Microsoft plans to issue patches for ‘critical’ Windows and Office security problems as part of a regular update scheduled for Tuesday. The software company said in an advisory Thursday that it will issue four bulletins for Windows flaws and three for Office. At least one Windows and one Office problem are deemed ‘critical’, Microsoft’s highest-risk category for security vulnerabilities, according to the advisory.
And the evil spreads…
I simply love my linux system where none of this nonsense exists. Its really horrid that I still have MS machines on the network to administer… I have people in the house that just won’t change. They hubble on even when the Sasser hit… I hope WGA is the last straw for widespread chaos. That is the only thing linux can hope for…
PS: Well, other than Sasser, my MS machines rarely get hit. At least the Avast/Spybot/regular updates + strict sysadmin works. But the amount of workload to tighten security on Wintels only increases with each release. Thank the gods for cloning. I believe thats the only savior for Winsysadmins.
So Microsoft is releasing a ‘regular update’ with some security fixes…and somehow this relates to your distaste for WGA, even though you use linux and it doesn’t affect you.
I’m sure I’m just being dense about making the connection… Maybe I used my Wintel laptop at work for too long today, and need to chill here on my gentoo box for a bit before it makes sense.
afaik MS mandates WGA to update now. That could be the connection.
Mmm … I think you’ve made a mistake.
WGA is not required to download any critical fixes.
>> That is the only thing linux can hope for… <<
Really?
Oh dear … 🙁
How about – Instead of giving me a new and improved oil pan for my driveway, you fix the rear main seal?
Who didn’t see this comming…haha
I’d rather they release patches than not… at least they are trying to save the net from degrading into total botnets. I don’t think many sites can handle DDOS attacks by all those wintels out there…
I don’t mind spending the effort to patch my coms. Its the requirement of WGA irking me. Other than the deflated bug count and completely obscure patch advisories. And Windows Malicious Software Removal Tool? I sincerely hope nobody takes it seriously…
I don’t think I’d say “save the net.” I think I’d say “not be responsible for the bad things on the net…”
And Windows Malicious Software Removal Tool? I sincerely hope nobody takes it seriously…
Actually this tool (MSRT) is in some way more efficient than commercial antiviruses – not by amount of detected malware, but due to the automated delivery and PC scanning every month.
MSRT is basically meant to kill most annoying malware, like rootkits, botnets and some aggressive worms. Dealing with infected PCs on daily basis, I’ve noticed substantial drop in this kind of malware after introducing MSRT by microsoft.
Some information and data about MSRT:
http://www.microsoft.com/security/malwareremove/families.mspx
http://news.com.com/Microsoft+Zombies+most+prevalent+Windows+threat…
The MSRT is just a tool to gauge the size of the virus/malware problem. Removal of the virus is a just a polite courtesy.
And the results? Just over 2% of the machines tested had a virus. Between that and the release of OneCare, it’s not surprising that the likes of Sophos are sniffing round Macs for a new market.
Wait wait wait…
So releasing patches is a bad thing?
SHUTUP, seriously.
Seems so…
People are blame MS for release bugfix but they love Ubuntu with daily updates. Seriously, I don’t get it.
The difference is it gets more fuctionallity and newer versions, thats including bug fixes. When people pay £200 for Office you dotn expect big service packs just for office software on top of OS patches, on top of OS service packs.
Why wouldn’t they?
Personally I’d expect people who pay for software to be demanding prompt resolution of issues, not sitting around whining about it.
Several channels of distribution never leads to prompt resolution, especially when one of them is service packs.
People expect one update mechanism for the product, and service packs to only add value and not security fixes. Unfortunately, our here in the real world, they’re gonna get both and I don’t think that’s an unreasonable thing.
No it’s not the difference. Ubuntu (my distro) and probably other Linux distros have to be patched regularly and often for security bugs, yet it’s the best thing since self sealing stem bolts. Or is it a “you get what you pay for” issue?
I see what you are saying. It is indeed annoying to need to have such massive Service Packs for even Office! What are we on…SP2 for Office?! And even so there are patches coming out every month now for an Office distro. How about Microsoft fixes problems right at the beginning before launching a product? It seems that the tried and tested rule of using Microsoft products is to wait till at least SP1 is out for the product to be stable and mature. I enjoy using Microsoft products for the most part because they are very easy and intuitive to use…now if only Microsoft fixed things up on the security side of things it would be a lot more pleasant computing experience.
How come I don’t get daily updates for Ubuntu?
I think people blame MS for having insecure software that needs to be patched every week for critial security vulnerabilities. Please try to prove me wrong, but I don’t think Ubuntu has that kind of track record.
Remember…the patches for a distro like Ubuntu are for ALL software packages, of which there are thousands, not the basic operating system like this MS patch.
People are blame MS for release bugfix but they love Ubuntu with daily updates. Seriously, I don’t get it.
There are two kind of updates in Ubuntu GNU/Linux:
– normal updates
– security updates
Normal updates happen often (but not DAILY). It updates functionally and additional capabilities. NOT bug fixes.
Security updates contains bug fixes. It does not happens DAILY too. There have been only a few security updates and those are usually during the first few week of a major version release. Plus the security updates team responds a lot more swiftly to bugs reports and security holes compared to MS teams.
There are NO DAILY updates in Ubuntu. You must have been confused by the rigorous and frequent normal and security updates that happens in Ubuntu development/beta/pre-release versions. Of course those happens daily.
Sitting on a long list of flaws that even they admit are critical for a while and then saying “oh, by the way, *truckload of patches with a WGA chaser*” is a bad thing. It’s basically dangling a virus over your computer and saying “install our spyware.” Commending someone for making mistakes, regardless of whether they’ve fixed them, is also a bad thing. To (mis)quote Wicked, “there are none more celebrated than the rehabilitated.” How about we stop singing the praises of murderers who find Jesus and software companies that think of security as an incremental reaction and start acknowledging those that are actually, as in reality, good? But noooooo, Microsoft is a saint for patching their own hole and OS X and Linux are worse than Hitler for knowing that their security is better.
Multiple people have mentioned WGA being required in this one and I can’t find where it says that. It mentions WGA but I don’t see it mentioning it being a required part of *this* update.
For what version and how long, they should put an expiration date on the box; “Good until 2007”, or, “Best Before 2007”.
I’m glad I’m past that too.
A non proprietary OS gives me more time to do `real` work in systems.
Constant patching is a curse for IT professionals since it takes away from `real` work.
And as we all know, open source software doesn’t need any patching nor updates.
If you compare and contrast the time spent on proprietary vs. non-proprietary, well, having been in the industry for some time, the time required to download, even automated, and install requires a huge investment in time.
Nothing like having a staff member or faculty say, `Where’s my files?` after an automated patch or upgrade.
Sure open source software needs patches; but how often do you install a patch for open sourced programs in order to get less functionality out of your computer?
–bornagainpenguin
I don’t see how what I said here is a troll, off topic, or a flame. Geeze! It’s times like this I wonder why I bother to comment.
–bornagainpenguin
Actually, the latest update for Microsoft Office 2004 Mac, version 11.2.4, promises the following:
‘This update fixes vulnerabilities in Office 2004 for Mac that an attacker can use to overwrite the contents of your computer’s memory with malicious code. This update also fixes issues in Microsoft PowerPoint 2004 and Entourage 2004, and it includes all of the improvements released in all previous Office 2004 updates.’
…To me this seems like Microsoft code introducing serious security concers in relation to otherwise
http://www.sophos.com/pressoffice/news/articles/2006/07/securityrep…
‘secure’ operating system software…. It had to happen, should Microsoft follow their own path…
Edited 2006-07-07 17:19
I don’t mind the WGA politically speaking, but I wish the damn thing would stop showing up in Windows update. I’ve downloaded it successfully before, but at least twice a month I get a notice that updates are available, and it’s nothing about this f**king WGA bit. Are we gonna have to download it twice a day pretty soon, or what?
… so when MS releases a patch, it’s bad … and when others do it … it’s good? Uhhhhhhhhhhh….
Any OS is going to need critical bug fixes and updates. But with Microsoft, you get more updates and security fixes than other OS’s, and then there’s the need to reboot between patches, making it a longer process, etc.
But the real rub with Microsoft is the fact that you are paying for their software. And if you part with your hard-earned money to get something, that “something” should at least be as good as a free counterpart–if not better.
Week after week Linux shows its stability and its security by out-performing Microsoft with a cost of *free*.
It wouldn’t be so bad if Microsoft didn’t charge so much for their software. But with Microsoft, you not only get to pay outrageous sums for mediocre software, you spend a good deal of your time messing with malware, spyware, security updates and bug fixes.
Good thing they don’t charge you for that too…
Despite being an XP user I totally agree.
Any OS is going to need critical bug fixes and updates. But with Microsoft, you get more updates and security fixes than other OS’s…
I disagree — because it depends on how you define “OS updates”. Windows comprises not only a kernel but also all of the drivers and applications that ship with the product. Linux devotees tend to draw a distinction between these components — but the fact of the matter is that, if you ship them on a CD with a distro and the packages are installable, users tend to think of them as one and the same, regardless of the technical distinctions. And, if you consider apps and drivers as part of a particular distro, then Linux has just as many (if not more) updates.
Granted, you get many of those updates faster than you would with Microsoft. But it’s questionable whether businesses can consume patches with that kind of regularity. Usually, they have to stage the patched production system somewhere, test it, and then deploy after it passes some level of testing. That takes time; in fact, if I recall correctly, many of Microsoft’s corporate customers told the company that they want monthly updates in order to help with their planning.
and then there’s the need to reboot between patches, making it a longer process, etc.
Depends on the patch. Not all patches require a reboot.
But the real rub with Microsoft is the fact that you are paying for their software. And if you part with your hard-earned money to get something, that “something” should at least be as good as a free counterpart–if not better.
Linux isn’t free — unless your time is free. Mine isn’t. There’s always a cost associated with my time.
Week after week Linux shows its stability and its security by out-performing Microsoft with a cost of *free*.
See previous comment.
It wouldn’t be so bad if Microsoft didn’t charge so much for their software. But with Microsoft, you not only get to pay outrageous sums for mediocre software, you spend a good deal of your time messing with malware, spyware, security updates and bug fixes.
I don’t spend any time messing around with malware. I don’t run software contained in email attachments or unknown software from the Web. I don’t mess around with updates because my machine automatically downloads and installs updates in the middle of the night. So, honestly, I fail to see why the TCO with Linux would be much better than that.
Don’t get me wrong. I use Linux all the time on some of my boxes. It’s a useful OS. I just don’t think that its use and maintenance are free; if anything, I spend a lot of time hunting for information on problems that are readily taken care of by Windows, itself. But at least there are solutions, either way.
I can see your points but it is a little disingenuous to say that Linux isn’t free unless your time is free. That argument won’t hold water.
Linux is free as in cost. Microsoft’s product is not. Out of the gate, there is a higher tco for windows. Even if you factor in the time element, I spend less time managing my linux box, never have to reboot after an update, and regardless of whether we’re discussing the kernel or userland gui’s, the amount and frequency of updates are far less and aren’t as critical–usually– than the updates for windows boxes.
Though XP is better than anything that went before it, it still falls short of Linux in terms of maintenance.
But this is just my experience.
YMMV
Edited 2006-07-09 00:08
Linux isn’t free — unless your time is free. Mine isn’t. There’s always a cost associated with my time.
It could just be the dentist effect, but knowing my way around both Linux and Windows, the latter seems to take a lot more of my time to set up. Install has to be attended, initial updates sometimes require four or five reboots, I have to track down settings all over the place before the interface is what I would consider even usable, and I have to download extra software by hand with IE for all sorts of basic things, like opening archives and changing more unpleasant UI defaults. On top of that, Windows frequently hits snags where an entire reinstall is necessary. This isn’t necessary as often as it used to be or as often as people still think it is, but the complete lack of manual control in Windows makes it inevitable sometimes.
With most modern Linux distros, I can type one line to initiate an automatic update of every package on the system and the addition of whatever other packages I want, and then walk away and watch a movie or have lunch. That is, if it’s Gentoo. If it’s Debian, maybe go to the bathroom and get a drink of water. And when it’s done, only on the conditions that a) there is a new kernel, and b) I want to start using it now, will I ever need to reboot.
Setting up Linux seems like it takes a long time if you’re learning how to do it while you do it, but once you learn it, it’s very quick. With Windows, no amount of knowledge can speed up the process. The only way to do it is to follow the wizard and then reboot the system every time.
See previous comment.
Please try to avoid goto statements in comments. Everything he said was there before you started typing. Edit and respond appropriately.
I’m not normally “that guy” that questions why dumb submissions are posted on OSNews, but this is a little ridiculous. For one thing, there’s no useful discussion that can come from this, as we have seen from the above posts and this one as well. It’s flamebait _at best_, and otherwise it simply reminds us that Microsoft is going to release patches on the second Tuesday of July, just as they have done every other month for some time now.
OSNews doesn’t post a story every time a Linux kernel dev tags a new .y kernel, and I don’t understand how this is very different.