Version: 2008
  • On TV.com: NARUTO SHIPPUDEN latest episode

Comments on: Wide-ranging flaw crashes programs

Hole in a data compression technology used in both open-source and proprietary programs could also let intruders take over computers.

Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
Of course there are few comments...
by Betty Roper July 7, 2005 5:24 PM PDT
It's a flaw in an Open Source [fall down on your knees in respect] component. Not specific to dastardly Microsoft (oh, pardon me, "M$") or Sun or any of the other proprietary devils...
Reply to this comment
Score one for OSS...
by July 7, 2005 8:34 PM PDT
The "many eyes" / "peer review" model is
vindicated once again. The problem was identified
by a third-party (not the author), fixed, and
propagated to open-source operating system
distribution maintainers in less than a day. One
need only update a single library and all is
fixed.

I'm a little confused as to why we don't see any
patches/updates from Microsoft yet, however.
Their software uses zlib all over. It's in .Net,
IE, Office, Windows Explorer, all over. Perhaps
it's statically linked (requiring a rebuild of
all those things).

It should be pointed out, however, that if the
same flaw were in a proprietary product
(Microsoft or otherwise), there would be
absolutely no chance that the flaw would be found
by a third party without an exploit first.
There's only tepid incentive to perform code
review of this sort, and fixing the problem
before it's detected by an end-user, particularly
if the fix is non-trivial, doesn't make economic
sense, particularly if you don't bear any
liability for issues that result.

It's not surprising that software has an issue.
People write it. People make mistakes. In this
case, other people were able to double-check the
author's work and fix it, and they did so very
quickly.
Oh my heavens. NO!
by Jim Harmon July 10, 2005 3:56 PM PDT
Tell me it isn't true - there can't possibly be a vulnerability in Linux! Everywhere I look, the experts keep saying that Linux is impervious to attack.

Ah, I know... the author must be a covert operative for Microsoft. It's common knowledge that MS is so afraid of other OS's that they'll use any tactic to discredit them. At least that's the gist of what the EU claims.
Reply to this comment
Would not be found...
by Jim Harmon July 10, 2005 4:02 PM PDT
> It should be pointed out, however, that if the
> same flaw were in a proprietary product
> (Microsoft or otherwise), there would be
> absolutely no chance that the flaw would be
> found by a third party without an exploit
> first.

If an exploit is never used, can it be called an exploit? The point being... when the source code IS "open", it invites everyone to look for exploits. Not everyone will be friendly enough to report it to the good guys first.

If my front door is unlocked, I sure as heck don't want to post sign on the door telling anyone who walks by about it... and then rely on my neighbors to come along and lock it for me.
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET