Microsoft probing Windows 7 zero-day hole
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.
"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks," Gaffié wrote.
Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."
On Tuesday, Microsoft issued six patches to fix 15 vulnerabilities, including a critical hole in the Windows kernel, as part of November's Patch Tuesday.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Trust me, this time is going to be different.
ROTFLOL
I have to admit Apple got this one right in their hilarious ad.
Hopefully they get this problem fixed sooner rather than later.
Answer: On my network running more reliably than all our Windows servers combined, thank you very much.
Apple posts an update [Flame.wars];
Microsoft posts an update [Flame wars]
Its just too funny to watch..........
Not a good sign when a strong Apple proponent like Leo Laporte is chastising Apple for essentially smear tactics.
CVE-2009-2906 - Samba Oplock Break Notification Remote Denial of Service Vulnerability
Specious
happy yet Apple??
I'm tired with all the BS!
why don't we live in peace?
Number of zero-day holes in OS X: zero.
Number of zero-day holes in Win7: Depends -- what day is this?
The only possible threat to OS X is a trojan -- an app that a user downloads deliberately, thinking it's a legit app, when it's actually designed to do damage. This type of security threat is impossible for an OS to protect against, so it's a threat to every OS, and can only be avoided by the user being smart about what and where they choose to download.
high speed internet sir? oh i'm so frustrated that i have to wait 5 MINUTES to download updates for my mac...not. last time i checked, when i install vista on my pc i had to download 84 UPDATES! don't think that's right...
oh and the "core innovative feature"
didn't that get fixed like 2 days ago? why yes it did! =)
Hasnt OSX had it share of problems as well. ROTFLOL
I have to admit apple os is not flawless.
http://www.apple.com/getamac/ads/
"Broken Promises Ad "
Win 7 = Vista 2
Smear tactics disguised as comedy has largely grown old and lame. Apparently Apple believes people are too stupid to realize this and really are just sheep. Nice one, Apple. Insult computer users. Good way to grow your business.
Well whatever their doing it seems to be working :)
LOL
It sure must hurt.....
ouch
Oh well -- to each his own.
mac users dont have that issue :) you pay for what you get. "
That is a trip to the Apple store to get it fixed every other month. HAHAHAHAHA
I dont know what world your living on
Look, they make some good products but a slavish devotion to an operating system is just creepy.
So Macs have bugs and security holes? So what are the hypocrites above complaining about when MS puts out fixes? I ran Linux for a short while, too, and that had fixes almost weekly.
My tab: Running flavors of windows, daily, since 1989. Spent $0 on security. Have gotten zero viruses. Seems reasonably secure to me.
-Microsoft Windows 7 manager
what do you think Microcrap was gonna say?! "He was 100% right". No way their gonna have a PR guy all over that. Like a fat kid on cake
happy yet Apple??
Why don't everybody stop hating and just stick with what you have!
I'm sick of people saying this thing is better or it's not... Every software has its holes and problems.
LIVE WITH IT. You are not 5 years old
http://download.cnet.com/8301-2007_4-10395874-12.html?part=rss&subj=news&tag=2547-1_3-0-5
Fact: OS X, in over eight years, has had exactly ZERO self-propagating viruses in the wild. What that means is that as long as a Mac user avoids downloading and installing trojans (which are impossible to protect from in any OS), he can have 100% confidence that there will not be a security problem. Zero risk? It's a concept that Windows users can't even imagine, so instead they imagine that "OS X security updates" = "problem."
Fact: Windows, in each and every flavor over the years (see "Hodgman, John"), has been riddled with hundreds or thousands of actual damage-causing self-propagating viruses, almost from day one of the OS release. I have no idea whether that is yet the case with Win7, but historical data tells us we'd be idiots to believe this time will be any different.
You can pretend each OS has the same risks if you like, but only other ignorant Windows users will swallow that bunk whole.
BTW, Historical data shows that Windows is THE market leader many times over. Let people use what they like. Why dontcha use your hot air to power a turbine or something useful Splashes...
Claiming Apple OSX does not have a virus is like suggesting Sweden's superior military strength is reason why there is no terrorist attack in Sweden, where as USA has weak military and security hence terrorists are able to attack USA. Nothing wrong if you are living in sweden or america, but the scale and target by a terrorist has different motives similar to hackers in computer.
Hackers go for a common target, because even 0.5% success in Windows population would result in enormous bank balance and even a 0.5% success in Mac population would not pay for hacker's Mac.
But what I hate MOST about Apple is...yeah their products are good. I have to admit I like how Apple designs their products. The iPhone apparently still can't be beaten and a MacBook Pro of 17 inches allow 7 hours of power. Its amazing and kudos. However, I think Apple is just a sore loser. All their ads attack Microsoft and put them as if they are nothing for Apple.
Well okay Apple. If you were that good, you don't need to go around talking crap about other companies.
Quick reminder here: in the desktop OS market, Apple is the underdog, with (at most) 10% of Windows' market share. Sure, Apple's ads bash Windows, and Microsoft's ads bash Apple, and Verizon's ads bash the iPhone -- that's how the game is played. They're all playing to win. Get over it.
I suspect you're reacting more to the perceived arrogance of Apple. Feel free, but if anybody's earned the right to be arrogant, it's Apple. Microsoft has been coasting for years.
But the big picture isn't advertising. It is technology. All technology has flaws, discovered and undiscovered. The truth of the matter is that anything that is built, can be ingeniously taken apart aside from the intended methods to do so. That's security. That's hacking. That's how it's been and how it always will be. Any software, Mac, PC, Linux, Unix, that has ANYTHING broadcasting on an IP address can be owned by a worm. The only question is, when will the exploit be researched and implemented.
You mentioned market share. Well, you gave a part of the answer to your own "relevant" question with that. Much incentive is given to the grey/black hat community from Market share alone. Who gives a f*ck about researching a exploit if the target market share is only 10% of the entire potential target-base? Not as many. Hackers who have enough will and way to actually research, test, and implement exploits are going to make their time worth it. Period.
Given that Macs have a low market share, we don't have as much historical data (or relevant historical data) to really base the question of how likely it is based on historical data to get infected by a worm. Macs just haven't been around long enough WITH a large enough market share to see all of the exploits come out of the woodwork.
I know I'm not going to get through to you. I'm sure people have pointed out that its wise to view technology as technology instead of dwelling on a single brand, but I'm going to state it again. If using a Mac suits your needs, GREAT, but don't get on a soapbox claiming its the end-all be-all.
I've used Mac, Linux, and windows3.1 through 7, and @ the end of the day, its all the same in my eyes.
But seriously, at the end of the day...they're pretty much the same. They're all good in their own ways, and they all fail with their own problems and faults. You just got to deal with it !
I've seen a lot of computer advertisement and I can't seem to think of one windows add that even wasted it's time acknowledging apple or the mac OS. I don't mean to dis but really back yourself up here. Youtube clip of an old commercial or something. on the flip of this coin I rarely see mac adds that don't directly mention and usually insult the pc user. yes all the way back to the Bill Gates face on the big screen with all the people just milling about where the one lady comes in throws a hammer and busts the screen.
I'll bow down to the Verizon adds being an unkind voice to your precious i-Toy but there is not one thing in those adds that has anything to do with MS. Maybe you mac guys need to take your torches and pitchforks to Google Verizon and Motorola
...and using facts to do so only makes them all that much more effective.
It's simple, really - I'll use a small parallel. Every campaigning politician cries long and loud about how they detest and refuse to stoop to 'mud-slinging', even as their own ads (usually launched by proxy campaign groups) sling mud by the truckload. Ever wonder why? Because those ads work. They work very well. They work ungodly well, especially when the ads use easily verifiable facts to do it.
If Apple's ads were not factual, or if they were misleading, or whatever, you can be certain that Microsoft, Dell, HP, and such would've sued Apple over them. There's a good reason why they haven't, and that reason has nothing to do with their being gentlemen about it.
Hell, Microsoft even tried to get back directly with those silly 'laptop hunter' ads, until world+dog began checking the facts behind them and discovered that Microsoft was pulling assertions out of their collective backside... those adverts have quietly died ever since (one, because they were too close to being misleading; two, because they didn't do squat for sales, and the only thing worse than a misleading advert is an unproductive advert campaign, yanno?)
There's a bit of art to the science of advertising in this manner - keep it general enough to keep the assertions unassailable, but direct enough to drive the point home. Apple has managed to do that very well, as their sales and growth figures have shown, and still show.
"Can a consumer learn a single thing about a Mac based on any of the commercials?"
Actually, the answer is yes. The adverts drive home that the Mac isn't susceptible to the foibles and woes that they portray the PC as having. It's very similar to a political ad that, by default, says Candidate X does not do all of the nasty, ugly, unpatriotic things that the ad says Candidate Y is horrendously guilty of.
"Given that Macs have a low market share"
...yet growth can still be tracked. Apple's marketshare in 2000 was likely less than 1%, if we were to use NetApplications' revised tracking methods. Nowadays, by that same metric, Apple's marketshare growing at a rate between 0.5 to 1% a _month_, and rough estimates show the growth curve accelerating.
"Who gives a f*ck about researching a exploit if the target market share is only 10% of the entire potential target-base? "
Considering that "10%" consists of computers demonstrably owned by people with more disposable income on hand, there's no antivirus use to speak of, and a near-homogeneous OS environment? Seems like ripe pickings to me, and malware authors certainly have tried (though so far have only managed a smattering of odd and convoluted trojans).
But hey - Apache owns the vast majority of the Web server market, yet the vast majority of exploits for web service software have focused on Microsoft IIS, even when IIS was at less than 10% of that market. Considering that a 24/7 server is far more useful to a bot herder than someone's laptop, why do you think this is so?
==
"At the end of the day. They're all the same."
To a point, this is correct - you use the best tool for the job at hand. OTOH, when the job at hand relies highly on security, ease of use, and reliability, some OSes are, to rip off Mr. Orwell, more equal than others. :)
==
"I can't seem to think of one windows add that even wasted it's time acknowledging apple or the mac OS"
Google for "laptop hunter" - it made a pretty big splash before Microsoft pulled it, apparently out of sheer embarrassment ;)
your right I forgot the laptop hunter ads that showed pc laptops cost less than apple laptops. sure that's a dig, I could see how the simple brass tax of cost less being unkind. The commercials you speak of only misrepresented apple pricing(hence apple's whining) after they lowered their prices(lawsuit linked to price update button). I can still find a laptop with equal(as in same processor, brand board, ram, hard drive and even same realtek and broadcom chipsets) for much less then an apple. hell I'd install osx on a laptop for personal use if only i didn't have to resort to apple extortion or a hackintosh. Again though you have corrected me even if you only could find one example of MS mentioning apple in a commercial.
"...and using facts to do so only makes them all that much more effective."
HOWEVER, those same facts largely apply to the Macintosh product as well, but they don't mention that in the ads, now do they? According to the Apple ads, It's only Windows machines that have hard drive failures, require data backups, have software glitches, or require OS updates. That's the *facts* that they present in their commercials.
They don't mention that you have to do all of that on a Macintosh too. Now that's just being dishonest with consumers, intentionally trying to fool them into believing a lie that Apple has been trying to promote for years.
Does a Mac have a HDD? Yes. You need to back it up. Why would Apple even have Time Machine or Time Capsule? According to Apple, they don't have hard drive failures, so there is no point to them having these services or products, and yet they do. Perhaps they hope that Apple users won't see those ads.
Does a Mac need OS updates? Not according to the commericials. I suppose all those new OS updates that Apple releases are just fiction then- just like the ads themselves.
Does a Mac ever have a software glitch? The ads say no. The dialogue box on my MacBookPro saying there is a problem with the file being corrupted would say otherwise. Apparently Apple just likes to play with the end user, tossing up these fake messages- after all, there are no software glitches according to the ads.
Why doesn't Dell/HP/Microsoft/etc sue Apple for the ads? Why bother? A person who is stupid enough to believe the lies learns the truth soon enough afterwards and that is a far better response than any that the OEM's can give. They largely don't fall to Apple's sophomoric levels. Apple's ad have become an embarassment to them and their users. Consumers aren't nearly as stupid as Apple may want to believe they are.
The MSFT laptop hunter ads didn't get pulled. They reached the end of the ad cycle. Unlike Apple, they don't feel the need to beat consumers over the head with mindless reptitition. They made their point quite successfully and moved on. It's something Apple ... and you... could learn from.
Your comments indicate that there's at least one more person out that Apple has fooled completely.
Mac for enterprises - Nah, not likely in my lifetime. 92% PLUS enterprise users are STILL using the PC and growth is tailing off there. I love the MAC, don't get me wrong and glad I made the switch but 99% of enterprise s/w will only run on the MAC if you put MS O/S (aka Vmware) on it.
I think MAC people are angry that despite ALL of the flaws of MS, it cannot persuade the enterprise world to switch.
As Apple has grown I am seeing the same lack of transparency, numerous updates after updates and security holes and bugs - AND apple only had 7% of the market!!! - eek...
I thought I was reading The Register for a sec there
Ok.
Apple patches MacOS, so MacOS is a bad product.
Actually I think both OS's are perfectly fine at what they do, I just use Windows because, like it or not, it runs more of the software I want to use. That and as a system builder, it's easy for me to upgrade individual parts as needed, instead of buying a whole new system every couple years.
Do I deal with viruses and instability? No. I guess I'm a freak, because once XP1a came out, XP almost never. I say almost because once in a rare while I would try out some new software that was buggy in and of itself, and that would crash, but I do not blame the OS for that.
Aside from those instances, XP has never crashed. Windows 7 has yet to crash on me And, yes, gasp in awe, I do actually use it actively. I surf the web responsibly, keep an updated AV solution, play modern videos games, watch DVDs and Blu-Rays and do graphics editing, and sometimes I do these things all at the same time.
Maybe MacOS wouldn't crash on me either, but Windows is what I'm comfortable with and satisfied with.
The main problem is LACK OF SOFTWARE SUPPORT. Can't blame that totally on Apple however. If more people would port their programs between Windows and OSX, we might get some more competition.
As to Linux...... it's still too command-line only for installing things. If that would go away and I could just doubleclick on things to install them in Linux..... Linux would be a good choice for me.
When MS patches windows, it is because Windows is an inferior product and should be ridiculed and mocked.
When Apple patches OS X, it is because they are being proactive and to be cheered for their efforts.
That's the doublestandard in play.
You are also right about the 'fleecing' that goes on with Apple fanboys. I look at a computer that costs 2K and expect a KICK-ASS gaming machine.
- by topanaris November 12, 2009 7:31 AM PST
- If am not mistaken at DEFCON arent apples always the FIRST OS to get hacked
- Like this Reply to this comment
-
-
- by Fire Balls November 12, 2009 8:36 AM PST
- Yes they are. lol Apple also takes much longer to patch then Microsoft see http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf
- Like this
-
- by celticbrewer November 13, 2009 4:48 AM PST
- you're correct.
- Like this
-
Showing 1 of 2 pages (111 Comments)Also by default the firewall is DISABLED by default in Snow Leopard
http://www.macobserver.com/tmo/article/snow_leopard_enabling_the_built-in_firewall/
Of course, Apple blames 3rd party software for the hole.
That's a good idea for any computer user concerned about security- don't run any software! Don't network it, either.