Microsoft admits 'critical' flaw

Beanbag · Feb 16, 2004

Captain_Snort said:
but as M$ has stopped magazines cover discs carrying security updates, and its bound to be yet another huge download to fix, its just yet another reason to ditch M$ and use a decent OS.

(either that or go broadband)

I'll gladly dump Windows when there is an alternative OS that doesn't require technical support just to install it.

Case in point -- my foray into Linux. Spent two weeks trying to get it to load up, configure the display, and set up the Ethernet connection. Ended up dumping it and moving to Windows ME. It installed in less than an hour, found ALL the hardware without having to go hunt drivers on the net.

Migrated a second Windows ME machine to XP using the upgrade package this afternoon. Went for a complete reinstall, rather than keeping what was on the hard disk originally. Install time was about 45 minutes. I confess it didn't find the integrated sound system on the first boot, but it found everything else, and three minutes after I put in the CD with the motherboard drivers, it was making sound.

One comment made by one of the forum members in the "Why Windows will never replace Linux (for now)" thread was particularly telling -- the gentleman flat came out and admitted that EVERYONE had trouble installing Linux. Gripe about Windows and Microsoft all you want, but they probably do the best job of supporting the customer as far as getting a functional install on a ragtag assortment of hardware. That's why I'll spend the hundred bucks (US) to get an upgrade to XP, instead of downloading a free copy of Linux. I want to USE my computer, not fiddle with it.

I've looked at MenuetOS -- I like the potential in what I see, but for the moment, it's pretty much a cardboard shell. Looks good, does a few things well, has ZERO support and absolutely NO formal documentation. As soon as they get to a release number greater than or equal to 1 (current release is .75), it might be useable for something other than a hobby machine.

Sloppy coding in Windows? You can make a case for it, though it might be interesting to see what percentage of the modules contain "errors" and exploitable flaws when compared to the system overall. I --think-- they wrote the code to do the tasks specified at that time, and made a reasonable effort to anticipate possible problems. One of the axioms of programming since CP/M days is that no matter what safeguards you build into your code, some ingenious idiot will find a way to sneak bad data or malicious intent around them.

Nobody offers an OS that comes even close to the functionality and ease of use that Windows does, with the exception of Apple and their Macintosh OS's. Windows got out on the market with the widest distribution and the greatest number of installations. To think that everyone is just going to migrate to some mythical equivalent OS overnight at zero cost is about as reasonable to expect some Microsoft programmer to cut a few lines of code some evening to correct some just-discovered flaw in the base software and make it available as an upgrade. Fixes take time when other code is built on the code that's been altered -- you've lost all the field experience from having the original code out in the field, actually being used by the people who paid for it to begin with. You can't tell me that you software jockeys out there havent spent several sleepless days or weeks chasing down bugs created by some relatively minor change in a program you've written that rippled outward and messed up something else.

That said, I feel that Windows is probably too large and certainly too expensive. I subscribe to the Borland Turbo Pascal for DOS pricing scheme -- if you get the price down to $49.95, people will buy all the copies they need, rather than pirating a copy from somewhere else. Witness iTune's success with 99 cents a song downloads.

Regards;
Beanbag

epepke · Feb 16, 2004

Beanbag said:
I'll gladly dump Windows when there is an alternative OS that doesn't require technical support just to install it.

Well, there is one--Mac OSX--but you probably want one on commodity hardware.

And there used to be one--Be OS--but they're dead.

One comment made by one of the forum members in the "Why Windows will never replace Linux (for now)" thread was particularly telling -- the gentleman flat came out and admitted that EVERYONE had trouble installing Linux. Gripe about Windows and Microsoft all you want, but they probably do the best job of supporting the customer as far as getting a functional install on a ragtag assortment of hardware.

Except the the SuSe distribution really is a no-brainer to install. But you had a valid point in the other thread, because SuSe is just one distribution, and when people think "Linux," they think that all distributions were equal.

jimlintott · Feb 16, 2004

Which model would result in the most secure OS?

1) Keep the source code a closely guarded secret.

2) Assume that the bad guys have the source code.

shanek · Feb 16, 2004

Beanbag said:
I'll gladly dump Windows when there is an alternative OS that doesn't require technical support just to install it.

As if you don't to install Windows? I've had far more troubles installing Windows than Linux.

Case in point -- my foray into Linux. Spent two weeks trying to get it to load up, configure the display, and set up the Ethernet connection.

What distro & version?

I once raced a guy who insisted that Windows was a quick, straightforward install. This was in the Windows NT/Red Hat 6.2/NetWare 5.1 days. We had indentical systems. He installed Windows NT. I installed, sequentially, Red Hat 6.2 and Novell NetWare 5.1. I fully installed Red Hat, went to install NetWare but it failed mid-install and I had to redo the installation from scratch...and I STILL beat him!

One comment made by one of the forum members in the "Why Windows will never replace Linux (for now)" thread was particularly telling -- the gentleman flat came out and admitted that EVERYONE had trouble installing Linux.

I don't. Every time I install SuSE 9.0, it just simply works.

Gripe about Windows and Microsoft all you want, but they probably do the best job of supporting the customer as far as getting a functional install on a ragtag assortment of hardware.

Bull$#!7. Try getting a straight answer from Microsoft when something doesn't work. I can always get a Linux solution in ten minutes at no charge whatsoever.

Also, installation ain't everything. It seems like all the time with Windows I'm having to recover from some crash or having to roll back to a previous restore point because the system has farked itself up and Microsoft doesn't give you any way of fixing it. Whereas Linux—I have to say it again—just simply works.

TillEulenspiegel · Feb 16, 2004

"Thanks, I'm a professional programmer. What I'm asking is what you meant by using those words together. It reads like nonsense."

"For the record, I imagine most people in the industry would read "source code level hack" to mean a hack that has been inserted into the source code for the target project, which is not at all how the Windows security flaws are taken advantage of (*).

My You are being pedantic aren't You? Well if didn't use the correct nomenclature I apologize, but I suspect most knew what I meant .I'm a hardware geek and programming is just on the periphery of my profession , so I know enough to muddle thru. I would label "a hack that has been inserted into the source code for the target project" to be a backdoor but maybe I'm wrong there also. The truth of the matter is that this is not a hack as defined by me and others or a flaw as described by Microsoft, but a vulnerability that stems from the fact the many people have source code to examine and exploit.

"This is what I suspected you probably meant, but it's simply untrue. If you'd care to support that statement, I'd love to hear your support."

What is untrue? That this involves source code being leaked or that Microsoft guards it's proprietary software closely. They do distribute APIs and I/O and Interuupt schedules ( maps? addresses? can't be too careful with words) for third party vendors but not normally huge chunks of source code.

"I wasted my time looking at all three of these links, none of which draws any connection between the latest hacks to effect Windows and the release of the source code, which is what you are claiming."

The articles are all based on the topic we were discussing.

"Untrue. Many, many contributors to the Linux source code are *completely* profit driven. You need look no further than mods submitted by developers of Linux distributions."

I said the "Model" not certain vendors -Red Hat ,SuSE, ect.

"Even if it were true, you're the only person I know who claims profit motive makes Linux better. Why do you feel that is so?"

I did not say that, I said "because it is not profit driven", without an eye towards the bottom line or the next release.

The GNU open source project softwares (including Linux) is written, tested, revised all in the open by anyone who has the expertise to successfully attempt it ( and some who don't ) . It's analogous to the peer review process of scientific papers and abstracts, which are published in your community are subject to, all have the opportunity to prove or disprove the validity of the paper.

"What meaning does "on the fly" have in this context?"

Defects corrected - easily detected and patched.

I'd insert "more likely to be" - but otherwise very true.

-Chris

I didn't post to start a pissing contest, mearly to say that my estimate of a "Flaw" with such far reaching consequences must be at the source level and not another MS IIs php or buffer overflow hack seems correct. I do not wish to engage in a debate of syntax or labels so now, having explained myself , will remove myself from this thread.

Cleon · Feb 16, 2004

shanek said:
I don't. Every time I install SuSE 9.0, it just simply works.

Agreed. I had not run Linux at home for a couple of years, and then always Slackware. Last week I decided to go ahead and install SuSe 9.0--my first time at home with a non-Slackware distribution. The only "gotcha" was that I, for reasons I cannot currently fathom, decided to install off the FTP site rather than just go out and get a copy of someone's CD. So it took a long time to install.

But when it did install, it auto-detected everything, including my optical USB mouse, printer, network card (and thus DSL), everything. Back in The Day (1995) when I started running Linux you had to set all that stuff up manually, recompiling the kernel with proper driver support and tweaking all the conf files. Linux has come a long, long way. I would actually say that on a Suse system running KDE, you could use it as a desktop OS for the average computer user. Really--it's THAT easy.

I've had only minor problems with it since, and nothing that I didn't get an answer for minutes after posting a question to a newsgroup or listserv. And I didn't have to pay a dime to technical support or wait on the phone, listening to crappy hold music.

Beanbag · Feb 17, 2004

I've had fewer problems (like NONE since Windows 98) installing Windows than with my two hacks at Linux. Stability has never been a problem, but then again, I'm VERY conservative with what I install, hardware- and software-wise, on my machines. That may be why it's been years since I've seen a Blue Screen of Death on one of my machines, and lockups only occur when I un-hibernate with Windows Media Player 9 on my laptop

I may give Suze a try, now that I've got a spare machine or two.

Regards;
Beanbag

Microsoft admits 'critical' flaw

Beanbag

Illuminator

epepke

Philosopher

jimlintott

Master Poster

shanek

Penultimate Amazing

TillEulenspiegel

Master Poster

Cleon

King of the Pod People

Beanbag

Illuminator