U.S. Computer Emergency Readiness Team SLAMS Windows "Security"

Discussion in 'Computer Support' started by TechNews, Jun 22, 2004.

  1. TechNews

    TechNews Guest

    For many of us this is nothing new, to say that Microsoft products are the
    least secure and reliable is an understatement; and many of us posting our
    problems in this NG can attest to this fact.

    Below is an article that pretty much says what we've known all along.

    http://www.us-cert.gov/cas/techalerts/TA04-104A.html

    Multiple Vulnerabilities in Microsoft Products
    Original release date: April 13, 2004
    Last revised: April 14, 2004
    Source: US-CERT


    Systems Affected
    Microsoft Windows Operating Systems
    Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    Object Model (DCOM) subsystems
    Microsoft Windows MHTML Protocol Handler
    Microsoft Jet Database Engine


    Overview
    Microsoft Corporation has released a series of security bulletins
    affecting most users of the Microsoft Windows operating system. Users of
    systems running Microsoft Windows are strongly encouraged to visit the
    Windows Security Updates for April 2004 and take actions appropriate to
    their system configurations.



    I. Description
    Microsoft has released four security bulletins listing a number of
    vulnerabilities which affect a variety of Microsoft Windows software
    packages. The following section summarizes the issues identified in
    their bulletins.

    Summary of Microsoft Bulletins for April 2004
    Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
    This bulletin addresses 14 vulnerabilities affecting the systems listed
    below. There are several new vulnerabilities address by this bulletin,
    and several updates to previously reported vulnerabilities.

    Impact

    Remote attackers could execute arbitrary code on vulnerable systems.

    Systems affected

    Windows NT Workstation 4.0
    Windows NT Server 4.0
    Windows NT Server 4.0, Terminal Server Edition
    Windows 2000
    Windows XP
    Windows Server 2003

    --
    Speed:Reliability:Security
    TechNews, Jun 22, 2004
    #1
    1. Advertising

  2. TechNews

    Duane Arnold Guest

    TechNews <> wrote in news:40d77206_5@127.0.0.1:

    > For many of us this is nothing new, to say that Microsoft products are
    > the least secure and reliable is an understatement; and many of us
    > posting our problems in this NG can attest to this fact.
    >
    > Below is an article that pretty much says what we've known all along.
    >
    > http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >
    > Multiple Vulnerabilities in Microsoft Products
    > Original release date: April 13, 2004
    > Last revised: April 14, 2004
    > Source: US-CERT
    >
    >
    > Systems Affected
    > Microsoft Windows Operating Systems
    > Microsoft Windows Remote Procedure Call (RPC) and Distributed
    > Component Object Model (DCOM) subsystems
    > Microsoft Windows MHTML Protocol Handler
    > Microsoft Jet Database Engine
    >
    >
    > Overview
    > Microsoft Corporation has released a series of security bulletins
    > affecting most users of the Microsoft Windows operating system. Users
    > of systems running Microsoft Windows are strongly encouraged to visit
    > the Windows Security Updates for April 2004 and take actions
    > appropriate to their system configurations.
    >
    >
    >
    > I. Description
    > Microsoft has released four security bulletins listing a number of
    > vulnerabilities which affect a variety of Microsoft Windows software
    > packages. The following section summarizes the issues identified in
    > their bulletins.
    >
    > Summary of Microsoft Bulletins for April 2004
    > Security Bulletin MS04-011: Security Update for Microsoft Windows
    > (835732) This bulletin addresses 14 vulnerabilities affecting the
    > systems listed below. There are several new vulnerabilities address by
    > this bulletin, and several updates to previously reported
    > vulnerabilities.
    >
    > Impact
    >
    > Remote attackers could execute arbitrary code on vulnerable systems.
    >
    > Systems affected
    >
    > Windows NT Workstation 4.0
    > Windows NT Server 4.0
    > Windows NT Server 4.0, Terminal Server Edition
    > Windows 2000
    > Windows XP
    > Windows Server 2003
    >


    I don't have any problems. :)

    You're one sad *clown* :)

    Duane :)
    Duane Arnold, Jun 22, 2004
    #2
    1. Advertising

  3. TechNews wrote:
    > For many of us this is nothing new, to say that Microsoft products are the
    > least secure and reliable is an understatement; and many of us posting our
    > problems in this NG can attest to this fact.
    >
    > Below is an article that pretty much says what we've known all along.
    >
    > http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >
    > Multiple Vulnerabilities in Microsoft Products
    > Original release date: April 13, 2004
    > Last revised: April 14, 2004
    > Source: US-CERT


    <---snip--->

    It's not that Windows is less secure than Nix variants. Nix variants
    rely upon security by obscurity (Cisco did this too and it bit em in the
    butt about a month ago - can't put my finger on the article tho). Why
    would the virus writers and crackers go after stuff that is only used by
    a small percentage of the public? - No fun in that. Gotta go where all
    the peeps are.

    Later,
    Doc S.
    Dr. Strangelove, Jun 22, 2004
    #3
  4. TechNews

    Ron Martell Guest

    TechNews <> wrote:

    >For many of us this is nothing new, to say that Microsoft products are the
    >least secure and reliable is an understatement; and many of us posting our
    >problems in this NG can attest to this fact.
    >
    >Below is an article that pretty much says what we've known all along.
    >
    >http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >
    >Multiple Vulnerabilities in Microsoft Products
    >Original release date: April 13, 2004
    >Last revised: April 14, 2004
    >Source: US-CERT
    >
    >
    >Systems Affected
    >Microsoft Windows Operating Systems
    >Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    >Object Model (DCOM) subsystems
    >Microsoft Windows MHTML Protocol Handler
    >Microsoft Jet Database Engine
    >


    Yeah. Right.

    They issue the bulletin *after* Microsoft has released the fixes.

    Just like Blaster and Sasser virus/worms - they weren't even developed
    until after Microsoft had identified the problem and released the fix
    for it.

    The virus writers reverse-engineered the patch so as to idenfity the
    specific vulnerabilities being patched and then developed and released
    a virus to exploit these already fixed vulnerabilities.

    The only ones affected by these two viruses were those who were too
    lazy or too stupid to keep their systems up to date. And there were
    gazillions of people in that category.

    No operating system can ever protect people from the consequences of
    their own deliberate stupidity.


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
    Ron Martell, Jun 22, 2004
    #4
  5. TechNews

    Toolman Tim Guest

    "Ron Martell" <> wrote in message
    news:
    > > TechNews <> wrote:
    > >
    > > > For many of us this is nothing new, to say that Microsoft
    > > > products are the least secure and reliable is an understatement;
    > > > and many of us posting our problems in this NG can attest to this
    > > > fact.
    > > >
    > > > Below is an article that pretty much says what we've known all
    > > > along.
    > > >
    > > > http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    > > >
    > > > Multiple Vulnerabilities in Microsoft Products
    > > > Original release date: April 13, 2004
    > > > Last revised: April 14, 2004
    > > > Source: US-CERT
    > > >
    > > >
    > > > Systems Affected
    > > > Microsoft Windows Operating Systems
    > > > Microsoft Windows Remote Procedure Call (RPC) and Distributed
    > > > Component Object Model (DCOM) subsystems
    > > > Microsoft Windows MHTML Protocol Handler
    > > > Microsoft Jet Database Engine
    > > >

    > >
    > > Yeah. Right.
    > >
    > > They issue the bulletin *after* Microsoft has released the fixes.
    > >
    > > Just like Blaster and Sasser virus/worms - they weren't even
    > > developed until after Microsoft had identified the problem and
    > > released the fix for it.
    > >
    > > The virus writers reverse-engineered the patch so as to idenfity the
    > > specific vulnerabilities being patched and then developed and
    > > released a virus to exploit these already fixed vulnerabilities.
    > >
    > > The only ones affected by these two viruses were those who were too
    > > lazy or too stupid to keep their systems up to date. And there were
    > > gazillions of people in that category.
    > >
    > > No operating system can ever protect people from the consequences of
    > > their own deliberate stupidity.
    > >


    So very very beautifully said!


    --
    "If there are no dogs in Heaven, then when I die, I want to go where
    THEY went." ~Will Rogers~
    Toolman Tim, Jun 22, 2004
    #5
  6. TechNews

    Duane Arnold Guest

    "Ron Martell" <> wrote in message
    news:...
    > TechNews <> wrote:
    >
    > >For many of us this is nothing new, to say that Microsoft products are

    the
    > >least secure and reliable is an understatement; and many of us posting

    our
    > >problems in this NG can attest to this fact.
    > >
    > >Below is an article that pretty much says what we've known all along.
    > >
    > >http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    > >
    > >Multiple Vulnerabilities in Microsoft Products
    > >Original release date: April 13, 2004
    > >Last revised: April 14, 2004
    > >Source: US-CERT
    > >
    > >
    > >Systems Affected
    > >Microsoft Windows Operating Systems
    > >Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    > >Object Model (DCOM) subsystems
    > >Microsoft Windows MHTML Protocol Handler
    > >Microsoft Jet Database Engine
    > >

    >
    > Yeah. Right.
    >
    > They issue the bulletin *after* Microsoft has released the fixes.
    >
    > Just like Blaster and Sasser virus/worms - they weren't even developed
    > until after Microsoft had identified the problem and released the fix
    > for it.
    >
    > The virus writers reverse-engineered the patch so as to idenfity the
    > specific vulnerabilities being patched and then developed and released
    > a virus to exploit these already fixed vulnerabilities.
    >
    > The only ones affected by these two viruses were those who were too
    > lazy or too stupid to keep their systems up to date. And there were
    > gazillions of people in that category.
    >
    > No operating system can ever protect people from the consequences of
    > their own deliberate stupidity.


    The Linux DOOM and GLOOM mascot on the soap box was chopped down skillfully.
    <g>



    Duane :)
    Duane Arnold, Jun 22, 2004
    #6
  7. TechNews

    TechNews Guest

    Ron Martell wrote:

    > TechNews <> wrote:
    >
    >>For many of us this is nothing new, to say that Microsoft products are the
    >>least secure and reliable is an understatement; and many of us posting our
    >>problems in this NG can attest to this fact.
    >>
    >>Below is an article that pretty much says what we've known all along.
    >>
    >>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>
    >>Multiple Vulnerabilities in Microsoft Products
    >>Original release date: April 13, 2004
    >>Last revised: April 14, 2004
    >>Source: US-CERT
    >>
    >>
    >>Systems Affected
    >>Microsoft Windows Operating Systems
    >>Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    >>Object Model (DCOM) subsystems
    >>Microsoft Windows MHTML Protocol Handler
    >>Microsoft Jet Database Engine
    >>

    >
    > Yeah. Right.
    >
    > They issue the bulletin *after* Microsoft has released the fixes.
    >
    > Just like Blaster and Sasser virus/worms - they weren't even developed
    > until after Microsoft had identified the problem and released the fix
    > for it.
    >
    > The virus writers reverse-engineered the patch so as to idenfity the
    > specific vulnerabilities being patched and then developed and released
    > a virus to exploit these already fixed vulnerabilities.
    >


    It shows that these writers are far smarter and skilled than Microsoft's
    programers. Now, you can't deny that this sort of thing happens far too
    frequently and has become a continous game.

    > The only ones affected by these two viruses were those who were too
    > lazy or too stupid to keep their systems up to date. And there were
    > gazillions of people in that category.
    >
    > No operating system can ever protect people from the consequences of
    > their own deliberate stupidity.


    You qualify deliberate stupidity as the necesity of having to perpetually
    manage and fix a poorly designed system.

    Why lay on user's shoulders what is clearly Microsoft's responsibility?

    >
    > Ron Martell Duncan B.C. Canada


    --
    Speed:Reliability:Security
    TechNews, Jun 22, 2004
    #7
  8. TechNews

    TechNews Guest

    Dr. Strangelove wrote:

    > TechNews wrote:
    >> For many of us this is nothing new, to say that Microsoft products are
    >> the least secure and reliable is an understatement; and many of us
    >> posting our problems in this NG can attest to this fact.
    >>
    >> Below is an article that pretty much says what we've known all along.
    >>
    >> http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>
    >> Multiple Vulnerabilities in Microsoft Products
    >> Original release date: April 13, 2004
    >> Last revised: April 14, 2004
    >> Source: US-CERT

    >
    > <---snip--->
    >
    > It's not that Windows is less secure than Nix variants. Nix variants
    > rely upon security by obscurity (Cisco did this too and it bit em in the


    Windows is far less secure than Linux or Mac:

    http://www.techweb.com/wire/story/TWB20040603S0007
    http://www.unh.edu/computer-security/win_vuln.html
    http://faculty.ncwc.edu/toconnor/426/426lect12.htm
    http://www.us-cert.gov/cas/techalerts/TA04-041A.html
    http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42
    http://mcse-training.woosy.com/reso...oft-office-2003-certification-testing-tx.html
    http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.php
    http://www.more.net/security/advisories/2004/040414.html
    http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities&flashstatus=false
    http://www.trusecure.com/knowledge/hype/20040311_outlook.shtml
    http://www.microsoft.com/security/bulletins/200406_windows.mspx
    http://www.microsoft.com/security/bulletins/200403_office.mspx


    > butt about a month ago - can't put my finger on the article tho). Why
    > would the virus writers and crackers go after stuff that is only used by
    > a small percentage of the public? - No fun in that. Gotta go where all
    > the peeps are.


    Actually, virus writers find it too hard, if not downright impossible, to
    code a virus that will be effective on Linux or Mac computers. Remember,
    75% of the Internet is dependent on Open Source programs; if you wanted to
    plan a really destructive coup, you would write a virus targeting Linux,
    Apache, PHP, etc... but the cathre of evil coders are confined to writing
    for poorly designed Windows systems.


    >
    > Later,
    > Doc S.



    --
    Speed:Reliability:Security
    TechNews, Jun 22, 2004
    #8
  9. TechNews

    Duane Arnold Guest


    > > No operating system can ever protect people from the consequences of
    > > their own deliberate stupidity.

    >
    > You qualify deliberate stupidity as the necesity of having to perpetually
    > manage and fix a poorly designed system.
    >
    > Why lay on user's shoulders what is clearly Microsoft's responsibility?


    Comments from an expert's expert on computer systems who can barely turn one
    on. :)

    Duane :)
    Duane Arnold, Jun 22, 2004
    #9
  10. I was walking down the street, minding my own business, when on Tue,
    22 Jun 2004 08:22:53 -0700, TechNews <> screamed from
    behind the mulberry bush:

    >Ron Martell wrote:
    >
    >> TechNews <> wrote:
    >>
    >>>For many of us this is nothing new, to say that Microsoft products are the
    >>>least secure and reliable is an understatement; and many of us posting our
    >>>problems in this NG can attest to this fact.
    >>>
    >>>Below is an article that pretty much says what we've known all along.
    >>>
    >>>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>>
    >>>Multiple Vulnerabilities in Microsoft Products
    >>>Original release date: April 13, 2004
    >>>Last revised: April 14, 2004
    >>>Source: US-CERT
    >>>
    >>>
    >>>Systems Affected
    >>>Microsoft Windows Operating Systems
    >>>Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    >>>Object Model (DCOM) subsystems
    >>>Microsoft Windows MHTML Protocol Handler
    >>>Microsoft Jet Database Engine
    >>>

    >>
    >> Yeah. Right.
    >>
    >> They issue the bulletin *after* Microsoft has released the fixes.
    >>
    >> Just like Blaster and Sasser virus/worms - they weren't even developed
    >> until after Microsoft had identified the problem and released the fix
    >> for it.
    >>
    >> The virus writers reverse-engineered the patch so as to idenfity the
    >> specific vulnerabilities being patched and then developed and released
    >> a virus to exploit these already fixed vulnerabilities.
    >>

    >
    >It shows that these writers are far smarter and skilled than Microsoft's
    >programers. Now, you can't deny that this sort of thing happens far too
    >frequently and has become a continous game.
    >
    >> The only ones affected by these two viruses were those who were too
    >> lazy or too stupid to keep their systems up to date. And there were
    >> gazillions of people in that category.
    >>
    >> No operating system can ever protect people from the consequences of
    >> their own deliberate stupidity.

    >
    >You qualify deliberate stupidity as the necesity of having to perpetually
    >manage and fix a poorly designed system.
    >
    >Why lay on user's shoulders what is clearly Microsoft's responsibility?


    You fuckknob, you predispose that problems associated with Windows is
    just going to go away if the whole world moved to LINUX. The problem
    is that the same cretinous users who are now running unsecure
    versions of Windows would be using LINUX and LINUX ain't uber-OS that
    you make it out to be. There are chinks in its armour but, of course,
    you wouldn't dare mention any of them, such as this:

    http://techrepublic.com.com/5100-22_11-5230144.html?tag=e019

    Of course, a major faux pas like this happened and it was MS, smarmy
    pricks like you would be up in arms. But hey, what about other *NIX OS
    like SCO or Solaris or APPLE?

    http://www.eweek.com/article2/0,1759,1608216,00.asp

    No, no, OS snobs like to look down their noses at the "Great Unwashed
    Masses" using Windows instead of looking at the root problems of
    compromised computers. There are a bunch of fucking crooks and
    Internet hoodlums out there whose sole purpose is to steal or cause
    someone some shit, either for profit or pure maliciousness. It just so
    happens that the OS of choice at the moment is an OS that was designed
    to be straight forward enough for dolts to use and comparatively
    cheap. Windows has fit the bill since the early 90s and now makes up
    the bulk of machines used on both home and business machines. That
    makes a pretty big target for assholes who like to steal or **** up
    something for the sheer joy of it.
    But, hey, there is hope that Script Kiddies and the Blackhat Hackers
    will move on to bigger and better things. Cisco has downplayed the
    recent release of its code on the Internet and the DDOS attack on the
    Akamai network is just the beginning of bigger and better things.
    Besides, who knows what the next expoit to opne up on Solaris will be,
    eh?

    Dr Harvie Wahl-Banghor
    ---

    Brantard explains his employment as a migrant farm worker before his permanent residency as a vagrant/wandering-nutjob/welfare-recipient in the Minneapolis/ St. Paul area:

    > >Indeed. I AOLways thought Nelly(ie, Brantard) was lavender.


    Mexican

    > Maybe a pastel pink?
    >
    > >>You dumb smuck!

    > >
    > >A misspelled P/K/B. How Nelly-ish!


    Nelly is Mexican.

    In message ID:<8.minneapolis1.mn.us.da.qwest.net>

    In article <>, "Brandon Hex"
    <> wrote:

    > You have a bald head and are black black black. You wish you were white like
    > me but your not.
    >
    > ha haw
    >


    Who ever said Brandon Hex was white?

    In message ID:<8.minneapolis1.mn.us.da.qwest.net>
    Dr. Harvie Wahl-Banghor, Jun 22, 2004
    #10
  11. TechNews

    TechNews Guest

    Dr. Harvie Wahl-Banghor wrote:

    > I was walking down the street, minding my own business, when on Tue,
    > 22 Jun 2004 08:22:53 -0700, TechNews <> screamed from
    > behind the mulberry bush:
    >
    >>Ron Martell wrote:
    >>
    >>> TechNews <> wrote:
    >>>
    >>>>For many of us this is nothing new, to say that Microsoft products are
    >>>>the least secure and reliable is an understatement; and many of us
    >>>>posting our problems in this NG can attest to this fact.
    >>>>
    >>>>Below is an article that pretty much says what we've known all along.
    >>>>
    >>>>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>>>
    >>>>Multiple Vulnerabilities in Microsoft Products
    >>>>Original release date: April 13, 2004
    >>>>Last revised: April 14, 2004
    >>>>Source: US-CERT
    >>>>
    >>>>
    >>>>Systems Affected
    >>>>Microsoft Windows Operating Systems
    >>>>Microsoft Windows Remote Procedure Call (RPC) and Distributed Component
    >>>>Object Model (DCOM) subsystems
    >>>>Microsoft Windows MHTML Protocol Handler
    >>>>Microsoft Jet Database Engine
    >>>>
    >>>
    >>> Yeah. Right.
    >>>
    >>> They issue the bulletin *after* Microsoft has released the fixes.
    >>>
    >>> Just like Blaster and Sasser virus/worms - they weren't even developed
    >>> until after Microsoft had identified the problem and released the fix
    >>> for it.
    >>>
    >>> The virus writers reverse-engineered the patch so as to idenfity the
    >>> specific vulnerabilities being patched and then developed and released
    >>> a virus to exploit these already fixed vulnerabilities.
    >>>

    >>
    >>It shows that these writers are far smarter and skilled than Microsoft's
    >>programers. Now, you can't deny that this sort of thing happens far too
    >>frequently and has become a continous game.
    >>
    >>> The only ones affected by these two viruses were those who were too
    >>> lazy or too stupid to keep their systems up to date. And there were
    >>> gazillions of people in that category.
    >>>
    >>> No operating system can ever protect people from the consequences of
    >>> their own deliberate stupidity.

    >>
    >>You qualify deliberate stupidity as the necesity of having to perpetually
    >>manage and fix a poorly designed system.
    >>
    >>Why lay on user's shoulders what is clearly Microsoft's responsibility?

    >
    > You fuckknob, you predispose that problems associated with Windows is
    > just going to go away if the whole world moved to LINUX. The problem
    > is that the same cretinous users who are now running unsecure
    > versions of Windows would be using LINUX and LINUX ain't uber-OS that
    > you make it out to be. There are chinks in its armour but, of course,
    > you wouldn't dare mention any of them, such as this:
    >
    > http://techrepublic.com.com/5100-22_11-5230144.html?tag=e019

    ^
    |__ Article Quote:

    "... Concurrent Versions System, the vulnerabilities include a flaw that
    could let an attacker take control of a CVS server from the Internet,
    putting the code repository's contents at risk."
    ...

    "The project has already issued a software update to patch the issue..."

    Where in this article does it mention Linux vulnerabilities, he Dr.Retard?
    I like these links better:

    http://www.techweb.com/wire/story/TWB20040603S0007
    http://www.unh.edu/computer-security/win_vuln.html
    http://faculty.ncwc.edu/toconnor/426/426lect12.htm
    http://www.us-cert.gov/cas/techalerts/TA04-041A.html
    http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42
    http://mcse-training.woosy.com/reso...oft-office-2003-certification-testing-tx.html
    http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.php
    http://www.more.net/security/advisories/2004/040414.html
    http://www.idefense.com/application...ure.com/knowledge/hype/20040311_outlook.shtml
    http://www.microsoft.com/security/bulletins/200406_windows.mspx
    http://www.microsoft.com/security/bulletins/200403_office.mspx

    > <nonesense sniped>
    > But, hey, there is hope that Script Kiddies and the Blackhat Hackers
    > will move on to bigger and better things. Cisco has downplayed the
    > recent release of its code on the Internet and the DDOS attack on the
    > Akamai network is just the beginning of bigger and better things.
    > Besides, who knows what the next expoit to opne up on Solaris will be,
    > eh?
    >


    The Akami attach affected a small percentage of its customers. The attack
    itself was launched by windows machines that had been "zombied".

    > Dr Harvie Wahl-Banghor

    ^
    |____ Delussional ignoramus
    --
    Speed:Reliability:Security
    TechNews, Jun 22, 2004
    #11
  12. TechNews

    Duane Arnold Guest

    TechNews <> wrote in news:40d89b72_5@127.0.0.1:

    > Dr. Harvie Wahl-Banghor wrote:
    >
    >> I was walking down the street, minding my own business, when on Tue,
    >> 22 Jun 2004 08:22:53 -0700, TechNews <> screamed from
    >> behind the mulberry bush:
    >>
    >>>Ron Martell wrote:
    >>>
    >>>> TechNews <> wrote:
    >>>>
    >>>>>For many of us this is nothing new, to say that Microsoft products
    >>>>>are the least secure and reliable is an understatement; and many of
    >>>>>us posting our problems in this NG can attest to this fact.
    >>>>>
    >>>>>Below is an article that pretty much says what we've known all
    >>>>>along.
    >>>>>
    >>>>>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>>>>
    >>>>>Multiple Vulnerabilities in Microsoft Products
    >>>>>Original release date: April 13, 2004
    >>>>>Last revised: April 14, 2004
    >>>>>Source: US-CERT
    >>>>>
    >>>>>
    >>>>>Systems Affected
    >>>>>Microsoft Windows Operating Systems
    >>>>>Microsoft Windows Remote Procedure Call (RPC) and Distributed
    >>>>>Component Object Model (DCOM) subsystems
    >>>>>Microsoft Windows MHTML Protocol Handler
    >>>>>Microsoft Jet Database Engine
    >>>>>
    >>>>
    >>>> Yeah. Right.
    >>>>
    >>>> They issue the bulletin *after* Microsoft has released the fixes.
    >>>>
    >>>> Just like Blaster and Sasser virus/worms - they weren't even
    >>>> developed until after Microsoft had identified the problem and
    >>>> released the fix for it.
    >>>>
    >>>> The virus writers reverse-engineered the patch so as to idenfity
    >>>> the specific vulnerabilities being patched and then developed and
    >>>> released a virus to exploit these already fixed vulnerabilities.
    >>>>
    >>>
    >>>It shows that these writers are far smarter and skilled than
    >>>Microsoft's programers. Now, you can't deny that this sort of thing
    >>>happens far too frequently and has become a continous game.
    >>>
    >>>> The only ones affected by these two viruses were those who were too
    >>>> lazy or too stupid to keep their systems up to date. And there
    >>>> were gazillions of people in that category.
    >>>>
    >>>> No operating system can ever protect people from the consequences
    >>>> of their own deliberate stupidity.
    >>>
    >>>You qualify deliberate stupidity as the necesity of having to
    >>>perpetually manage and fix a poorly designed system.
    >>>
    >>>Why lay on user's shoulders what is clearly Microsoft's
    >>>responsibility?

    >>
    >> You fuckknob, you predispose that problems associated with Windows
    >> is
    >> just going to go away if the whole world moved to LINUX. The problem
    >> is that the same cretinous users who are now running unsecure
    >> versions of Windows would be using LINUX and LINUX ain't uber-OS that
    >> you make it out to be. There are chinks in its armour but, of course,
    >> you wouldn't dare mention any of them, such as this:
    >>
    >> http://techrepublic.com.com/5100-22_11-5230144.html?tag=e019

    > ^
    > |__ Article Quote:
    >
    > "... Concurrent Versions System, the vulnerabilities include a flaw
    > that could let an attacker take control of a CVS server from the
    > Internet, putting the code repository's contents at risk."
    > ...
    >
    > "The project has already issued a software update to patch the
    > issue..."
    >
    > Where in this article does it mention Linux vulnerabilities, he
    > Dr.Retard? I like these links better:
    >
    > http://www.techweb.com/wire/story/TWB20040603S0007
    > http://www.unh.edu/computer-security/win_vuln.html
    > http://faculty.ncwc.edu/toconnor/426/426lect12.htm
    > http://www.us-cert.gov/cas/techalerts/TA04-041A.html
    > http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42
    > http://mcse-training.woosy.com/resources/computer-education-certificati
    > on-training-microsoft/dallas-microsoft-office-2003-certification-testin
    > g-tx.html
    > http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.php
    > http://www.more.net/security/advisories/2004/040414.html
    > http://www.idefense.com/application/poi/display?id=79&type=vulnerabilit
    > ies&flashstatus=falsehttp://www.trusecure.com/knowledge/hype/20040311_o
    > utlook.shtml
    > http://www.microsoft.com/security/bulletins/200406_windows.mspx
    > http://www.microsoft.com/security/bulletins/200403_office.mspx
    >
    >> <nonesense sniped>
    >> But, hey, there is hope that Script Kiddies and the Blackhat Hackers
    >> will move on to bigger and better things. Cisco has downplayed the
    >> recent release of its code on the Internet and the DDOS attack on the
    >> Akamai network is just the beginning of bigger and better things.
    >> Besides, who knows what the next expoit to opne up on Solaris will
    >> be, eh?
    >>

    >
    > The Akami attach affected a small percentage of its customers. The
    > attack itself was launched by windows machines that had been
    > "zombied".



    Postie they are just *programs* written by Human Beings that are fallible.

    http://www.internetnews.com/dev-news/article.php/3340501
    http://www.linuxelectrons.com/article.php?story=20040517151831290
    http://www.linuxinsider.com/story/32240.html
    http://securecomputing.stanford.edu/alerts/linux-rsync-4dec2003.html
    http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,88936,00
    ..html

    http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
    http://www.theinquirer.net/?article=13420
    http://geodsoft.com/opinion/server_comp/security/summary.htm

    Linux is no bed of roses.

    On the other hand Linux can be made secured.

    http://www.gtcdrom.com/Books/Bks-Security.html


    MS is no bed of roses either.

    But MS can be made secure as well.

    http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx
    http://www.oreilly.com/catalog/securwinserv/chapter/ch01.html
    http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.m
    spx

    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    1.html
    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    2.html
    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    3.html

    http://www.microsoft.com/technet/security/chklist/iis5chk.mspx
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx
    http://www.microsoft.com/technet/security/tools/locktool.mspx
    http://w2kinfo.nacs.uci.edu/PDF-Docs/safeiisinstall.pdf
    http://system-calls.com/Securing_IIS/MackTSecuringWebServer.pdf
    http://www.lokboxsoftware.com/SecureWin2K/

    The bottom line is either one knows what he or she is doing or they don't
    and there are no in-betweens. :)

    Postie -- you psycho-path clown I know that you don't know anything. :)

    Duane :)
    Duane Arnold, Jun 22, 2004
    #12
  13. TechNews

    TechNews Guest

    Duane winfuck Arnold wrote:

    > TechNews <> wrote in news:40d89b72_5@127.0.0.1:
    >
    >> Dr. Harvie Wahl-Banghor wrote:
    >>
    >>> I was walking down the street, minding my own business, when on Tue,
    >>> 22 Jun 2004 08:22:53 -0700, TechNews <> screamed from
    >>> behind the mulberry bush:
    >>>
    >>>>Ron Martell wrote:
    >>>>
    >>>>> TechNews <> wrote:
    >>>>>
    >>>>>>For many of us this is nothing new, to say that Microsoft products
    >>>>>>are the least secure and reliable is an understatement; and many of
    >>>>>>us posting our problems in this NG can attest to this fact.
    >>>>>>
    >>>>>>Below is an article that pretty much says what we've known all
    >>>>>>along.
    >>>>>>
    >>>>>>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>>>>>
    >>>>>>Multiple Vulnerabilities in Microsoft Products
    >>>>>>Original release date: April 13, 2004
    >>>>>>Last revised: April 14, 2004
    >>>>>>Source: US-CERT
    >>>>>>
    >>>>>>
    >>>>>>Systems Affected
    >>>>>>Microsoft Windows Operating Systems
    >>>>>>Microsoft Windows Remote Procedure Call (RPC) and Distributed
    >>>>>>Component Object Model (DCOM) subsystems
    >>>>>>Microsoft Windows MHTML Protocol Handler
    >>>>>>Microsoft Jet Database Engine
    >>>>>>
    >>>>>
    >>>>> Yeah. Right.
    >>>>>
    >>>>> They issue the bulletin *after* Microsoft has released the fixes.
    >>>>>
    >>>>> Just like Blaster and Sasser virus/worms - they weren't even
    >>>>> developed until after Microsoft had identified the problem and
    >>>>> released the fix for it.
    >>>>>
    >>>>> The virus writers reverse-engineered the patch so as to idenfity
    >>>>> the specific vulnerabilities being patched and then developed and
    >>>>> released a virus to exploit these already fixed vulnerabilities.
    >>>>>
    >>>>
    >>>>It shows that these writers are far smarter and skilled than
    >>>>Microsoft's programers. Now, you can't deny that this sort of thing
    >>>>happens far too frequently and has become a continous game.
    >>>>
    >>>>> The only ones affected by these two viruses were those who were too
    >>>>> lazy or too stupid to keep their systems up to date. And there
    >>>>> were gazillions of people in that category.
    >>>>>
    >>>>> No operating system can ever protect people from the consequences
    >>>>> of their own deliberate stupidity.
    >>>>
    >>>>You qualify deliberate stupidity as the necesity of having to
    >>>>perpetually manage and fix a poorly designed system.
    >>>>
    >>>>Why lay on user's shoulders what is clearly Microsoft's
    >>>>responsibility?
    >>>
    >>> You fuckknob, you predispose that problems associated with Windows
    >>> is
    >>> just going to go away if the whole world moved to LINUX. The problem
    >>> is that the same cretinous users who are now running unsecure
    >>> versions of Windows would be using LINUX and LINUX ain't uber-OS that
    >>> you make it out to be. There are chinks in its armour but, of course,
    >>> you wouldn't dare mention any of them, such as this:
    >>>
    >>> http://techrepublic.com.com/5100-22_11-5230144.html?tag=e019

    >> ^
    >> |__ Article Quote:
    >>
    >> "... Concurrent Versions System, the vulnerabilities include a flaw
    >> that could let an attacker take control of a CVS server from the
    >> Internet, putting the code repository's contents at risk."
    >> ...
    >>
    >> "The project has already issued a software update to patch the
    >> issue..."
    >>
    >> Where in this article does it mention Linux vulnerabilities, he
    >> Dr.Retard? I like these links better:
    >>
    >> http://www.techweb.com/wire/story/TWB20040603S0007
    >> http://www.unh.edu/computer-security/win_vuln.html
    >> http://faculty.ncwc.edu/toconnor/426/426lect12.htm
    >> http://www.us-cert.gov/cas/techalerts/TA04-041A.html
    >> http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42
    >> http://mcse-training.woosy.com/resources/computer-education-certificati
    >> on-training-microsoft/dallas-microsoft-office-2003-certification-testin
    >> g-tx.html
    >> http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.php
    >> http://www.more.net/security/advisories/2004/040414.html
    >> http://www.idefense.com/application/poi/display?id=79&type=vulnerabilit
    >> ies&flashstatus=falsehttp://www.trusecure.com/knowledge/hype/20040311_o
    >> utlook.shtml
    >> http://www.microsoft.com/security/bulletins/200406_windows.mspx
    >> http://www.microsoft.com/security/bulletins/200403_office.mspx
    >>
    >>> <nonesense sniped>
    >>> But, hey, there is hope that Script Kiddies and the Blackhat Hackers
    >>> will move on to bigger and better things. Cisco has downplayed the
    >>> recent release of its code on the Internet and the DDOS attack on the
    >>> Akamai network is just the beginning of bigger and better things.
    >>> Besides, who knows what the next expoit to opne up on Solaris will
    >>> be, eh?
    >>>

    >>
    >> The Akami attach affected a small percentage of its customers. The
    >> attack itself was launched by windows machines that had been
    >> "zombied".

    >
    >
    > Postie they are just *programs* written by Human Beings that are fallible.
    >
    > http://www.internetnews.com/dev-news/article.php/3340501
    > http://www.linuxelectrons.com/article.php?story=20040517151831290
    > http://www.linuxinsider.com/story/32240.html
    > http://securecomputing.stanford.edu/alerts/linux-rsync-4dec2003.html
    >

    http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,88936,00
    > .html
    >
    > http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
    > http://www.theinquirer.net/?article=13420
    > http://geodsoft.com/opinion/server_comp/security/summary.htm
    >
    > Linux is no bed of roses.
    >
    > On the other hand Linux can be made secured.
    >
    > http://www.gtcdrom.com/Books/Bks-Security.html
    >
    >
    > MS is no bed of roses either.
    >
    > But MS can be made secure as well.
    >
    > http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx
    > http://www.oreilly.com/catalog/securwinserv/chapter/ch01.html
    >

    http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.m
    > spx
    >
    >

    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    > 1.html
    >

    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    > 2.html
    >

    http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part
    > 3.html
    >
    > http://www.microsoft.com/technet/security/chklist/iis5chk.mspx
    > http://www.microsoft.com/technet/security/tools/mbsahome.mspx
    > http://www.microsoft.com/technet/security/tools/locktool.mspx
    > http://w2kinfo.nacs.uci.edu/PDF-Docs/safeiisinstall.pdf
    > http://system-calls.com/Securing_IIS/MackTSecuringWebServer.pdf
    > http://www.lokboxsoftware.com/SecureWin2K/
    >
    > The bottom line is either one knows what he or she is doing or they don't
    > and there are no in-betweens. :)
    >


    It seems however that you swing both ways.

    > Postie -- you psycho-path clown I know that you don't know anything. :)
    >


    but I know what you is...

    > Duane :)

    ^ ^
    | |__ Moron's best side.
    |____________________________ One angry little clown with amnesia.


    --
    Speed:Reliability:Security
    TechNews, Jun 23, 2004
    #13
  14. TechNews

    Duane Arnold Guest

    TechNews <> wrote in news:40d8c776_5@127.0.0.1:

    > Duane winfuck Arnold wrote:
    >
    >> TechNews <> wrote in news:40d89b72_5@127.0.0.1:
    >>
    >>> Dr. Harvie Wahl-Banghor wrote:
    >>>
    >>>> I was walking down the street, minding my own business, when on
    >>>> Tue, 22 Jun 2004 08:22:53 -0700, TechNews <>
    >>>> screamed from behind the mulberry bush:
    >>>>
    >>>>>Ron Martell wrote:
    >>>>>
    >>>>>> TechNews <> wrote:
    >>>>>>
    >>>>>>>For many of us this is nothing new, to say that Microsoft
    >>>>>>>products are the least secure and reliable is an understatement;
    >>>>>>>and many of us posting our problems in this NG can attest to this
    >>>>>>>fact.
    >>>>>>>
    >>>>>>>Below is an article that pretty much says what we've known all
    >>>>>>>along.
    >>>>>>>
    >>>>>>>http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>>>>>>
    >>>>>>>Multiple Vulnerabilities in Microsoft Products
    >>>>>>>Original release date: April 13, 2004
    >>>>>>>Last revised: April 14, 2004
    >>>>>>>Source: US-CERT
    >>>>>>>
    >>>>>>>
    >>>>>>>Systems Affected
    >>>>>>>Microsoft Windows Operating Systems
    >>>>>>>Microsoft Windows Remote Procedure Call (RPC) and Distributed
    >>>>>>>Component Object Model (DCOM) subsystems
    >>>>>>>Microsoft Windows MHTML Protocol Handler
    >>>>>>>Microsoft Jet Database Engine
    >>>>>>>
    >>>>>>
    >>>>>> Yeah. Right.
    >>>>>>
    >>>>>> They issue the bulletin *after* Microsoft has released the fixes.
    >>>>>>
    >>>>>> Just like Blaster and Sasser virus/worms - they weren't even
    >>>>>> developed until after Microsoft had identified the problem and
    >>>>>> released the fix for it.
    >>>>>>
    >>>>>> The virus writers reverse-engineered the patch so as to idenfity
    >>>>>> the specific vulnerabilities being patched and then developed and
    >>>>>> released a virus to exploit these already fixed vulnerabilities.
    >>>>>>
    >>>>>
    >>>>>It shows that these writers are far smarter and skilled than
    >>>>>Microsoft's programers. Now, you can't deny that this sort of thing
    >>>>>happens far too frequently and has become a continous game.
    >>>>>
    >>>>>> The only ones affected by these two viruses were those who were
    >>>>>> too lazy or too stupid to keep their systems up to date. And
    >>>>>> there were gazillions of people in that category.
    >>>>>>
    >>>>>> No operating system can ever protect people from the consequences
    >>>>>> of their own deliberate stupidity.
    >>>>>
    >>>>>You qualify deliberate stupidity as the necesity of having to
    >>>>>perpetually manage and fix a poorly designed system.
    >>>>>
    >>>>>Why lay on user's shoulders what is clearly Microsoft's
    >>>>>responsibility?
    >>>>
    >>>> You fuckknob, you predispose that problems associated with Windows
    >>>> is
    >>>> just going to go away if the whole world moved to LINUX. The
    >>>> problem is that the same cretinous users who are now running
    >>>> unsecure versions of Windows would be using LINUX and LINUX ain't
    >>>> uber-OS that you make it out to be. There are chinks in its armour
    >>>> but, of course, you wouldn't dare mention any of them, such as
    >>>> this:
    >>>>
    >>>> http://techrepublic.com.com/5100-22_11-5230144.html?tag=e019
    >>> ^
    >>> |__ Article Quote:
    >>>
    >>> "... Concurrent Versions System, the vulnerabilities include a flaw
    >>> that could let an attacker take control of a CVS server from the
    >>> Internet, putting the code repository's contents at risk."
    >>> ...
    >>>
    >>> "The project has already issued a software update to patch the
    >>> issue..."
    >>>
    >>> Where in this article does it mention Linux vulnerabilities, he
    >>> Dr.Retard? I like these links better:
    >>>
    >>> http://www.techweb.com/wire/story/TWB20040603S0007
    >>> http://www.unh.edu/computer-security/win_vuln.html
    >>> http://faculty.ncwc.edu/toconnor/426/426lect12.htm
    >>> http://www.us-cert.gov/cas/techalerts/TA04-041A.html
    >>> http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42
    >>> http://mcse-training.woosy.com/resources/computer-education-certifica
    >>> ti
    >>> on-training-microsoft/dallas-microsoft-office-2003-certification-test
    >>> in g-tx.html
    >>> http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.p
    >>> hp http://www.more.net/security/advisories/2004/040414.html
    >>> http://www.idefense.com/application/poi/display?id=79&type=vulnerabil
    >>> it
    >>> ies&flashstatus=falsehttp://www.trusecure.com/knowledge/hype/20040311
    >>> _o utlook.shtml
    >>> http://www.microsoft.com/security/bulletins/200406_windows.mspx
    >>> http://www.microsoft.com/security/bulletins/200403_office.mspx
    >>>
    >>>> <nonesense sniped>
    >>>> But, hey, there is hope that Script Kiddies and the Blackhat
    >>>> Hackers
    >>>> will move on to bigger and better things. Cisco has downplayed the
    >>>> recent release of its code on the Internet and the DDOS attack on
    >>>> the Akamai network is just the beginning of bigger and better
    >>>> things. Besides, who knows what the next expoit to opne up on
    >>>> Solaris will be, eh?
    >>>>
    >>>
    >>> The Akami attach affected a small percentage of its customers. The
    >>> attack itself was launched by windows machines that had been
    >>> "zombied".

    >>
    >>
    >> Postie they are just *programs* written by Human Beings that are
    >> fallible.
    >>
    >> http://www.internetnews.com/dev-news/article.php/3340501
    >> http://www.linuxelectrons.com/article.php?story=20040517151831290
    >> http://www.linuxinsider.com/story/32240.html
    >> http://securecomputing.stanford.edu/alerts/linux-rsync-4dec2003.html
    >>

    > http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,8893
    > 6,00
    >> .html
    >>
    >> http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
    >> http://www.theinquirer.net/?article=13420
    >> http://geodsoft.com/opinion/server_comp/security/summary.htm
    >>
    >> Linux is no bed of roses.
    >>
    >> On the other hand Linux can be made secured.
    >>
    >> http://www.gtcdrom.com/Books/Bks-Security.html
    >>
    >>
    >> MS is no bed of roses either.
    >>
    >> But MS can be made secure as well.
    >>
    >> http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.m
    >> spx http://www.oreilly.com/catalog/securwinserv/chapter/ch01.html
    >>

    > http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch
    > 00.m
    >> spx
    >>
    >>

    > http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_
    > Part
    >> 1.html
    >>

    > http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_
    > Part
    >> 2.html
    >>

    > http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_
    > Part
    >> 3.html
    >>
    >> http://www.microsoft.com/technet/security/chklist/iis5chk.mspx
    >> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
    >> http://www.microsoft.com/technet/security/tools/locktool.mspx
    >> http://w2kinfo.nacs.uci.edu/PDF-Docs/safeiisinstall.pdf
    >> http://system-calls.com/Securing_IIS/MackTSecuringWebServer.pdf
    >> http://www.lokboxsoftware.com/SecureWin2K/
    >>
    >> The bottom line is either one knows what he or she is doing or they
    >> don't and there are no in-betweens. :)
    >>

    >
    > It seems however that you swing both ways.
    >
    >> Postie -- you psycho-path clown I know that you don't know anything.
    >> :)
    >>

    >
    > but I know what you is...
    >
    >> Duane :)

    > ^ ^
    > | |__ Moron's best side.
    > |____________________________ One angry little clown with amnesia.
    >
    >


    You're going to have to do better than that MVP, in the NG posting like a
    *clown* like you're all that. <g>

    Duane :)
    Duane Arnold, Jun 23, 2004
    #14
  15. Duane Arnold wrote:

    > You're going to have to do better than that MVP, in the NG posting like a
    > *clown* like you're all that. <g>


    How many OSes integrate a web browser (interface to WAN) as a core component of the OS?
    How many OSes enable active scripting (executable code) by default?
    How many OSes enable unneccessary services (open ports) by default?

    I only know of one OS that offers those features, and I understand it is the largest consumer
    (non-techical user) computing distribution on the planet. That's quite a combination of for
    such a vast and essentially untrained user base (just turn it on, point and click).

    Here's a really old paper (circa 1997) to read:
    http://www.ftc.gov/bcp/privacy/wkshp97/comments2/nsclean.htm

    Scroll down to "The dangers of browser/operating system integration" for direct relevance to
    this post. We've come a long way since then.

    Bottom line: MS OS products could have evolved much differently, without seriously compromising
    their dominance and/or bottom line. And only now, after nearly a decade of this nonsense, do we
    see them making a genuine attempt to do so (XP-SP2). Better late than never. But late
    nonetheless. And if not for all the bad press, competitive pressure and corporate migrations, I
    doubt we would see what we're now seeing.

    I like MS OSes (absorbed by the collective). I like point and click. I like GUI. I like the
    vast array of apps available. And I would *really* like secure by default, especially for those
    who do not (and cannot) know any better.
    zulu@[127.0.0.1], Jun 23, 2004
    #15
  16. TechNews

    Duane Arnold Guest

    zulu@[127.0.0.1] wrote in news::

    > Duane Arnold wrote:
    >
    >> You're going to have to do better than that MVP, in the NG posting
    >> like a *clown* like you're all that. <g>

    >
    > How many OSes integrate a web browser (interface to WAN) as a core
    > component of the OS?


    The purpose of the browser in the Windows NT based environment is a
    mission critical application for nearly all organizations.

    > How many OSes enable active scripting (executable
    > code) by default?


    Active scripting is a vital of WEB programming development for business
    solutions.

    > How many OSes enable unneccessary services (open
    > ports) by default?


    The services are used in closed MS networks to provide business
    solutions.

    The NT based O/S is really meant to be used in a business environment.
    Many of these things you talk about are really meant for business
    solutions behind closed and protected MS networks.

    >
    > I only know of one OS that offers those features, and I understand it
    > is the largest consumer (non-techical user) computing distribution on
    > the planet. That's quite a combination of for such a vast and
    > essentially untrained user base (just turn it on, point and click).


    However, that's not the case is it of the MS O/S being used in a business
    environment. So, either one learns how to shutdown active scripting on
    the browser and close services down that are not needed if one wants a
    secure environment -- no if and buts about it.

    I don't have a problem with it and most that are really skilled don't
    have a problem with it either.

    >
    > Here's a really old paper (circa 1997) to read:
    > http://www.ftc.gov/bcp/privacy/wkshp97/comments2/nsclean.htm
    >
    > Scroll down to "The dangers of browser/operating system integration"
    > for direct relevance to this post. We've come a long way since then.
    >
    > Bottom line: MS OS products could have evolved much differently,
    > without seriously compromising their dominance and/or bottom line.
    > And only now, after nearly a decade of this nonsense, do we see them
    > making a genuine attempt to do so (XP-SP2).


    Well, MS has to do it in order to protect its share of the home market.

    > Better late than never.
    > But late nonetheless. And if not for all the bad press, competitive
    > pressure and corporate migrations, I doubt we would see what we're now
    > seeing.


    MS has to protect the *clueless*. :)

    >
    > I like MS OSes (absorbed by the collective). I like point and click.
    > I like GUI. I like the vast array of apps available.


    > And I would
    > *really* like secure by default, especially for those who do not (and
    > cannot) know any better.
    >


    Well is that what MS is doing with XP's SP2? I would also like to see
    them extend it Win 2K. I don't see why it cannot happen.

    For me, it's just the opposite. I have to undo what XP's SP2 will do to
    shutdown things so that I can continue developing and understanding .NET
    solutions for business and the NT based O/S. :)

    Duane :)
    Duane Arnold, Jun 23, 2004
    #16
  17. On Tue, 22 Jun 2004 02:15:00 +0000, Dr. Strangelove posted:

    > TechNews wrote:
    >> For many of us this is nothing new, to say that Microsoft products are
    >> the least secure and reliable is an understatement; and many of us
    >> posting our problems in this NG can attest to this fact.
    >>
    >> Below is an article that pretty much says what we've known all along.
    >>
    >> http://www.us-cert.gov/cas/techalerts/TA04-104A.html
    >>
    >> Multiple Vulnerabilities in Microsoft Products Original release date:
    >> April 13, 2004 Last revised: April 14, 2004
    >> Source: US-CERT

    >
    > <---snip--->
    >
    > It's not that Windows is less secure than Nix variants. Nix variants rely
    > upon security by obscurity (Cisco did this too and it bit em in the butt
    > about a month ago - can't put my finger on the article tho). Why would
    > the virus writers and crackers go after stuff that is only used by a small
    > percentage of the public? - No fun in that. Gotta go where all the peeps
    > are.


    <YAWN> The usual windows users reply. THIS is why linux is virus free -
    http://librenix.com/?inode=21
    http://www.securityfocus.com/columnists/188

    Also, unlike Windows, a user does NOT have admin priveledges.
    Unless the user is running as 'root', opening an executable will not do anything.

    1. He would have to save it.
    2. Then he'd have to do a 'chmod' on it.
    3. Then he'd have to be running it as root.

    It simply doesn't have the permissions to go copying itself into the
    system file areas, or alter startup files to start itself automatically,
    or the permissions to DEACTIVATE other programs (Hmm, Viruses smart
    enough to turn off Windows AV tools and prevent updating, thats secure
    design!)

    OTPOH Windows [and not the user or applications] decides what to do with
    files. This is how it works:

    1. Virus sends an attachment that is actually a binary, but puts an
    auto-open extension on it, like .txt or .wav or something. These file
    types are considered "safe" by Windows.

    2. Windows does not consult the user to choose an appropriate application.
    Instead it just passes it off to shellexec.

    3. Shellexec tries to be helpful and pokes inside the file. "Oh, it's an
    executable binary? Well I'll just run it then."

    4. Game over.

    Linux may not be totally safe, no OS is, but it's a damn sight safer than
    using M$ OS's.

    --
    kernel 2.6.5-7.75 / KDE 3.2.2
    http://linuxnotjustforgeeks.org/
    Seymour B. Utts, Jun 23, 2004
    #17
  18. Seymour B. Utts, Jun 23, 2004
    #18
  19. TechNews

    TechNews Guest

    zulu@[127.0.0.1] wrote:

    > Duane Arnold wrote:
    >
    >> You're going to have to do better than that MVP, in the NG posting like a
    >> *clown* like you're all that. <g>

    >
    > How many OSes integrate a web browser (interface to WAN) as a core
    > component of the OS? How many OSes enable active scripting (executable
    > code) by default? How many OSes enable unneccessary services (open ports)
    > by default?
    > <sniped>


    You got too far above our Duane clown's little head on the technical stuff.
    He will never understand, or accept, what you've just said.

    --
    Speed:Reliability:Security
    TechNews, Jun 23, 2004
    #19
  20. TechNews wrote:
    > zulu@[127.0.0.1] wrote:
    >
    >> Duane Arnold wrote:
    >>
    >>> You're going to have to do better than that MVP, in the NG posting
    >>> like a *clown* like you're all that. <g>

    >>
    >> How many OSes integrate a web browser (interface to WAN) as a core
    >> component of the OS? How many OSes enable active scripting
    >> (executable code) by default? How many OSes enable unneccessary
    >> services (open ports) by default?
    >> <sniped>

    >
    > You got too far above our Duane clown's little head on the technical
    > stuff. He will never understand, or accept, what you've just said.


    Why should he? Windows Server 2003 comes out of the box locked down. Now,
    you were saying, linuxfucktard?
    TechNews the hat binder, Jun 23, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Allan
    Replies:
    0
    Views:
    461
    Allan
    May 11, 2005
  2. Au79
    Replies:
    4
    Views:
    468
    Leythos
    Jan 28, 2007
  3. Collector»NZ
    Replies:
    1
    Views:
    357
    Gordon
    Feb 13, 2005
  4. Frank Williams

    European Parliament slams digital copyright treaty

    Frank Williams, Mar 12, 2010, in forum: NZ Computing
    Replies:
    0
    Views:
    312
    Frank Williams
    Mar 12, 2010
  5. Frank Williams

    Google attorney slams ACTA copyright treaty

    Frank Williams, May 8, 2010, in forum: NZ Computing
    Replies:
    0
    Views:
    298
    Frank Williams
    May 8, 2010
Loading...

Share This Page