Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!
The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.
The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.
The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.
The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.
A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.
Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.
The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.
During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.
Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.
Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.
``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.
Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.
Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.
Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.
The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.
-
On the Net:
One last time, I'll try honest reason:
This is as open-and-shut a case as you can get! What is it in that simple, straight-forward reasoning that you disgree with?
There is no defect. The feature does what it is suppossed to do. It configures network devices.
I'm sorry for 'shouting', but it seems you missed this the first 2 times I posted it.
This 'defect' (and the fact that others can take control of a machine *is* a defect) would certainly have influenced buyers.
MS was legally obligated to inform consumers of the defect.
It just gets frustrating, like dealing with Clintonistas. This defense of MS is like saying, "it depends on what 'is' means".
There is no law stating that copywrite has to be on the cover. He was trying to apply 'product liability' law to a copywrite case, and rightfully lost. His case didn't have anything to do with the 'EULA' but with the copywrite protections.
You would *win* in this case. The EULA doesn't protect a thing.
I have no position on the product liability issue. Based on past history, XP users should have known there would be problems with this software release, as with past releases. They pays their money, they makes their choice.
My opinion: Wrong Choice.
Please note that as part of the EULA, there is a "As is and with all faults" phrase. I did not capitalize it, it came that way from a previous poster.
Please note that in this article of the ELUA, disclaiming the "loss of privacy" as well as any number of other things.
Quote from an old girlfriend: become familiar with the store's return policy before making a purchase.
Females are born shoppers... they know these things. ;-)
That case had nothing to do with the EULA. That was about the copyright.
The defendant *tried* to claim that since the EULA was unenforcable, the copyright didn't apply to him.
A demonstrably silly point, in my opinion, and he lost.
NOPE, just the poor people have laws to obey.
From the EULA:
11. LIMITED WARRANTY FOR PRODUCT ACQUIRED IN THE US AND CANADA. Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.
If an implied warranty or condition is created by your state/jurisdiction and federal or state/provincial law prohibits disclaimer of it, you also have an implied warranty or condition, BUT ONLY AS TO DEFECTS DISCOVERED DURING THE PERIOD OF THIS LIMITED WARRANTY (NINETY DAYS). AS TO ANY DEFECTS DISCOVERED AFTER THE NINETY (90) DAY PERIOD, THERE IS NO WARRANTY OR CONDITION OF ANY KIND. Some states/jurisdictions do not allow limitations on how long an implied warranty or condition lasts, so the above limitation may not apply to you.
Let me guess -- you're an employee of the company?
You're excusing obvious illegality, looking desperately for a loophole to let MS get away with violating product liability laws.
That's why so many of us appear to be 'MS-haters'. We have the *nerve* to suggest the law should apply to MS, while ya'll try and excuse any lawbreaking MS engages in.
That is the claim of several here.
They're down to trying to claim that the clear and concise laws don't mean what they clearly say.
What is the meaning of 'is'?
It's dealing with the MS version of 'Clintonistas' that does it to me. Not you.
Have you ever tried to discuss Clinton's criminality with a 'Clintonista'? Did it make you frustrated?
I'm there, with this.
Again, forgive me.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.