Posted on 01/02/2006 5:07:56 AM PST by KeyWest
Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."
I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
(Excerpt) Read more at isc.sans.org ...
Dang. You mean it ISN'T a computer forum?
Well, if Forbin can cut the Colossus links to Guardian we can get back to chatting about news and politics. Till then, it's tech stuff . . . |
What i naive comment. EVERY company releases software before it is finished: name one that doesn't.
No one who programs can say that their software is complete and bug-free. Hell, even if it's just 1 line of code you still can't be certain due to the code that runs under yours.
Program a little, put it in production, and see how much crap people find: it is truly astonishing. Do it without a profit motive and they will actually find more because you aren't as careful.
LOL!!!!
I don't code, but I see lots of parallels to confirm the truth in that.
Humans (we) are monkeys with typewriters. If you want something broke or exploited, release it to the masses. As sure as God made little green apples, it is going to break.
I don't necessarily hold it against MS or Apple when they release an OS update and something doesn't work. That happens. I hold it against them when they don't fix it ASAP when it is discovered.
I am much more critical of software companies...they have a more focused approach, and testing can be much more rigorous. Their products should be cleaner and more functional on first releases, IMHO.
Here is an example of someone complaining about using FR for computer help.
I actually got more answers, faster, here than on VirtualDr a couple of years ago- we have around 233,000 members now, but even then, with so many different people, professions, hobbies, etc., you can get just about any question answered, or get pointed in the right direction.
I suspect it's worse than that. Probably something more like. "Start coding, we'll design it later"
Bump
You don't necessarily know what the issue is when a problem is discovered. I once spent 2 days tracking down a misplaced semicolon. You can bet the MS coders are pouring through it but even when you find it, you have to assess the impact on the other code for a fix. People act as if there is a behemoth behind all of this but my guess is that the load falls on a small number of coders to get it isolated and corrected.
Microsoft tests their code base on more than 10,000 software configurations and probably has a better QA department than any other software firm. That said, things get through. QA tests are only as good as who made the tests and they don't predict the real world use.
Imagine a machine where there are 200 million moving parts. You can work your tail off to isolate all possible failures but it is a bitch to get it 100% correct. Sure, we all want more stable software products but get into the code side and see how complex these things are. You have to realize that software is THE most complex thing ever created by human beings and we're are certainly not perfect.
Personally, I am suprised that Windows and its programs work as well as they do. I give Microsoft credit for making the best software available...period.
I kind of give them credit for that as well. To put out releases that don't break hardware and software is a real feat.
I saw their next O\S (Vista) in alpha mode running a 1985ish program at the last TechEd. They really strive to make things work in today's world but not break what runs yesteryear. That takes feats of programming. As a coder, I respect that level of effort.
Dude, the people who PUBLISHED the "new and improved" version are supposed to be on OUR side. Or at least they CLAIM to be.
I have to agree with the author. What a bonehead move on somebody's part.
Yeah - but al baby put him in his place...
Ain't it the truth?
What's worse is when you read the code, and your MIND sticks the semicolon in there...
That's usually another several hours, depending on how computer-melted your brain is by that time.
(C) 1998. All Rights Reserved.
If you have a machine with 200 million moving parts, the engineers aren't just addressing the problem. The engineers are the problem.
Personally, I am suprised that Windows and its programs work as well as they do. I give Microsoft credit for making the best software available...period.
Except for all the others.
I don't seem to see anything telling what the symptoms are.
It's not a virus it's an exploit. A means of gaining access to your computer. A malicious person can do *anything* he wants using this exploit.
It looks pretty serious. I would suggest at the very least performing the Microsoft workaround mentioned on the various sites linked here.
Otherwise, I would suggest you not continue reading FR, since any hack DU clown could post a malicious image in a thread here and you are done.
As I understand it, anyway.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.