My advice to you is to start drinking heavily.
Posted on 09/11/2002 1:40:24 PM PDT by HAL9000
Windows XP contains massive security hole
Install the Service Pack and, shush, don't tell anyone...
MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.
According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.
A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."
This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.
Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.
Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.
The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ
Ok, then why have so many more vulnerabilities been found in IIS than Apache, even though Apache has a larger market share? It's true that all software is buggy. It's not true that all software is *equally* buggy.
What a language. I thought of replying to you, but your lack of civility does not warrant that.
A simple URL has the ability to delete files from the hard drive.
I'm not sure how many of ya'll are developers, but that is one *pathetic* piece of programming. There is simply no excuse for an error of that type, of that magnitude. That is people simply not caring about doing a good job.
For a wide variety of reasons, in a wide variety of ways, this is just unacceptable. At some point, MS is going to have to begin to be held accountable to the laws that prevent a merchant from selling a product that does not perform as advertised. They should be encouraged to perform a recall of all the copies currently on the shelves.
And just imagine what else is hidden there in plain sight?
Probably opens up 5 more security holes...
You're absolutely right. Every time I've downloaded a patch, I've made the problem worse.
What do you recommend for someone who has XP?
That is what I said in the post. "People" was addressed to someone else (reread my earlier posts if you care) that DID demonstrate the lack of basic understanding.
But my post was in response to your saying that unless one has some idea of the process, No, one has to know more than a process: one needs to know what difficulties exist in creating a specific product.
one should just pay up and not complain (is that an adequate paraphrase of your question?). No, it is not, as I actually said in the post to which you are replying. I said, "Naturally, you could blame the misfortune, the fact that things get old, etc. It is quite another, which is the case here, is to raise the accusatory finger at someone without a slightest reason."
So, you can see there was never a need to for you to assert your qualifications: I did not have any disagreement with what you said. But, without addressing this to YOU, let me add that programming is still young and exceptional. There are plenty of people that "write the software" -- various macros for Office environment or perform some queries in DB2 --- and are convinced that they know something about software design. Yet, most of these people have not even studied data structures or of deadlock avoidance. The fact that one writes programs for a living does not mean that he can, or even knows how to, write a compiler.
The argument "I know because I write software for a living" is as incorrect as "I can criticize the engine design because I drive for a living." One can be dissatisfied with the engine's power or frustrated when it breaks. But he acts an ignorant and spoiled brat when he declares, "I paid whole $150 for this engine; why didn't they make it a 500 HP one?"
To reiterate: this is not personal; you may well know how to write a compiler or implement reentrant code. But if you do, you know them not from writing software for clients.
You agree that...Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer.So...people used to complain when MS made a point of breaking competitors' software ("DOS isn't done until Lotus won't run"), but now, to get important updates to MS software, you have to agree that they have the right to break any applications you might be using.
I don't want my OS to be an all-purpose life enhancement tool.
Top Quark said: If MS were to develop a more specialized system tailored to your needs, it would be in the millions.
OK--I think there's a disconnect here. Charlotte is saying that the OS should provide ONLY a hardware interface, and TopQuark is saying that would cost millions, since they'd have to strip out all the applications MS currently piles on top.
Does that make any sense whatsoever?
I've done it once -- on a system I was going to wipe and rebuild -- just to see what it would do. Except for some stuff in /dev and /proc it cleaned that disk real nice... but then the thing just wouldn't shut down right after that... ;-)
"rm -rfv [dirspec]" is handy to clean out and delete a subdirectory, but you had better type that dirspec carefully and make sure you say what you mean.
My advice to you is to start drinking heavily.
AIX? SMIT is my friend!
You are correct, there are more. And it seems to me that all Mac Power users also admit they have Windows, Linux, and other boxes running as well. If the Mac is the be-all, end-all, why do you use other stuff? I have a Win 2000 box and will soon build another. That's it.
If Apple would sell the parts for me to build my own system, and if developers would introduce more software for the Mac OS X, I'd switch in a second.
Turn off automatic updating. Oops, did I get in the way of your paranoia?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.