The antitrust investigation into Microsoft’s activities lasted nearly half a decade, but by the time regulators finally came to a landmark conclusion, Microsoft had already established its position and the rival product was all but defunct. Microsoft released on Tuesday fixes that cover at least 20 Windows flaws, several of which could make versions of the operating system vulnerable to new worms or viruses.
Microsoft’s long-playing Business Record; Slew of Security Updates
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Twenty flaws, of which 8 are critical – that’s a pretty serious security issue. More importantly, 16 of those vulnerabilities are remote exploits.
I’m curious to see how the pro-Microsoft advocates are going to spin this one…
The only group that can stop MS is the US govt, but MS has already castrated them. There is no hope.
Hehe, you konw them. They’d say something to the effect that Linux and BSD ahs blah blah blah…..
or that those flaws and flaws at all!
Same old boring rhetoric ;-D
and not forget them calling us slashdweebs, asshat, zealots etc etc…..
I seem to not be able to get in, perhaps people are actually taking an active stand on their computer security or it’s just Slashdot.
Just remember that crackers do not exploit Windows until after there is a patch for the exploit. So Windows is very secure.
The reason they call us zealots is because we can’t resist these types of tie-ins. What the author means to report on is merely that new vulnerabilities have been found in MS code. The author does not need to remind us of the decade long antitrust case that preceded these security advisories.
Seriously, incrememntal advisories don’t need to have some grandiose historical context pinned to the front of them. Can you imagine the anti-Linux version:
“Ten years ago, the Linux kernel was a hobby project coded by students in their spare time and supporting a small subset of commodity hardware. Today the Gentoo Project announced that ‘multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.'”
Wouldn’t you cry foul over the context added by the first sentence?
ok so microsoft fixed the vulnerabilities but how is this gonna help windows users? news is onething patches and SP is another.
out of many they only fixed 20?
so am i 20 less vunerable?
I think that the editor simply bundled together two important news stories about Windows – hence the semicolon between the two headlines. I agree they should have been more clearly separated into the text as well, but let’s not make a mountain out of a molehill here…
Yes, I think an unintended consequence to only releasing patches once a month is that the Windows Update site gets hammered once the patches come out.
Personally though, I like it better this way – don’t have to check once a week anymore
what patches what are you talking about there are no patches
all.
Sorry to say this, but RTFA – they released the fixes as patches. That’s besides the point – the fact is those were a lot of severe vulnerabilities, and affected up to Win2K3. Let’s just hope that everyone patches up quickly before crackers try to exploit these.
I think another reason WU is slow is that they’ve changed the process. One update in particular (the one for several vulnerabilities) seems to download more files during the install phase. That probably also explains why the file size for four updates seems about the same (~280K). If that’s the way they’re going it might be a little painful – you’ll no longer be able to estimate download time from the file sizes in WU.
For the most part the problem isn’t the computer literate crowd that give Windows a bad name.
It’s all the clueless users who never update anything who really enhance these security issues.(select a percentage here) I would be the first to tell you there are serious holes in Windows, and other OS’s as well.(never going to change, only new ones to be detected)
You can’t entirely blame Microsoft for all the ill’s in the world; as much as MANY of you would like to.
The end user is ultimately the one who maintains their own system; or neglects to do so. The folks who read OS News, Slashdot, and many of these other forums; do NOT make up the “average user base”.
It wouldn’t matter what OS you were running, if a huge percentage of the operators were “clueless”, the problems would be very similar. (there could easily be virii written specific to the others; popularity loves company)
The same people who don’t update Windows, would be the same ones who would run Linux as Root, and Windows as Administrator…. Some things are never going to change.
Since we all know MS recently changed its stand on security I think they’re moving along quite well… they secure a lot more now than ever. They already passed Linux in security so I wonder if they take it so seriously that they’ll try to steal OpenBSD’s crown… not likely but a nice thought..
I must say I’m not happy with those vulnerabilities. Not the vulnerabilities themselves, but the fact that Microsoft has _waited_ (most of them were discovered by 3rd party people not related with microsoft) to launch a single security report instead of releasing patches as soon as they could once they had a patch. In Linux we had several vulnerabilities, but they were announced and fixed ASAP
I have a friend that works at Microsoft and I asked him about this once. He said it usually depends on what product they are releasing a patch for. If it’s Internet Explorer you have to understand that a lot of third party products use IE (Quicken, Eudora, Encarta, some HTML editors for previews, etc), so part of the testing process for a new patch is to allow these companies to run their tests too, just to be 100% certain some fix doesn’t break their product. This makes the process have a slower turnaround time. You can already see the bitching that’s occuring due to XP SP2 breaking some third party products, imagine if a quick turnaround on a patch made it so your Quicken or HTML Editor stopped working correctly.
“They already passed Linux in security…….. ” — Proof please.
The morons at Microsoft have created a distributed denial of service attack by only releasing the patches once a month. If you go to the windows update site, it is almost unusable.
Great idea…
By the way, the breadth and severity of the problems being fixed is astounding.
And I suppose you’re just refreshing that “Your browser is not supported” page just to see how fast it is. Right. It works fine, troll about something else.
I love the Linux zealot spin. The first couple of posts are “I wonder how PRO Microsoft guys will spin it.”
Don’t need to–I’ll just point to http://www.linuxsecurity.com/advisories/ and let the daily security advisories speak for themselves.
http://www.linuxsecurity.com/advisories/fedora_advisory-4228.html
I guess Windows users have to type URLs manually, but Linux users can’t mount CDs.
I’d rather have security advisories come out when the bugs are found, rather than have to wait until MS can make a big ol’ patch to solve them all at once. I agree with the eEye guy: this is just a marketing move to make Windows appear more secure.
Anonymous (IP: —.client.comcast.net)
Sure, compare a difficult to exploit local vulnerability to several critical remote ones.
I’m not even going to go into the dismal malware situation with Windows…
Since we all know MS recently changed its stand on security I think they’re moving along quite well… they secure a lot more now than ever. y already passed Linux in securityI wonder if they take it so seriously that they’ll try to steal OpenBSD’s crown… not likely but a nice thought..
Hahaha what glue are you on? Strong stuff!
love the Linux zealot spin. The first couple of posts are “I wonder how PRO Microsoft guys will spin it.”
Don’t need to–I’ll just point to http://www.linuxsecurity.com/advisories/ and let the daily security advisories speak for themselves.
This goes nicely with my first comment. I said they’ll call us ‘zealots’
They did and I said the’ll post the vulnrability list for linux and guess what they did! Then they say they didn’t spin anything and guess what they did.
Thank you windows fanboys for prooving how thick you guys really are!
For the most part the problem isn’t the computer literate crowd that give Windows a bad name.
It’s all the clueless users who never update anything who really enhance these security issues.(select a percentage here) I would be the first to tell you there are serious holes in Windows, and other OS’s as well.(never going to change, only new ones to be detected)
You can’t entirely blame Microsoft for all the ill’s in the world; as much as MANY of you would like to.
The end user is ultimately the one who maintains their own system; or neglects to do so. The folks who read OS News, Slashdot, and many of these other forums; do NOT make up the “average user base”.
It wouldn’t matter what OS you were running, if a huge percentage of the operators were “clueless”, the problems would be very similar. (there could easily be virii written specific to the others; popularity loves company)
The same people who don’t update Windows, would be the same ones who would run Linux as Root, and Windows as Administrator…. Some things are never going to change.
The problem is that if ypou do patch a windows OS it becomes even more unusable than if it had been infected with the latest virii. If you want windows to at least work then don’t patch the box!
This XP Pro box is patched constantly as soon as the patches become available. I’m clearly still using it.
I really don’t get your post: “Windows gets viruses [virii is not a word]! It sucks!” “Don’t fix Windows, the fixes suck!”
What do you really want, to see Microsoft go down just to boost your ego, or to see consumers switch to a superior platform that fulfills their needs? I’m beginning to wonder…
I think -=Solaris.M.K.A=- is referring to the fact that a patched XP box will suffer a noticeable performance loss when compared to a vanilla one. Several people complained about this in the comments section of one of John Dvorak’s articles.
It makes perfect sense updating and patching a system is going to slow the performance a bit. God only knows how much code has been added to Windows 2000 over the course of four service packs, dozens of hotfixs, and several updated versions of IE.
However, not updating a system due to a performance hit is simply not an option. If the performance slips to an unexceptable level, consider faster hardware and move forward.
There are obviously users who will refuse to update, thankfully they are rare.