PDA

View Full Version : MS announced critical security holes in it OS's


unclebob
07-17-2003, 04:36 AM
I saw this on the Yahoo News section...

"Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software. Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site"

Using Internet Explorer .. click TOOLS > WINDOWS UPDATE. When I did mine I had 7 updates to download, most all from today's announcement.


bob

Sieb
07-17-2003, 05:58 AM
what else is new? Like every whole in windows lets hackers "take full control of your computer." Then again, thats what most exploits do. I don't understand why everything thinks windows has to be bullet proof. It would take years of testing before they could release an OS that would be bullet proof, which is impossible in this market. Besides, they make it sound like the world is full of hackers that want to take over YOUR computer, and WILL.. blah.. no one cares. I don't loose sleep over it. It seems like 70% of the population still runs on win9x anyway...

toonpang
07-17-2003, 07:03 AM
No way! Not Microsoft!

:rolleyes:

-Toon

hl exodus
07-17-2003, 07:52 AM
It would take years of testing before they could release an OS that would be bullet proof

Do you think it is possible to make a "bullet proof" OS?, it's not, no matter how long it took.

Sieb
07-17-2003, 01:40 PM
OpenBSD...

Cyborg Corp.
07-17-2003, 01:45 PM
I don't really care if they start spying on my emails or stuff like that. I dont have anything important on this computer. The computer thats not connected to the internet....thats a whole different story! :rolleyes:

illicit
07-17-2003, 06:04 PM
Not even OpenBSD is bullet proof. It's close, but security is an ever evolving field. You just can't rely on any OS to do all your work for you...

Sieb
07-17-2003, 06:11 PM
Exaclty. Which is why I don't worry. You can fix all the bugs and fill all the holes. But if they want in, they will get in one way or another. Servers you can at least barracade, home computers though, theres alot more going on that you cant successfully restrict. Its an endless battle.

Hookflash
07-17-2003, 08:33 PM
Um... *Every* OS has holes. Mindless MS-bashing won't change that.

gmask
07-17-2003, 08:49 PM
This guy has a theory..

http://www.pbs.org/cringely/pulpit/pulpit20010802.html

"As events of the last several weeks have shown, Microsoft Windows, e-mail and the Internet create the perfect breeding ground for virus attacks. They don't even have to exploit Windows flaws to be effective. Any Visual BASIC programmer with a good understanding of how Windows works can write a virus. "

"According to these programmers, Microsoft wants to replace TCP/IP with a proprietary protocol -- a protocol owned by Microsoft -- that it will tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I'll call it TCP/MS.

How do you push for the acceptance of a new protocol? First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. "

Sounds plausible.. everybody says Gates is a business geniuses

Hookflash
07-17-2003, 08:59 PM
gmask: Sounds like a pretty crackpot theory:curious:. Still, you never know. Well, sometimes you do...

gmask
07-17-2003, 09:08 PM
Originally posted by Hookflash
gmask: Sounds like a pretty crackpot theory:curious:. Still, you never know. Well, sometimes you do...

The main point that I think still stands is that windows is in part resposible for the vast majority of viruses out there and it's not even because the OS itself has security holes but that many of the default programs like Outlook express for example are exploitable out of the box.

"The wonder of all these Internet security problems is that they are continually labeled as "e-mail viruses" or "Internet worms," rather than the more correct designation of "Windows viruses" or "Microsoft Outlook viruses.""

His theory is the least crack pot I have ever heard and he is at least reporting from a reputable website. PBS.. he's not coming from linuxnutslashdotimaloon.com

Signal2Noise
07-17-2003, 09:16 PM
"Move along folks. Nothing to see here!"
-Bill Gates ushering the Quality Assurance team through the O/S Build Dept. moments before scheduled product release date.:hmm:

Hookflash
07-17-2003, 09:47 PM
gmask: What would MS stand to gain from this? Would they charge some sort of license fee anytime someone wanted to implement the protocol (is this type of copyright even possible)? What about people (ie, Linux folks) who simply chose to ignore it? I just can't see this sort of scheme being successful.

gmask
07-17-2003, 09:56 PM
Originally posted by Hookflash
gmask: What would MS stand to gain from this? Would they charge some sort of license fee anytime someone wanted to implement the protocol (is this type of copyright even possible)? What about people (ie, Linux folks) who simply chose to ignore it? I just can't see this sort of scheme being successful.

I think this is very well possible and what MS has to gain from it is absolute control over the internet. Why do they want this because the internet is the conduit for business and for piracy. Because they would own the protocal. They could crush small developers with licensing and implement any security scheme they deemed sufficient to sniff out people using unlicensed versions of their products.

For example they could prevent China from using any of their products by simple turning off the internet in their locale because if they wanted to use the newest version any MS product they'd have to go through the MS net.

Linux folks could ignore this but then they would be out on their own and cut off from most large developers.. they pretty much are anyway but those willing to go that path aren't the customers that MS is interested in and they are very few. The attitude I have observed of the vast majority of MS users is I'll use what's convenient or I see no reason to use anything else.

Most of the users will unknowingly make this a possiblity but I cannot see them successfully pulling off such a monopoly without government intervention.

illicit
07-18-2003, 01:32 PM
Originally posted by gmask
The main point that I think still stands is that windows is in part resposible for the vast majority of viruses out there and it's not even because the OS itself has security holes but that many of the default programs like Outlook express for example are exploitable out of the box.



Lets keep going with that theory for a minute......

I had 2 mountain bikes stolen off my car rack that were worth about $2000 together. I alone am responsible for this person stealing my bikes because I had only ONE cable with lock on them.

When a person gets murdered, its their fault because they didn't dodge the bullet like Neo.

When some 14 year old kid that wears too much black ruins thousands of dollars of data and man-hours, it's Microsofts fault because they made the software that the loser hacked.

Lets be honest, is Windows the only OS that gets hacked?

The simple truth is that locks are meant to keep honest people out. If you want in, you can get in. This applies to a car, a museum, a network of computers, anything you choose.

gmask
07-18-2003, 04:49 PM
>>>Lets be honest, is Windows the only OS that gets hacked?

How many OS's are there? Whenever there's a big outbreak.. is it on Linux? MAcOS X? No it's on Windows. How many times a year is there a new flavor of a MircroSoft Outlook Macro virus?

MS makes software that is easy to hack but of course that's not MS's fault because the buyers of it buy it anyway.

Would you buy a car that gets stolen several times a year because it doesn't need a key to get in and start the engine?

Saurus
07-18-2003, 05:34 PM
Originally posted by gmask
>>>Lets be honest, is Windows the only OS that gets hacked?

How many OS's are there? Whenever there's a big outbreak.. is it on Linux? MAcOS X? No it's on Windows. How many times a year is there a new flavor of a MircroSoft Outlook Macro virus?

MS makes software that is easy to hack but of course that's not MS's fault because the buyers of it buy it anyway.

Would you buy a car that gets stolen several times a year because it doesn't need a key to get in and start the engine?

I think it's all base on the number of users out there. I read a thread (CGtalk) that linux hacks are also on the rise as the number of linux users gets bigger.

Saurus

gmask
07-18-2003, 05:50 PM
Originally posted by Saurus
I think it's all base on the number of users out there. I read a thread (CGtalk) that linux hacks are also on the rise as the number of linux users gets bigger.

Saurus

Well my point was that it is trivial to write a macro virus for Windows and there is one point of entry for it and it is Outlook.

It would appear though that in windows XP that MS has added some features that would prevent certain types of break-ins that the majority of users will not know how to turn them on. I think the average Linux user is probably more informed about their operating system but I could be wrong about that.

illicit
07-18-2003, 06:11 PM
I think you're absolutely right, most linux user are more informed. They take the time to learn a little before going out into the world.

And yes, alot of cars get stolen nowadays. Many car theives are "gone in 60 seconds". But nobody blames the car companys.... they blame the theives.

gmask
07-18-2003, 06:20 PM
Originally posted by illicit
And yes, alot of cars get stolen nowadays. Many car theives are "gone in 60 seconds". But nobody blames the car companys.... they blame the theives.

But car manufacturers do seem to try to come up with better locks..

I think because Outlook is not a product that MS sells alone.. (do they?) that they are less inclined to invest resources to rewrite so that it was less likely to be vunerable. It would be as if the car industry still have those locks with the pull button that you can easily coat hanger to open. There are still many cars on the road with those but they are not in demand.. to a hacker it doesn't matter.. an old computer can still be used for mayhem as much as a new one.

I'll have to do some reading about linux viruses .. I has allways had the impression from back when I used irix that viruses on unix were practically non existant. I will assume that besids the higher level attack to just get a password that to takeover a linux system you use an email attachment to some how get a trojan in there that keylogs or wahtever to get more info about the system.

The issue with winodws is that any one can just take an existing virus.. I get several copies a day in my inbox and modify it nad blammo you got a new virus. Somebody should write one that actually does the end user some good.

CGTalk Moderation
01-15-2006, 04:00 PM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.