PDA

View Full Version : New MS Critical Update



Odin
07-10-2003, 04:56 PM
I may have missed an erlier post about this, so if I have sorry. Ther is a new critical update for IE . It fixes a security hole that could allow your computer to be hack just by visiting a webpage. The worst thing about this security flaw is that you will be affected REGARDLESS of what browser you are using. So even if you use Mozilla, Opera or another you can still be hacked. I suggest you you go get the fix to avoid this happening.

Jim B
07-10-2003, 05:05 PM
Yes, go and get another update for your insecure system.

Mac users can continue to use the computer for useful work.

agent
07-10-2003, 05:52 PM
> Mac users can continue to use the computer for useful work

That is both a harsh and a false statement.

the highlander
07-10-2003, 10:58 PM
"Mac users can continue to use the computer for useful work. "

Thought provoking. Purchasing a mac has now gone to number 2 on my priority to do list. Right after after number one - shaving my head with a cheese grater. :-)

kiwibeat
07-10-2003, 11:06 PM
Is there a article about this Opera is a totally different browser and has far fewer bugs and hole in it besides I have a image of my C: drive as well so can restore if anything does penetrate my defences I am using 98SE as well so not so easy to break into my O/S as with XP

mikebartnz
07-10-2003, 11:12 PM
I think with the number of patches that have been coming out of Redmond lately it is probably neither harsh nor false.

Big John
07-10-2003, 11:37 PM
Yes, Quite old and has been there for a while. I installed it over a week ago.

Jim B
07-10-2003, 11:42 PM
"shaving my head with a cheese grater".

Looks as if this report could have some validity.

Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts, according to a report from Nielsen/NetRatings.

The study also said Mac users tend to be more Web savvy, with more than half having been online for at least five years. And the Mac faithful are 58 percent more likely than the overall online population to build their own Web page and also slightly more likely to buy goods online, according to the report.

Kelly said the greater affluence and education level of those who surf using a Mac is attributable in part to the company's comparatively pricier machines, as well as to their perception as a status symbol and their greater market share among those in the publishing and design industries.

Nielsen/NetRatings said that 70.2 percent of Mac users online have a college degree, compared with 54.2 percent of all Web surfers.

Jim B
07-10-2003, 11:56 PM
Big John. This only came out this weekend previous patches did not fix the problem.

http://news.com.com/2100-1002_3-5086979.html?tag=nefd_top

Microsoft fixes broken patch
Last modified: October 6, 2003, 12:13 PM PDT

By Robert Lemos
Staff Writer, CNET News.com

Microsoft releases a cumulative patch for Internet Explorer this weekend, plugging a security hole that had been used by Trojan horse program QHosts to compromise consumers' PCs.

The patch--the fortieth that Microsoft has issued this year--seals several security holes in Internet Explorer 5.01, 5.5 and 6.0 for all versions of Microsoft Windows. The giant deemed the patch critical to all versions of Windows, except Windows Server 2003, which runs with more security in its default installation.

The patch repairs a previous patch that didn't properly protect against two "object type" vulnerabilities. The vulnerabilities have been exploited by Trojan horse QHosts to compromise people's PCs when they browse a Web site that has attack code built in.

the highlander
08-10-2003, 12:18 AM
"Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts, according to a report from Nielsen/NetRatings. "

My profound apologies if this humble, knuckle dragging windows neanderthal in any way offended your beloved macintosh or cast doubts about your financial and intellectual prowess which, as a mac user, obviously far transcends that of mortal man. :-)

Jim B
08-10-2003, 08:44 AM
Not offended at all, why would I be.

It is you people who have to go through the continuous round of updates and patches not just for Windows and IE but also for Anti-virus, Spyware and Firewalls to ensure your system is secure and this latest patch is the 40th from MS this year.

We are all part of the computing community and I am only sorry that a large section of it has to be subjected to all these distractions and worries from what should be a pleasant, troublefree computing experience.

Many people are not aware that there are other options available apart from Microsoft products and software and it is worth mentioning that alternates to Internet Explorer and Outlook Express are now readily available.

The following article is worth thinking about.

http://www.newscientist.com/news/news.jsp?id=ns99994203

Microsoft monoculture allows virus spread


13:35 25 September 03

NewScientist.com news service

The world's reliance on Microsoft operating systems is leaving critical computer networks unnecessarily vulnerable to attack, claim security experts.

A report published on Wednesday by the Computer and Communications Industry Association says that Microsoft’s dominance in PC operating systems has created a 'monoculture' that allows viruses to spread like wildfire over the Internet. This lack of diversity allows even simple viruses, created in minutes by so called 'script kiddies' to wreak havoc within hours of creation.

"Nature does not put up with monocultures because they are too easy to attack," says Daniel Geer, one of the paper's authors and chief technology officer for the security company AtStake. "If everything looks just alike . . . it will promptly be punished."

The security problems created by Microsoft are a direct result of the company's business practices, claims the report. The company’s systems are designed to keep out competitors rather than intruders, say the authors.

"Their goal is to facilitate lock-in of Microsoft products,” says Bruce Schneier, chief technology officer of Counterpane Internet Security, one of the report’s authors.

Dolby Digital
08-10-2003, 08:47 AM
>>>>Yes, go and get another update for your insecure system.

>>Mac users can continue to use the computer for useful work.

Nothing like a dig at MS Windows. Of course Mac users pay more for the privilege of using their computer for useful work.

If I were paying all that money for a Mac I would expect at least a 2 button mouse :D (or do they have them now)

Jim B
08-10-2003, 09:24 AM
Yes, for those that feel the need.

http://www.lowendmac.com/macdan/03/0501hj.html

Chilling_Silently
08-10-2003, 09:44 AM
Why not just install Linux on both Mac's and your IBM Compatabile PC's and be happy all round :D

TonyF
08-10-2003, 10:39 AM
Patch is Q828750. Go get it. Teeny by MS patch standards - only 2.2 megs ....

Jim B
08-10-2003, 11:12 AM
> Why not just install Linux on both Mac's and your IBM
> Compatabile PC's and be happy all round

It has started already.

http://www.divisiontwo.com/articles/barbieOS.htm

Steve Askew
08-10-2003, 11:32 AM
If the tube in my tyre needed as many patches as Windows I would have thrown it out long ago :p

mark.p
08-10-2003, 11:55 AM
:) no wonder you NT based MS Windows users need such big HDDs. Its required to load all these patches.

CYaBro
08-10-2003, 12:04 PM
To all those Mac & Linux lovers

Check this out (http://securityresponse.symantec.com/avcenter/security/Content/8732.html)

It looks like pretty much everyone is effected by this!

It may only be a start but as more and more people start to use Macs or Linux more and more security holes etc will be found :)

mark.p
08-10-2003, 12:12 PM
If the service is disabled we're not.

Jim B
08-10-2003, 12:27 PM
This is not a Mac. Linux or even a Windows issue, it make no difference how many users are using which operating system. This is a problem caused by OpenSSL and incidently has been fixed in Macs and Linux but no mention of Windows.

Chilling_Silently
08-10-2003, 02:33 PM
I see no mention of Redhat 8.0, 9.0, or Slackware 9.0 and 9.1?

Personally, I dont like MDK, but I know a lot of others do!

Im not going to be immune forever.... but so far so good ;-)

agent
08-10-2003, 04:18 PM
For the love of...

We don't need to hear your useless reports about Apple users (or at least I don't), because I have a friend who has already told me this crap.

OK, let's go for being better educated... my friend is below the intellectual level of myself. He doesn't do his homework. He thinks he will work as a lawyer for Apple. He thinks he can get into university from sixth form (tough luck trying).

Makes more money than me? Yes, because he works for an Apple distributor in NZ. I don't work. Why? Because I would rather concentrate on my studies. No doubt one of the reasons why he never does is homework is because he works after school to very late hours of the night. Which goes to show he has his priorities mucked up big time.

More web savvy, huh? More than half have been online for at least five years, eh? I bet there are more users of other operating systems who have been online for at least five years as Mac users - maybe not as a percentage, but as a number. Why? Because there are more users... hence the high percentage for the Macintosh users.

Again, the percentage about building web pages is misleading, because there are far fewer Mac users than Windows, various Linux distros, OS/2, etc. Myself? I've built a fair few web sites.

How about buying goods online? I see this as absolutely stupid. Aside from the perceivable benefits and ease of buying online, it is a security risk, even with an encrypted connection. What's more, IMHO, buying online is downright stupid, and another factor contributing to our ever increasingly lazy population.

I don't notice any perception that a Mac is a status symbol, either. Please, don't tell me that movies, television shows, and famous people use Macs (and by the former two parts of that, I mean how you always see iMacs in television programs and movies - although they aren't being used in most shows, they just sit pretty in the background), because frankly, I couldn't care less who uses a Mac.

Apple tries to flaunt all these well known people on their website as part of the Switch campaign. Who honestly cares?

My friend certainly isn't more affluent or educated than me.

And once again, the higher percentage of Mac users online who have a university degree (because here in New Zealand, you don't get a degree from your college, and a tertiary education institute is not known as a college) can be attributed to the fact that there are far fewer Mac users than other operating systems. Perhaps also contributing to this is the fact that a large portion of all internet surfers will not be old enough to have a degree yet - what I'm saying here is that there are more teenagers and children using other operating systems than there are using Apple operating systems.

Now, I have a question for you. Did you know full well the reason for Mac users having those higher percentages (ie, you're trying to dupe us), or did you not realise (ie, Mac users are not more educated and affluent than users of other operating systems).

Graham L
08-10-2003, 04:31 PM
There are newsgroups which exist for the purpose of keeping those who wish to say that one sort of computer/car/software/religion/political system/etc is better than another out of the way of those who aren't interested. :D There are even a few groups for those who like flaming each other.

So Microsoft have released yet another patch to fix yet another security problem. It won't be the last. ;-)

Jim B
08-10-2003, 04:35 PM
Calm down agent, don't take things so seriously.

That post was a light hearted reply to a flippant post by the highlander and most people could see that.
That survey was genuine though but of course was of American origin and does not necessarily reflect the NZ situation.

Go and do some more updates that will relax you.

agent
08-10-2003, 04:44 PM
Thank you very much, but I'm all up to date on updates.

I have my virus scanner set to automatically download the latest definitions; firewall checks for updates (including beta); I run Windows Update and Microsoft Baseline Security Analyser regularly; and of course I subscribe to Microsoft Security Bulletins (which means that these threads about 'new critical updates' are boring to me, because I've already updated and know about the flaw, etc).

In other words, essentially what you are saying is true (that Windows users are update fanatics), but there is also the concept that Windows receives the majority share of flaws discovered because there are hackers and crackers who 'dislike' Microsoft, so try to do anything they can do interrupt people's usage of Microsoft software (although Microsoft also has many trusty security analysis companies who regularly discover the vast majority of flaws). If people spent as much effort finding flaws in Linux distros and Mac, while they probably wouldn't find as many flaws as there are in Microsoft products, they'd find a fair few.

agent
08-10-2003, 05:02 PM
Oh, and what I forgot to say, was that, no, Windows NT/2000/XP users do not necessarily need large hard drives.

While updates can be large in size, generally the updates are a patch, or fix, not an add-on, so do not consume much more space at all - they may even end up using less space than before.

Jen C
08-10-2003, 06:57 PM
>> Why not just install Linux on both Mac's and your IBM
>> Compatabile PC's and be happy all round

>It has started already.

>http://www.divisiontwo.com/articles/barbieOS.htm

ROTFLMAO - Thanks for that link Jim, it has made my day :D

It sounded too good to be true, had me wishing that I had Linux BarbieOS 0.99 installed instead of Red Hat 9 :p

excerpt:
... in the step by step Barbie Wizards that guide girls through the process of partitioning their disks, formatting volumes, mounting Samba shares, and installing packages. During the installation, girls are allowed to play a fashion-plate game or view a slideshow of rainbows, kittens, and Mattel products. There is an Expert mode for girls who are already comfortable with the Linux installation process and want access to advanced features. An animated Barbie informs the user that she can work with existing Windows partitions, but would prefer that BarbieOS be allowed to format the entire disk and remove Windows volumes for maximum cootie protection.


Odin: - thanks for the tip on the new update available :)

Jen

mark.p
08-10-2003, 08:03 PM
Agent iti was a fricken joke, go out and get a sence of humour for christs sake. Getting an education doesn't guerantee a high paying job either. Those that are in the workplace at the right time tend to benefit more. Experiennce counts for a lot. and always will. Happy patching-not need to on this ol OS/2 box.

mark.p
08-10-2003, 08:37 PM
Oh and I forgot dyslixia rulz ko.

rodb
08-10-2003, 09:09 PM
Why are there so many patches required for MS products:
1. Windows, etc. is designed for PCs, not status symbols from Apple.
2. MS and their agents are continually searching for bugs, and issue patches to fix them. Strange people take note of this, and create nasties to catch users who have been reckless enough not to have installed the patches (some of these strange people are reputed to be paid by Apple).
3. Because so few people are prepared to go back to the Stone Age - read 1980 and earlier - and relearn MS DOS or attempt Unix it's not worth the time for the strange people to target Linux et al.

However, someone at a loose end between their dope smoking episodes is bound to discover Linux sometime, then where will the smug Linux users be? Who will provide them with patches?

Big John
08-10-2003, 09:11 PM
> Big John. This only came out this weekend previous
> patches did not fix the problem.

Did my weekly update today and no new patches so the other one was it for me.

mark.p
08-10-2003, 09:30 PM
1. If you think of MS Windows like smoking, you can get by without either one. And have some savings in the bank earning interest or in investments

2. MS has reputedly 46US in billion cash in the bank, surely it could be used to benefit those using their products. Its starting too be used up in court settlement btw.

3. Not all computer users are Lemmings(thank goodness) jumping off cliffs because a the stress/pain and loss of earnings due to poor coding.

4. XP is basicly the same **** in a different wrapper and with Bill and Balmer sucking up to Govts world wide OSS must have them worried. It's certainly keeping MS profits down in certain non-western contries.

mikebartnz
08-10-2003, 10:48 PM
Nice one Steve:D

PoWa
08-10-2003, 11:04 PM
> The worst thing about this security flaw is that you will be affected REGARDLESS of what browser you are using. So even if you use Mozilla, Opera or another you can still be hacked. I suggest you you go get the fix to avoid this happening.

I fail to see how an Internet Explorer security hole could even remotely affect opera users. Please enlighten me.

Chilling_Silently
08-10-2003, 11:16 PM
> However, someone at a loose end between their dope
> smoking episodes is bound to discover Linux sometime,
> then where will the smug Linux users be? Who will
> provide them with patches?

http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=39927#202798

http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=38612#191804


And we dont get many security patches sorry... not as many as the doze box running upstairs by any means!

agent
09-10-2003, 04:17 PM
Well, it seems I've angered Mr mark.p. Somehow... an explanation would be appreciated.

Who the hell are you to say that I don't have a sense of humour? You don't know me from a bar of soap, all you know is that I post on PressF1 under the alias 'agent'. You don't know anything about me, about my personality, and the best you can do is make estimates of my psychological profile, which is a little like poking mud with a stick.

No, getting a good education does not necessarily mean you will be guaranteed a high paying job, and there are pyschopaths and people with psychopathic traits who are managers, CEOs, etc (literally). But if you combine education with experience, you'll be going somewhere, whereas experience can only take you so far, and it isn't hard to get experience.

Wake up call. I use Windows. I have money sitting in the bank earning interest, and a term deposit earning even more interest. Most people do not think of Windows like smoking, however, there are always exceptions.

> Its starting too be used up in court settlement btw.

Using 'btw' on the end of that statement would tend to imply that you think people don't know that. Microsoft's troubles in various courts has been widely published for more than three years, so I don't think there are too many users of Microsoft products who do not know that Microsoft is facing getting it's behind sued.

Lemmings, huh, you think that there are Windows users who are lemmings? Any company, organisation, etc using Windows computers and with a good protection strategy in place wouldn't need to install patches and updates. A good firewall configured correctly (ie, very tough permissions), combined with a virus scanning system, and sufficient education in safe use of computers for the users, will reduce just about any chance of a hole being exploited. With active monitoring by technicians, the only real risk comes from within the network itself.

No one can deny that OSS is worrying Microsoft; hence OSS being moved to the top of Microsoft's threat list. But Window XP is not the same thing (and the same as what, one might ask); if you know anything about it, you will know that it was reworked a heck of a lot. Yes, it is in effect Windows 2000 with a flashier interface and more functionality, but that's where the similarities end. Much of the code was done from scratch, some was majorly overhauled, and not much has been left the same.

Microsoft may be incredibly late to start looking at increasing security more, and they may be getting started slower than they should be, but at least they are getting started.

Furthermore, because of the nature of the stupid Trusted Computing crap, it is incredibly likely that governments would adopt the values set out simply because it means that they can keep a watch for terrorists, completely cut down illegal activity, and boost sales for large corporate developers. While there are some Linux activists who would like to see Trusted Computing come to Linux, if plans go ahead for certified software and hardware, you could well end up being faced to dump computers completely, or use Windows.

And a last note... please keep swearing to yourself, because this is a public forum.

Odin
09-10-2003, 07:45 PM
Boy I really did open up a can of worms with my post didn't I ;-) and thanks also Jim for that link Loved it Barbie OS woohoo where can I get it :D

mark.p
09-10-2003, 09:30 PM
No. You have't angered me at all agent You stillappear to have'nt found a sence of humour yet ;).

agent
09-10-2003, 11:16 PM
That's probably me being pedantic... :D

I've been using Windows for a long time, and I don't see anything substantially wrong with it, so I can get emotional when people knock it (although I know Microsoft is a money-hoarding b1+c4)