Another Patch Tuesday and Microsoft comes out with a variety of patches, and this series is more critical than a month ago. The critical vulnerabilities are in Windows, Office, Internet Explorer and Microsoft Antivirus. All of them could allow remote code execution.
Nice to know some things never change… ๐
Yep. I’m surprised it’s news after all these years.
Hmm, so its bad when they release updates, but its bad if there is a delay in updates, and it is absolutely terrible if they don’t release an update at all.
So, whats the story? will you ever be satisified?
For me, I have Office 2007 Pro + Windows Vista Ultimate, and I had 3 updates to install, one for Office 2007 which was an outlook junk filter update, the two Windows updates were one relating to Mail junkmail update and malicious file removal tool.
As before that, its has only been updates relating, for example, definition updates for Defender, plus some fixes for very rare problems that end users might find.
Compare that to a clean install of OpenSuSE, Windows Vista is actually coming off quite nicely in regards to security, updates, and the promptness of those updates after the debarkle I had with Helix and the lack of fixing bugs by Novell/Maintainers.
For me, I have Office 2007 Pro + Windows Vista Ultimate, and I had 3 updates to install, one for Office 2007 which was an outlook junk filter update, the two Windows updates were one relating to Mail junkmail update and malicious file removal tool.
Yes, Microsoft has you nicely wrapped around it’s crooked finger.
But the main point is, how long has Vista been out? About two weeks?
And how long has Vista been in development? About five years?
And how many billions of dollars was invested in it? About a trip to the moon worths?
Wow. And already 3 updates.
Let’s see how many gigabytes of updates we’ll have to download for a new install of Vista around mid-year.
Pretty sad quality of Microsoft’s work if you ask me.
I’d hate to have to drive a car that Microsoft made.
Pretty sad is your attitude.
Why do you bother posting when you obviously have no clue nor do you live in reality?
I’d hate to have to drive a car that Microsoft made.
Don’t buy a Ford then. Microsoft made a deal with Ford to use Microsoft’s software in their vehicles.
http://arstechnica.com/news.ars/post/20070108-8568.html
Don’t buy a Ford then. Microsoft made a deal with Ford to use Microsoft’s software in their vehicles.
Yes, something to watch out for.
FixOrRepairDaily vehicle combined with Microsoft software will not be on my shopping list for sure.
Not interested in getting a UAC prompt everytime I flip the turn signal.
“Are you sure you want to make a left turn?”
“Continue” “Cancel“
“”Are you sure you want to make a left turn?”
“Continue” “Cancel””
Actually that might not be a bad idea with the way people drive in LA
Vista has been out in RTM form for almost three months – it has been tested by several hundred thousand users who are currently using it before it was released to the retail channels.
Shapeshifter, if you want to make a jab against Microsoft, could you please keep it factual rather than fancy free baseless attacks.
So you don’t like Microsoft or Windows, good for you, but some of us *USE* computers to get work done rather than endless findling and tweaking.
“””
Hmm, so its bad when they release updates, but its bad if there is a delay in updates, and it is absolutely terrible if they don’t release an update at all.
So, whats the story? will you ever be satisified?
“””
I believe that the (very reasonable) desire is that there not be so many critical vulnerabilities put into the code in the first place.
What a radical concept! There really *is* something better than getting fixes out fast… though that fact usually gets lost as people fall all over each other to chant the mantra that all software has bugs…
You know the rest.
I believe that the (very reasonable) desire is that there not be so many critical vulnerabilities put into the code in the first place.
So you’re claiming here that Linux or no other operating system has vulnerabilities? so the bugginess in MacOS 10.3 and 10.4 were just a figment of my imagination; the mountain of updates for OpenSuSe was just my eye sight playing up on me; the fact that Helix Banshee constantly crashing because of non-alphabet characters in the song names is just a problem that only I experience.
Nice to see that everything in the world only occurs to me, and some how, you never experience a single problem when using your operating system of choice.
What a radical concept! There really *is* something better than getting fixes out fast… though that fact usually gets lost as people fall all over each other to chant the mantra that all software has bugs…
And you’ve programmed before? get a clue, infact, get some experience in the real world, then come back spouting off that illinformed crap on this pathetic little forum filled with fanboys, half witts, and at times, the completely wittless.
I am sorry, maybe I am crazy but I think I can deal with Banshee crashing more then I can deal with my banking or other personal information being stolen.
I think Windows fanboys are more worried that their World or Warcraft runs good then if their machine is being used as a spyware, spam farm.
Also if you compare things you will see that as normal Windows may have less patches then say Linux but almost all the Windows problems are critical and that is scary!
Also when it comes to programing we all expect MS to be on a different level since they invest 20 times more then the nearest company (Apple) Yet with all those billions in investment their products are no better then some Linux companies and worse then Apple.
Its funny that Bill Gates is pissed because every show he goes on and every news report he reads says that MS Windows is now the most like Mac OS it’s ever been.
The poor mans Mac.
Not all of us have auto updates on our home desktops, and aren’t always available to check on our own for them. If I’m at work and see a headline for the OS I use detailing critical updates, I’d be glad to know I will be secure when I get to it when I get home, rather than miss out on it because I think I’m okay.
That logic might not be bulletproof, but not everyone goes “lol windowze MS” when headlines about important patches pop up.
Also some admins may want to see what patches are relevant to them, considering the OS is so widely used. Of course it will be news somewhere if it has the market share.
(I use and love unix-based OS’es as well, so don’t assume I’m sticking up for MS)
Nothing to see here move along!
Ubuntu asked me to download about 12 updates once. Perhaps we should make a news story about that?
Yep. My default GNOME openSUSE 10.2 install had 110 patches for immediately download upon first boot.
How many of those 110 patches had remote exploits available the very next day, or evolved into worms?
I would guess not too many. (If any)
I suppose this makes the Microsoft patches more news worthy.
I don’t know. There were too many patches to check individually, but I can assure you that there were many security oriented ones just by glancing over the top few.
Edited 2007-02-14 05:17
You cannot decide that just through “glancing”.
You have to read them closely and decide whether or not these patches belongs to the same vulnerability or not.
When using a binary distribution you can be almost certain that one minor bugfix or vulnerability fix will cause a lot of packages to be updated, even though they are not affected by said vulnerability.
Sure I can. You have a brief read of the patch reason and it says, paraphrased, ” to fix a security…” at which point I see it as a security oriented patch and move on.
Binary or not, the patches were to fix something related to a security vulnerability so that’s how I treat it. If it were say 12 patches perhaps I would look at them in more detail, but when there’s 110 I have better things to do especially on a test box at home.
Heh… It’s not because there are 110 vulnerabilities. Don’t be silly. It is point releases newer than the versions in openSUSE 10.2. When updating a package due to a vulnerability you often have to update the applications linked to said package – especially if it is a minor update, and not just a revision.
I didn’t say there were 110 vulnerabilities. Verify that in my other posts, if you’d like.
Actually you did. Unless you mistakenly compared numbers of patches with numbers of vulnerabilities.
Each of the patches for Windows Update are _different_ vulnerabilities. Therefore you cannot compare directly – especially not when using a binary distribution (one little fix means a lot of updated packages).
Actually, no I did not. Read again what I responded to. The comment I responded to was about a generic set of 12 patches. I then followed up with a generic 110 patches.
If you care the look at the subject it even says “kinda”.
“Kinda” is a completely worthless word. It’s either the same or it is not. There is no “in between”.
You compared 12 security related patches with 110 point release-related patches. If you don’t consider the 110 patches akin to the 12 security patches, you shouldn’t compare them at all.
Comparing apples and oranges and claim it’s only “kinda” is pretty much a void comparison.
Point release or not, a security vulnerability patch is exactly that.
Not necessarily, but most often a security fix is also a point release.
The problem is you are lumping all point releases together with all security vulnerability patches. And that’s wrong.
A security patch is usually a point release.
A point release is usually not a securiry patch.
Add to that the special behaviour of most binary distributions and we have a result where your way of looking at things gives extremely weird results.
Depends on the nature of the updates, but if they are even remotely connected to vulnerabilities or major bugfixes, I’d say it would be news.
On my rebuilt Gentoo system I’ve had 3 (non-critical) security updates so far – since november 2006. That’s less than what MS gave me in january 2007 – or the number of updates this time from MS.
Examine the patches, most of them will be point updates or security patches for 3rd party software packages. Some of those updates will have had news releases associated with them. Maybe 10% will be related to core services, and maybe onlt 50% of them will be security related.
Image if WindowsUpdate was used to update all the major Windows-based software packages, we’d be talking 1,000s a month, not 12 once, or whatever
Ubuntu asked me to download about 12 updates once. Perhaps we should make a news story about that?
That’s a pretty bad comparison. Not only is there thousands more programs included with Ubuntu than Windows, you did not specify whether or not the updates were security related. Six critical updates is a lot for one month, especially when you’re only talking about a few applications.
Suse has always been one of the biggest distros. You get *thousands* of packages. My minimal text mode install the other day only need about a dozen updates–only 3 or so where security related (gd was the one I remember).
Vista is so new I’m not surprised there are so few updates for it. As opposed to a linux install, that is the sum of it’s parts, Vista is a monolith with a huge amount of new code nobody has looked at yet.
All of them could allow remote code execution.
“Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine.”
You just might get it ๐
yup, careful what you wish for.
I love you too Microsoft
Ah, Microsoft Antivirus. Antivirus is just another process running with admin privileges that has a possibly to have exploitable code.
So true, so true.
Actually our computers are much safer turned off
Having your computer on offers a lot of functionality.
Antivirus software offers nothing in terms of user experience.
Offers quite a bit really, just not good experience.
I’ve never had trouble patching my system before, but five of yesterday’s patches won’t go into my (XP SP2) system. It’s not a big deal since I load Windows just to play games (Dawn Of War, Galactic Civilizations II, simulators), but it’s still aggravating.