Microsoft discloses 'critical' security flaws

CNN ^ | August 23, 2002 Posted: 9:29 AM EDT (1329 GMT) | Reuters

[toupsie]

SEATTLE, Washington (Reuters) -- Microsoft Corp. said Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers.

The world's No. 1 software maker said that an attacker, using e-mail or a Web page, could use Internet related parts of Office to run programs, alter data and wipe out the hard drive as well as view file and clipboard contents on a user's system.

[toupsie]

I am completely shocked by this. Microsoft has had an excellent track record with security in Windows, Internet Explorer, Outlook and its Office package. Its ironic that their Macintosh Office package, Microsoft Office v.X, is not affected by this and we all know about the problems Apple has with their UNIX based OS with tens of thousands of viruses, trojans and massive security holes. Steve Jobs was even forced to send out a memo to his staff this year to focus on security first.

Oh wait, I got that backwards...

[LurkedLongEnough]

Time to drag out an old favorite:

Switch from Windows to Macintosh in one step...

[chance33_98]

I do UNIX systems administration as well as Windows. Unix has several security flaws and more crop up - but less people use it and those that do routinely update with patches as well. Macintosh? Who the hell would want to hack one of those???

If you target an OS you will find problems. I found some with my ISP's Linux system, which they have yet to be able to find a fix for. It affects the email, ftp, and telnet. Windows does have more bugs though, but like any OS I doubt there is ever a way to fix them all.

An aside note, check out the NSA's web site for computer security - appears UNIX has a lot of fixes needed and procedures that need to be followed if you don't want someone hacking into it. Both need work, and both will always have holes. Microsoft though will probably always have more.

[Astronaut]

Yep, its a simple solution: Get a Macintosh.

[chance33_98]

I have no problems with MACS. We all need a computer for something, and each has it's grip and use somewhere. Use what works for you. I run a huge solaris server at home, several win2000 servers, and Linux. All have pluses and minuses. Used to use, and work, on macs. I hope they have improved because they were down as much as people say windows was down. Remember the 'freezing' problems that were around for some time with netscape and macs? And the ones at the newspaper used to just go belly up and freeze solid. No blue screen, nothing, just frozen solid.

[chance33_98]

Raba said that, compared to other operating systems, Macs are rarely hacked, not because of any inherent security superiority, but simply because there are fewer hackers who are interested in finding out how things on a Mac work.

Raba agreed that Mac users need to start thinking about safe computing, no matter what version of the operating system they are running on their machines.

"Hacking and cracking programs exist for all operating systems, and the Macintosh is not an exception," Raba said. "For almost every Windows back door or hack that you hear about, there is an equivalent for the Mac OS. One of our websites, Freaks Macintosh Archives, has thousands of Mac hacking tools."

From HERE

[dinasour]

Time to drag out an old favorite

Thanks, that is really clever.

[toupsie]

Nice article, over a year old and yet the problem has not "ripened" for Mac OS X. As for Freaks Macintosh Archive, that software relates to the ancient Mac OS 9 and earlier. While, I admit Mac OS X 10.2 is not 100% bulletproof, it is at least 5 nines. Since Mac OS X has been out since 2000, I have yet to see one remote exploit or virus that targets it specifically. The only security problem that was around was due to, surprise-surprise, Microsoft Office v.X!!!

[js1138]

Who the heck would bother attacking a system that has only 4% of the market? Lots less than 4% if you consider that most Mac users are not up to OSX.

And what will hackers find? Certainly not valuable databases, since businesses do not use Macs for database servers -- at least not in any numbers that make them attractive to hackers. The primary business use for Macs is in graphic arts and multimedia.

[toupsie]

Who the heck would bother attacking a system that has only 4% of the market? Lots less than 4% if you consider that most Mac users are not up to OSX.

So its not that Microsoft's security is poor, its because of market share. Hmm, someone got their Microsoft marketing newsletter this week. "Hey, its not because we don't care about security, its because we are so popular, yea, yea, thats the ticket!".

Good try. But the market share excuse has been routinely debunked -- even by Bill Gates himself in the memo released to Microsoft employees this year decrying the lack of security focus in the company. You are going to have to come up with a better excuse. Its tired--as quanity does not equal quality.

[js1138]

Market share has nothing to do with product defects, but it has everything to do with the motivation to attack certain kinds of systems. The only virus/worm I've ever personally seen attack a system was Melissa. It arrives through a Lotus Notes email server spread to a number of workstations through shared documents. It could not spread outside our office because it didn't understand the Notes server -- but not because Notes is invulnerable. Who would attempt to spread a worm through servers that don't have enough market share to carry the infection?

[toupsie]

Market share has nothing to do with product defects, but it has everything to do with the motivation to attack certain kinds of systems. The only virus/worm I've ever personally seen attack a system was Melissa. It arrives through a Lotus Notes email server spread to a number of workstations through shared documents. It could not spread outside our office because it didn't understand the Notes server -- but not because Notes is invulnerable. Who would attempt to spread a worm through servers that don't have enough market share to carry the infection?

So what you are saying is that 23 million Macintosh computers connected to the Internet is not an appealing target to attack? Sounds like a lot of systems to attack to me.

[js1138]

If there are 23 million Macs, then there are 500 million PCs (96% market share). Sounds fishy to me. How many are connected to the net continuously? How many have confidential business info? How many run mail servers?

I don't have answers to these questions, but in 20 years of programming, I've never seen a Mac used to run a corporate database.

[toupsie]

How many are connected to the net continuously? How many have confidential business info? How many run mail servers? I don't have answers to these questions, but in 20 years of programming, I've never seen a Mac used to run a corporate database.

Well since Mac OS X is based on BSD UNIX, tons of companies have been running their mail servers, corporate databases and store confidential business info on that OS platform. Its like saying "I don't anyone that runs a company on Windows XP Home Editiion so no one uses Windows .NET". In fact, more web sites use the software that Apple uses than the Microsoft's web serving product.

Do a little research and you will see what really powers Apple's current operating system.

[js1138]

I have nothing against UNIX. I programmed in "c" for 8 years -- AT&T UNIX and XENIX. My only gripe about these threads is that I have never personally seen any of the dire flaws attributed to Windows or to NT servers.

I'm glad that Mac finally has a good OS, but I started using NT 4.0 in the mid 90s and have never seen the system crashes everyone says are common with Windows. In fact I never reboot except when installing new drivers, or after power brownouts.

[toupsie]

I have nothing against UNIX. I programmed in "c" for 8 years -- AT&T UNIX and XENIX. My only gripe about these threads is that I have never personally seen any of the dire flaws attributed to Windows or to NT servers. I'm glad that Mac finally has a good OS, but I started using NT 4.0 in the mid 90s and have never seen the system crashes everyone says are common with Windows. In fact I never reboot except when installing new drivers, or after power brownouts.

When I joined the company I work for, the entire infrastructure was NT and falling apart left and right. It took me a year, but I moved all our systems to UNIX. Since then, we rarely if ever, have system failures. In fact, several servers have 400+ day uptimes surpassing the golden 5 nines. I have never seen an NT server come close to one year of uptime.

I have seen NT Servers crash doing absolutely nothing...no programs running and not connected to a network! You are lucky if have not seen the same problems as the majority of NT sysadmins.

[TechJunkYard]

I am completely shocked by this.

Heehee.. well, I'm glad they're finally finding and fixing these things. Still a long way to go though.

Then they'll need to work on their server stuff... and privacy stuff... and .NET stuff.. and.. and..

[dheretic]

Raba said that, compared to other operating systems, Macs are rarely hacked, not because of any inherent security superiority, but simply because there are fewer hackers who are interested in finding out how things on a Mac work.

That assumes that all OSs are fundamentally the same inside which is no more the case than saying that anything (laws of physics aside) that affects one car will affect every car. Some things are universal, but obviously that logic doesn't hold up. Could it be that.... *gasp* Microsoft just doesn't get it right because they're too pennywise, pound-foolish to let their coders completely rewrite all of their products from scratch... It's not like they don't have the resources. God knows they have the money and competent manpower to do it.

[dheretic]

My friends and I sometimes just call it NeXTSTEP 5 :)

[Jorge]

Who the heck would bother attacking a system that has only 4% of the market? Lots less than 4% if you consider that most Mac users are not up to OSX.

Thank you!