ok i have an issue with microsoft...

[morelos]

How many people here use Windows XP? How many people here have seen this image?

IMAGE NO LONGER AVAILABLE

Now, I ask the important question: how many times have you seen this particular explanation for the update? "A security issue has been identified that could allow an attacker to compromise a computer running [our product that you bought] and gain complete control over it."

In the case of my screenshot here, it's a local security hole. But let's face it: most of the time, they say an attacker could REMOTELY gain full control of your computer. What's up with this? Running their OS is akin to having "Back Orifice" installed on an otherwise stable machine.

If Windows XP were a car, no insurance carrier would ever be willing to cover it.

If Windows XP were a car, can you imagine the amount and frequency of recalls the company that produced it would be announcing?

If Windows XP were an airplane, you sure as hell wouldn't feel safe flying on it.

The companies who make products on which we rely day to day are typically responsible about ensuring their products' safety and functionality before releasing them to the market. Why isn't it the same with the base software for our computers? Why isn't it the same with Microsoft? What gives this company the right to be irresponsible about releasing its software?

Some may argue that their offering of 'hotfixes' and security audits of the software to discover and address these issues is a sign of exactly the corporate responsibility of which i speak; this is not the case. If you bought a door lock on the market which was particularly enabling to break-and-enter robbers, would it be good enough for you if they periodically called you and said, "Um, we're really sorry, but that door lock you bought from us still isn't safe. We'd like to do some more work on it if that's ok by you?" How many times would you put up with it? How many times could they call and offer to 'update' your door lock before you decided you couldn't trust it and replaced it with one you could?

You'd switch to a more reliable door lock company...

You wouldn't buy that car...

We've already established you wouldn't fly on that airplane...

Now, what if the company that made this shoddy, insecure product was realistically the only company whose product you could buy?

Welcome to the "free market," where monopoly is still just as easy as ever to create, and where that monopoly still embraces complacency.

~ danny morelos ~

 

[BakEd13]

Who doesn't have an issue with Microsoft?

 

[voiceofreason]

Now, I ask the important question: how many times have you seen this particular explanation for the update? "A security issue has been identified that could allow an attacker to compromise a computer running [our product that you bought] and gain complete control over it."

That's called programmer cryptic. It's written in a way so that it doesn't give "away" to much about the gaping hole they're trying to cover.

If they offer it - take it - it may help...

Windows used to sell their PC OS & server OS with everything turned on & open. They have since found that was "not a good idea", and are selling it with most things closed and off. Letting the user decide what to turn on. Better.

Bottomline is, if someone really wants to hack you, they will do it. Passwords, what a joke, people use such weak passwords that most can be hacked in 5 minutes.

Is it safe out there? No, it's not...

 

[Broken]

It's written in a way so that it doesn't give "away" to much about the gaping hole they're trying to cover.

Sorry off topic,, Just reminds me of SOD.


*I'll go stand in the corner*

 

[morelos]

Bottomline is, if someone really wants to hack you, they will do it. Passwords, what a joke, people use such weak passwords that most can be hacked in 5 minutes.

this is true; abe lincoln once said that you can lock yourself in a steel box and if someone wants to kill you, they will still succeed.

Is it safe out there? No, it's not...

BUT... due to my digression when i wrote the rant, it seems to have drawn people away from the point.

to me, the point is that the product is incomplete as long as they are finding this many security holes. sure, anything in real life can be hacked. it's easier to hack a '65 mustang than it is to hack an '01 prius. believe me, i've tried both. but the point is the product is not finished if these vulnerabilities are turning up right and left.

perhaps they're trying to do too much with their software and not focusing on a core value of security as priority number one.

~ dan ~

 

[Broken]

Right on the Money dan:


Build be a door that can't be opened, you can do it, but that's called a wall. The OS has to I/O somehow.. Even just to put a blinking cursor on the screen you have to I/O..

 

[mariusthegreat]

many people dont even care about this. they buy the computer, type their papers, bank online, buy off ebay, play solitare ...and then go to sleep. honestly, do you think that the majority of consumers know what an ambiguosly named update, patch or service pack upgrade is? theyll just click, ok ..ok ..ok..and install.. I see it all the time. ive had calls where they themselves give me their passwords because Gator is giving them problems. Part of the problem is that users arent informed, they dont know what the heck is going on. They are conformed with the peice of shit machine that lets them type their english papers, they are confomed that they can print a bank statement. To them, they dont know or dont want to know, unless something has happened...fraud.. id. theft...etc. Funny it reminds me of society now..with the whole election going on and stuff..anyways im straying off...my point is that if it doesnt hurt them directly and they cant see it..they dont care untill its happened..i do agree with you on the whole monopolizing and that they shouldnt release their products, but we are the minority...we know the deal...and MS knows that...so they prey off the majority...

 

[MaxPower]

You would be shocked if you saw my IDS logs, server logs and so forth. Or perhaps not, morelos, you and some of the others have seen it before. I can't even count the number of times per week that IDS gets a valid attempted intrusion hit. We have never been hacked on my watch.
My point is, that the OS is not the one and only security issue. True taking a little time to keep machines updated and patched is important. But too many people rely on thinking the only thing that matters is that the OS be vulnerability free. I can safely say (not that I would take this gamble), that if I left all my windows machines un-patched and relied completely on my firewall, IDS, Cisco NBAR, and all the other edge security equipment and practices; I could not be hacked by the average or even a very good hacker. It would take, someone very extraordinary to get through all that.
Leave a Linux box fully patched and exposed to the internet, and it will become some script kiddies bitch in no time.

 

[BakEd13]

...perhaps they're trying to do too much with their software and not focusing on a core value of security as priority number one...

That is what Service Pack 2 is for...

 

[morelos]

You would be shocked if you saw my IDS logs, server logs and so forth. Or perhaps not, morelos, you and some of the others have seen it before. I can't even count the number of times per week that IDS gets a valid attempted intrusion hit. We have never been hacked on my watch.
My point is, that the OS is not the one and only security issue. True taking a little time to keep machines updated and patched is important. But too many people rely on thinking the only thing that matters is that the OS be vulnerability free. I can safely say (not that I would take this gamble), that if I left all my windows machines un-patched and relied completely on my firewall, IDS, Cisco NBAR, and all the other edge security equipment and practices; I could not be hacked by the average or even a very good hacker. It would take, someone very extraordinary to get through all that.
Leave a Linux box fully patched and exposed to the internet, and it will become some script kiddies bitch in no time.

yeah, you're not talking about stuff that will shock me. i'm trying to make a point that [ed. note: this os fucking sucks because i'm installing the aforementioned updates right now and every two seconds it increments the completion indicator AND STEALS FOCUS FROM THE WINDOW I'M TRYING TO TYPE IN.] the product is not market ready if it's that immature. that's all.

why do i run qmail+vpopmail over sendmail? why do i patch my ftpds and my telnetds and shit? to keep them current, yes. the difference here is that the *ix systems are usually born much more secure.

my argument is just that the versions of windows are not market-ready when they keep discovering OLD ways of hacking them. the way *ix systems are hacked is that a new version of something or a new kernel is released and then people start picking at it; they find and fix the holes within weeks. well this is the same old windows i've been running for a year and a half, and they're JUST NOW finding security holes that have been there all along?

 

[voiceofreason]

yeah, you're not talking about stuff that will shock me. i'm trying to make a point that [ed. note: this os fucking sucks because i'm installing the aforementioned updates right now and every two seconds it increments the completion indicator AND STEALS FOCUS FROM THE WINDOW I'M TRYING TO TYPE IN.] the product is not market ready if it's that immature. that's all.

why do i run qmail+vpopmail over sendmail? why do i patch my ftpds and my telnetds and shit? to keep them current, yes. the difference here is that the *ix systems are usually born much more secure.

my argument is just that the versions of windows are not market-ready when they keep discovering OLD ways of hacking them. the way *ix systems are hacked is that a new version of something or a new kernel is released and then people start picking at it; they find and fix the holes within weeks. well this is the same old windows i've been running for a year and a half, and they're JUST NOW finding security holes that have been there all along?

FYI The world is Microsoft's final test facility...

 

[MaxPower]

This is why, a good part of my life is spent combatting hackers and frequenting their sites to keep in touch with things. In a sense we need the presence of "Greyhat's" that find vulnerabilities in any given system or OS and make them public. This makes the vendors scramble to fix vuls that they may or may not have known about;before black hats exploit them.

 

[Shurikane]

Let's put it this way: All programs ever made have holes. So no matter which OS you run, there will still be a way for someone to get into your compy and start fooling around with it.

 

[WILD]

Let's put it this way: All programs ever made have holes. So no matter which OS you run, there will still be a way for someone to get into your compy and start fooling around with it.

Right! XP itself is actually not very bad with security its just that its so common that if you are trying to spread a virus or hack a computer its best to assume its using some form of windows software.

 

[dustinzgirl]

upgrade to xp pro.

and just wait until longhorn comes out (thats the test name of it) that os is going to be in thier control. bye bye freedom on your computer. run a search and read up. might be switching to linnux or just using xp pro forever and ever.

Im not a techy person, but I know marketing and thier strategy is fix it when we have too. just like car companies do. its cheaper to put out a bad product and meet or beat thier release date than to push the date back and fix it.

Look, MS puts out what the avg middle class american will buy. average consumer does NOT care about this stuff or even knows what it is, so in a corporate mindframe, they dont Give A Fucking Shit Either.

 

[User_Name]

Let's put it this way: All programs ever made have holes. So no matter which OS you run, there will still be a way for someone to get into your compy and start fooling around with it.

Unless you completely cut it off from the www and just have a local network that only connects to computers in the corporation and cannot be accessed with hyper text transfer protocol, but then a disgruntled employee could fuck with it as well. So, I guess nothing can be 100% fail-safe.