Microsoft warns, "Don't Trust Us"! [SCARY WINDOWS ALERT]

Microsoft Web Site ^ | 11/21/02 | Microsoft Security Bulletin MS02-065

[toupsie]

Windows Users: Kiss your data goodbye. Now you can't even trust updates from Microsoft or any web page.

[billybudd]

Uh...I guess we should all go out and buy a Mac now. ... Hahahahaha!

[Badger1]

Microsoft's Software Engineers are outnumbered 1000's to 1 in the number of people writing Windows code vs. the number of people trying to find flaws in the code. Bugs are guaranteed to occur in software as complex as Windows, but I have always been happy with how responsive Microsoft is about fixing those errors.

[BSunday]

That reminds me. I have Windows ME and it automatically searches for updates on the net. This is very annoying to me and possibly dangerous now. How do I stop the Windows Update program from automatically running ?

[toupsie]

I have always been happy with how responsive Microsoft is about fixing those errors.

I have always been unhappy that they cannot keep up with those that breaking their security. Doesn't matter how fast they are if they can't keep up. They need to scrap Windows and start over.

[toupsie]

That reminds me. I have Windows ME and it automatically searches for updates on the net. This is very annoying to me and possibly dangerous now. How do I stop the Windows Update program from automatically running ?

Install Linux or buy a Mac. Remember this is a security problem that we know about. The scary things are the ones we don't know about!

[Badger1]

They need to scrap Windows and start over.

Again, "Microsoft's Software Engineers are outnumbered 1000's to 1 in the number of people writing Windows code vs. the number of people trying to find flaws in the code".

Scrapping Windows and starting over would not change anything. Again, "Bugs are guaranteed to occur in software as complex as Windows." There has never been a piece of software written that does not have bugs. I bet there are just as many bugs in the MAC OS as there are in Windows. But since the MAC OS has such a small market share, not as many people are out there trying to find them.

[Mr. Jeeves]

Yawn. Just update to MDAC 2.7 - everyone else did a year ago.

[Steven W.]

you are either a pure anti-MS type or just don't have much technical experience, do you? This is a garden variety bug you're freaking out over. If this kind of thing really scares you I suggest you shut down your computer immediately, put on your tin foil hat and remove proceed directly to your bank, remove all your money and stow it underneath your mattress, and then take cover there as well. seriously.

[lelio]

Yep, just a garden variety type of bug that gives up control of your PC to someone else.

[discostu]

Well it doesn't "search" the net, it checks it at MS, but it is annoying. More than likely the update check is in System Agent (which should be showing up on your task bar) as a job remove that job and it will stop. I always just disabled System Agent outright, all those messages about not being able to do whatever because my computer wasn't on at 2 AM just irritated me. I forgot how I turned it off though (it's not real intuitive, they really liked it).

[discostu]

Ooh already fixed in the latest MDAC and OS, yeah that's a scary bug.

[Orbiting_Rosie's_Head]

How do I stop the Windows Update program from automatically running ?

Go to Internet Explorer and select Tools>>Internet Options>>Advanced>>Browsing, Then uncheck the option "Automatically Check for Internet Explorer Updates". I believe that might do it.

[ThinkDifferent]

But since the MAC OS has such a small market share, not as many people are out there trying to find them.

Compare exploits against IIS vs Apache. Apache has a substantially larger market share, so by this reasoning it should have more vulnerabilities, but IIS has far more. No software is perfectly secure, but not all software is equally insecure. Microsoft's philosophy has traditionally put features ahead of security. They claim to be changing, but we'll have to see.

[Badger1]

Compare exploits against IIS vs Apache. Apache has a substantially larger market share, so by this reasoning it should have more vulnerabilities, but IIS has far more.

This is a straw man. I was not implying that a software’s market share correlated to the number of bugs in it, just to the number of people trying to find bugs in it. I’m sure there are operating systems with fewer bugs than Windows (and some with more), but there is no operating system with a larger market share than Windows.

[toupsie]

If this kind of thing really scares you I suggest you shut down your computer immediately, put on your tin foil hat and remove proceed directly to your bank, remove all your money and stow it underneath your mattress, and then take cover there as well. seriously.

This "kind of thing" doesn't scare me, I use a Mac. I wouldn't call this a garden variety bug. When M$ tells you, you can't trust them and their updates, that's not a good thing. And no, I am not anti-M$, I am just not "Pro Windows". I use M$ software all the time on my Mac and runs well and fairly secure. Its sad M$ can do it on a Mac but can't on their own OS.

[toupsie]

This is a straw man. I was not implying that a software’s market share correlated to the number of bugs in it, just to the number of people trying to find bugs in it. I’m sure there are operating systems with fewer bugs than Windows (and some with more), but there is no operating system with a larger market share than Windows.

Then your statement has proved ThinkDifferent correct. Apache has a larger marketshare than IIS therefore, by your logic, more hackers should be going after Apache and finding more bugs in Apache than IIS. However, more "bugs" have been found in IIS.

Marketshare does not equate to insecurity, design does. Microsoft has admitted to as much in the past.

[InfraRed]

What steps could I follow to prevent the control from being silently re-introduced onto my system?

The simplest way is to make sure you have no trusted publishers, including especially Microsoft.

100% pure Grade A irony, on so many levels...

[Badger1]

Then your statement has proved ThinkDifferent correct. Apache has a larger marketshare than IIS therefore, by your logic, more hackers should be going after Apache and finding more bugs in Apache than IIS. However, more "bugs" have been found in IIS.

Having never used either Apache or IIS, I don't know what the market share of either of them is. Perhaps Apache is a better-written OS and has fewer bugs than IIS, regardless of how many people are trying to find them. My point is that a large number of bugs are found in Windows because it has the largest market share of any OS in the world. If Windows had a small a market share as either Apache or IIS, I'm sure fewer bugs would be found in it.

[billybudd]

I am not anti-M$

That's got to be the most hilarious thing I've heard today. Thank you.