Comments on: Attack code raises Windows DNS zero-day risk

At least four exploits for vulnerability in the Windows domain name system service were published over the weekend.

[ckurowic]

You don't say...

Wow, by golly, you don't say! Another (4) microsoft security hole
big enough to drive a Freightliner through?! How did this happen?!
microsoft is such a great software manufacturer, unriveled in the
industry!!.....umm.....yeah, why even bother putting this up as
"news". Its not really news anymore, this has been happening since
Windows 3.0. Its more a ritual for them now. Good job, microsuck.
I'm going to go right out and buy Vista!

[Dalkorian]

Vista not affected

ckurowic offered this to the conversation:

"Good job, microsuck. I'm going to go right out and buy Vista!"

I guess you didn't make it to the last paragraph of the article ...
if I may quote it ...

"The DNS flaw does not affect Windows XP or Windows Vista.
Windows 2000 Server Service Pack 4, Windows Server 2003
Service Pack 1 and Windows Server 2003 Service Pack 2 are
vulnerable, Microsoft said."

Vista (supposedly) isn't affected. Of course it's mostly because
no one in their right mind would set up a Vista server, few are
dumb enough to even set up Vista at home. In fact, at this point
I question the santiy of anyone who would set up any kind of
Winblows server, but as PT Barnum always said there's one born
every minute.

It's almost funny, bind has had enough problems over the years
by itself. Now M$ gets to repeat all those mistakes with their
own flawed and almost compatible version (deja-vu, haven't they
been through this before?).

Yet how much do you want to bet that the M$ apologists will get
on this thread and try to show us how wrong we are, how M$
can do no wrong and the inventors of DNS have been screwing it
up for decades. Bind has had more bugs than AD has, look at
the exploits possible (well, possible over 10 years ago anyway).
Linux is less secure than Winblows because it's had more bugs
fixed over the last 30 years than Winblows has over the last 10
(never mind that most Winblows bugs lead directly to remote
code execution without user interaction and few if any Linux
bugs do).

LOL! Come on M$ apologists, earn your kickbacks already!
;-)

[regulator1956]

My Servers Are Perfect

All my Unix, Mac and Linux servers are perfect. They've never needed a patch. They run flawlessly and no bugs or other issues have ever been reported.

Now Windows, that's a different story. I don't believe one of those servers has ever booted properly. I hear tell that just having the software on an unplugged computer is risky.

They all have issues. They all have their pluses and minuses. Use what you or your employer thinks is best.

[wbenton]

Brilliant deduction!

I never would have figured that out by myself if you hadn't reported it like that! (* SNICKER *)

Well... that's probably the way Microsoft looks at it.

To them, it's NOT a serious threat until attacks have been reported from multiple sources! (* GRIN *)

Walt

[Schratboy]

The Zero-Day excuse

So what's the big deal? Flaws exist in all applications but Windows does seem to have more than most. Why not limit exposure to only legitimate operations and services and police them regularly? This can help prevent most disruptions without all the fuss and costs. All system design and operation, if done thoughtfully, is more than secure enough for even the most rigorous security tightwad.