__/ [ Mark Kent ] on Friday 03 November 2006 07:48 \__
> begin oe_protect.scr
> BearItAll <spam@xxxxxxxxxxxxx> espoused:
>> Peter Köhlmann wrote:
>>
>>> Microsoft Internet Explorer Unspecified Code Execution Vulnerability
>>>
>>> http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5222
>>> http://www.securityfocus.com/bid/20797/discuss
>>>
>>> And with exploit in the wild
>>
>> And the response is:-
>>
>> 1. Administrators are advised to apply software updates as they become
>> available.
>>
>> So when the fix comes it should be applied. When was Linux ever slow to
>> deal with any potential exploit.
>>
>> 2. Administrators are advised to disable JavaScript in Internet Explorer
>> until updates can be applied.
>>
>> Practically means that hardly any web site will work these days on IE6.
>>
>> 3. Users are advised not to follow links from untrusted sources.
>>
>> Do not go to any web sites at all that you haven't already visited even
>> those that you do use regularly ensure they are ran by angelic people who
>> go to church three times a week.
>>
>> 4. Users are advised to verify unexpected links from trusted sources
>> before following them.
>>
>> Yeah right, pick any MS user (or many Linux or Mac user for that matter)
>> at random and ask them how they go about checking the validity of a link
>> prior to clicking it. How on earth are they going to know if
>> www.wesellstuff.com is going to be a trusted source.
>>
>> 5. Users are advised to use an unprivileged account when browsing the
>> Internet.
>>
>> You'll still get whalloped but at least you can say that you tried.
>>
>> MS, a little note for you, no one has control over all of the users of the
>> Internet, so it is the job of their OS or additional security software to
>> protect them. By throwing Symantec and McAfee out you have taken on the
>> role of protecting your users. This is yet another post telling us that
>> you are not doing that.
>>
>> Personally I wish the security issue could be taken out of MS hands
>> completely. We all have data with various companies many of whom will use
>> MS Win platforms. So MS weaknesses affect all of us. They have had long
>> enough to sort it out, even had the time and funds for a complete rewrite.
>> But they have done nothing at all. It has to be taken out of their hands
>> and given over to someone we can trust to do the job of protecting the
>> users and Our data.
>>
>
> Microsoft have not the slightest inclination to resolve security issues.
> They only need the perception of their software to be good enough that
> people will buy it, no more. They can further push their business model
> buy selling additional software to protect against the problems in the
> software which they've already sold to the customer.
>
> The alternative is simple - use Linux. Or a Mac. Or a BSD. It's not
> as if there isn't plenty of choice. On the Desktop, you can use Ubuntu,
> Mandriva, etc., or a Mac; for the server-side, Debian, Red Hat or a
> BSD. Novell claim to to both. There's really no reasonable excuse for
> not going this way. There are plenty of organisations from the very
> large to the very small who will provide support, independently of the
> original OS vendor, so that the probability of lock-in is miniscule.
Your first point struck a nerve. Have a look:
Microsoft : Arrogance leads to Vulnerability
,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----
http://securityblog.itproportal.com/?p=514
Best wishes,
Roy
--
Roy S. Schestowitz | Microsof(fshore)t Window(ntime)s Vista(gnating)
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
Mem: 514480k total, 486328k used, 28152k free, 4416k buffers
http://iuron.com - next generation of search paradigms
|
|
