Comments on: Microsoft on worm watch

Code that exploits a serious Windows flaw is published on the Net, increasing the chance of a worm attack.

[n3td3v]

unlikely to happen

hackers are anti-symantec

anti-symantec making money

anti-symantec existing

anti-cnet making money

anti-cnet existing

symantec only make money from worms

cnet only make money from worms

symantec only exist because of worms

cnet only exist because of worms

hackers don't make money out of worms

hackers don't exist because of worms

hackers don't want to give you what you want

this is 2006, not the old days when hacking was done for fun

hackers are against security vendors

microsoft is a security vendor now too

hackers don't want them to be rich while hackers are still left poor

there is no money to be made from a worm from a hacker point of view

hackers only care about money now

giving microsoft, cnet, symantec money isn't part of the hacker agenda in 2006

forever watch for worms, but no worm is coming

R.I.P Symantec

[grandmasterdibbler]

What?

What does that have to do at all with the story? I couldn't see anything in there about Symantec.

[Sbvmax]

Does affect SP2

Over on eweek:
Two penetration testing companies, Immunity and Core Security Technologies, have already created and released "reliable exploits" for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1.
http://www.eweek.com/article2/0,1895,2002142,00.asp

Even if above article is wrong on it affecting SP2, didn't it come out in August of 2004? If you don't have SP2 installed by now then you are asking for security problems. If there are problems with your software vendor that doesn't work right with SP2, then you need to look elsewhere if they can't make it work in 2 years.

Enough said, pizza is here.

[john55440]

SP1 Support...

>If you don't have SP2 installed by now then you are asking for security problems.<

If memory serves, Microsoft is dropping support for SP1 in October. I upgraded to SP2, after Windows Genuine Advantage had a nag pop-up on the issue. I had to install a number of HP-specific patches from HPs web site, before upgrading to SP2.

[rcrusoe]

Microsoft is on worm watch

You could put that on one of the permanent tabs at the top of the
page.

[wbenton]

So what's new?

Microsoft is on the watch to see whether they must patch prior to next month's scheduled security patch release or not.

If they acted responsibly within 24 hours to critical alerts and 74 hours for non-critical alerts... they wouldn't have to have such a watch!!!

Bottom Line: They don't want to patch with the rest of the security world if not required... this story only goes to prove MS's inevitable!!!

They won't patch unless forced... even though they should!

Says a lot about their security policy doesn't it?

Definately out of line with the rest of the security world... regardless of what they claim otherwise!

Walt

[btljooz]

Much ado about NOTHING! DoHS = Deliberate Stupidity

This sums it up quite well:

>Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.<

Oh, about the Dept of Hopeless Stupidity; the sheeple 'patched' their Windoze boxes so the 'gov' got their [i]back door[/i] now, therefore the [b]real[/b] truth can now be told. :|

I'm so glad I don't fall for Mega$ux/the "gov's" brainwashing techniques any more! :)

[Seaspray0]

What giberish!

Dept of Hopeless Stupidity
sheeple
Windoze
Mega$ux

You must be from another planet because all the giberish above are not real names or words in any language I know. Please stop your deliberate stupidity and don't expect any respect unless you can respect others.

[W2Kuser]

"IE patch crashes IE" - says Micro$soft

WARNING: The August 2006 patch is another "dirty" patch from Microsoft that causes major problems. Below is Microsoft's official report of the problem and the "work around" of disabling key functionality in IE.

"Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update"
http://support.microsoft.com/kb/923762/

Hopefully this saves people a some time & frustration - I spent most of the week hunting this down...

[fred dunn]

Was this a Peoplesoft site that made it crash?

Was this a peoplesoft page that made your patched browser crash? If not what was the site?

[raywigton]

I Feel Safe Now

I just love articles like this one. It's so good to know that the dept. of homeland fearmongering is on the ball. I just don't know if MS modeled their "emergency response process teams watching for any possible malicious activity" after the dept of fearmongering or if the departments' Katrina response team was modeled after Microsoft.

Some of the things that I would like to hear from all of you are: Doesn't everyone have "automatic updates" from MS? That and the "Genuine Disadvantage" programs were a part of MS's fixes somewhere back the line; so how is it that people don't have the magical fix installed on the day that it was put out?

Did something new get invented that was capable of digging a hole in windows, or was the problem there all along? And only after a hacker found it and used it; Ms takes a few months to figure out what a fifteen year old kid already knows and then they spend two months trying to make yet another patch. How many patches do I have now?

And how is it that Microsoft is in a position to even see "limited use of the flaw in cyberattacks?" "We have not seen signs of widespread malicious activity so far. But be assured that, """like we always do"", we've got our emergency response process teams watching for any possible malicious activity," -- OK OK, I'm assured. Thank God for Microsoft.

May my critics forgive me, but I just had to vent; I feel much better now.