Posted on 08/09/2005 2:56:44 PM PDT by Panerai
Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer.
Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user.
One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack, said Oliver Friedrichs, senior manager at Symantec Security Response. Two other vulnerabilities, affecting the plug-and-play feature and printing in Windows, could also spell some trouble for users, he said.
An error in the way IE, Microsoft's widely used Web browser, handles JPEG images is especially alarming, according to Symantec. An attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on, for example, a Web site or in an HTML e-mail, Microsoft said in its MS05-038 security bulletin.
"These vulnerabilities can be leveraged by malicious Web sites to install spyware, Trojan horses, bots, or other programs on an unsuspecting user's machine," Friedrichs said.
The other two IE flaws that Microsoft now has fixes for could also allow an attacker to take control of a user's computer. One relates to how the browser handles URLs related to a feature that lets users view file folders in IE. The other deals with the ability of IE to call on other parts of Windows and is similar to a problem patched last month.
(Excerpt) Read more at news.com.com ...
...if there weren't so many criminals targeting Windows it wouldn't be such a problem. If Apple or Unix were the dominant platform, I guarantee you would see the same level of hacks on those platforms.
I just have an aversion to willful ignorance; e.g., liberals unfairly and incessantly bashing Bush when in all probability his efforts are keeping their sorry asses from terrorist attacks. Same goes for MSFT bashers; MSFT isn't perfect by any means, but their OS has to operate on combinations and permutations of hardware/application software that dwarfs apple etc. and that isn't easy.
I agree. They have absolutely no clue as to how extremely hard what Microsoft does is, and how well they do it in spite of those difficulties. Granted, it's good to push and challenge Microsoft to do better, but geez, the non-stop bashing of some is just childish.
A couple of questions -- could I successfully reformat my computer with my wife's OEM Win XP Pro disc from her newer computer? Would I be able to get subsequent Win updates?
We bought both computers new from Dell at different times.
Last question -- Since I have misplaced all my original discs, what do I do for drivers for all the other bits and pieces of hardware inside my computer, since I don't seem to have that disc or discs anymore either?
Thanks in advance for any assistance!
In a related story, the people killed on 911 should have known better than to work in a tall building that had previously been attacked.
Let's be democrats for a day and blame the victims.
You could, but the install won't last long, since you will have to activate the OS within a certain number of days, and I seriously doubt the activation will work, and you'll have wasted a lot of time, since it will be unusable. The Dell XP versions are linked to the specific motherboards, I believe. I have two that came with XP pre-installed, and an older machine for which I bought a non-Dell OEM version of XP. The latter asks for re-activation at the drop of a hat; I put a new video card in it yesterday, and as soon as I booted, it told me I had to reactivate. On the Dells with the original install, I've changed/switched hardware several times, with not a peep from XP.
As far as the drivers, etc., all of those can be downloaded from Dell's support website (click on Service & Support, choose "Downloads" and input your service tag number).
You might also try calling or emailing Dell support (include your service tag number) and ask about replacement disks -- it's worth a shot.
I use Firefox.
Should I worry?
So tell me--do Yugos and Volvos and Mercedes and Fords all have the same number of defects per car? Does quantity sold indicate quality of product?
Code is exactly the same. "Market share" or number of desktops in existance does not determine the number of hacks available to compromise the code.
Flawed analogy.
Better analogy: does General Motors stay up nights working on ways to compete with Rico Motors' line of passenger cars? Do they come up with ways to make Rico's Motors' cars break down? Of course not. They focus on the bigs.
Hackers don't focus on the OS's that a relative handful use. But, as recent articles have shown, they're also vulnerable, once the cyberthugs turn their baleful eyes thither.
That's a better analogy. Not friendly to your grudge, maybe, but better.
Dan
Yes, they are vulnerable. I freely admit that. I never claimed otherwise. But they're not AS vulnerable. There are FEWER problems with Linux/BSD than with Windows.
Another misconception. More people use Linux worldwide (even in the US) than any other OS. Your desktop may run Windows, but I guarantee you that most of the hops your connection makes to any given website use Linux.
If a hacker can exploit Linux, s/he'd bring the whole Net down. That's big. That's fame. That's what the bad guys would do if they could. But the Net's still up and running, isn't it?
I'll break FR debate protocol and admit that, if what you're saying is accurate, you have a good point. I don't know whether it's true, and don't have an answer.
In terms of sales, visibility, and being a tempting target, Windows is pretty much it, though.
Dan
LOL! After re-reading my posts, I may have come across as totally discounting your point as well. That really wasn't my intention, as (perceived) visibility does play a large role in selection of targets.
What really makes Windows a more tempting target is the ease of exploiting it--not that it has the only exploits. Also, Windows suffers from a basic design flaw--everyone and every process tends to run as the Administrator, giving full access to the entire machine. Linux doesn't do that. There is a history behind this, and it's quite logical once you understand that history, but it's still a design flaw.
Thanks for the tips and suggestion. I'll give that a try.
But "Market share" does drive the number of hackers that will attempt to attack the system. Windows is by far the dominant consumer OS, and unfortunately most people are not very computer-literate so they don't know how to protect their systems (even though it's relatively simple), making them easy targets for criminals to prey on. That is why so many criminals spend their time looking for vulnerabilities to exploit in Windows - because that's where their highest rate of return will be.
Your desktop may run Windows, but I guarantee you that most of the hops your connection makes to any given website use Linux.
That may be, but those are very specialized networking systems with a very small attack surface area. They're not running a web browser or media player or print spooler or plug and play services or TAPI services, etc. If they were running the same kinds of software that Windows systems are running, you would see the same kinds of vulnerabilities. People are flawed, so any non-trivial software that people write will also be flawed.
You're right. They're not running a web browser, or anything like one. It's not "embedded" into the OS. This is one of the design flaws I was talking about earlier. Integration of everything plus the kitchen sink into the OS is the design flaw that causes so much Windows insecurity.
If they were running the same kinds of software that Windows systems are running, you would see the same kinds of vulnerabilities.
No you wouldn't. You may see some other vulnerabilities, but they would not be the same kinds at all. The main reason is that those pieces of software are not linked into the OS. They run as a limited user, with very restricted access rights even on the very system they are running on. For instance, Apache running on a Linux system can only access Apache files. Not user files, and most definitely NOT system files. Sure, you may be able to deface a web page (woo hoo!), but you won't be able to take control of a system.
DNS usually runs in a chroot jail, which means it doesn't even see anything outside its directory structure, much less be able to get at it. Other services are quite similar. This is also why virii, in the traditional sense, won't get a good foothold inthe Linux world. They just won't be able to to do the things they can do in the Windows world.
Powder..Patch..Ball FIRE!
Irrational anti-Microsoft jihadi mindset detected. Post ignored.
The only thing irrational was your response. Close minded name calling fascist language detected.
That's a ridiculous statement. You claim that as fact? Bookmarked.
It is fact. Notice, though, I did not say it was on the desktop.
TiVo is built on Linux, every router (just about) uses Linux, most web sites use linux. Every time you connect to the Net you are using Linux, whether you know it or not.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.