“Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people’s systems open to malicious attack. Microsoft is recommending that every Windows XP customer apply the patch immediately. Customers using Windows 98, Windows 98 Second Edition and Windows ME with the “Universal Plug and Play” service up and running should also use the patch, the company said.” And this comes only a few days after the serious IE6 security hole where Microsoft also urged the users to upgrade immediately.
Yet Another Security Hole for the Windows Platform
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
It’s disgusting how every bug Microsoft sends a security bulletin out for ends up as front page news. BUGS HAPPEN, MICROSOFT IS FIXING THEM, NO SCRIPT KIDDIES HAVE INFORMATION ON HOW TO TAKE ADVANTAGE OF THESE EXPLOITS.
It’s not like Linux doesn’t have security issues either, take a look at the front page of debian.org once and a while and you’ll see just how many exploits that operating system quietly fixes.
I’d like to see Slashdot post some of those for a change.
hey man, no one tried to start a fight about security. Why did you feel a need to bash an operating system?
Debian is good, Windows is OK, MacOS X is good-ish, Dos was pretty good, CP/M was pretty good, Win 3.x was ok-ish, win < 3.0 sucked, Unix is good.
you can also look at it from the other prospective:
none of them meet my needs 100% so they all suck, just to diffrent degrees.
they all let you get to the reasources and abstract those resources so it makes it easier to do work on a computer, somme do it in diffrent ways than others.
they are just OSs not religions. and even the later is not worth getting huffy about.
The original comment wasn’t “bashing an operating system”, he was noting the anti-MS slant in the original article… I don’t very much like Microsoft, but with a somewhat biased headline such as “Yet Another Security Hole for the Windows Platform” as opposed to “Security Hole in WindowsXP UPnP Discovered” or even “Discovered and Fixed”… The original comment merely stated that MS isn’t the only OS with security holes, and used the various security holes found regularly in Linux distros as evidence…
The headline may seem ‘biased’ to you Sean, but it is not. It IS another security hole, and it IS an important one (Microsoft is urging everyone to upgrade ASAP), coming out only *one week* after the other also important security hole found on IE6 where Microsoft also urged everyone to upgrade ASAP. Based on the fact that these two important security holes are timely very close together, for me, personally, it is “Yet Another Security Hole for the Windows Platform”. If the two issues were far apart some weeks or months, maybe I would have picked the headline you propose, but the way things are right now, I find mine more appropriate.
Geesh, where in my original post does it say I favor any OS? I just pointed out I’m sick of all the press Microsoft’s security holes get while any major holes fixed with Linux are just simply ignored by everyone. As an example I gave Debian’s front page, which lists security issues that have been addressed in all of Debian’s branches. As of this post, I see four “root exploits” within the past month … them some major holes.
And yes, this news is biased for just the reason I posted above … this site rarely if ever covers security holes of operating systems other than Windows. I think I’ve seen one for Solaris and that’s only because it had coverage on Slashdot … a site known for its cruddy journalism and biased perspective.
I’m not a Linux basher, nor am I a Windows addict … this press is bad for Microsoft, who is doing a fine job patching things up as they come along. From my viewpoint, I see nothing wrong with having major security flaws appear from time to time as long as a patch is available.
Microsoft has a lot of money->they can hire the best people in the programming business->they say that you’ve got the best product->they charge a lot of money for XP… and yet they’ve got security problems one after another. And the last one is severe one. Go to http://www.microsoft.com/windowsxp/default.asp and you see a big title: ” Experience the wonders of Windows XP ” and then in the highlights section you see: ” Important! Security Patch for Windows XP and Windows Me Users ” indeed wonders.
dave_sn:
You can throw all the money you want at a software product and not change the fact that it has bugs in it. I agree that Microsoft seems to have lots of security problems, and that their hush-hush policy on the bugs is a little ridiculous, but I also think that people are a bit irrational in giving them so much shit over it.. Androo is right when he states that you always see Microsoft’s security exploits plastered across every news site, yet other OSes exploits go mostly unmentioned…
Microsoft has a large source code base, and when you have a large source code base, you will have bugs. And some of those bugs will be security bugs. Toss as much money as you want at the problem, but the situation won’t change…
Sean Graham:
…You can throw all the money you want at a software product and not change the fact that it has bugs in it …
Not always for example take BeOS about 50 enginirs made better product IMHO than Microsoft.
…but I also think that people are a bit irrational in giving them so much shit over it …
Think about it, instead of to concentrate on making better products, they are stealing others bread. Trying to take over everithing they can. IMO it’s very rational to double check every product, move and intentions of Microsoft.
…Androo is right when he states that you always see Microsoft’s security exploits plastered across every news site, yet other OSes exploits go mostly unmentioned …
It’s true, but I can’t relate to Microsoft like to the other OS makers, because of what I said before and because Microsoft has a major part of the market, and also because their business practices.
dave_sn:
…Not always for example take BeOS about 50 enginirs made better product IMHO than Microsoft.
True, but there is little argument that the scope of what BeOS did and was trying to do is far different from the scope of WindowsXP. There are many, many things that XP does (and actually most of the MS OSes do) that Be didn’t even have in its sights. You are comparing apples and oranges.
…It’s true, but I can’t relate to Microsoft like to the other OS makers, because of what I said before and because Microsoft has a major part of the market, and also because their business practices.
That is no justification for turning a blind eye to equally egregious security flaws and exploits found in other OSes, especially when you consider an OS like Linux, which is getting pretty significant penetration in the server market.
I feel the criticism Microsoft receives for its “most secure” OS is completely justified. Allowing holes this large to make it into the release of what is supposed to be a secure OS is irresponsible of Microsoft.
The reason Microsoft’s security holes are mentioned much more than ones on other operating systems is that Windows is used by much more people. Therefore, it will matter to much more people than posting the latest bugs on Debian, which I’m sure has never had as bad of security holes as XP does. It’s also the reason why you will see more news about Microsoft than say Debian, MandrakeSoft, or Red Hat.
…which I’m sure has never had as bad of security holes as XP does.which I’m sure has never had as bad of security holes as XP does.
This is absolutely not true whatsoever. There have been many extrodinarily large, bad, security holes found in the various distributions of Linux throughout the years (not necessarily the linux kernel, but a kernel is not an operating system).
People shouldn’t be criticizing Microsoft for their bugs, they should be criticizing MS for the actions taken after the bugs are found… MS should instead adopt a policy of full disclosure and get patches out as quickly as possible.
And to say that “windows is used by much more people” isn’t exactly telling the whole picture. Linux is a server operating system, and even the figures that this:
http://www.google.com/search?q=cache:2LvU3Tt9I48:tim.oreillynet.com…
article is disputing says that Windows has 36% of the server market share while Linux has 24%. That isn’t anything to shake a stick at.
Yes, Linux does have holes in it, just like Windows. But I don’t pay for
Linux, and I don’t complain if it crashes. But if I buy a new machine, I
indirectly pay MS for the OS on it, and if that crashes, it severely sucks!
I’d say, people who need security should be willing to pay for it, but then
the OS vendor has to provide some guarantees about their security. Taking into
account all those virus warnings and stuff I think MS didn’t get this right.
(compare OpenBSD; they seem to be _very_ secure and still free).
So if you want security, better pay a UNIX admin than install Win…
If you don’t care too much for your desktop system (like me), just ignore it.