 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | Career Portal | Users Online: 397 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
Careers |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows 7 |
|
IE 8 |
|
|
|
Hardware |
|
Microsoft Arc Mouse (Red) |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
Sponsors:
Search Engine Optimisation
exterminator
lawn care
Search Engine Optimisation
Search Engine Optimization
Search Engine Marketing
PPC Management
Search Engine Optimization
Search Engine Optimisation
search engine optimisation
Cheap Web Hosting
Webanalyse
online credit card processing
Lenovo Laptops
Text Links
Business Gifts
SEO Services
SEO
Chat
Search Engine Optimization
SEO Consult
Demand Generation Software
Celebrity Autopsies
Network Software
 |
Microsoft warns of design flaw on newest software: Windows Server 2003 | |
|
||
| Time: 14:26 EST/19:26 GMT | News Source: E-Mail | Posted By: Brian Kvalheim | ||
|
WASHINGTON - Microsoft has admitted there's a dangerous design flaw in its latest Windows Server 2003 software. The software is aimed at large corporate cusotmers. The company says the flaw could allow hackers to seize control of a Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mail. The flaw also affects Windows versions popular among home users. | ||
|
Write Comment
Return to News |
Displaying Comments 1 through 25 of 38 Next Page |
The time now is
12:27:55 PM
ET.
Any comment problems? E-mail us |
| #1 By Phaedrus (2662 Posts) at 7/17/2003 3:08:08 PM |
| What a surprise, popular software with a bug in it. Here comes all the MS bashers talking about how a single bug proves that the whole security intiative is a crock. |
| #2 By dkg_ctc (468 Posts) at 7/17/2003 3:26:52 PM |
|
Phaedrus: When they do, I'm sure that someone will point out that since Windows 2003's release back in April there has only been one vulnerability (this one) that affects the default install of the OS. I'm sure that someone will then point out that a Linux distro--ANY Linux distro--would aspire to that level of security. Then I'm sure that the Linux advocates will pop out of the woodwork saying, "Well...well...nfs/ssh/whatever aren't Linux, so the flaws aren't in Linux! They're flaws in separate apps!! But this is a flaw in the actual operating system!! So there!!" And then 'round and 'round we go.
So hopefully, now that it's already been pointed out, we can just forego that whole ball of wax. |
| #3 By RickNL (71 Posts) at 7/17/2003 3:56:46 PM |
| And this security hole is not special for Windows 2003. It effects all Windows systems, including Windows 2003. |
| #4 By ermine (11 Posts) at 7/17/2003 5:28:31 PM |
|
I assume this article is referring to the vulnerability discussed in MS03-026. All that I've read indicates that this is hardly 'one of the worst Windows vulnerabilities ever' nor does it 'pose an enormous threat' - the TCP port needed to exploit the vulnerability is blocked by most firewalls.
This looks like overreaction and posing to me. I'm a little embarrassed that the CBC would post an article like that. They don't even provide a link to where to get the patch, which seems pretty bad for an article claiming that the sky is falling and that 'until they have this patch installed, it will be Swiss cheese — anybody can walk in and out of their servers.' Where's Rob Rosenberger when you need him? |
| #5 By dkg_ctc (468 Posts) at 7/17/2003 5:49:02 PM |
|
the TCP port needed to exploit the vulnerability is blocked by most firewalls.
And what percentage of the default 2000/XP installs have firewalls installed? For that matter, there may be competent admins who put their servers behind a firewall, but far too often there are people who don't know what they are doing administering these boxes. So yes, I think it's fair to say that this is "the worst Windows vulnerability ever". It allows someone to remotely execute code, as system, on NT4, Windows 2000, Windows XP, and Windows 2003. A person doesn't need to install something to be vulnerable (unlike with IIS exploits), but rather it's a service that is enabled by default, and exposed to the internet by default. So yes, I believe this is the worst Windows vulnerability ever. |
| #6 By Diwik (12 Posts) at 7/17/2003 6:10:58 PM |
|
Ok, first of all I agree that this is a critical vulnerability, because the windows service that has it is the RPC service, which is the one that COM and DCOM run over and the one that allows to connect appications with the technologies that the OS has.
However I would like to tell #1 that the "Trustworthy Computing" security intiative is not a crock because if you take time to look at who discover the bug you will realize that was a company called Last Stage of Delirium Research Group (http://lsd-pl.net/) whch is a company that Micerosoft pays to audit their OS, yes this company has the source code of windows as many other companies that Microsoft pays to audit their code. And the need for code auditing is part of the Trustworthy Compuring security initiative, so it works becasue the bug was discovered by a company which audits the windows OS and Microsoft did the patch, no hacker discovered it and therefore there was no planed mass attack. By the way do not confuse code autiting with opensource, in the first one there are experts in the second one there are a lot of all. |
| #7 By dkg_ctc (468 Posts) at 7/17/2003 6:22:01 PM |
|
However I would like to tell #1 that the "Trustworthy Computing" security intiative is not a crock
He wasn't saying that it is a crock. He was saying that Linux advocates would pop up saying that because Trustworthy Computing was in place, this should have been caught, and that since it's not it's just evidence that Trustworthy Computing was MS fluff. if you take time to look at who discover the bug you will realize that was a company called Last Stage of Delirium Research Group (http://lsd-pl.net/) whch is a company that Micerosoft pays to audit their OS Umm...where do you get this from? Looking on their "About The Group" page ( http://lsd-pl.net/about.html ) there's no mention of them working for Microsoft, and on their vulnerabilities page, there are many many more *nix vulnerabilities listed than MS/Windows vulnerabilities. It seems to me that if they were contracted by Microsoft, A.) There would be some mention of it on their site and B.) They wouldn't be advertising the proof of concept code for the vulnerability as being "published in the future", because Microsoft would get no benefit out of it. So perhaps you can point me in the right direction...where did you get the information that this research group is employed/contracted by Microsoft to find vulnerabilities? |
| #8 By KnightHawk (284 Posts) at 7/17/2003 6:23:18 PM |
|
"And what percentage of the default 2000/XP installs have firewalls installed? For that matter, there may be competent admins who put their servers behind a firewall, but far too often there are people who don't know what they are doing administering these boxes.
" Your out of your skull in my opinion, I know of no admin that incompatent that would actually open 135\7 to the internet. Every single firewall I know of blocks this buy default, hell even the cheap home swith\router\firewalls block this by default, in fact on some of them it's not even an option to turn it off. "So yes, I think it's fair to say that this is "the worst Windows vulnerability ever". " Highly disagree it's not the worst ever, certainly it's important but it's not the worst hole found ever in windows. "but rather it's a service that is enabled by default, and exposed to the internet by default" Sorry dude but nothing is exposed to the internet by default, one must actually plug the dam thing into a network first that in connected to a network that is connected to the internet (and not blocking the rpc port) .. It's important that those fools at home or those few moron at some company who have a winxxx box hanging on the net with 0 protection need to address quickly with this patch. The rest of us who are behind devices or software that block rpc need to update when we have time. Personally while very important this is being blown out of proportion from a realistic corporate point of view. Sure I'll patch my systems.. but it'll be next month when we rollout a bunch of other patches with our sp4 deployment, after we have tested them all together. This post was edited by KnightHawk on Thursday, July 17, 2003 at 18:23. |
| #9 By Diwik (12 Posts) at 7/17/2003 6:35:14 PM |
|
dkg_ctc:
Microsoft pays or contracts some security and auditing companies for different reasons ans different software, www.foundstone.com and http://www.coresecurity.com had autided , are autiding and will uptade upcoming verisons of the .net framework and one of these companies have published a press release about that. Not every security company or research firm needs to publish who was his contractor. I know they work for microsoft believe me, an MVP told me. |
| #10 By dkg_ctc (468 Posts) at 7/17/2003 6:43:04 PM |
|
Your out of your skull in my opinion, I know of no admin that incompatent that would actually open 135\7 to the internet. Every single firewall I know of blocks this buy default, hell even the cheap home swith\router\firewalls block this by default, in fact on some of them it's not even an option to turn it off.
Yep...and everyone knows that everyone running Windows XP has a competent admin to rely on...right? Highly disagree it's not the worst ever, certainly it's important but it's not the worst hole found ever in windows. So what vulnerability would you say is worse than this one? Now remember, this is a remote system-level code execution that effects Windows OSes going back eight years. It effects the current consumer-level operating system from Microsoft (which, by the way, has surpassed Windows 98 in terms of usage the last time I checked). Sorry dude but nothing is exposed to the internet by default Oh, I'm sorry...here I thought I was discussing security with someone who actually had a clue what he was talking about. Thanks for clarifying for me that you don't. UPnP is exposed to the internet by default in Windows XP (unless doing a fresh install slipstreamed with SP1). The Messenger service is exposed to the internet by default on NT4/2K/XP. Port 139 is exposed to the internet by default. You assertion that "nothing is exposed to the internet by default" is just flat-out wrong. Period. As far as facts go, you don't have a leg to stand on. one must actually plug the dam thing into a network first that in connected to a network that is connected to the internet (and not blocking the rpc port Wrong. One doesn't have to be connected to a LAN for port 135 to be listening. Here's an idea...unplug all the network cables from your computer, then reboot. I'll betcha port 135 is listening--BY DEFAULT. Don't bother responding...it's become obvious to me that not only do you have no clue what you're talking about, but that for whatever reason you're downplaying a security vulnerability that exists in a default machine, in a default environment, and allows remote code execution at the system level. |
| #11 By dkg_ctc (468 Posts) at 7/17/2003 6:44:01 PM |
|
I know they work for microsoft believe me, an MVP told me.
Oh, well, that's evidence enough for me. *rolls eyes* |
| #12 By dkg_ctc (468 Posts) at 7/17/2003 7:32:56 PM |
|
Hell, all you have to do is read the advisory from LSD:
"We have discovered a critical security vulnerability in all recent versions of Microsoft operating systems. The vulnerability affects default installations of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server." And Microsoft: "To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135 on the remote machine. For intranet environments, this port would normally be accessible, but for Internet connected machines, port 135 would normally be blocked by a firewall. In the case where this port is not blocked, or in an intranet configuration, the attacker would not require any additional privileges. ... Any user who could deliver a TCP request to port 135 to an affected computer could attempt to exploit the vulnerability. Because RPC requests are on by default in all versions of Windows, this in essence means that any user who could establish a connection with an affected computer could attempt to exploit the vulnerability." Hmm...."vulnerability affects default installations"..."RPC requests are on by default in all versions of Windows"..."the attacker would not require any additonal privileges". I don't think it gets any more clear than that... This post was edited by dkg_ctc on Thursday, July 17, 2003 at 19:33. |
| #13 By chris_kabuki (1454 Posts) at 7/17/2003 8:05:50 PM |
|
#6 It's critical not only because of what can be done by exploiting it but also by the fact that it's a REMOTE HOLE and it's a remote hole that has existed since NT! If Microsoft's "Trustworthy" PR stunt is to be bashed it should be on that fact alone! Why wasn't this found by Microsoft's own code audits? It's been around for long enough!
And #1 wasn't bashing the "Trustworthy" initiative, he was getting in early before anyone could say anything negative about it. |
| #14 By ermine (11 Posts) at 7/17/2003 8:19:49 PM |
|
So what vulnerability would you say is worse than this one? Now remember, this is a remote system-level code execution that effects Windows OSes going back eight years. It effects the current consumer-level operating system from Microsoft. There were several IE/Outlook/Outlook Express code execution vulnerabilities that could be exploited via HTML-based email, back before email was set to use Restricted Sites Zone by default and messages couldn't be automatically converted to plain text if you preferred. MS98-008 didn't even require scripting. I think these were worse, in that the vulnerable proportion of the Windows desktop population was higher - I think a larger percentage of people use Microsoft email programs than are currently not behind a firewall. This is certainly a serious vulnerability that should be patched ASAP. It's not the apocalypse, though. It's a bald-faced lie to assert that 'anybody can walk in and out of their servers'. Even if exploited it's not going to spread as fast as CodeRed or SQL Slammer - virtually all medium and large businesses are firewalled, as well as the majority of home users with high-speed connections. The vulnerable populations are home dialup users and small businesses. |
| #15 By dkg_ctc (468 Posts) at 7/17/2003 8:28:29 PM |
|
It's critical not only because of what can be done by exploiting it but also by the fact that it's a REMOTE HOLE and it's a remote hole that has existed since NT! If Microsoft's "Trustworthy" PR stunt is to be bashed it should be on that fact alone! Why wasn't this found by Microsoft's own code audits? It's been around for long enough!
Yeah! In fact, because of the Trustworthy Computing initiative, there shouldn't be a single security flaw in any of Microsoft's products at all! Ever! Because every single one should have been discovered by code audits!! Yes, Microsoft should aspire to the absolute buglessness that Linux and open source have achieved! |
| #16 By dkg_ctc (468 Posts) at 7/17/2003 8:42:49 PM |
|
There were several IE/Outlook/Outlook Express code execution vulnerabilities that could be exploited via HTML-based email, back before email was set to use Restricted Sites Zone by default and messages couldn't be automatically converted to plain text if you preferred. MS98-008 didn't even require scripting. I think these were worse, in that the vulnerable proportion of the Windows desktop population was higher - I think a larger percentage of people use Microsoft email programs than are currently not behind a firewall.
Yes, but that vulnerability (which has long-since been patched, and isn't an issue by default in XP or 2003) required user intervention (specifically, viewing the e-mail). This vulnerability doesn't require any user interaction at all. Even if exploited it's not going to spread as fast as CodeRed or SQL Slammer - virtually all medium and large businesses are firewalled, as well as the majority of home users with high-speed connections. I think you're seriously naive if you think that most broadband connections are firewalled. Plus, you seem to be ignoring the fact that there are more non-business Windows 2000+XP machines on the internet than there are IIS servers. Claiming that this won't spread as fast as CodeRed or Slammer is naive. Hell, all you have to do is look at the fact that SQL Slammer spread. In fact, I think SQL Slammer is a true testament to the fact that administrators DON'T firewall, because if they did then Slammer simply wouldn't have spread. I think that anyone who claims that this isn't the most serious security vulnerability in Windows history is either seriously naive as to the reality of administrators and end users, seriously ignorant, blindly defending Microsoft, or some combination of the above. |
| #17 By chris_kabuki (1454 Posts) at 7/17/2003 10:03:09 PM |
| #15 Sarcasm will get you nowhere. Didn't Bill come out and say that security was the most important aspect they were going to take a look at - rather than blindly adding more features in they were going to sit down and audit their code. Now aside from the fact that they should have been auditing their code all along, they have had how many years to find this? Sorry, but if you're going to come out with a big PR stunt like this, be prepared to back it up or don't be suprised by the backlash. From your comments you're at least aware at just how serious this vulnerability is and for how long it has existed. Just because the general public didn't know about it before doesn't mean that no-one knew about it. And knowing all that I'm suprised that you would be suprised by the backlash on Microsoft's Trustworthy Computing initiative. |
| #18 By dkg_ctc (468 Posts) at 7/17/2003 10:13:55 PM |
|
Sarcasm will get you nowhere.
The sarcasm makes a point (which you failed to miss/intentionally ignored). Sorry, but if you're going to come out with a big PR stunt like this, be prepared to back it up or don't be suprised by the backlash. Let's see...one vulnerability that affects the default install of Windows 2003, and you're claiming that they haven't "backed it up". I'll tell you what...when you can show me a Linux distro which doesn't have a security vulnerability in the default install for months after its release, then you can talk about the failure of Trustworthy Computing and the insecurity of Windows. Until then, you're complaints just come across kind of empty. And knowing all that I'm suprised that you would be suprised by the backlash on Microsoft's Trustworthy Computing initiative. "Backlash"? The only "backlash" I've seen is from a bunch of open source zealots like yourself who try to claim that one vulnerability that effects the default installation of an OS which has been out for months is somehow not trustworthy enough. Ironically (but unsurprisingly) they aren't so quick to cry about poor security when the first vulnerability in a default Redhat install is announced less than a week after its release. This post was edited by dkg_ctc on Thursday, July 17, 2003 at 22:17. |
| #19 By bjd145 (57 Posts) at 7/17/2003 11:19:57 PM |
|
since everyone seems to have an opinion on this, i'll throw my 2 cents in....
first: this is one of THE worst security holes ever in any Windows products. Here are my twp reasons: 1. You CAN NOT shut down the RPC Listening service. Try it. You can do a reg hack but then you willl break things like IIS. 2. This affects every system since NT4.0. Not just SQL Server databases like those infected by the slammer exploit. Please don't give me statments like 'a firewall will protect you'. A firewall is just one of severy layers of protections that you need in security. The problem is that it is very easy to have a firewall block this vulnerablitity, but then leave your intenal network exposed because of some business user with a labtop. That's how slammer spread through most companies. If admins want to wait on this patch before they deploy it. That's their right to wait, but the longer you wait the more risk you expose your systems and your business too. Do you want to tell your CEO that you knew about this issue for a while now, but didn't think it was critical enough to apply the patch....because you are behind a firewall. Good luck.... |
| #20 By chris_kabuki (1454 Posts) at 7/17/2003 11:43:27 PM |
|
#18 "Let's see...one vulnerability that affects the default install of Windows 2003, and you're claiming that they haven't "backed it up".
Correct, one MAJOR CRITICAL REMOTE HOLE that exists not only in the default install of Windows Server 2003 (after the whole Trustworthy PR stunt) but also in every other NT based OS. "then you can talk about the failure of Trustworthy Computing" No offence but you don't get to decide when I can and when I cannot talk about something. "security vulnerability in the default install for months after its release" If you want to get pedantic, this vulnerability has existed since NT came out.... a bit more than a couple of months. "open source zealots like yourself" I'm now an open source zealot? Ha! That's rich coming from a MS Sheep! See, we can keep throwing these petty personal insults around for the hell of it if you really want. Get over it, just because someone doesn't continually praise Microsoft or dares to say anything negative about them doesn't make them an open source zealot. "Ironically (but unsurprisingly) they aren't so quick to cry about poor security when the first vulnerability in a default Redhat install is announced less than a week after its release." Did RedHat come out and make a big song and dance about their "Trustworth Computing" initiative? If so then they deserve the same kind of backlash if the vulnerability is of the same nature. The same goes (and went) for Oracle when they proclaimed their system as Unbreakable. This has nothing to do with any one particular company or open source vs commercial software. |
| #21 By dkg_ctc (468 Posts) at 7/18/2003 12:05:45 AM |
|
Correct, one MAJOR CRITICAL REMOTE HOLE that exists not only in the default install of Windows Server 2003 (after the whole Trustworthy PR stunt) but also in every other NT based OS.
And what does it's existence in NT/2K/XP have to do with its existence in 2K3? Yes, it exists in all of them...that doesn't change the fact that there has been a total of ONE vulnerability in the default install of Windows 2003 since it's release in April. How many Linux distros can say that? Hmm...zero...whaddya know. No offence but you don't get to decide when I can and when I cannot talk about something. No offence, but your criticisms of an OS with one security vulnerability in the default install since its release in April sound pretty empty when you're using an OS which releases security patches within the first week of being released. If you want to get pedantic, this vulnerability has existed since NT came out.... a bit more than a couple of months. I'm sorry...do you actually believe that juvenile logic? Or are you just playing the part of OSS zealot? I'm now an open source zealot? Ha! That's rich coming from a MS Sheep! Yep...that's why I disagree when I say that this is the most serious vulnerability in Window sever. Wait...I'm NOT disagreeing...huh, how about that. Get over it, just because someone doesn't continually praise Microsoft or dares to say anything negative about them doesn't make them an open source zealot. There's a difference between someone who "doesn't continually praise Microsoft" and someone who "continually bashes Microsoft while heralding the wonderous, secure nature of open source". (In case you weren't sure, you fall in the latter of the two categories.) Did RedHat come out and make a big song and dance about their "Trustworth Computing" initiative? Did Microsoft ever claim that Trustworthy Computing would lead to completely vulnerability-free software? No. However, the way I see it, one vulnerability in a default install of a server OS in three and a half months since the release is certainly more secure, and more trustworthy, than any competitor. You're certainly free to argue that Trustworthy Computing==completely bug-free software ... but I think that even the most hardened Linux loonie would realize that's a foolish argument. You know, it's funny...for the longest time, Linux advocates claimed that Linux is more secure...Windows is less secure...blah blah blah. Now that the security argument has been pretty much shot to hell, all they can do is say, "Well....Trustworthy Computing was a fraud!! A PR stunt!! And the fact that there was a vulnerability in the first four month of Windows 2003 just proves it!! Nevermind the fact that it's now more secure than Linux...you can't trust Microsoft!! Reall you can't!!" Man...it's just pathetic having to watch the Linux advocates use such pathetic tactics when it comes to defending their OS of choice. |
| #22 By dkg_ctc (468 Posts) at 7/18/2003 12:14:22 AM |
|
#19: You hit the nail on the head. Hell, even MS got infected by slammer...but how did that happen, they were behind a firewall!! Plus, there's the fact that even if servers are well-firewalled, that doesn't matter to the millions of XP users who don't have an administrator to up their home computer behind a firewall. Whereas SQL and IIS vulnerabilities were limited to a small percentage of the computers that COULD run them, this vulnerability exists in 100% of the computers with the vulnerable OS--no web server or SQL installation necessary to be vulnerable. IT'S ALREADY THERE!
The other thing that was mentioned is that the IE/OE vulnerabilities were/are worse than this one. I disagree because A.) Those vulnerabilities require action on the user's part, and B.) Those vulnerabilities, once exploited, only give the code rights as that user--which, depending on the environment, can be very limited. This vulnerability, however, is system-level, meaning that an exploit can do ANYTHING and not have to worry about permissions. I'm glad that someone besides me seems to get the importance of this issue. |
| #23 By parker (1508 Posts) at 7/18/2003 12:36:53 AM |
|
This was a serious vulnerability ... if you don't run Windows Update.
There is no known exploit in the wild yet. Within a few days, anyone who runs Windows Update will be patched. I was more impressed by the vast quantity of Unix root exploits those guys have discovered just by themselves! There must be something like 200 of them. And the Cisco exploit is a lot worse ... it could practically shut down the internet. http://www.washingtonpost.com/wp-dyn/articles/A7072-2003Jul17.html?nav=hptoc_tn And many organizations will not be able to get the fix out quickly. And Cisco routers are soemthing like 82% of the market. Whoo! |
| #24 By dkg_ctc (468 Posts) at 7/18/2003 12:46:13 AM |
|
This was a serious vulnerability ... if you don't run Windows Update.
There is no known exploit in the wild yet. Within a few days, anyone who runs Windows Update will be patched. Yep...let's hope that the introduction of Automatic Update Client into Windows XP and W2KSP3 gets the patches out to people who wouldn't otherwise be updating. |
| #25 By chris_kabuki (1454 Posts) at 7/18/2003 12:57:59 AM |
|
#21 I'll try to make this short as I don't have the time or patience to continue this childish argument with you where you feel it necessary to start throwing personal insults because you have nothing better to do.
"you're using an OS" How do you know what OS I am using? Between work and home I use three different OS', stop making assumptions and then basing your arguments on those assumptions. "There's a difference between someone who "doesn't continually praise Microsoft" and someone who "continually bashes Microsoft while heralding the wonderous, secure nature of open source". (In case you weren't sure, you fall in the latter of the two categories.) " Please point me to where I am, and I quote, "heralding the wonderous, secure nature of open source". I'll wait here until you find me doing that, let along doing it continually. Note that I haven't said that I don't bash Microsoft, I do, but only when I feel they deserve it, and in this case I saw the whole Trustworthy Computing initiative as nothing more than a PR stunt. Oooh, code audits... what the hell have they been doing all this time if code audits are something new! I also saw Oracle's Unbreakable slogan as a PR stunt, but you won't have issues with that because it's not Microsoft. Baaaaa! I'll give you credit though, unlike the other sheep on here you at least promote the importance of this vulnerability rather than downplaying it or trying to shift the focus to some other vulnerabiltiy that someone else has. "Linux advocates claimed that Linux is more secure...Windows is less secure..." Not sure who these advocates are that you speak of, but if you read the 'open source' versions of ActiveWin, e.g. Slashdot, you will find that those people who claimed Linux as being more secure.... continue to claim that. |
|
Write Comment
Return to News |
Displaying Comments 1 through 25 of 38 Next Page |
The time now is
12:27:55 PM
ET.
Any comment problems? E-mail us |
