Linked by Thom Holwerda on Wed 1st Sep 2010 21:41 UTC
Windows It's been only a mere six months since its first unveiling, but Microsoft has already announced that Windows Phone 7 has been released to manufacturing. This means device makers can start tuning the software to their hardware, leaving plenty of time to release devices before the holiday season.
Thread beginning with comment 439136
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: All the people I know
by toast88 on Thu 2nd Sep 2010 10:03 UTC in reply to "RE[3]: All the people I know"
toast88
Member since:
2009-09-23


Swings and round-abouts in the end; all operating systems have vulnerabilities of some sort in the end

True. I did never deny at any time that other operating systems have vulnerabilities as well. The point is, that the number of _critical_ ones in Windows over just the last months (not years) is just tremendously high. It would start to annoy me if I had to worry about the security of my computer each week over and over again, not being able to fix the problem myself (as opposed to wrong configuration or missing AV updates for example).

The DLL being the most problematic but now a bug fix has been issued and it is up to the individual software vendors to release updates for their software as well.

No, this not true. The problem has not been resolved yet. True, one can simply remove the CWD from the search paths for DLLs, however, after that, dozens of Windows applications will stop working. And it's quite ridiculous to blame individual software vendors when the operating system has a fundamental design flaw. Even Microsoft applications like Office are affected by this vulnerability and they still haven't fixed their apps. This is really embarrassing.

It is of zero benefit this tit of tat rubbish that occurs with people behaving like 5 year olds jumping up and down pointing whilst screaming, "look! look!".

This is how you depict it. The fact is, that there are people who use their computers for other things than gaming and browsing the internet, they're doing serious work. If you do the accounting of your company with your computer, you will pay a lot more attention to security issues like these and naturally want an operating system which is not prone to so many attacks. Because once your computer is hacked or torn down, you can lose quite a lot of money for not being able to do accounting for a few days. That can bring your company to a complete still.

I remember when I was a sysadmin as a student job at my old university and we had to manage 500 Windows machines. The university has a subscription for McAfee Enterprise AV. From one day to another, McAfee killed all WindowsXP machines running due to accidentally recognizing substantial Windows system files as being infected. Dozens of people were going crazy because they couldn't work that day and we had to fix all affected machines manually because these couldn't boot anymore. Of course, it's McAfee who is to blame here. But the fact that it's so easy to kill a Windows machine from outside and the fact that alternative operating systems usually don't require AV software speaks quite against Windows.

Sorry, professional experience. Not more.

Adrian

Edited 2010-09-02 10:05 UTC

Reply Parent Score: 3

Drumhellar Member since:
2005-07-12

I would just like to point out again that the .DLL vulnerability has been fixed.

A tool is available to prevent loading of DLLs over SMB or WebDAV shares. While this doesn't completely erase the risk, it does mitigate it substantially. While DLL load order is a poor design choice, it is not critical. Now, to be affected, I have to load a file from a directory ON MY OWN DISK that also contains a malicious DLL. As I certainly don't place DLLs in such directories, the appearance of them means my system is already compromised.

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

Well in my experience it is only easy to kill a Windows machine if it isn't locked down properly.

The real problem is that too many organizations are lax about user permissions. Admin accounts are given out like candy and outside devices are allowed to connect to intranets. Then on top of it all you have organizations that take months to roll out security updates and are too cheap to upgrade to Win7.

As for that Mcafee upgrade fiasco that was no surprise to those of use who have been saying to avoid Mcafee and Symantec for years. That wasn't the fault of Windows, it was the fault of AV software from a company known for its bloated and intrusive software.

Mcafee can't even be relied upon to uninstall properly. Just look at this guide at Kaspersky:
http://support.kaspersky.com/faq/?qid=208280258

Edited 2010-09-02 20:13 UTC

Reply Parent Score: 1

RE[6]: All the people I know
by Neolander on Fri 3rd Sep 2010 08:31 in reply to "RE[5]: All the people I know"
Neolander Member since:
2010-03-08

Well in my experience it is only easy to kill a Windows machine if it isn't locked down properly.

The real problem is that too many organizations are lax about user permissions. Admin accounts are given out like candy and outside devices are allowed to connect to intranets. Then on top of it all you have organizations that take months to roll out security updates and are too cheap to upgrade to Win7.

Genuine question : what's the problem about admin account ?

I mean which vulnerability is worse ? Letting software mess with those installed programs in program files that are provided with an installation CD/exe anyway ? Or letting software mess around with user files, that commonly only exist in one copy in the world ?

Admin rights are close to nothing when you think of it, except a tool for sysadmins to exercise their tyrannic powers ;)

Reply Parent Score: 2