Home > Microsoft > Microsoft Patches Flaws Haunting IE, Word Users Microsoft Patches Flaws Haunting IE, Word Users Thom Holwerda 2005-07-13 Microsoft 13 Comments As part of its monthly patching cycle, Microsoft shipped three security bulletins, all rated critical, including patches for a bug in the JView Profiler (Javaprxy.dll) that was being exploited via the IE browser. About The Author Thom Holwerda Follow me on Twitter @thomholwerda 13 Comments 2005-07-13 4:19 pm Like flaws are “Haunting” FireFox(which I use) or Apple. Is anybody surprised anymore that Microsoft is releasing patches? And some of them are for IE, so it isn’t so? Firefox is now on version 1.05 after being “haunted” by security flaws. No OS is without issues no matter how big or small because they are made developed by humans. Just give up on the whole anti-#########(add os here) wars. Just use the right tool for the job and get on with more important things in life. 2005-07-13 5:10 pm Well said. I was originally intending to post something very similar. OSNews/Slashdot attitudes are as follows: Microsoft Releases Three Patches Slashbots: OMG look at MS!1!! THEY SUX0R BECUZ WINDOZE IS INSECURE! I USE LUNIX AND FIREFOX!!!one Firefox Updated, Three Critical Vulns Fixed Slashbots: Oh well! It’s open-source, so it’s awesome! And look, they even fixed the holes quickly! *sigh* Gotta love double-standards. 2005-07-13 6:14 pm Reminds me of when Microsoft was releasing the whole Tablet PC thing. Everybody downplayed it, said it was stupid because Microsoft was releasing something like that. Then the guy at Lindows (as it was called at the time) copied Microsoft like usual and talked about releasing some poor excuse for a tablet knockoff with Lindows on it http://www.boingboing.net/2002/11/14/sub500_lindows_table.html and it was like the second coming. All the Linux geeks thought this was the greatest thing ever. As you said, double standards. 2005-07-13 6:19 pm Yea right, Haunting… Linux Is Poo… posting hypocrisy does nothing to establish credibility. here’s some information for anyone who cares about the truth to read… http://radsoft.net/resources/rants/archive.html http://radsoft.net/news/20050221,00.html http://www.windowsitpro.com/Article/ArticleID/25460/25460.html?Ad=1 http://www.google.com/search?as_q=microsoft+critical+patch&num=100&… da truth 2005-07-13 7:02 pm rm6990 Using words like poo and “da truth” doesn’t do much to establish credibility either 😛 Could you imagine howbad it would look if your boss inquired about Linux and you told him it was poo and then said it was “da truth” 😛 (just teasing btw) 2005-07-13 6:30 pm Spreading FUD and anger doesn’t work. Here’s some more info… http://nwc.securitypipeline.com/showArticle.jhtml?articleID=1657011… 2005-07-13 7:29 pm yea and all the wndows fanboys go “look IE improvement” “M$ is right on with patches” but run over to the firefox thread and go “more proof that open source is buggier” “anothr failure of open source” yada yada… 2005-07-13 8:08 pm aaronb We should step back a little. IE has been criticized a lot and patches to Fix the issues are coming out on a regular basis. This is good. Hopefully Microsoft will get even better and also add things like tabs and complies W3C standards. (This is not flame at all, RSS and Tabs are in Longlorn I think) Firefox has not had so much history. I don’t think it was based on Netscape 4. It has done well and is now having every error, bug and feature questioned like IE. In my eye this makes both IE and Firefox better. The more we report the bugs the less time we have to live with them. Microsoft office on Windows 98 was a pain for me so I switched to Staroffice and then open office. But the new open document format looks good if the schema is open as well. The one thing I would like to see more is competion as it stops either side form going to sleep for too long. 2005-07-14 7:30 am raver31 needs an anti retard button. complaining about double standards when firefox flaws are revealed ? you windows fanboys do not get it…. firefox source code is free to download and review, right, do you understand this so far ? ok, now say a new version was released today, and I downloaded it. I would also download the source and have a look at that, today. This is how flaws are found in open source software. This is how open source is quickly patched. Still with me ? Now, Microsoft, they do not release the source, so in theory, a flaw can exist in their software for years before it is fixed. We cannot look at the source to point things out, and because of this, Microsoft are in no rush to fix things. Now, the biggie.. open source software is in a constant state of flux, so there will always be new versions released. you can stay with an older version, and that usually stabilises in a few months after release, no further updates needed, but with Microsoft software, there has been no update for years, but flaws are still being found ? why is this ? how much of a kludge was the software when it was originally released ? I am so glad people have a choice. 2005-07-14 8:49 am suryad just because a lot of people are looking at the code and you are producing better code as a result…I can buy that argument…but considering that FF is open source, it still has an awful lot of bugs…and being written with newer technology I am assuming that was IE 6. So that means MS coders are not bad coders…the bugs that MS have according to your logic then is because the code is close source and not open source. Correct? 2005-07-15 5:10 pm raver31 No – follow my logic here….. Microsoft has a bug in their software, but no-one can check the close-sourced software, so no-one has spotted the bug. Microsoft do not have to waste time and resources fixing the bug, until someone spots it. FF being open-sourced, is open for people to find bug, it is open for people to submit bug-fixes. 2005-07-14 12:49 pm antoszka On a sidenote: makes me wonder why these days windows system files have still those very descriptive filenames like javaprxy.dll in good old 8.3 format. Is there something wrong with JavaProxy.dll for example? Probably it would scare users less off twidling with the system which I presume is a bad thing from Vole’s POV. Regards, [a] 2005-07-15 12:38 pm Instead of waving banners and just rooting for the home team, most of you evidently would benefit by reading a bit of ESR – Eric S Raymond. His analysis of the merits and shortcomings of various operating systems and ‘operating systems’ is very telling. You will also find that his conclusions are much what the Be team came to at the time: you can’t have a secure computer on the Internet without fundamental ‘multiuser’ qualities. Windows can be attacked because its interface is a cheap misunderstood rip off, but I think it’s fairly well agreed in this day and age that it’s security and nothing other that is the big issue for now. Once we conquer the basic security issue, then and only then can we begin to look at other things such as how functional is this GUI architecture, or that one, and so forth. Patching a Unix system comes down to a vendor. How up on things are they? But when it comes to Unix you have a different security model entirely. Instead of going around shouting how good FOSS is, you might gain more by studying why Unix is secure in its roots and other ‘systems’ like Windows are not – and again, it’s ESR who can be a source of enlightenment here. Windows is a patched together system because it achieved widespread popularity before the ‘web revolution’ and unknowing users became used to the crashes and hangs, figuring ‘that’s just the way computers are’. But Windows has no overall security system, and no matter what Allchin and that chief software architect they have today try to come up with, nothing will ever change that. You have a need to be compatible with the ‘FAT’ file system which of course offers no security or protection. There is none and there never will be. Likewise although NTFS has a security system, it is unwieldy, few will use it, and not everyone will use NTFS at all – meaning a system is wide open. Malware has to penetrate a system’s defenses to be successful. It’s one thing that Microsoft code is written in such a hysterical frenzy and with such poor design specs that bugs like what we’ve all seen can creep through; it’s another that targeted malware can take advantage of these errors a la what Aleph One once showed the world; but it is QUITE another to have absolutely nothing stopping you once you’ve succeeded with the above. Once you break through the defenses on Windows, it’s all over. Malware can put files anywhere. There is no authentication. Put things in startup, put things in the Registry – watching Microsoft try to make their makeshift ‘operating system’ ‘secure’ under the circumstances is downright pathetic. Do the research yourselves. You don’t have to be computer scientists (or rocket scientists) to understand the basics. Unix was designed as a multiuser system before the personal computer. On a personal computer it ‘just happens’ to be ideal for security and protection. Windows wasn’t ‘designed’ at all. There is no philosophy, there are no architectural goals. Devour the market yes – but these are not design goals, they’re marketing goals. There are probably a lot of so called ‘operating systems’ which wouldn’t ‘cut the muster’ in today’s ‘Internetted’ world, but Windows is definitely one of them. On the other hand, the Internet lives and breathes Unix, so the choice of a desktop system for work or for your home should be pretty bloody obvious. But do the research yourselves – study ESR. And study him critically of course. But he has a LOT of very good insight there. And stop waving banners. And if you are serious about security (as you should be) then even if you are running Windows you should have – at the very least – taken Unix for a test run so you can make a qualified comparison.