Buy a Mac!!!
Why does MS want people to leave this on so bad?
MS has known about the exploit for 5 weeks. They could have -- legally *should* have -- informed their customers of the product flaw 5 weeks ago and told customers to turn that 'feature' off.
Instead, MS just left customers hanging in the wind, vulnerable, for over a month while they continued to fraudulently sell XP. And MS has been selling a product they *knew* to be faulty, without informing consumers of the flaw.
Why won't they say how many patches were downloaded? It must be because only a very small number of patches are being downloaded. Which means that there are a *bunch* of unpatched XP machines out there.
And MS won't email customers to make sure they know about the patch and the exploit.
So consumer protection laws don't apply to MS either?
Buy a Mac!!!
Lots of people have provided advance warning about the dangers of having raw sockets in Windows XP and making that the default option. What advantages does even Microsoft see for insisting upon this "feature"?
The monitor drivers under all the traditional 32-bit architectures were one area that the code still was done with a 16-bit architecture. WYSIWYG.
This allows for the multiple monitors under Win2k and the ability to "terminal emulate" the monitor.
IN ADDITION!! The Keyboards can be "epromed" into thinking that there are additional items and that allows for a keyboard logger.
While the NSA, CIA, FBI, USPS, and other investigators will not steal your credit cards the "villians" will.
Laughing...
Be careful and have a merry xmas.
By TED BRIDIS, Associated Press Writer
WASHINGTON (AP) - Consumers and corporations using Microsoft Corp.'s new Windows XP (news - web sites) software are being warned by the FBI (news - web sites) to take added steps against hackers who might try to take advantage of major flaws.
The bureau's National Infrastructure Protection Center said Friday that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP should disable the product's ``universal plug and play'' features affected by the glitches.
The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.
The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.
The FBI also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was under way.
It acted after bureau and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.
The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.
During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.
Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail messages to Windows XP customers to remind them of the importance of installing the patch. It said a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.
``The patch is effective,'' Steve Lipner, Microsoft's director of security assurance, told The Associated Press.
Officials expressed fears to Microsoft about electronic attacks launched against Web sites and federal agencies during the Christmas holidays from computers running still-vulnerable versions of Windows, participants said.
Several experts said they had already managed to duplicate within their research labs ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.
Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication required.
-
On the Net:
National Infrastructure Protection Center: http://www.nipc.gov
Microsoft: http://www.microsoft.com/security
I started receiving an lsass error on boot and the system would not boot unit I did a system roll back and unistalled the patch.
--Boris
When the first Pentiums came out, there was a bug in the floating-point unit. Intel's position was that they would fix the bug in the next rev. They saw no reason to recall the chips already in the field, since the bug would only turn up in an improbable sequence of operations involving floating-point division. The line making the rounds on the then-nascent Internet was...
In this case it was IBM who stepped up to the plate. They had spent twenty years convincing people that while computers might crash, they did not make arithmetical mistakes. They were not going to allow Intel to put that in jeopardy. They issued a press release stating that they would ship no more Pentium computers until Intel revised its policy, issued a recall, and replaced every single defective chip out there as a warranty repair. Within days a couple more followed suit (as I recall Compaq was one) and before the week was out, Intel caved. This cost Intel tens of millions of dollars, but in the long run, it probably did them good. This is how Intel got to be an adult company, instead of the same kind of brash "we own you punks" outfit that Microsoft still is.
This might not be a bad time for Microsoft to become an adult company.
The second word of the day is Tylenol. Having the FBI declare your product a national security threat, and your proposed method of correcting it as insufficient and irresponsible, is not a marketing coup, OK? Does everyone understand that? Good. We here on FR can joke about the FBI not knowing a terrorist from an anthrax spore, but on questions of national security the public is going to listen to the FBI. Getting into a public pissing contest with the FBI over national security -- especially right now -- is really dumb corporate strategy. The sooner Microsoft recognizes that, the better.
The Tylenol poisoning episode is still taught in PR classes as the definitive "right way" to handle this kind of public relations disaster. The right way is to immediately step up, own the problem, and tell people how you're going to fix it. Don't say it wasn't you, don't tell people it was an isolated incident, don't deny there's a problem. Own it and fix it. Do it fast and be up-front about it. Be seen taking action, as a custodian of the public's trust, to make your product safe from would-be tamperers.
I don't see either one of these things happening here. Today it would take a joint press release from IBM, Dell, Hewlett-Packard, and Compaq to do what IBM could do alone in 1991. Having AOL, AT&T, and Earthlink on board wouldn't hurt either.Perhaps such companies are hammering out the language now; I hope so.
In the meantime, Scott McNealy can do us all a favor by keeping his mouth shut. It's time for the adults to step in, not another brash kid with a big mouth.
Microsoft will win or lose the Tylenol point depending on whether there is in fact a poisoning incident. Tomorrow, literally millions of boxes will be opened across the world that contain new computers, most of them with a pre-installed version of Windows XP that contains the bug. By the end of the week, half of them will be on the Internet. If the Bad Guys are going to strike, that's the time. If it happens, Microsoft will have been on record as a taking a passive approach to this problem, stonewalling on how effective their proposed patch distribution scheme is, and asking the rest of us to believe that this is the last such exploit that will be found.
Most of the public will not be paying attention to this, but the I.T. guys will. If there are in fact widespread DDOS attacks in the next several weeks, Microsoft's acceptance as an adult in what must be an adult community will be dealt a serious blow. They'll recover, but there will be plenty of corporate CTOs who will put the "blue X of death" on them as a serious corporate software provider. That 'X' will likely stay there for a long time.
Somebody in Redmond needs to provide some adult leadership here. This is an opportunity to demonstrate responsibility as a corporate entity, and to reveal some sense that the company understands its public trust. The maturity lesson won't cost them a tenth of what it cost Intel. But that's not what they are doing. So far they seem to putting their chips on the "No DDOS attacks" line. That's the bet of a brash guy with a big mouth. If they win, they'll think they've overturned the Tylenol principle. That's a bad move, because the tamperers will be back.