Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!
The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.
The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.
The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.
The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.
A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.
Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.
The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.
During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.
Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.
Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.
``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.
Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.
Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.
Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.
The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.
-
On the Net:
I hate MS as much as the next guy (probably more), and I would like nothing more than to see it crumble underneath its own weight and criminal mismanagement. But the fact is, Bill Gates and Steve Balmer's plan to own your software wallet through the Windowz monopoly is working exactly as planned, and corporate America is powerless after having been sucked into a classic drug-dealer scenario (get 'em hooked first, then raise the prices).
Not so with operating systems, but yet there is still some choice. You, I, and almost everyone else knows that every version of Windows that has been released has major and minor problems built into it. Yet we have continued to buy the product. At some point the individual has to make a decision about his best interests both from a financial and data security viewpoint.
Microsoft did not break the law because I willingly buy their products, which I know from past experience have never been perfect.
Are you running Windows XP? LOL!
And to add to the stew, I am way more than suspicious of their "patches", too, for that matter. I think it's closer to being "microNSAsoft corporation" now.
I then did a reinstall to do a complete load of all the software, which took a little less than 30 minutes. Still trying to figure out which GUI I like the best, as there are 20 listed in the log in window. It all seems bullet proof from the get go, and with the different user accounts I no longer have to worry about my kids destroying the system. I should have done this years ago.
Have I got a case for you.
In ProCD, Inc. v. Zeidenberg, the end user noted that the software package he was about to purchase did not have the text of the EULA printed on the outside of the box, so he could not review the terms prior to going to the checkout line and laying his money down. The EULA was printed on an insert inside the box. Thus he maintained that the EULA did not apply to him, because he was unaware of it at the time of the retail transaction. He then proceeded to use the software outside the terms of the agreement, got caught, got sued. And the district court agreed with him.
On appeal, however, the circuit court reversed the decision.
From the ruling: ProCD proposed a contract that a buyer would accept by using the software after having an opportunity to read the license at leisure. This Zeidenberg did. He had no choice, because the software splashed the license on the screen and would not let him proceed without indicating acceptance.
The EULA does matter, and is enforcable.
And you'll keep paying Cadillac prices for Ford Pinto software... because of fixed pricing, the fact that competition has been ejected from the market, and you (being a non techie) really have no other choice but to run the OS of the masses.
This is socialism, pure and simple.
I know the term is not proper for Linux, but it sure would be nice if MS distributed a few more "shells" with their product. In this sense, I know that there are several shells (LiteStep, DarkStep) available on the web for Windows and i am surprised more people don't use them.
I suggest you do some more reading on the subject before you give out your MS brainwashed opinions. The world would be just fine without MS. Have you never heard of Novell. They have an entire suite of apps that can get you by without the use of MS products when combined with Linux for the client end.
Major corporations are starting to switch away from MS because of licensing costs and because MS has not delivered on their promise for better OSs and Applications.
Don't get me wrong I use MS products on a daily basis and for the most part I have no problem with them at all but the world can live without them.
They still count as a seller. If you buy a book, and the book is sealed, then you get it home, unwrap it, and the book has blank pages or is otherwise defective, the store is liable and must make good.
You 'own' your copy of the software. As much as you 'own' your copy of a book.
And Passport/.NET is already a complete joke among developers. No one who isn't already 'MS-only' is even considering using it.
Microsoft broke the law because they *knew* their product had a defect and they didn't disclose it to purchasers.
They are legally required to inform customers.
Did you read any of the legal quotes?
Well, I was inferring that perhaps there are some transactions going on in the background that you re not notified about. Your firewall, if it is setup to allow microsoft in could be spoofed into thinking that M$ is talking to you but isn't.
Oh, that pipe can be bi-directional; count on it!
Without a doubt, which is why I use a firewall. Not that it can't be broken through, but frankly, I don't have anything worth
Actually, to them, you have quite a bit worth stealing. Whatever identities and other personal info they find on your system, but more importantly, a processor they can use and an IP address registered to you by your ISP, who will tell the feds all they can when the FBI comes around asking.
There was another thread specifically on how.
And what's he supposed to do if the retailer refuses to accept a return on the opened software package?
You're talking about the copywrite infringement. The material is copywrited, I don't doubt that. You have to read the EULA before installing it and running it. This would clearly protect the copywrite, in my mind.
That did *not* question the illegal portions of the EULA, or the question of whether or not the EULA protects the seller in product liability cases.
I'd say the laws above make it quite clear that the EULA is *not* an enforcable product warranty absovling the manufacturer of all product liability claims.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.