Network News

X My Profile
View More Activity

Patch and P(r)ay?

After years of customer feedback, Microsoft has indeed gotten better about writing its security advisories in plainer English and less geek speak, but still I find myself sometimes glazing over potentially significant details buried within the notices.

Take this little morsel for instance, tucked into Redmond's latest advisory about how the few hundred or so distinct threats attacking Windows users through a critical unpatched software flaw "are limited in scope and not widespread."

"If you are a Windows OneCare user and your current status is green," the advisory reads, "you are already protected from known malware that uses this vulnerability to attempt to attack systems."

I had to read that line twice, because I couldn't figure out how I missed it the first time round. I myself an not a user of OneCare, a beta service Microsoft is rolling out to provide antivirus updates and other unspecified protections against spyware and all types of malware. But I might be one soon, if only to learn what else Microsoft could be doing to protect me and my five Windows PCs from assault from these limited threats.

Microsoft has let it be known that it plans to charge for this service at some point, but it hasn't been very specific about when it would start doing that and how much the service would cost customers.

Microsoft said Tuesday that although it had developed a patch to fix the current problem, it would not release it to the public for another week. Rather, it said, the patch needed to undergo quality testing to make sure it didn't break other applications -- particularly complex, custom software commonly found in businesses.

In making this choice, Microsoft is behaving like a perfectly rational corporation. They'd rather not get sued by companies accusing them of ditching quality control to rush a patch out the door just to save a few days, an event that would still earn them as much bad press as they would have inevitably received having waited it out through the testing process.

But now I am left wondering what other sorts of protections Microsoft could be giving its OneCare customers against this threat that it is not also providing to the public.

Well, what does Microsoft have to say about it? From their OneCare description page: "Windows OneCare provides continuous feature updates to subscribers, providing you with the latest technologies to help protect you from emerging threats. If you're worried about a new virus or other threat, you can check for updates yourself with a single click."

Fair enough. So we're talking about antivirus and anti-spyware updates, right? Well, maybe, but not so fast. I spotted this teaser over at -- where else -- the "Microsoft Windows OneCare Blog":

"While the exploit was quickly understood, and Windows OneCare sent updates out within hours of the vulnerability being found in Windows, this kind of issue is a reminder that real-time protection is critical. Windows OneCare is much more than just antivirus software of course, but this example shows why this kind of protection is critical to our overall mission of taking care of your PC."

"Windows OneCare is much more than just antivirus software"? In what way? Security Fix would like to know. Did Microsoft silently provide OneCare users the registry hack that it recommended Windows 2000, XP and Server 2003 customers manually apply as an interim (albeit only moderately effective) fix for this larger problem -- which by the way technically is not a security flaw but a feature of Windows going back to the creation of the operating system?

If Microsoft wanted to, and if its customers consented, it could easily tell which OneCare customers were likely home users and therefore less likely to have technical conflicts with a given patch. What is to stop Microsoft from allowing those paying customers from receiving the patch before everyone else?

But that is, of course, just a silly, hypothetical situation. Microsoft is clever enough to realize that such a move would smack of asking people to pay for more timely security patches.

So, just how does OneCare differ from a regular antivirus service? Or does it? Referring again to Microsoft's advisory, we see that antivirus is best thing going around right now to protect users from these threats: "In addition, antivirus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures."

I have to take issue with Microsoft on that point. If anything, the opposite has been shown to be the case. Andreas Marx of AV-test.org, who has routinely tested the response times of nearly two dozen of the most popular antivirus products against each new wave of malware to exploit this flaw, has found time and again that for many, many hours, far too many antivirus products fail to detect the new threats. What's more, Marx found that in cases where the threats were detected, it was usually only after they had fetched and dropped their malicious payload, not when the little buggers first broke into the system.

Granted, Windows OneCare was not among the products that Marx tested, so perhaps this criticism is off base. In the end, I find myself scratching my head and identifying with the sentiments of the last reader to comment on the Microsoft OneCare Blog, someone who simply signed their name "antioed."

"While I think it is great you are developing this software I think parts of it are long overdue in Windows and I have to admit I am a little disgruntled about aspects of how Microsoft has handled security in Windows thus far. While this software gives added security capabilities for antivirus and spyware beyond the scope of what should be included with the OS I do not see why someone who has paid for an OS license should not be able to get the same level of realtime protection for plugging up and monitoring vulnerabilities until patches can be applied. Advanced security features should be included with the OS and I was quite pleased with the security improvements in [Service Pack 2]. The antivirus and spyware are not Microsoft's fault and therefore fair game for charging a fee ... are there any plans to integrate realtime vulnerability monitoring and protection capabilities in the Security Center constructs built into XP SP2? If Microsoft cannot get a patch out they should at least be able to plug and monitor the hole easily, automatically and in real-time ... free. It's not the user's fault."

One final note: It appears we now have at least one more unofficial patch to fix this widespread Windows flaw, this one courtesy of a Paolo Monti from San Diego-based Eset, which makes the NOD32 line of antivirus products. Monti says no reboot is required, and that the gratis patch works on Windows 9x and Windows ME (the other unofficial patch Security Fix mentioned this week does not claim to work on either).

Eset is a respected company with a proven product, so I don't doubt this patch does what it says, but then again I don't know anyone who's vetted it, so use at your own risk.

OK, I lied: This is the final note. Microsoft says Windows users who have questions, concerns or problems surrounding this issue can call 1-866-PCSAFETY. Keep in mind, however, that if if you do apply this third-party patch, Microsoft will in all likelihood refuse to help you return your PC to its previous pre-patch state should the patch somehow muck it up.

By Brian Krebs  |  January 5, 2006; 1:45 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft to Patch Windows Flaw Next Week
Next: Fake Anti-Spyware Makers Settle Fraud Charges

Comments

Sadly, MS is flunking this test. Their patch needs to get out to everyone NOW.

Happily, the online community is routing around MS, and patching itself.

Note to MS: you're midway over the shark. Abort now.

-- stan

Posted by: Stanley Krute | January 5, 2006 5:22 AM | Report abuse

Microsoft said Tuesday that although it had developed a patch to fix the current problem, it would not release it to the public for another week. Rather, it said, the patch needed to undergo quality testing to make sure it didn't break other applications --


OH! When did this new policy go into effect?

Posted by: Woofbite | January 5, 2006 6:31 AM | Report abuse

Frankly, yes we've been given the protection within hours after the WMF issue was raised.
If one takes the time to analyse the situation, one will realise that Windows One Care Live is the best protection ever and it does not take as much resources as other antivirus.
Ok, it's in beta but it works fine, a bit too fine. I get at least 4 updates per day and for the first time I let one of PCs connected to the web without my hardware firewall and without McAfee.
Coupled with IE7 (still in beta), Windows One Care Live offers the best protection ever.
I'm not a huge fan of Ms. I'm a member of Vector Linux (www.vectorlinux). My profile name is AncientNET. With Windows One Care Live installed, I feel like running linux which gets the kernel constantly patched. It's great.
And if Ms decides to make us pay for it, I'll crack it and use it for free.
Best wishes,
Shah (Mauritius)

Posted by: Shah (Mauritius) | January 5, 2006 7:21 AM | Report abuse

Frankly, yes we've been given the protection within hours after the WMF issue was raised.
If one takes the time to analyse the situation, one will realise that Windows One Care Live is the best protection ever and it does not take as much resources as other antivirus.
Ok, it's in beta but it works fine, a bit too fine. I get at least 4 updates per day and for the first time I let one of PCs connected to the web without my hardware firewall and without McAfee.
Coupled with IE7 (still in beta), Windows One Care Live offers the best protection ever.
I'm not a huge fan of Ms. I'm a member of Vector Linux (www.vectorlinux). My profile name is AncientNET. With Windows One Care Live installed, I feel like running linux which gets the kernel constantly patched. It's great.
And if Ms decides to make us pay for it, I'll crack it and use it for free.
Best wishes,
Shah (Mauritius)

Posted by: Shah (Mauritius) | January 5, 2006 7:33 AM | Report abuse

Ever think about Linux?

Posted by: Gary Dolan | January 5, 2006 8:07 AM | Report abuse

Buy a Mac. Or, is this solution simply too easy, fun, helpful, etc.? Stop spending precious time fixing, patching, rebooting, and reinstalling the Microsoft OS. Get a life. Enjoy the computer experience. Get some work done. If any other company delivered products so defective as Microsoft's, it would be sued to oblivion.

Posted by: Michael Young | January 5, 2006 8:25 AM | Report abuse

"If you are a Windows OneCare user and your current status is green," the advisory reads, "you are already protected from known malware that uses this vulnerability to attempt to attack systems."

"Microsoft said Tuesday that although it had developed a patch to fix the current problem, it would not release it to the public for another week. Rather, it said, the patch needed to undergo quality testing to make sure it didn't break other applications -- particularly complex, custom software commonly found in businesses. "

Is this not a glaring contradiction? How can Microsoft possibly provide this protection to OneCare users if the patch is not yet tested? This looks like another way to push people toward paying for security that should be inherent in the OS.

-- John

Posted by: John Clevenger | January 5, 2006 8:28 AM | Report abuse

Mr. Krebs notes "which by the way technically is not a security flaw but a feature of Windows going back to the creation of the operating system?"

I've been troubled by the pairing of Microsoft's engineering-in its willingness to continue designing security holes into their products ON PURPOSE-in conjunction with its MS/NBC operations to help shape public opinion. It has been shown that "I LOVE YOU", "CODE RED" and scores of other viruses reported in the media over the years as "internet viruses" were actually applications designed using Microsoft's documented APIs. Being in the "media elite", as a parnter of NBC, softness has been given to Microsoft, where these problems were reported as, "internet bugs that may show up in Microsoft Outlook."

Microsoft knows where every security hole is because THEY designed these into their products.

It has been rumored that Microsoft is getting out of the software business in favor of television set-top boxes, PDAs, XBOXes, etc that have clear shrink-wrap presense. Selling the formulae to cover their engineered features "misused" may be a last-ditch effort to earn money in the software business.

Like all software businesses, maybe it's time to call in ComputerAssociates acquire Microsoft's shrinking software division and put an end to this nonsense.

Posted by: J'Klmno Mac | January 5, 2006 8:33 AM | Report abuse

People used to say that nobody ever got fired for buying IBM, and then it turned into nobody ever got fired for buying MS. Maybe if bosses realized that they don't have to waste so much time and money dealing with crap like this, people would get fired for buying MS and this situation would start to change. I'm sticking with my Mac.

Posted by: Mathias | January 5, 2006 8:52 AM | Report abuse

From Paul Thurrott's site http://www.internet-nexus.com :

How to know if you are protected from the WMF vulnerability
I'll accept the following answers:

1. You're using a Mac.
2. You're using a PC that isn't connected to the Internet or other PCs via a network.

However, this [the Windows OneCare Advisory message] is not an answer, especially since Windows One Care doesn't do anything to protect you from the WMF vulnerability:

So what's worse than doing nothing? Pretending that you're doing something to help when you're not.

Posted by: Michael Young | January 5, 2006 8:55 AM | Report abuse

If I were a casual user, I'd switch to Mac.

This exploit, and previous ones, suggest this will happen again and again.

And we all know this.

Those who stick with Billy Gate's software have been warned by this and previous exploits (Slammer) that your safety is in your own hands. Putting Billy in charge of your safety is a lazy, unwise thing to do.

Posted by: Securio | January 5, 2006 9:15 AM | Report abuse

Handling your own security is also exceedingly expensive. I'm a retired CIO of a subsidiary of a major global bank. The expenditures on security for Microsoft on desktops, laptops, and servers can be measured in the millions of dollars annually. By contrast, I used a Mac within the network and never, never once had or was threatened by a virus, trojan horse, adware, spyware, you-name-it. NEVER, and yet I still worked each day on my trusty Mac in a less than casual manner. It is simply wrong to denegrate the Mac by saying it is strictly for casual use.

Posted by: Michael Young | January 5, 2006 9:32 AM | Report abuse

I downloaded the patch you recommended and my computer got a virus and is now being repaired. I've contacted the guy who designed the patch at CastleCops.com and they say Oh, it must be something else. The computer repair guy said it's acting like a virus got into my computer. Just thought you'd like to know.

Posted by: chalco | January 5, 2006 9:53 AM | Report abuse

"Buy a Mac"

OFF TOPIC

Posted by: Report | January 5, 2006 10:02 AM | Report abuse

The functionality (and potential for disaster) in the .wmf code has been around for a long time. A patch for this could have been made long ago (and tested as long as MS wanted to test it) before there was a problem. But instead, MS, following right along with their normal practices, just wait until someone tells them that it's broken.

Thankfully I use a mac and don't have to worry about the exploit on my machine, but all my PC client's are worried to death about this. I have many doctor offices as clients. This isn't something that isn't serious. It's deadly serious. I've posted about the exploit at:
http://andjustonemorething.blogspot.com

Over the last three years, we've been in privy to the large OS shift away from MS. We're still in the early stages of this as this is something that only happens with a lot of time. There are too many business tied to MS technology right now and moving from MS overnight is not something that can happen quickly. It doesn't just take switching business applications, it also takes switching mindsets and overall attitudes.

MS need to quite focusing on stupid game platforms and instead focus on the systems that are making this work go around. Otherwise, they can kiss their beloved lead in the OS market goodbye.

http://andjustonemorething.blogspot.com

Posted by: Jimmy | January 5, 2006 10:23 AM | Report abuse

Via "Windows OneCare", Microsoft will be able to continue developing, selling, and profiting from severely flawed operating systems (OSs) and will be able to create additional profits by selling "security" patches for those operating systems. This duality of purpose reeks of conflict of interest. Microsoft will have a financial incentive to build flaws into future OSs so as to boost sales of Windows OneCare

Posted by: Teresa Binstock | January 5, 2006 10:23 AM | Report abuse

The functionality (and potential for disaster) in the .wmf code has been around for a long time. A patch for this could have been made long ago (and tested as long as MS wanted to test it) before there was a problem. But instead, MS, following right along with their normal practices, just wait until someone tells them that it's broken.

Thankfully I use a mac and don't have to worry about the exploit on my machine, but all my PC client's are worried to death about this. I have many doctor offices as clients. This isn't something that isn't serious. It's deadly serious. I've posted about the exploit at:
http://andjustonemorething.blogspot.com

Over the last three years, we've been in privy to the large OS shift away from MS. We're still in the early stages of this as this is something that only happens with a lot of time. There are too many business tied to MS technology right now and moving from MS overnight is not something that can happen quickly. It doesn't just take switching business applications, it also takes switching mindsets and overall attitudes.

MS need to quite focusing on stupid game platforms and instead focus on the systems that are making this work go around. Otherwise, they can kiss their beloved lead in the OS market goodbye.

http://andjustonemorething.blogspot.com

Posted by: Jimmy | January 5, 2006 10:24 AM | Report abuse

Mr. Young and others,

I agree that handling your own security can be expensive, but having been in FTE and consulting positions, I firmly believe that this is due to the fact that this money is not spent intelligently. Things get expensive when you start throwing money at a problem, without ever educating your staff. Money could be better spent in hiring more qualified applicants, or better yet, training your current staff. Better trained and more knowledgeable staff lead to better solutions.

Switching away from Microsoft is not the solution. Your staff and other employees have been making use of your investment in their products for far too long to have them ripped out to start over again.

The key is senior management (ie, the CIO, CSO, whomever, but starting with the CEO) taking security seriously, but not just in word. For example, does the IT staff have a current network diagram available? If not...why? Have them produce one. If they can't, why? Is it due to lack of training, lack of knowledge?

Investing in the training of your employees is a much better use of your money than purchasing products to solve a problem that you can't even define.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Posted by: H. Carvey | January 5, 2006 10:33 AM | Report abuse

Microsoft always test's the patches before releasing.

Also, just because there is an exploit, doent mean it is being used by any malware.

I would much rather wait for a patch that will work rather than something that will break applications.

Posted by: Amrinder | January 5, 2006 11:12 AM | Report abuse

Mr Carvey, how is it that "Switching away from Microsoft is not the solution. Your staff and other employees have been making use of your investment in their products for far too long to have them ripped out to start over again." But spending money on additional training is cost-effective? Might not it be most cost effective to spend those training dollars on a better platform - if on exists? Seems like the most prudent business decision would be to analyze the costs & benefits of both changing platforms and staying. Do you want staff spending their time testing patches & applying them enterprise-wide on a monthly basis?

I can understand the argument that many in the anti-Microsoft camp have their blinders on regarding the benefits of staying with Microsoft. But the same can be said of the pro-Microsoft camp - they sometimes assume there are costs there (i.e. to changing platforms) that might not be as high as they assume.

regards-
Brian Simon
IT Consultant

Posted by: bsimon | January 5, 2006 11:26 AM | Report abuse

Mac, Mac, Mac, Mac... Doesn't anyone realize that if Mac had 95% of the profit share of the world, Mac's would get viruses too...

It's just that the little terrorists want to do the most damage as quickly as possible.. So they don't waste their time on millions of computers when they can create problems for billions.

There is no doubt Microsoft makes mistakes. But to simply say a mac would fix it is just stupid!

Posted by: Bobby | January 5, 2006 11:28 AM | Report abuse

Bobby, that may be true, but you are also apparently ignoring the fact that the Mac, for example, has some important differences in the Operating System design that make it inherently safer than Microsoft's products. Microsoft made some design decisions in DOS that are still impacting their OS design because Microsoft has chosen to make design compromises in favor of legacy support and OS-Application compatibility in lieu of security. If the world was 95% Mac, or Linux, yes there would be more viruses and hacks targetted at those platforms. But it is unlikely that as many security flaws would be found.

Brian Simon
IT Consultant

Posted by: bsimon | January 5, 2006 11:54 AM | Report abuse

> Also, just because there is an exploit,
> doent mean it is being used by any malware.
Post your e-mail address, and we will see how many of the 300+ versions of bad WMF images I got will make it past your AV scanner.

Posted by: fed_up_with_MSFT | January 5, 2006 12:07 PM | Report abuse

Why is it that all the MAC users feels its necessary to trumpet the fact that MACs are the best and MS is inherently flawed. Its funny to me because if you have such a good thing why would you want to share it. If everyone takes your advice and buys a MAC then all internet baddies will be exploiting your system, yet there is this constant need to talk about how impenetrable it is.

Posted by: Mac Inferiority Complex | January 5, 2006 12:13 PM | Report abuse

Only Linux is used at the companies I own. You have to want a virus or trojan, if you use windows. There is no other explaination for it. Linux has everything windows has and more.

Without paying the Gates-tax, of course.

Posted by: David Huff | January 5, 2006 12:33 PM | Report abuse

Wow, talk about greedy. Mr Mac Inferiority Complex says "Why is it that all the MAC users feels its necessary to trumpet the fact that MACs are the best and MS is inherently flawed. Its funny to me because if you have such a good thing why would you want to share it. If everyone takes your advice and buys a MAC then all internet baddies will be exploiting your system, yet there is this constant need to talk about how impenetrable it is. "

Thank heavens not everyone thinks that way. Some security experts propose that a healthy IT infrastructure includes a variety of operating systems. Its not about finding a platform that nobody else uses so you're safe from attracting enough attention to be attacked. Its about fostering innovation through competition. Face it, Windows doesn't have the kind of competition that forces Microsoft to improve the security of their product. As more users get fed up with the security failures of that OS and migrate to Mac or Linux or who knows what, MS just might start to take security seriously.

Posted by: bsimon | January 5, 2006 12:35 PM | Report abuse


"ever think about Linux"

Every time I turn on my windows PC at work, and long for my Linux PC at home.

Every time I see another CRITICAL exploit for windows. It's not that there are no security flaws for Linux or mac, it's that they are:

1) nearly always less cricitical.

2) nearly always holes from local access.

3) always patched to "never re-appear" (which is caused by microsoft simply moving the hole. They intentionally keep their software open so they can keep tabs on it. How else do you explain the fact that the Kernel calls home when connected to the net?)

Isn't it obvious by now that when it comes to microsoft they don't know jack about security? (except securing their own IP.)

Bill Gates:
"no operating system was designed to be connected to a network".

Uhm, except for Unix? which is the building block for Mac Os X and Linux? The whole purpose of linux was for networking computers.

If you want a secure windows computer disconnect it from the internet.

Posted by: mbuel | January 5, 2006 12:39 PM | Report abuse

Ignorance slays me, does anyone ever look at the big picture anymore? It's called risk mitigation folks, but so many topics keep repeating in these posts;

MS is acting prudently under the circumstances. If they issued a patch without thoroughly checking it and it crippled the functionality of millions of systems they would be out of business. Getting a malicious .wmf file within the timeframe of discovery and MS's patch release date a minimal threat item in the corporate world especially if they are running update anti virus and unregister the one .dll file MS recommends as a workaround (I had this done on 25000 systems within a couple of hours).

Windows One Care; this was supposed to be the 'hands-off' utility that watched over your system - so what if MS uses it to implement their workarounds and eventual patches when needed? That's what they were supposed to do with it. This is also still a beta product so if they did push a patch/workaround to those users fist, good! It was a beta patch too and everyone running a test product agreed to the risks.

As for application of a third party patch that had not undergone evaluation with all MS and major corporate software and also not guaranteed to be recognized and updated by MS's offical patch - I'd be fired in a heartbeat if I installed it.

"Get a MAC" enthusiasts; stop trumpeting your ignorance! I have those also, and they need anti virus, and get security updates too. What they don't have is the legions of hackers dedicated to trying to discover vulnerabilities that MS does. Of course if "everyone got a MAC" then they would get the bulk of malicious attention and be labeled a pile of poop by those who claim their ever-faithful Timex/Sinclair unit is never at risk.

Lastly, uses going to non-work related or sites of questionable repute should be spanked! And I feel one coming on now...

Posted by: Karl W. | January 5, 2006 12:45 PM | Report abuse

Mr. Simon,

> Mr Carvey, how is it that "Switching away from Microsoft is not the solution. Your staff and other employees have been making use of your investment in their products for far too long to have them ripped out to start over again."

???

> But spending money on additional training is cost-effective?

Perhaps it is. What I'm advocating is better training, so that you don't have to spend, as Mr. Young stated, millions of dollars on security for Microsoft products. Why were "millions of dollars" spent? What risks were identified, and what products were purchased to mitigate those risks? Would the solution you picked be different if your admins/IT staff had better training/knowledge?

The additional training has other, added benefits. Incorporate that into an employee development plan...most IT guys I know would jump at the idea to be considered more than a red-headed step-child, and have the same opportunities for growth and promotion as their corporate brethren.

> Might not it be most cost effective to spend those training dollars on a better platform - if on exists?

Poor and untrained admins are going to be a problem, regardless of platform. Say you've got an all-Windows shop, and you decide to switch over to Linux. Who's going to install and administer all of those systems? Who's going to train the users? Where is the money to rewrite any home-grown apps, and/or evaluate products to replace your current apps (mail server, databases, etc.)?

> Seems like the most prudent business decision would be to analyze the costs & benefits of both changing platforms and staying. Do you want staff spending their time testing patches & applying them enterprise-wide on a monthly basis?

> - they sometimes assume there are costs there (i.e. to changing platforms) that might not be as high as they assume.

Perhaps. But rather than denigrating each "camp", wouldn't it be better to specify the costs? It's easy to point at both camps and say they're wrong...why not provide the appropriate information instead?

Thanks,

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Posted by: H. Carvey | January 5, 2006 1:15 PM | Report abuse

Consider FreeBSD 6.0.

Posted by: HWyss | January 5, 2006 1:16 PM | Report abuse

Anybody stupid enough enough to have five Windows PC's deserves every virus and spyware infection that they get.Microsoft makes fortunes off of people stupid enough to use their OS and they are always finding new ways to screw their customers.

Posted by: Fedora Favor | January 5, 2006 1:36 PM | Report abuse

"If you are a Windows OneCare user and your current status is green," the advisory reads, "you are already protected from known malware that uses this vulnerability to attempt to attack systems."

Windows One Care Live guards against *known* malware, not the vulnerability itself. It's similar to a prison guard in the watchtower with a rifle. The WMF vulnerability is analogous to a 400 meter gap in the prison perimeter wall. The upcoming patch is a contractor hired to pour cement to fill the gap.

Unfortunately, some of the inmates have obtained guard uniforms or contractor work clothing, and are sneaking by the watchtower.

Posted by: Ken L | January 5, 2006 2:00 PM | Report abuse

Fedora -- They say you should never argue with an idiot, because people listening may not be able to tell who's who. But at that risk, I'll bite on your comment:

"Anybody stupid enough enough to have five Windows PC's deserves every virus and spyware infection that they get."

So by your reasoning, the majority of the world deserves to get viruses and spyware infections, including most businesses?

Posted by: Bk | January 5, 2006 2:11 PM | Report abuse

So! Microsoft wants to charge a subscription
to fix problems or flaws in their platform?
Ain't that America somethin to see?
Microsoft houses for you and me? Groan!

"America, the only place on earth where you can feed the hand that bites you!!"

That's how I feel about it. R.F.

Posted by: RON F. | January 5, 2006 2:34 PM | Report abuse

The unknowns that patches cause on systems is how SQL Slammer took down most companies in January 2003, including portions of MS itself.

Most people still don't know that it was 2 winter patchs for SQL Slammer that uninstalled the fix from the fall that would have prevented SQL Slammer months later. Only if you read the fine print would you have known this, and most the media still missed this.

Yes, staying current can and HAS caused mass outtages at Fortune 100 companies, including the ones I was working at (not my servers, but the servers of colleagues -- and it was my discovery that saved their butts in the inquiry).

At the same time, many UNIX administrators will be quick to point out (myself included), that it's the massive, interdependent, cross-integration of subsystems across subsystems that is causing Microsoft it's own problems. I mean, at what point does Microsoft start to be held accountable to its pre-SQL Slammer attitude of integration, and get serious about the "root cause." And that "root cause" is that it's OS, both current as well as NT 6.0 "Longhorn" future, still comes from a from a land of NO "common sense" on integration/features that UNIX developers and administrators have ever since the Morris worm of 1988?

Posted by: Bryan J. Smith | January 5, 2006 2:39 PM | Report abuse

Although everyone, in my opinion, has shared valid points on this issue I am not seeing a positive, resposible, "owning up" on users part in all of this. We ought to know that if we put all of our eggs in one basket and the bottom falls out of the basket, we are going to have a lot of broken eggs...basically, we, as users/consumers put microsoft in the position of holding all of our eggs in their one big basket. I am as guilty as everyone else. I am also determined to begin to examine other companies products & services that fill my computer/internet needs while allowing me a more secure environment simply because they are NOT number one in the industry so they will not be targeted by hackers etc. the way Microsoft is. By diversifing we can all contribute to controling the ability of hostile indiviuals bent on causing chaos.

Posted by: KHull | January 5, 2006 3:06 PM | Report abuse

What do you call it when a company offers to sell you protection from their own product? Where I come from we call it a shakedown. If memory serves me, and sometimes it does, several organized crime families were prosecuted for this kind of thing.

Cars that have to be fixed more than 3 times for the same problem are considered lemons. How many times do you have to patch an OS before you can call it defective?

Posted by: Casey | January 5, 2006 3:09 PM | Report abuse

Fedora -

Interesting point of view.

I've used Windows exclusively for years. I've never gotten a virus on one of my systems that I didn't put there myself. For over a year, I had a Windows NT 4.0 box up on a raw DSL connection. If I was bored and wanted to know what the kiddies were up to, I turned on snort.

There's nothing stupid about running 5 or 500 Windows boxes. It is questionable to run any number of systems when you lack the necessary knowledge to do so...that applies to Windows, Linux, BSD, Plan9, Inferno, or any other OS.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Posted by: H. Carvey | January 5, 2006 3:18 PM | Report abuse

It really is quite disconcerting
to see how many people are falling for the Microsoft scam:

1. Sell an OS so horribly defective that it's used as an
object lesson in what not to do
in college classes.

2. Wait for the inevitable: worms, viruses, spyware, etc.

3. Instead of correcting #1,
offer to sell band-aids against
#2.

4. Lather, rinse, repeat.

We in the Unix world learned well from the events of November 3, 1988. That was the
last time a 'nix-based security
problem had widespread operational impact on tInternet. Microsoft has yet
to learn anything from the
events of that day, or any
of the subsequent days up until
the present, *except* that there is a large and gullible
population willing to pay into
their protection racket.

Posted by: OldGeek | January 5, 2006 3:35 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company