Critical Windows vulnerability under attack, Microsoft warns

the register ^

[Gomez]

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.

The vulnerability in a Windows component known as DirectX is being targeted using booby-trapped QuickTime files, which when parsed can allow attackers to gain complete control of a computer. Because many browsers are designed to automatically play video, people can be compromised simply by visiting a site serving malicious files. Vista, Windows Server 2008 and the beta version of Widows 7 are not affected, and neither is Apple's QuickTime player, Microsoft said.

[newfreep]

I'm still on XP for my business software including FrontPage (with separate overlay) for my website.

1. So Win7 will run these older "XP" based software apps?
2. Is Win7 noticeably faster than XP?

[dayglored]

>> the limitations it places on system tools

> Like...???

Mainly it seems harder to get to them to administer the system (as a user). I admit, maybe in general that's a good thing for most users... and certainly Apple's GUI isolates the user from the system guts even more; but on a Mac all the Unix tools are right there in a terminal/X11 window.

I find the Vista/Win7 GUI off-putting. It "distances" me from the system guts in a way I find obnoxious. But that might just be me.

[dayglored]

> 1. So Win7 will run these older "XP" based software apps?

Depends on the apps. So far I haven't found any problems, but that's hardly an exhaustive claim.

> 2. Is Win7 noticeably faster than XP?

Not in my experience. So far, the difference between a fresh XP and a 6-month-old XP is FAR greater than the difference between XP and Win7. In other words, any Windows install is known to slow down over time as it gets stale and over-full of crap. That effect will swamp any difference between XP and Win7, performance-wise.

[paulycy]

It "distances" me from the system guts in a way I find obnoxious. But that might just be me.

Probably not just you. We get used to having access to the real power under the hood. When it's hard to reach it's very annoying. But then we (or at least you) know what we're doing. Most just want the job to be over with ASAP regardless of the hoops they have to jump through to get there.

Thanks for the info. It doesn't sound insurmountable.

[McGruff]

Just remove QuickTime. Nobody uses that format anymore anyways.

[Bloody Sam Roberts]

Isn't it odd that we get these warnings from MS whenever they are on the verge of releasing a new operating system?

They had the same press release when XP was new. What better way to scare the average Luser into buying the latest, greatest from the MS stable?

[Still Thinking]

Who would have better have information available to write a virus that could selectively target only certain (read “old”) MS operating systems in a way the newer ones are immune to?

[sionnsar]

the beta version of Widows 7

Hmmm...

[Myrddin]

Rick Adams ran a good mail gateway at "seismo" before he was recruited to start up "uunet". Bell Labs ran another big gateway out of Naperville "ihnp4". My own Xenix machine in San Diego was part of that network starting in 1983. By 1985, I had a TCP/IP stack running in the machine with a SLIP connection to UCSD. It was a relief to switch from the "bang path" source routed e-mail delivery to the standard common today i.e. user@host. It was only a 2400 bps dialup.

[paulycy]

It was only a 2400 bps dialup.

That was broadband. I had a 1200. :0)

[hiredhand]

Back in the late 1990s, HP's HP-UX operating system as well as Sun Microsystem's SunOS and I "think" Solaris had extensions for compliance to DoD "Orange Book" C-2 specifications.

We ran it on the HP machines, but not on the Sun servers. I can't remember why. Anyway...management over us sent a MS NT server running on 64bit DEC Alpha hardware for us to test in a semi-production environment to support DNS. The place where I was working had some very busy DNS servers....to the tune of 52 queries per second during peak traffic times.

The documentation that came with the DEC said that MS NT adhered to Orange Book C-2. We had a little trouble believing it so we started asking questions. Eventually, we found the evaluators within the organization who made this claim. Oh SURE...it was C-2 allright....IF you locked the damned thing in a concrete bunker not connected to any network at all, and IF you posted an armed guard outside the bunker to protect it and IF you left it powered down. I kid you not. In more words than that the evaluation stated that you literally had to turn it off, lock it up, and guard it in order comply with C-2.

We called the evaluator and as it turns out they were pressured from above...and those up above were making big deals with Microsoft. You know where I was when this all happened. :-)

...and with that, here's a graphic that doesn't quite adequately express my contempt for Microsoft...but it's a good start! :-)

[hiredhand]

I forgot to tell you what actually happened to the DEC. We did put it on-line as a DNS server as requested. We did this early in the day in the central time zone here in the U.S. As peak traffic time approached, it started buffering DNS queries because it couldn't keep up. Then because it was taking so long on account of being overloaded, clients started timing out. The VERY first time one of our "customers" called, we yanked that bad boy off line and put back the Linux box which it momentarily replaced.

In summary, it failed miserably. We put a copy of RedHat Linux on it for the 64 Bit Alpha architecture and BIND and it kept up WONDERFULLY. We included this all in our report to the knuckleheads who had us test it. They had us box it up, send it back and we never heard anymore about it. :-)

[Myrddin]

That was broadband. I had a 1200. :0)

I started with a 300 bps (103) modem in 1980 to support my company mainframe. It was primitive, but much faster than driving 30 miles in the middle of the night to provide technical support. That first modem used the handset with rubber cups on the mike/speaker. Later, I found a 212a (1200 bps) modem at the swap meet. It was an improvement, but had the typical glitches that put the modem into remote digital loopback. That was the first modem on the Xenix machine. When the 2400 bps modems arrived, I purchased one immediately. The 9600 bps external modem followed. Eventually, I moved to an ISDN line around 1996. DSL arrived in 1997. That was good enough until last year when I dumped it for WiMax.

BTW, I did my first TCP/IP over an AX.25 link on 2 meters. Inside my "office", I ran 9600 bps SLIP links between the machine until I could afford ARCNET cards. I had to write the interface drivers to ARCNET as nobody was much interested in running TCP/IP over ARCNET. It was blessed relief when 10 Mbps Ethernet cards reached a price range I could afford...even if it was on coax cable.

[paulycy]

That is one very cool history. I appreciate it.

As for me, I was in the business of trying to figure out how all this new stuff could be used (eventually) by relatively normal people so I became a kinda sorta super user first implementer on steroids and cooked/programmed up my own prototypes and demos for the big wigs. For awhile I had a position with a fortune 25 company that bought me (after a bit of a fight) just about anything I wanted as long as I could justify how R&D on it could help people be more effective. We were into voice recognition, digital video and video disc (pre cd-rom)and all the desktop to vax/mainframe connectivity. All the vendors came and gave us software and specialty boards. I liked that job! Later on I consulted.

So, starting with a TI 994a as a toy when it came out, I didn’t own a real computer until I fell for the Mac Plus and did a master’s thesis on the user interface’s interaction with total computer literates. This was in 1986-7, I think, and so all my experience dates from there and was purchased by poor me or the university. I got to play with everything. I keep playing today but nobody pays for it anymore since I’ve been sidelined by a disability.

Anyway, I really admire your deep experience and see how cutting edge it was. Too cool. :0)

[MortMan]

This strikes me as a possible attempt to get XP blacklisted by the users, but perhaps I’m paranoid...