
by tomcat on Wed 9th May 2007 20:02 UTC in reply to "RE[2]: It´s really funny"
tomcat Member since:
2006-01-06

Yeah, its 14 years and counting for me with no anti-virus on my Mac. I'm sure that there have been plenty of vulnerabilities since MacOS 7 but it hasn't caused me any heartache.

No surprise. Nobody targets operating systems that are used by a tiny fragment of the computing population.

Reply Score: 0

RE[4]: It´s really funny
by dylansmrjones on Wed 9th May 2007 20:24 UTC in reply to "RE[3]: It´s really funny"
dylansmrjones Member since:
2005-10-02

A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.

OTOH, I don't know how much fighting spyware and malware will help. The weakest point in the chain is the end user.

Reply Score: 2

RE[5]: It´s really funny
by kaiwai on Wed 9th May 2007 20:47 UTC in reply to "RE[4]: It´s really funny"
kaiwai Member since:
2005-07-06

A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.


You are correct, but more correctly, the reason why many don't take open source software (and some cases, proprietary software from non-Microsoft vendors) is because the window between the release of the vulnerability information and the patch is very small.

For a exploit to be successful, there needs to be a sufficiently big enough window as to allow exploit writers to write their malware and deploy it within a quick enough time.

The problem is that open source projects tend to get their vulnerabilities fixed, in some cases, within hours of the vulnerability being made known, with compiled packages made available through distributions within 24 hours.

It isn't the fact that there are vulnerabilities in windows, but the fact that there is a massive delay between the knowledge and patch being made available - the DNS vulnerability has been known for a month, an exploit was made available, and yet, there is this slow, slovenly attitude when it comes to getting fixes out in a timely manner.

Reply Score: 2

RE[6]: It´s really funny
by tomcat on Wed 9th May 2007 21:10 UTC in reply to "RE[5]: It´s really funny"
tomcat Member since:
2006-01-06

You are correct, but more correctly, the reason why many don't take open source software (and some cases, proprietary software from non-Microsoft vendors) is because the window between the release of the vulnerability information and the patch is very small.

First, I'm sure you don't mean to include Apple when you say "non-Microsoft vendors" because their track record on average discovery to patch time compares with Microsoft's pretty closely.

Second, patch availability doesn't equate to patch installation on an end-user's box. Shortening the cycle time merely increases the number of patches; it doesn't mean that the software you're using is "more secure".

Reply Score: 1

RE[7]: It´s really funny
by kaiwai on Wed 9th May 2007 21:25 UTC in reply to "RE[6]: It´s really funny"
kaiwai Member since:
2005-07-06

First, I'm sure you don't mean to include Apple when you say "non-Microsoft vendors" because their track record on average discovery to patch time compares with Microsoft's pretty closely.


Actually, in some cases I'd say they're worse - take a look at the Month of Apple Bugs, if it weren't for that - how long would of it had been for those issues to be fixed?

Second, patch availability doesn't equate to patch installation on an end-user's box. Shortening the cycle time merely increases the number of patches; it doesn't mean that the software you're using is "more secure".


Hence the reason you'll never hear me bash Microsoft if they release a patch and there are idiots who fail to maintain their computer by checking for updates and installing them.

If Microsoft releases the patch in a timely manner, they can then say, "hey, we've done our end of the bargin, the ball is now in the users court" but the simple fact is, there is such a delay that in many cases, end users become infected before the patch is released.

Edited 2007-05-09 21:32

Reply Score: 3

RE[7]: It´s really funny
by stestagg on Wed 9th May 2007 22:22 UTC in reply to "RE[6]: It´s really funny"
stestagg Member since:
2006-06-03

Most modern Linux distros (And I set my Mac to to this as well) check the security-update channels daily. So the mean time between a patch being published in a channel, and the user being informed of it is ~12 Hours.

Reply Score: 2

RE[5]: It´s really funny
by tomcat on Wed 9th May 2007 21:07 UTC in reply to "RE[4]: It´s really funny"
tomcat Member since:
2006-01-06

A market share of approx. 2-5% (depending on source) is not exactly tiny.

Sure, it is tiny, when compared to the hundreds of millions of Windows boxes.

Reply Score: 1

RE[6]: It´s really funny
by stestagg on Wed 9th May 2007 22:07 UTC in reply to "RE[5]: It´s really funny"
stestagg Member since:
2006-06-03

[deja-vu] Always compare Oranges to Oranges[/]

you cannot compare (a proportional value) 2-5% to (an absolute value) hundreds of millions.

5% of hundreds of millions is NO LESS SIGNIFICANT than
5% of 100.

[see: stats 101 ]

Reply Score: 2

RE[6]: It´s really funny
by dylansmrjones on Wed 9th May 2007 22:20 UTC in reply to "RE[5]: It´s really funny"
dylansmrjones Member since:
2005-10-02

You have a twisted and sick definition of tiny.

1/50 - 1/25 of all users are not a tiny userbase. <0.5% might be considered tiny but actually I think it should be <0.1% to be tiny.

Having million of users equals a large userbase.

Reply Score: 2

RE: It´s really funny
by dylansmrjones on Wed 9th May 2007 12:48 UTC in reply to "It´s really funny"
dylansmrjones Member since:
2005-10-02

That is not correct. Apple got flamed a few days ago. And several linux distributions have been flamed by linux users - heck, some have even flamed OpenBSD because of two (2) holes in the default installation.


Nobody complains about Microsoft releasing patches.

People are complaining about the sheer number of patches, the nature of the security holes, the release policy and of course the amount of years many of these bugs have been around.

Of course Microsoft have a terrible public image - and they deserve it. They have delivered piss products for decades (ever since their basic (an illegal rip-off) in the 70'es). People (especially geeks) despise Microsoft for having delivered shit to users for decades (old Basic, DOS (illegal rip off again), Windows until Win2K - not counting the the beating MS has taken over security issues) - and most despise Microsoft for its behaviour and rightfully so. A company that behaves like Microsoft does not deserve any better. Microsoft products has been quite alright technically since Win2K (forget all about good products before '00/'01). Microsoft likes to steal IP from other persons. The old MS Basic (stolen), DOS (BIOS code stolen from CP/M), patenting of grouped taskbar button despite this having existed years before Microsoft suddenly invented it, and of course Microsoft patenting BlueJ. MS did some damage control but fact is that no news has come out afterwards. It was a deliberate attempt to yet again steal IP.

Such a company deserves nothing but contempt.

Reply Score: 5

RE[2]: It´s really funny
by jack_perry on Wed 9th May 2007 13:22 UTC in reply to "RE: It´s really funny"
jack_perry Member since:
2005-07-06

How was Microsoft BASIC an illegal ripoff? Everything I've read indicates that Allen and Gates wrote it themselves.

Reply Score: 2

RE[2]: It´s really funny
by tpaws on Wed 9th May 2007 13:28 UTC in reply to "RE: It´s really funny"
tpaws Member since:
2006-06-02

Very well said. I am always amazed at how so many Windows and Office exploits get glossed over that are variants on old issues. The recent 'ANI patch that took so long to fix a resurfaced older exploit. Then there are the recent RINBOT, DELBOT, VANBOT, Mdropper.W problems tath are so reminiscent of W97M/Melissa.

Reply Score: 1

RE[2]: It´s really funny
by Almafeta on Wed 9th May 2007 16:17 UTC in reply to "RE: It´s really funny"
Almafeta Member since:
2007-02-22

old Basic, DOS (illegal rip off again)


Erm... no.

Microsoft BASIC was written by hand. MS-DOS was based on QDOS (Quick and Dirty Operating System); Microsoft outright purchased the rights from the original developers for something on the order of $60,000 (not bad for a single-tasking command-line-only OS), and hired the original developer to work at Microsoft for a total of ten years (about one million dollars, plus nonmonetary bonuses). If paying for something is stealing, then what isn't stealing?

The facts about the early years of Microsoft aren't that hard to get...

Reply Score: 3

RE[3]: It´s really funny
by vondur on Wed 9th May 2007 17:29 UTC in reply to "RE[2]: It´s really funny"
vondur Member since:
2005-07-07

QDOS was a copy of CPM that Microsoft then bought.

Reply Score: 2

RE[3]: It´s really funny
by dylansmrjones on Wed 9th May 2007 18:12 UTC in reply to "RE[2]: It´s really funny"
dylansmrjones Member since:
2005-10-02

QDOS was an illegal (and low quality) CP/M rip-off. And Gary Kildall found his code (and copyright) in MS-DOS (CP/M BIOS routines directly copied).

Reply Score: 3

RE[4]: It´s really funny
by Almafeta on Wed 9th May 2007 18:47 UTC in reply to "RE[3]: It´s really funny"
Almafeta Member since:
2007-02-22

QDOS was an illegal (and low quality) CP/M rip-off. And Gary Kildall found his code (and copyright) in MS-DOS (CP/M BIOS routines directly copied).


I tried to find a reference to this, and the only thing I found was on Wikipedia. The Wikipedia entry asserts the claim that Kindall was able to prove it through a DOS command. However, neither Wikipedia, nor the podcast (!) they cite as proof, nor ther person who publicised this 'proof of theft' will give out this command.

And if you're using Wikipedia as a reference, you need to find one, because Wikipedia is not known for its accuracy (especially when it comes to computer issues, as a stated goal of Wikipedia's founder Jimbo Wales is to spread copyleft).

Reply Score: 2

RE[5]: It´s really funny
by dylansmrjones on Wed 9th May 2007 20:17 UTC in reply to "RE[4]: It´s really funny"
dylansmrjones Member since:
2005-10-02

(especially when it comes to computer issues, as a stated goal of Wikipedia's founder Jimbo Wales is to spread copyleft).


Well, that goal doesn't mean it is inaccurate, neither does it imply it is inaccurate or will be because of that goal. I do however agree with you that Wikipedia is inaccurate in many situations - however, Wikipedia tend to be more accurate than other encyclopaedias (no, the ae isn't a speeling eroor - it is just archaeic spelling).

Of course nobody will give you proof of that specific command. Why would they? Why should they? Has Microsoft given any proof for the attempted and aborted patenting (after fierce public outcry)of BlueJ being a mistake?

Google: "cp/m dos kildall bios ripoff" <-- that should give you some hours of reading. But the main source for the claim about DOS being illegal was Kildall himself. His credibility was larger than Gates' will ever be.

Reply Score: 2

RE[4]: It´s really funny
by vondur on Wed 9th May 2007 19:08 UTC in reply to "RE[3]: It´s really funny"
vondur Member since:
2005-07-07

I was going to mention that, but did not have my sources at the ready to defend myself against the Microsoft Apologists.

Reply Score: 2

RE[2]: It´s really funny
by tomcat on Wed 9th May 2007 19:55 UTC in reply to "RE: It´s really funny"
tomcat Member since:
2006-01-06

People are complaining about the sheer number of patches, the nature of the security holes, the release policy and of course the amount of years many of these bugs have been around.

Which merely proves that there are a lot of whiners in this world with too much time on their hands -- or too many axes to grind.

Reply Score: 1

RE[3]: It´s really funny
by dylansmrjones on Wed 9th May 2007 20:27 UTC in reply to "RE[2]: It´s really funny"
dylansmrjones Member since:
2005-10-02

Our MS-apologist woke up ;)

Complaining about the sheer numbers of highly critical holes in Windows is not whining. These securiry holes are responsible for worldwide losses of several billion US$. Complaining is a quite proper reaction.

The fact you call complaining about lack of security for whining tells me a lot about your lack of understanding of the issue - and your lack of respect for other individuals.

Reply Score: 2

RE[4]: It´s really funny
by tomcat on Wed 9th May 2007 21:03 UTC in reply to "RE[3]: It´s really funny"
tomcat Member since:
2006-01-06

Complaining about the sheer numbers of highly critical holes in Windows is not whining.

I wouldn't mind, if you and your ilk spent as much time complaining about the similar number of critical holes in OS X and Linux...

Reply Score: 0

RE[5]: It´s really funny
by stestagg on Wed 9th May 2007 22:05 UTC in reply to "RE[4]: It´s really funny"
stestagg Member since:
2006-06-03

See my other thread with you about why Windows vulnerabilities are more severe than Linux ones.

Reply Score: 2

RE[5]: It´s really funny
by dylansmrjones on Wed 9th May 2007 22:18 UTC in reply to "RE[4]: It´s really funny"
dylansmrjones Member since:
2005-10-02

There are no such high numbers in Linux, *BSD and OS X.

Besides that the security policy is different, the flaws much less critical (most are uncritical or only theoretically exploitable) and fixes are released ASAP no matter whether possibility of exploitation has been confirmed or not. Microsoft usually don't releases fixes ASAP - not even when exploits are in the wild. And they only fix holes verified to be exploitable, where as in GNU/Linux and *BSD anything that just might one day perhaps maybe could be might be and so on will be patched ASAP.

Reply Score: 2

RE[6]: It´s really funny
by tomcat on Thu 10th May 2007 15:54 UTC in reply to "RE[5]: It´s really funny"
tomcat Member since:
2006-01-06

There are no such high numbers in Linux, *BSD and OS X.

Since you're trying to carve out an unfair comparison of "Linux" ("it's just a kernel! it's just a kernel!") to Windows, then the Windows kernel has similarly few critical vulnerabilities.

Besides that the security policy is different,

Not compared to Vista.

...the flaws much less critical (most are uncritical or only theoretically exploitable)

Not true, compared to Vista.

...and fixes are released ASAP no matter whether possibility of exploitation has been confirmed or not.

Making a large number of patches available doesn't mean they're being installed. It merely means a large number of patches are being produced. This does not amount to better security.

Microsoft usually don't releases fixes ASAP - not even when exploits are in the wild.

All operating systems have zero-day exploits. Windows exploits are simply better promoted.

And they only fix holes verified to be exploitable, where as in GNU/Linux and *BSD anything that just might one day perhaps maybe could be might be and so on will be patched ASAP.

So, in other words, these patches have no customer value and would only require significant additional cost for testing and deployment. Nice. No thanks.

Reply Score: 1

RE[7]: It´s really funny
by dylansmrjones on Thu 10th May 2007 22:52 UTC in reply to "RE[6]: It´s really funny"
dylansmrjones Member since:
2005-10-02

Since you're trying to carve out an unfair comparison of "Linux" ("it's just a kernel! it's just a kernel!") to Windows, then the Windows kernel has similarly few critical vulnerabilities.


No I'm not! I haven't in one single point claimed any such thing. I have compared my entire Gentoo system with Microsofts monthly security releases. E.g. I'm counting everything in my GNU/Linux system, incl. proprietary software like Flash and Skype.

Let me repeat: I have not at any time EVER claimed that the comparison is unfair because "Linux is only a kernel". I have all the time made it VERY CLEAR, that I'm comparing Windows with my entire GNU/Linux system (fully fledged Workstation system). At least post the link to the post where I claim such a thing. You cannot do that because I did not claim such a thing!

Not compared to Vista.


Microsofts security policy in regard to patch releases is unchanged in regard to Vista. Correct, the desktop security model (UAC) is different, but I was obviously not talking about that. We were ONLY discussing Microsofts policy about patch releases - and nothing else. We were not discussing su, sudo or UAC in this regard. UAC is completely irrelevant in regard to Microsofts policy of monthly security updates. Besides that the vulnerabilities are mostly related to XP and Windows 2003 Server so Vista is irrelevant. And I have already stated several times that Vista is different from the others and do not suffer from the weaknesses of its predecessors.

Not true, compared to Vista.


Again. Vista is irrelevant here. I have already in my earlier post exempted Vista from the discussion since the vulnerabilities are mostly targeting XP and Windows 2003 Server. In regard to Vista, Vista has already seen as many security fixes since February 2007 as my entire Gentoo system has seen since October 2006. But it should definitely be noted that the vulnerabilities for Vista has been much fewer and much less critical compared with its predecessors. That's true and I'm happy to see that.

Making a large number of patches available doesn't mean they're being installed. It merely means a large number of patches are being produced. This does not amount to better security.


Completely irrelevant! If the user is dumb enough not to install security fixes then only the user can be blaimed. Microsoft cannot be blamed for users not installing security fixes. The important issue here is whether or not the fixes are found in due time. This happens for GNU/Linux and *BSD but definitely not for Microsoft Windows. Especially the old code base in Windows is extremely vulnerable (while the newer code is of much better quality) but people already concluded that when the codebase for Win2K and NT was leaked.

All operating systems have zero-day exploits. Windows exploits are simply better promoted.


Irrelevant! And not true in regard to Windows exploits being "better promoted". The problem is the sheer number of these zero-day exploits. I have yet to see one for any package on my gentoo system. Again, Vista can be exempted from this. Vista is in regard to security classes better than its predecessors ;)

It is the number of flaws, the nature of the flaws, the critical level of the flaws and the insufficient patch release security policy of Microsoft that is the reason for Microsoft being "flamed". Microsoft doesn't fix anything until the attacks _have_ happened.

So, in other words, these patches have no customer value and would only require significant additional cost for testing and deployment. Nice. No thanks.


Woot? Are you insane? How can you possible come to the conclusion that fixing a possible vulnerability contains ZERO customer value? Do you really want your customers to lose billions of US$ before you fix anything? According to that logic Windows has no customer value. I don't think that's what you intended to write. But that's what you wrote.

Fixing possible vulnerabilities BEFORE they can be exploited containts A LOT of customer value. But it does take resources and Microsoft cannot deliver profit if it wants to be pro-active. Microsoft not releasing anything until the damaged HAS happened is a DELIBERATE choice from Microsoft. Microsoft only care about its profit and not about its customer. EOF

Reply Score: 2

RE: It´s really funny
by justin.68 on Wed 9th May 2007 18:56 UTC in reply to "It´s really funny"
justin.68 Member since:
2006-09-16

Microsoft doesn't need to be aspersed: its marketing policy has always been malicious enough to smear its own name. It's ok if you do business just thinking money, but credit and respect have to be deserved: they can't be bought or extorted.

That said, every OS and piece of software needs patches for one reason or another. If it's not because of security issues, it's because of other flaws. I was never scandalised when IBM released FP's for OS/2, so I think it's good MS patches up its own products. It's just that IBM, for instance, used to release fixes oftener and its OSes didn't die so prematurely (EOL). I never heard about IBM adopting some obscure strategy about when and how to release fixes. I can't say the same about MS, though.

When you're forced to buy something you may not want or need from a monopolist you have every right to be outraged if it isn't even half as good as promised. There's no denying you do pay good bucks to get a MS product and when you find out there's a big hole in it you're entitled to protest some way. Verbally bashing MS is a form of protest and the Redmond folks should take it seriously, before it's too late. I don't love MS, but I feel its demise isn't going to mean all fun.

I do use Windows and I'm ok with those who use it exclusively. Yet, basically, I don't have the same degree of respect for Microsoft as I have for others and I don't think I, or anybody else sharing my views, can be criticised for that.

Reply Score: 3

RE
by Kroc on Wed 9th May 2007 12:16 UTC
Kroc
Member since:
2005-11-10

Security updates for Microsoft Office:Mac have also been pushed out today
http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/...

Reply Score: 2

Machine rebooted ....
by WorknMan on Wed 9th May 2007 14:02 UTC
WorknMan
Member since:
2005-11-13

I'm one of those guys who usually takes a pro-Windows stance around here, but just to be fair and balanced, I turned on my PC monitor this morning to be greeted with a message that important updates had been installed and my machine rebooted, which is the first time that has happened. Usually, it'll just download the updates and prompt me to install.

The thing is, my computer was recording some audio last night and rebooted right in the middle of this. Luckily, I was using Adobe Audition and the file was preserved for me. But still, that sh*t ain't cool when they start rebooting your machine remotely, not having ANY idea what you might have the computer doing at the time.

Reply Score: 5

RE: Machine rebooted ....
by fretinator on Wed 9th May 2007 14:14 UTC in reply to "Machine rebooted ...."
fretinator Member since:
2005-07-06

I have to agree 100% with this one. I have no problem with Microsoft's frequent updates. I think they do a good job of releasing updates even though I am primarily a Linux user. What I do have a problem with is the way they are releasing updates these days. They like to automatically reboot your machine which I believe is a _MAJOR_ mistake. As you say, this could interrupt important work. Also, after updates are installed, they pop up a dialog saying you need to restart. I often click "restart later" because I am in the middle of playing an online game. Now, every few minutes my full-screen game minimizes so I can click the restart later button again! All this does is reinforce the image that you do not own your computer when you use Microsoft Windows, you are just borrowing it from them. They are free to do whatever they think necessary with your computer. I say "PUH-lease" stop that!

Reply Score: 5

RE: Machine rebooted ....
by leech on Wed 9th May 2007 17:26 UTC in reply to "Machine rebooted ...."
leech Member since:
2006-01-10

The worse thing is when you run a web server that is supposed to have constant uptime, and Microsoft decides to just reboot it on it's own time. Rather than letting any of your users know that the server is going down for maintenance, etc.

Not to mention you have some of those systems that are running domain controllers and they take forever to boot up, as do any machines that need to connect to that domain controller.

Reply Score: 2

RE: Machine rebooted ....
by atsureki on Wed 9th May 2007 17:46 UTC in reply to "Machine rebooted ...."
atsureki Member since:
2006-03-12

The thing is, my computer was recording some audio last night and rebooted right in the middle of this.


Windows is pretty unfriendly to creativity and presentation in general due to its overall neediness. We've probably all seen the old photos of Windows 98 BSODs in airports and other public places, but the system doesn't need to crash or reboot to cause an interruption. If I scroll through the low cable channels that are used for local government and public access (events calendars and whatnot), two of them might have a Windows error message or other dialog on top of the presentation. One of them I saw was complaining that the system was running low on memory, which is pretty bad if all it does is run a PowerPoint show all day. Windows just isn't designed with the concept of uninterrupted workflow.

Reply Score: 3

RE[2]: Machine rebooted ....
by WorknMan on Wed 9th May 2007 19:43 UTC in reply to "RE: Machine rebooted ...."
WorknMan Member since:
2005-11-13

Windows just isn't designed with the concept of uninterrupted workflow.

Actually, it does fine in the hands of the right user. In my case, I've never had a problem until last night, when MS decided to reboot my computer ;)

Reply Score: 2

RE: Machine rebooted ....
by tomcat on Wed 9th May 2007 19:54 UTC in reply to "Machine rebooted ...."
tomcat Member since:
2006-01-06

But still, that sh*t ain't cool when they start rebooting your machine remotely, not having ANY idea what you might have the computer doing at the time.

It's not like you don't have a choice in the matter. Simply turn off automatic updates via the control panel -- and tell it to simply notify you when an update is available. Problem solved.

Reply Score: 0

RE[2]: Machine rebooted ....
by dylansmrjones on Wed 9th May 2007 20:29 UTC in reply to "RE: Machine rebooted ...."
dylansmrjones Member since:
2005-10-02

The problem is that some installs automatically reboot the machine. Installing manually doesn't help. After installing an update the update will reboot the machine without giving you a choice.

You cannot disable automatic booting. You can only disable automatic download and automatic installation. Disabling Automatic Installation != disabling Automatic Rebooting after Installation.

Reply Score: 2

RE[2]: Machine rebooted ....
by stestagg on Wed 9th May 2007 21:10 UTC in reply to "RE: Machine rebooted ...."
stestagg Member since:
2006-06-03

Actually, there are many verified cases (including one that I had experience of) where Windows Update just ignores your setting and reboots the computer anyway.

After all, who are you to say what your computer should do?

Reply Score: 2

RE: Machine rebooted ....
by narflethegarthock on Wed 9th May 2007 20:32 UTC in reply to "Machine rebooted ...."
narflethegarthock Member since:
2007-05-09

Here's an idea...TURN THAT FEATURE OFF! Have it download, but not install the updates...moron.

It was really raining hard the other day, and my window was down. I got soaked!!! I blame the auto maker for having windows that go down...oh wait, sorry...I can roll the window up.

Reply Score: 0

RE[2]: Machine rebooted ....
by fretinator on Wed 9th May 2007 22:05 UTC in reply to "RE: Machine rebooted ...."
fretinator Member since:
2005-07-06

Here's an idea...TURN THAT FEATURE OFF! Have it download, but not install the updates...moron.


Well, I won't stoop to your level by calling you names, but that wasn't the question. I already HAVE THAT FEATURE TURNED OFF! The question was how do you stop updates from automatically rebooting the computer after the update is installed.

Reading is fun-damental.

Reply Score: 2

Well....
by knightrider on Wed 9th May 2007 14:32 UTC
knightrider
Member since:
2006-12-11

The update can't be fully installed until the pc is rebooted so I guess that's why they are so adamant that you restart the pc....Annoying but for your own good.eEye had a fix out for the DNS flaw weeks ago. Guys, ya'll need to check out Blink.

Reply Score: 1

RE: Well....
by fretinator on Wed 9th May 2007 15:53 UTC in reply to "Well...."
fretinator Member since:
2005-07-06

The update can't be fully installed until the pc is rebooted so I guess that's why they are so adamant that you restart the pc....Annoying but for your own good.


No, no and again NO! It is not up to Microsoft to decide that automatic rebooting is for my "own good". That is exactly the kind of thinking I am talking about. If my application is in the middle of mission critical number-crunching, it IS NOT for my own good to automatically reboot. 'Nuff said.

Reply Score: 5

RE[2]: Well....
by ssa2204 on Wed 9th May 2007 17:25 UTC in reply to "RE: Well...."
ssa2204 Member since:
2006-04-22

If your computer automatically reboots after an update...this is something YOU set. You do realize you CAN control how updates are applied? I thought this was pretty basic knowledge.

Reply Score: 1

RE[3]: Well....
by leech on Wed 9th May 2007 17:35 UTC in reply to "RE[2]: Well...."
leech Member since:
2006-01-10

That's incorrect. You can set the updates to not automatically install. But once they are installed, some of them will automatically reset your PC. I even had my system set up to "Automatically download but do not install patches" and it did it anyway. Not sure, but I think the setting reset it self at some point. I just know I went to bed with my PC booted into Windows one night, woke up the next morning and I was in Linux at the login screen (I dual-boot with Linux being first on the boot menu). When I rebooted into Windows next it said it had to finish applying some updates.

I've had some settings withing Windows just change on their own before too. Can't recall exactly which ones, but most of them have had to do with Windows Updates.

The fact that they even have ANY updates that force you to reboot your computer is a good enough for me to prove that their programming is bad form. Literally the only time that a reboot should be required is when there is a kernel update. Something like the DNS server being updated should only require that the service be stopped and restarted with the patched one. In fact if you simply quit a program in Windows, then run an update, most of the time it won't ask for your PC to be restarted. If an update simply told you to stop the program (or by gods just stop it automatically, especially in the case of services) then to start it back up after the update, then you wouldn't even need to reboot your computer that often.

If I recall, that was supposed to be one of the things that they advertised being a lot better in Windows XP. But as we can see, it's still there in Vista. The Reboot to Update syndrome.

There are literally only three reasons I have EVER rebooted Linux. 1) Kernel update. 2) Reboot to Windows to play some video games. 3) Very rare occasions when it locks up. This is usually due to X.org and alpha level software like Beryl or Compiz which lately have stabilized quite nicely.

Reply Score: 3

RE[3]: Well....
by PlatformAgnostic on Wed 9th May 2007 17:40 UTC in reply to "RE[2]: Well...."
PlatformAgnostic Member since:
2006-01-02

Yeah... I agree that this is a good default setting. I've seen plenty of older machines with the Windows update icon in the systray sitting like that for days because the updates had not been installed. And before some idiot chimes in about how they don't need to reboot their machine after updates on $insert_os_here, consider that your programs use shared libraries that may have been updated and due to the way most OS file semantics work, the new updates will not be picked up by already-running processes. The best way to GUARANTEE that the updates are actually installed is to reboot.

If you have a serious problem with this behavior, here's the fix: http://www.emailbattles.com/2006/01/11/vuln_aacgjahfig_ib/

Reply Score: 3

RE[3]: Well....
by stestagg on Wed 9th May 2007 21:11 UTC in reply to "RE[2]: Well...."
stestagg Member since:
2006-06-03

Actually, there are many verified cases (including one that I had experience of) where Windows Update just ignores your setting and reboots the computer anyway.

After all, who are you to say what your computer should do?

Reply Score: 2

RE[2]: Well....
by AnthonyBrooks on Wed 9th May 2007 17:39 UTC in reply to "RE: Well...."
AnthonyBrooks Member since:
2005-07-06

No, no and again NO! It is not up to Microsoft to decide that automatic rebooting is for my "own good". That is exactly the kind of thinking I am talking about. If my application is in the middle of mission critical number-crunching, it IS NOT for my own good to automatically reboot. 'Nuff said.

If it is a mission critical server, why is it setup for auto reboot. You do know you can configure that right?

Reply Score: 1

RE[3]: Well....
by fretinator on Wed 9th May 2007 18:11 UTC in reply to "RE[2]: Well...."
fretinator Member since:
2005-07-06

If it is a mission critical server, why is it setup for auto reboot. You do know you can configure that right?


No you can't. You can configure whether or not updates are automatically installed. I ALWAYS have that off. Apparently what you cannot configure is the automatic rebooting AFTER updates are installed. In addition, I have found nowhere that you can configure windows to quit bugging you every few minutes telling you to reboot. It is very annoying when you are playing a full-screen game. I guess I will just have to wait to install any updates until I know I am ready to reboot. However, I don't like waiting to install them.

Reply Score: 3

RE[4]: Well....
by jayson.knight on Wed 9th May 2007 21:51 UTC in reply to "RE[3]: Well...."
jayson.knight Member since:
2005-07-06

"No you can't. You can configure whether or not updates are automatically installed."

You can control all of this behavior via Group Policy for either the domain or the local machine.

Computer Config -> Admin Templates -> Windows Components -> Windows Update. The keys should be self explanatory.

Reply Score: 2

RE[5]: Well....
by fretinator on Wed 9th May 2007 22:08 UTC in reply to "RE[4]: Well...."
fretinator Member since:
2005-07-06

Computer Config -> Admin Templates -> Windows Components -> Windows Update


Call me goofy, but I don't understand your directions. Is this somewhere in the registry. I did not find "Computer Config" in the registry, nor in the Control Panel, including the "Manage My Computer" screen. I am running XP at home.

Reply Score: 2

RE[6]: Well....
by jayson.knight on Wed 9th May 2007 22:10 UTC in reply to "RE[5]: Well...."
jayson.knight Member since:
2005-07-06

"Call me goofy, but I don't understand your directions."

Start -> Run -> type 'MMC' choose File -> Add/Remove Snap in, select Group Policy Editor. Expand the Group Policy node, then you'll see Computer Config.

Reply Score: 3

RE[7]: Well....
by fretinator on Wed 9th May 2007 22:12 UTC in reply to "RE[6]: Well...."
fretinator Member since:
2005-07-06

Start -> Run -> type 'MMC' choose File -> Add/Remove Snap in, select Group Policy Editor. Expand the Group Policy node, then you'll see Computer Config


Thanks, I'll try it tonight!

Reply Score: 2

Updates are always good.
by hussam on Wed 9th May 2007 16:12 UTC
hussam
Member since:
2006-08-17

Security and stability updates are always good. MS should post more updates more frequently.
For people who complain about having to install a lot of updates on XP, try Linux. You'll enjoy downloading 1Gig of updates per month.

Reply Score: 0

RE: Updates are always good.
by leech on Wed 9th May 2007 17:22 UTC in reply to "Updates are always good."
leech Member since:
2006-01-10

Yeah, but there is a difference between 'updates' and 'patches'. With Linux distributions, the 'updates' actually are software updates most of the time, as opposed to Microsoft's security 'patches'.

If there could be just a "Software Update" repository for all the software you have installed on your windows machine that just includes patches or new versions you'd be downloading far more than 1GB a month. Not to mention for new versions of software usually you have to pay for not so many new features most of the time.

It would be rather nice to have a centralized patching system for Windows. The sad thing is though, for example, a lot of video game patches you have to go to places like File planet where half of the time you have to wait in a queue for access to the public FTP or you have to be a subscribing member!

Reply Score: 3

RE[2]: Updates are always good.
by tomcat on Wed 9th May 2007 20:01 UTC in reply to "RE: Updates are always good."
tomcat Member since:
2006-01-06

Yeah, but there is a difference between 'updates' and 'patches'. With Linux distributions, the 'updates' actually are software updates most of the time, as opposed to Microsoft's security 'patches'.

You're dreaming. Surf over to Secunia and do some research. Linux-related vulnerabilties are found and patches posted literally every day or two

Reply Score: 2

dylansmrjones Member since:
2005-10-02

That's not what Secunia's website says. But funny interpretion though. And completely unrelated to the poster.

Each month Microsoft publishes more vulnerabilities for my Windows 2003 Server than Gentoo does for my system for one year. 14 critical vulnerabilities Windows this time. And for my Gentoo system I've had 6 security related upgrades since October 2006. And this is a fully fledged workstation installation.

Reply Score: 2

RE[4]: Updates are always good.
by tomcat on Wed 9th May 2007 21:05 UTC in reply to "RE[3]: Updates are always good."
tomcat Member since:
2006-01-06

That's not what Secunia's website says.

If you limit your search to the kernel, sure. But, when you apply a reasonable standard than an average person would use -- for example, what components are installed with the average Linux distro or OS X installation, then you will find that there are far more critical vulnerabilities in both platforms than you would care to acknowledge.

Reply Score: 1

RE[5]: Updates are always good.
by stestagg on Wed 9th May 2007 21:22 UTC in reply to "RE[4]: Updates are always good."
stestagg Member since:
2006-06-03

Compare Oranges to Oranges:

Most default Linux installs include OO.o. So for windows, you should count MS Office updates as well. What about Web servers? They are usually in a default Linux install (albeit firewalled), let's add IIS to the mix.

Also, remember that MOST critical vulnerability in Linux are potential privilege escalation bugs.
Until Vista came out, even the concept of local-computer previleges on Windows was laughable.

It would be like saying that a piece of string that is broken in one place is better than a steel cable that is slightly corroded in multiple places.

Reply Score: 2

RE[6]: Updates are always good.
by tomcat on Wed 9th May 2007 21:25 UTC in reply to "RE[5]: Updates are always good."
tomcat Member since:
2006-01-06

Compare Oranges to Oranges

That's precisely what I'm arguing in favor of. But, by the same standard, you need to compare the vulnerabilities within Windows for components that are typically installed by most users. I don't think that most users install MS Office. Sure, it's widely installed, but not that wide. Same for IIS. I think that a fairer comparisons would be to also include Firefox and IE.

Reply Score: 0

RE[7]: Updates are always good.
by stestagg on Wed 9th May 2007 21:36 UTC in reply to "RE[6]: Updates are always good."
stestagg Member since:
2006-06-03

I'm certainly surprised that you don't think that Office is installed on most computers! I can assure you that almost all workplaces (in the UK, my only experience base) use MS Office and that they are the places where security is far more important than the home.

I agree with Firefox and IE. Linux has Firefox, many people on Windows have Firefox AND IE, so (by your arguments) you should count both when dealing with Windows vulnerabilities and only Firefox when dealing with Linux. Thanks.

Here's another area where proper like-for-like comparison is not possible. The linux kernel ships with drivers for almost all the hardware out there. However 90% of the drivers are included as modules. Therefore if there is a vulnerability in one of the hamradio drivers, 99.99..% users will not be affected by that, yet you would count it because it is a kernel vuln. Windows ships with FAR fewer drivers, and 3rd party driver (+ the inevitable crapware) vulnerabilities are not counted for Windows.

Reply Score: 2

dylansmrjones Member since:
2005-10-02

I have had 6 security updates for my entire Gentoo system since October 2006. And that's all. If you compare critical flaws in a default Windows system with an equivalent Linux system (not just the kernel) Windows has many more critical flaws. Especially remotely exploitable which are rare in Linux and *BSD.

Security holes in Apache should also be counted in for Windows you know ;)

Reply Score: 2

Moochman
Member since:
2005-07-06

My svchost.exe is taking up 100% of my CPU and it never stops. A look into Process Explorer informs me that it's the automatic update's fault. Killing the process and trying the update via Internet Explorer effects the same result: system grinding to an unusable halt with laptop fans at full power and CPU maxed to 100%, all because of the automatic update.

So I've decided to disable automatic updates once and for all, and I guess I'll never have my Windows installation up-to-date again, short of a complete reinstall (if that were even to work). So much for MS quality engineering... oh wait, that never happened...

Scrapping the XP partititon is looking more and more appealing all the time... Now if I can just find a Linux distro that properly supports my soundcard, I'll be in business. (Ubuntu emits clicks whenever I type certain keys on my keyboard, for no apparent reason.)

Reply Score: 5

dylansmrjones Member since:
2005-10-02

Yeah, I recognize that behavior from svchost.exe on my Win2K3 Server. Nothing to do but let it do its work - and hope the updates don't fail ;)

Reply Score: 2

stestagg Member since:
2006-06-03

I encountered this one recently. Had just cloned 30 identical computers, booted them up and found that the Windows Update thread was hogging the CPU indefinitely on each one. Had to go round each of them disabling AU (not fun when they are running on <1% CPU).

This is a known issue (something to do with internet access) so there may be a fix available.

Reply Score: 2

jspaloss Member since:
2007-05-10

I just encountered (and fixed) this one today.


You need to install Windows Update Client 3.0
http://download.windowsupdate.com/v7/windowsupdate/redist/standalon...

More info here
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?...



Then install Hotfix 927891
http://support.microsoft.com/kb/927891/

Hotfix can be downloaded from
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A81B0CD-A...

I hope this helps...

Reply Score: 1

Moochman Member since:
2005-07-06

Well that seems to have fixed it, more or less. I installed those two things as you said, then tried the update, and while it still resulted in svchost.exe taking over 99% of the CPU, I let it ride its course and it was done in about 20 minutes.

The strange thing is that despite the incredible number of posts I'm able to find via Google on this issue, my search doesn't seem to lead to a useful fix or MS Knowledge Base page (even when I search directly from the MS support site). I'm curious to know where you found out about this method.

Of course, even assuming a user manages to find the magic ingredients to get Windows into this "fixed" state, it still exhibits behavior that's incredibly inappropriate and intrusive for software that's supposed to be running in the background.... I feel sorry for all the many newbie users out there who probably think their computer is simply broken and have no idea how to fix it....


...but at least it worked for now, for me. Thanks for the tip!

Reply Score: 2

Careful When installing
by tarpit on Wed 9th May 2007 19:34 UTC
tarpit
Member since:
2006-10-16

I installed these today on our SBS 2003 Sp2 server, over RDP and server when down completely to where someone had to login locally and restart that server.

The operating system was still working, but all the networking services stopped on the machine.

Hopefully this was just a fluke, but I thought I would give you a heads up.

Reply Score: 1

v What's funnier...
by narflethegarthock on Wed 9th May 2007 20:29 UTC
I swear to God!!!
by narflethegarthock on Wed 9th May 2007 20:37 UTC
narflethegarthock
Member since:
2007-05-09

Some of the posters on this board shouldn't look up in a rain storm, because they'll drown...

Reply Score: 1

RE: I swear to God!!!
by stestagg on Wed 9th May 2007 22:08 UTC in reply to "I swear to God!!!"
stestagg Member since:
2006-06-03

[general advice] Don't look up in a rainstorm unless you are wearing glasses, you get water in your eyes![/]

:p

Reply Score: 2

aGNUstic
Member since:
2005-07-28

Maybe so - but - I've found it slows them down to the point you can generally allow you to stop it and recover.

Reply Score: 1