As part of its monthly patching cycle, Microsoft plans to release on Tuesday two security bulletins with fixes for flaws in Windows. At least one of the alerts is deemed “critical”, Microsoft’s highest risk rating, the company said in a notice posted on its Web site on Thursday. Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.
Microsoft Plans Critical Christmas Patches
About The Author
Follow me on Twitter @thomholwerda
2005-12-09 10:40 pmCPUGuy
They do have a dedicated team, it just takes a LONG time to do regression testing, especially with the kind of market that Microsoft has.
2005-12-10 10:00 amkaiwai
True, and like I keep saying to the die hard anti-Microsofties out there; the fact is, Microsoft could probably fix every problem in Windows overnight, but at the same time, 1/2 the software out there would cease operating as crap quality programmers in two bit companies rely on using, which is more like misusing, undocumented features or thinking that because their application can run on Windows 98, apparently its a ‘good thing’.
The sad part, however, Microsoft IS in the position to fix problems, and considering there is no other desktop alternative on the x86 platform – there is nothing stopping Microsoft from fixing every bug in Windows XP – release it as a masssive service pack, and say ‘tough luck, get your shit together’ to those companies unwilling to release service packs for their products to ensure that the software works are intended on Windows.
If problems are to be fixed, its sometimes necessary to put a line in the sand and bring everyone kicking and screaming over to the other side.
2005-12-11 4:30 amsuryad
I quite agree kaiwai. I think sometimes somethings should be done in extreme so that a lot of good comes out of it. It is true that MS is huge and there are a lot of applications running on it. I still think though that for MS’s own sake they should launch a massive update and say get your act together. Those who choose to download it can go ahead and those who dont….well dont. At least home computers where most of the problems lie….will be working the way they were meant to be working without resorting to all these 3rd party apps that get rid of crapware.
Me (like most of my friends, family and collegaues) never installed a patch on (the orginal) WinXP and never use antivirus programs.
However, I use the mozilla programs (instead of IE/OE) and a free “zone alarm” firevall; moreover, I don’t open strange mail (because I hardly get any). Still I sometimes check for spyware with AD-Aware, with null results (an old habit from the IE period).
So why isn’t my computer loaded with trojans and worms due to “critical flaws” in Windows (some would probably say it is…)? My PC feels responsive and never hangs, and the firewall never reports any spurious programs attempting to access the internet (worms etc?). So, may I conclude that those very limited precations mentioned above are enough, or have I missed something essential?
Also, I never do P2P filesharing (correct term?). Could that be the saving grace?
A serious answer would be great.
2005-12-10 11:13 amraver31
A serious answer is coming up……
You have taken some wise precautions there, the best one is to dump IE and OE.
However, your PC could indeed be teeming with malware, and it could indeed be a zombie.
Zonealarm is a pretty dismal firewall and a lot of malware can cirvumvent it. Use Kerio personal, which is free. http://www.kerio.com/kpf_home.html
AD-Aware ususally only finds ad-ware, try also installing Spy-Bot, which is free, and will find spyware and trojans too, it also has nice immunisation settings, get it from http://www.safer-networking.org/en/home/index.html
Also, like I said, your machine could be being used as a zombie, so download a copy of AVG from http://free.grisoft.com/doc/1
This is also free for personal use.
You might have noticed that all the software I mentioned here are not “big famous” names….. that is intentional as the big names are the first targets for malware to get around.
Like the previous poster.. I never patch my XP. I have had one trojan in the last 8 years, and then I had infected myself by doing something stupid. I had installed MyIE2 off of a site that was not the official site and it had the pipe.cmd inside it. Other than that I have not had any viruses, trojans, worms at all. All I use is the old 2.1.5 Kerio firewall and no antivirus at all. I only use IE for going to the MSN gaming zone to play cards. For everything else I use Opera. Im careful what I accept from others and and my isp scans all my email before I get it. While those around me are constantly battling various popups and bugs in the wild, I just happily truck along with no problems.
I like the ability of the old Kerio firewall to be able to lock my doors port by port, and it is locked up tight. Nothing gets in or out without me knowing. Now I realize that if i ran a public ftp or web server, then I would need to do a lot more serious hardening. I do run a private ftp server and web server of sorts, but I only allow specific ip’s into my box thru Kerio.
XP has really been stable for me as was win2k before that and win98 before that. I had been dabbling for a few years with linux and about 4 months ago I started using SuSE exclusively, dual booting with XP. I tried probably about 12 distros and settled on SuSE, although I think PCLinuxOS would be my second choice. Now I only boot to XP when I need to print something which is rare. (One of these days Ill trash the Lexmark Z32 and buy a REAL printer. hehheh
But back to the topic, unless you run a public server, I think a good firewall and maybe antivirus , spyware detector, and some care on what you open and the sites you go to, and you’ll be ok.
Merry X-Mas everyone!
with no spyware, I would recommend running Hijackthis and then scanning using ewido. Check if you get any spyware or not. If you dont then please tell us what you do to make sure nothing crappy gets into your system. To get ewido go to http://www.ewido.com
I find it kind of sad that it’s nearly 5 years since XP was released, yet still almost every month Microsoft supplies set of patches with ‘critical’ stamp on it.
Windows doesn’t contain pretty much any software, when you compare amount of patches against fully featured linux distribution with 5000+ pieces of software on it, it looks even more sad..
<troll which I cannot resist>
While everybody waits for Vista next year I’ll be waiting for XP to leave Beta. Everybody can have their eye candy, I just want an OS that does not allow people to ‘take control’ of my PC using a specialy crafted ‘gif’.
But! On a serious note, if Msoft expects people to upgrade to Vista they must get their act together. 5 years to fix these critical holes is too long. Even if they have a 100% improvement in their processes, that still means I would not consider upgrading for another 3 years.
</troll which I cannot resist>
I’m not a general Microsoft fanboy, but somehow I have a hard time understanding why Microsoft is the only operating system-producing company on earth supposed to release a completely, 100% bug- and security-hole free OS right from the start?
I mean, whenever OS X or Linux software gets updated people go “Yay! My system is more secure now!”. When Microsoft does it it’s like “Oh man! Your OS needs updates, that’s a good extreme-suckage-indicator!!”.
There’s security related updates for my linux machines at least once per week, my OS X machine less so, but still often. I just can’t help thinking it’s good my XP-machines gets updated too.
What, a sticker to conceal a hole in a poorly wrapped package? Might also be a Grinch Removal Tool…
Edited 2005-12-09 13:22
That is so true. Somehow I don’t think releasing patches during the Christmas season is a good idea. Maybe a little earlier????
Microsoft needs to get their act together and spend more time debuging their code than they already do.
That must be a nice gift though….
“Mommy! look what I got! I got 5 new patches! I’m gonna give my NEW Win XP for a ride!”
5 min later, comp crashes
I think the title says it all though:
“December’s patch bundle from Microsoft is small, BUT CONTAINS SOME OVERDUE FIXES”
Overdue being the key word.
Edited 2005-12-09 15:14
I so agree. It is rather frustrating that MS decides to release patches one or two at a time. How about they just make another SP and consolidate all the post SP2 patches and add whatever fixes they know of….and voila. Problem solved. These patches are overdue. Its not as if they dont have enough resources to have a dedicated XP debugger team.