“When we launched our first security newsletter in December, I asked you to send me your comments and feedback so that I could be your advocate at Microsoft for security issues—and you delivered! I appreciate the many e-mail messages with comments and questions, and we will begin answering them this month.” Read the rest here by Jeffrey R. Jones, Senior Director, Microsoft Security Business Unit.
How Microsoft Develops and Releases Software Patches
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Slowly!
3 months for the IE %01 URL flaw
6+ Months for a ASN bug, that OpenSSL people fixed in a week.
30+ Unpatched critical and acknowledged IE bugs.
Still no quality assurance in the development of their products: they rather the ISVs test it and then end users test via RC’s and betas and then finally using it in the field.
Certainly… who they try to convince?
I’m considering to move my main desktop to Linux, and I’m even considering buying a MAC.
MS bores me to death.
What’s going to happen when they release their new “SuperPimp” Megahype new os?
They are unable to minimally secure ther main product which they have been developing since 15 years.
How can they be selling the world the idea that they are going to make something secure from the scratch when they are not even able to keep NT in one piece.
And no, I’m sorry but the argument that NT is inherently flawed is not valid.
As long as you stay away from games, Exchange or SQL server, then you can make a decent desktop.
With games theirs emulators like WineX, and the same with clients for exchange (crossover).
Otherwise all the software is out there. This site has listed the weaknesses of the GUI in linux often, that you cant deny. But making it a desktop isnt impossible, it just requires patients and google
When I use Opera to go to the URL at which the Microsoft representative is supposed to have published his comments:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/…
I get a mostly-empty web page with a menu at the left. None of the menu items seem to suggest that they might lead to the right web page. Doing “view source” confirms that in fact there is nothing there except the menu.
MozillaFirebird 0.7 does show me the intended content The page source is entirely different.
I am using both browsers on a Microsft Windows XP machine during these experiments.
Presumably Microsoft is sending different pages to different browsers, some intended to be more viewable than others.
Rahul
Amazingly, I used the identify as MSIE 6.0 function in Opera and the page was full viewable 0_o?
With Longhorn aren’t they abandoning win32 and the technology that makes windows insecure?
Won’t this stuff just remain for legacy reasons?
If this is true, if people have sufficiently moved over to the new platform, shouldn’t be able to switch off the old legacy subsystem?
I tried again after setting “Identify as MSIE 6.0” and I do see it! But if I set “identify as Opera” then I again see the nearly-empty page that I previously described.
It sounds like Microsoft is checking for “Opera” in the User-Agent header and sending the nearly-empty web page.
Rahul
Is there a way in Firefox .8 to change what it identifies itself as? Firefox is nice, it is replacing IE6 on my box (not totally, but for the most part).
How about an easy way to patch Microsoft products without having each machine connected to the Internet to do it?
Now, don’t go bringing up SUS, it doesn’t allow you to send updates to a remote site WITHOUT also sending a fully populated server with it.
Microsoft needs to allow “Windows Update” to connect to;
Microsoft’s Update Site
Customer run SUS server
Local/networked collection of updates
CD/DVD collection of updates
An updateable XML based file that lists the order and applicability of Microsoft updates (updated as new patches are provided) and an ftp repository of patches.
Most of the planet would use MS Windows update, same as now. SUS would become redundant (unless you wanted to push updates without MS). As of date X download the MS repository of patches/hotfixes/service packs and the accompanying XML descriptor or the MS products you use. Load onto a directory of your file server, point client Windows Update to that directory. For those of us that have to support clients that either don’t have access to the Internet, or are limited to 14.4, burn the above onto a CD-R (or DVD in most cases) and ship it to the remote site.
Have you actually tried to fully update say Windows 2000 Pro, with IE, Office, SQL Server WITHOUT a real fast Internet connection? Worse, update several such machines?
I have and it’s an *ugly* *hack* searching all over the known Microsoft universe, and trying to first find them, then trying to determine which haven’t been superseded by others, and then finally installing them in the right order.
It’s no wonder that so many boxes aren’t updated.
Microsoft seems to think that there are only two types of users. Home users with fast Internet connections that can use Windows Update to individually keep their machines updated, and large corporations that have the expertise and the money to purchase/install/and maintain a SUS server.
Unfortunately too many people using Microsoft products fall outside of those two groups.
Just my $0.02 (Canadian, before taxes)
someone247356
I’m not sure about firefox. But I run Firebird .7 with a user agent switcher I got off the the texturizer site. Haven’t upgraded to Firefox, so I don’t know if it works or not. Just a suggestion