Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Here we go again (unpatched, naturally)

  • Subject: Re: Here we go again (unpatched, naturally)
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Fri, 03 Nov 2006 08:27:03 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / Netscape
  • References: <eicnrk$42r$00$1@news.t-online.com> <1162473664.17845.0@proxy00.news.clara.net> <tq8r14-4rd.ln1@ellandroad.demon.co.uk>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ Mark Kent ] on Friday 03 November 2006 07:48 \__

> begin  oe_protect.scr
> BearItAll <spam@xxxxxxxxxxxxx> espoused:
>> Peter Köhlmann wrote:
>> 
>>> Microsoft Internet Explorer Unspecified Code Execution Vulnerability
>>> 
>>> http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5222
>>> http://www.securityfocus.com/bid/20797/discuss
>>> 
>>> And with exploit in the wild
>> 
>> And the response is:-
>> 
>> 1. Administrators are advised to apply software updates as they become
>> available.
>> 
>> So when the fix comes it should be applied. When was Linux ever slow to
>> deal with any potential exploit.
>> 
>> 2. Administrators are advised to disable JavaScript in Internet Explorer
>> until updates can be applied.
>> 
>> Practically means that hardly any web site will work these days on IE6.
>> 
>> 3. Users are advised not to follow links from untrusted sources.
>> 
>> Do not go to any web sites at all that you haven't already visited even
>> those that you do use regularly ensure they are ran by angelic people who
>> go to church three times a week.
>> 
>> 4. Users are advised to verify unexpected links from trusted sources
>> before following them.
>> 
>> Yeah right, pick any MS user (or many Linux or Mac user for that matter)
>> at random and ask them how they go about checking the validity of a link
>> prior to clicking it. How on earth are they going to know if
>> www.wesellstuff.com is going to be a trusted source.
>> 
>> 5. Users are advised to use an unprivileged account when browsing the
>> Internet.
>> 
>> You'll still get whalloped but at least you can say that you tried.
>> 
>> MS, a little note for you, no one has control over all of the users of the
>> Internet, so it is the job of their OS or additional security software to
>> protect them. By throwing Symantec and McAfee out you have taken on the
>> role of protecting your users. This is yet another post telling us that
>> you are not doing that.
>> 
>> Personally I wish the security issue could be taken out of MS hands
>> completely. We all have data with various companies many of whom will use
>> MS Win platforms. So MS weaknesses affect all of us. They have had long
>> enough to sort it out, even had the time and funds for a complete rewrite.
>> But they have done nothing at all. It has to be taken out of their hands
>> and given over to someone we can trust to do the job of protecting the
>> users and Our data.
>> 
> 
> Microsoft have not the slightest inclination to resolve security issues.
> They only need the perception of their software to be good enough that
> people will buy it, no more.  They can further push their business model
> buy selling additional software to protect against the problems in the
> software which they've already sold to the customer.
> 
> The alternative is simple - use Linux.  Or a Mac.  Or a BSD.  It's not
> as if there isn't plenty of choice.  On the Desktop, you can use Ubuntu,
> Mandriva, etc., or a Mac;  for the server-side, Debian, Red Hat or a
> BSD.  Novell claim to to both. There's really no reasonable excuse for
> not going this way.  There are plenty of organisations from the very
> large to the very small who will provide support, independently of the
> original OS vendor, so that the probability of lock-in is miniscule.

Your first point struck a nerve. Have a look:

Microsoft : Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
| 
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----

http://securityblog.itproportal.com/?p=514

Best wishes,

Roy

-- 
Roy S. Schestowitz      | Microsof(fshore)t Window(ntime)s Vista(gnating)
http://Schestowitz.com  |     GNU/Linux     ¦     PGP-Key: 0x74572E8E
Mem:    514480k total,   486328k used,    28152k free,     4416k buffers
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index