Comments on: Wait for Windows patch opens attack window

Microsoft is still working on a fix for a serious flaw in its OS, leaving people to face a week of increasingly sophisticated attacks.

[baloushi]

A bad guard is better than no guard

Since Microsoft has the patch but needs time to test it, why not envolving the rest of the community in the process?

Microsoft can release a beta or pre-release version of the patch. Users can decide whether they want to use the beta patch, which might not be complete, or not. This way, users can also get envolved in improving the patch by reporting any problems they might encounter.

I think that in this situation a partial solution is better than no solution at all.

[mattcsully]

Permissive By Default

Millions of lines of legacy code based on a permissive by default architecture.
Decades old news!

[Michael G.]

Simply Impractical

Here's a simple analogy: Suppose that you're driving on the highway, and your car gets a flat tire. Do you try to replace the tire as soon as possible, or do you wait for the proper day of the month to fix it? Now if there's someone who would say, "yes, I'll
sit in my car and wait for two weeks", that person must work for Microsoft. Because it's completely impractical to fix things according to a date on the calendar. If a mechanic came along and said "Sorry, I only fix things on the 12th of every month", would you go to him if you needed something fixed, or to someone else? But here's the catch-Microsoft's the only mechanic in town. It's a shame, because I don't see why a company as large as Microsoft couldn't issue patches on an as-needed basis. If smaller companies can do so, then why not Microsoft? The defence that Microsoft has to test its patches doesn't fly, because some Microsoft patches have come out that caused more problems for computers than the exploits they attempted to fix. The defence that Microsoft doesn't have enough capability to handle the millions of computers that need the fix doesn't apply, because how else can Microsoft handle the millions of computers on the second Tuesday of every month? It seems that some of Microsoft's patches are rushed because of the date that they have to come out, and that others are delayed for the same reason, which results in poor performance all around. It's poor performance to need all these patches in the first place if you use Microsoft, and it's poor performance to not have these patches provided when needed, rather than a few weeks down the road. Microsoft is like the overbearing sheriff that shoots himself in the foot! What experienced computer user is going to trust Microsoft with this track record, or take them seriously? Reading all this bad press about Microsoft does nothing to improve their reputation. Yet their marketing campaign is formidable, and thousands of new computer users every day recieve Microsoft's products pre-packaged. Thousands of new computer users will learn to trust these, along with the tired old line "Well, since Microsoft has 90% of the market,
computers running Microsoft are the only ones virus writers care about." If virus writers had to deal with 90% of the market having SECURE operating systems and browsers, they'd be out of business.But isn't this Microsoft's responsibility
to the consumers of their products? As it is, Microsoft is like Swiss cheese, and virus writers are like mice taking the bait!

[ericsalim]

Hackers

Hi,

I think we ought to deal with the main culprit, hackers or those who misused what have been created. It is a global problem that we need to face and not just Microsoft itself. People hated Microsoft because of their sheer ability to innovate thus creating a great feeling of displeasure among competitors.

Then there is a huge pool of people who just hated Microsoft for whatever reason and when an opportunity comes to discredit them, they pour our their grievances.

Look at it rationally, Microsoft has million lines and it is a software development process which they must abide by. Making sure the patch work for all parts of their system, it is not a easy task to complete. It is not just patch the flaw but patch it and ensure every other modules work as well.

I use Windows and Linux; Windows is great in ease of use where as Linux being an arrogant OS, you need skill to use it. Not to mention they always assume you know Linux before you start using it. There are flaws in every piece of creation but a creation is what the future is.

[wakizaki]

Re: Hackers

You may be referring to crackers, those who's main agenda is to create computer havoc. Hackers are pursuers of higher computer knowledge. Discovering exploits is a hacker activity, using that exploit for malicious gain is not (but a cracker's). The beauty of open source is that the source code is very transparent, becaues it is accessible to everyone. Open Source software applies the "Many Eyes" approach, yielding software inline with security. This is an ongoing process. When you are speaking of closed source software (e.g. Micro$oft Windows), you would have to wait for developer to make the fix. In Open Source software (e.g. Linux), the community can be the developers too, making software development and fixes faster. Linux does require some technical knowledge, but in the end, the user wins because he/she can fix it if something goes wrong (if you can't, there's the community to help you out), not to mention the stuff you learn when using Linux. Heck, you can use Linux to fix Window$ if it goes bad :))

[Bill Dautrive]

Off base

The main culprit is Microsoft. It is their ****-ppor implementation and coding practices that allows an ignorant 12 year old to easily expoilt the OS. Windows is nothing more then a *****, it lets anything in.

Innovate? Please, that is beyond ignorant. Name one true "innovation" from Microsoft.

Linux has millions of lines of code too, but it can fix flaws in days, MS has no excuse here. The one reason that Linux and OSX are so damn easy to fix is because they conform to POSIX, Windows has no standard.

You call windows easy? With linux, 5 clicks will get you a roack solid install that is very simple to use, no knowlege required, at all. From the users prospective, Linux works the same as windows. With windows, after you install it, you have to spend a long time to tweak it and install third party apps and it still doesn't come close to a default linux install. Those tweaks take more knowlege then your average windows user possesses and you have the audacity to call it easy to use? Windows is the most user-unfriendly OS out there, except for a non-GUI Linux install. If you think Linux is hard to use, taks like tying your shoes must be a daunting task for you. 5+ years ago Linux required more then 2 brains cells, not today.

[booboo1243]

Linux is easy.

The problem isn't with people finding holes in the software; it's that there are holes in the software in the first place.

Microsoft may have innovated in the past (or they may have just bought up innovative companies), but not recently. Their products have stagnated, and they're playing catch-up by introducing features into their products that other products have had for ages.

Windows may have millions of lines of code, but so do more secure OSs. The difference is those other OSs were designed to be secure from the start; with Windows, they started with a single user system, then bolted on stuff until we get to the situation we're in today, with viruses and malware able to easily take advantage of Windows.

Linux isn't difficult to use. In the past it may have been difficult, but now it's as easy to use as Windows or Mac OS. The only people who have problems with Linux are those who can't lose the Windows way of doing things. If someone only used Linux and then was forced to use Windows, they'd have problems unless they were willing to re-learn everything they thought they knew about computers.

[mlw4428]

Shutup Mac and Linux Users

First off I respect the Linux platfrom (sorry Mac is just a unix system dressed up), but I digress...whenever you deal with a large close source OS like Windows you will have problems. Add to that the fact that because it's Microsoft a lot of jealous script-kiddies are writing little viruses that exploit Windows. It's not Microsoft's fault and if ANY other os was #1 it'd be targeted too. I'm tired of all this bias towards Microsoft. The reason it has so many flaws is because people probe around all of the time on it. If you used it like it was designed to be used you'd never have problems. The real culprit are the idiots that don't have lives.

[Bill Dautrive]

Geez

That is why Apache has far less flaws and even fewer exploits then Windows Server, yet Apache a considerable larger market share. Because market share is why windows get attacked more.

WRONG!

Script kiddies do not attack *nix for one reason: It is extremely difficult to attack one machine, much less orchestrate an attack that spread itself. On windows it is a trivial task that requires no techical knowlege.

The reason it has flaws is because MS has only paid lip-service to security so far. The flaws are there before people "probed" it. You really are showing your ignorance about software design and programmming.

The real culprit are the idiots at MS who designed a *****-ish OS with absolutely no security built in from the ground up.

[booboo1243]

Using Windows as it's supposed to be used.

User: Administrator privileges, no password.
IE: Active-X enabled.
Office: Macros enabled.
Outlook/Outlook Express: HTML format.
Firewall: Didn't originally come with one.
Virus checker: see Firewall.

These are just some of the ways people can exploit Windows if you run it as it was designed to buerun.