Linked by Thom Holwerda on Wed 1st Sep 2010 21:41 UTC
Windows It's been only a mere six months since its first unveiling, but Microsoft has already announced that Windows Phone 7 has been released to manufacturing. This means device makers can start tuning the software to their hardware, leaving plenty of time to release devices before the holiday season.
Thread beginning with comment 439120
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: All the people I know
by toast88 on Thu 2nd Sep 2010 08:02 UTC in reply to "RE: All the people I know"
toast88
Member since:
2009-09-23

Their loss.

I associate Windows with stability, flexibility, and a huge software base. And, yes, while keeping a straight face, security.

Now, before you start laughing,


I do and I have a point or, should I say, vulnerabilities:

http://www.h-online.com/security/news/item/Microsoft-continues-to-w...

http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulne...

http://www.h-online.com/security/news/item/Attackers-exploit-DLL-vu...

http://www.h-online.com/security/news/item/lnk-vulnerability-in-Win...

http://www.h-online.com/security/news/item/lnk-vulnerability-Micros...

http://www.h-online.com/security/news/item/Microsoft-s-August-patch...

http://www.h-online.com/security/news/item/Quarrels-about-new-Windo...

http://www.h-online.com/security/news/item/Windows-Help-used-as-att...

http://www.h-online.com/security/news/item/Microsoft-warns-of-criti...

http://www.h-online.com/security/news/item/Microsoft-closes-critica...

http://www.h-online.com/security/news/item/Microsoft-to-fix-critica...

http://www.h-online.com/security/news/item/Revised-patch-for-Window...

http://www.h-online.com/security/news/item/Microsoft-finally-to-clo...

To be honest. I'd go mad if I were forced to use Windows. There have been no months during this year without any news regarding a critical vulnerability in Microsoft Windows.

Especially the current DLL hi-jack vulnerability would drive me nuts. Microsoft announced that they're not going to fix it. Obviously, Windows has a fundamental design problem here and fixing the bug would probably mean patching a lot of applications.

See:

http://www.exploit-db.com/dll-hijacking-vulnerable-applications/

As a Windows user you should be aware of all these problems and admit that there are a lot of security issues with Windows!

Adrian

Reply Parent Score: 4

RE[3]: All the people I know
by kaiwai on Thu 2nd Sep 2010 08:52 in reply to "RE[2]: All the people I know"
kaiwai Member since:
2005-07-06

As a Windows user you should be aware of all these problems and admit that there are a lot of security issues with Windows!


Swings and round-abouts in the end; all operating systems have vulnerabilities of some sort in the end - you can either live in a state of denial, a state of hyper paranoia rushing from one operating system to the next or simply accept that fallible humans write complex software and there will always be bugs and problems somewhere along the line. The DLL being the most problematic but now a bug fix has been issued and it is up to the individual software vendors to release updates for their software as well.

It is of zero benefit this tit of tat rubbish that occurs with people behaving like 5 year olds jumping up and down pointing whilst screaming, "look! look!".

Reply Parent Score: 2

RE[4]: All the people I know
by toast88 on Thu 2nd Sep 2010 10:03 in reply to "RE[3]: All the people I know"
toast88 Member since:
2009-09-23


Swings and round-abouts in the end; all operating systems have vulnerabilities of some sort in the end

True. I did never deny at any time that other operating systems have vulnerabilities as well. The point is, that the number of _critical_ ones in Windows over just the last months (not years) is just tremendously high. It would start to annoy me if I had to worry about the security of my computer each week over and over again, not being able to fix the problem myself (as opposed to wrong configuration or missing AV updates for example).

The DLL being the most problematic but now a bug fix has been issued and it is up to the individual software vendors to release updates for their software as well.

No, this not true. The problem has not been resolved yet. True, one can simply remove the CWD from the search paths for DLLs, however, after that, dozens of Windows applications will stop working. And it's quite ridiculous to blame individual software vendors when the operating system has a fundamental design flaw. Even Microsoft applications like Office are affected by this vulnerability and they still haven't fixed their apps. This is really embarrassing.

It is of zero benefit this tit of tat rubbish that occurs with people behaving like 5 year olds jumping up and down pointing whilst screaming, "look! look!".

This is how you depict it. The fact is, that there are people who use their computers for other things than gaming and browsing the internet, they're doing serious work. If you do the accounting of your company with your computer, you will pay a lot more attention to security issues like these and naturally want an operating system which is not prone to so many attacks. Because once your computer is hacked or torn down, you can lose quite a lot of money for not being able to do accounting for a few days. That can bring your company to a complete still.

I remember when I was a sysadmin as a student job at my old university and we had to manage 500 Windows machines. The university has a subscription for McAfee Enterprise AV. From one day to another, McAfee killed all WindowsXP machines running due to accidentally recognizing substantial Windows system files as being infected. Dozens of people were going crazy because they couldn't work that day and we had to fix all affected machines manually because these couldn't boot anymore. Of course, it's McAfee who is to blame here. But the fact that it's so easy to kill a Windows machine from outside and the fact that alternative operating systems usually don't require AV software speaks quite against Windows.

Sorry, professional experience. Not more.

Adrian

Edited 2010-09-02 10:05 UTC

Reply Parent Score: 3

RE[4]: All the people I know
by Neolander on Fri 3rd Sep 2010 08:19 in reply to "RE[3]: All the people I know"
Neolander Member since:
2010-03-08

Swings and round-abouts in the end; all operating systems have vulnerabilities of some sort in the end - you can either live in a state of denial, a state of hyper paranoia rushing from one operating system to the next or simply accept that fallible humans write complex software and there will always be bugs and problems somewhere along the line. The DLL being the most problematic but now a bug fix has been issued and it is up to the individual software vendors to release updates for their software as well.

It is of zero benefit this tit of tat rubbish that occurs with people behaving like 5 year olds jumping up and down pointing whilst screaming, "look! look!".

The less lines of code there are, the less security flaws there are.

Let's consider how much the installed base of a modern operating systems weight :
Windows and OSX : 10+GB
Linux : 3+GB

If I were a linux fanatic, I'd say that this means that linux statistically has less vulnerabilities that the two others. Instead, I'll say that those numbers are frightening about all of those operating systems.

Do you need the quantity of information necessary to store 4 movies in reasonably watchable quality for something that most people will only use for browsing files and websites, organizing pictures and viewing multimedia files, and two-three other uses ?

For this reason, I'll say that you're wrong, because it's not an inherent flaw of a modern operating system, meaning an operating system which runs on modern computers and satisfies modern use cases. A modern operating system sticking to what it should do would probably only weight a few megabytes (drivers included), a hundred megabytes as a maximum, and have little to no vulnerabilities of any kind.

As much as I dislike the iPhone ecosystem, I must admit that Apple did the operating system right : include what will be used by everyone, let users download the rest.

Edited 2010-09-03 08:22 UTC

Reply Parent Score: 2

Drumhellar Member since:
2005-07-12

With the exception of the .lnk and the .dll vulnerabilities, those affect older, pre-Vista versions of Windows, or affect software that isn't included in a default Windows install. If there are any that (besides the aforementioned vulnerabilities) that apply to Windows 7, I didn't see them, as I feel clicking 6 or 7 links from a single burst of link spam is well beyond generous.

All you have pointed out is that software has vulnerabilities. I could also generate a list of vulnerabilities that effect various Linux distributions, especially if I go back 9 years (the age of XP), or 10 1/2 years (the age of Windows 2000)

The .lnk vulnerability is not so bad. All the shortcuts on my system are created either by installation programs (which I have already trusted to make changes to my system), or by myself. As I have yet to download an app that did not need to be installed, but still included shortcuts, finding such an app would seem suspicious to me.

The .dll is not so bad. It requires a healthy bit of social engineering, requiring a person to browse to a malicious SMB or WebDAV server with Windows Explorer, and double click a file to open it, then click through various warning dialogs about the danger of opening unknown content from untrusted sources.

And, Microsoft has already released a tool that disallows DLL loading from network shares.

Reply Parent Score: 2