How long before accountability?
When is MS going to be held accountable for all this insecurity? I'm not just talking about the public's disdain, but some real action taken by the Powers That Be. It's just wrong how on a weekly basis people need to deal with this. Write your senators!! When do you think something will come of this? Never? Probably.
Comments
I kinda talked about this in my "USA Today ad" thread. It's completely insane. My mom and sister are running around, downloading this, installing that, freaking out, afraid to do ANYTHING.
I mention, casually, "get a Mac..." and they look at me like I'm on crack.
Fine then. Go ahead and forever putz around with stupid stuff like this. Have fun.
I've had it blown up to a 5' x 8' mural poster...
j/k
Fastest email virus of all time. Good god, what it's going to take for someone to speak up about this. It seems that more days than not for the past month(s?) there's been some sort of warning about MS software problems. I'm going to email my senator.
Originally posted by torifile
http://biz.yahoo.com/ap/030820/e_mail_virus_4.html
Fastest email virus of all time. Good god, what it's going to take for someone to speak up about this. It seems that more days than not for the past month(s?) there's been some sort of warning about MS software problems. I'm going to email my senator.
Well, I did it. Here it is:
Dear Sen. Edwards,
I'm writing to express my concern for this Nation's security, Specifically, my concern is regarding the Dept. of Homeland Security's decision to use Microsoft software for their servers and workstations. As I'm sure you're aware, the past week has seen a marked increase of activity in worms and viri that affect only Microsoft software. Needless to say, this has been an extremely troublesome development for many computer users. That the government's anti-trust case against Microsoft fell apart after Pres. Bush came to office is a given, but the DHS's decision to Microsoft software when it is known to be the most insecure platform available is troubling.
The purpose of this email is two-fold: first, I would like the DHS to answer to Congress about this decision. It just doesn't make sense from either a security standpoint or a fiscal one. Secondly, I would like to know what Congress is doing about these egregious flaws in Microsoft software. Specifically, has any action been taken against the company for not only causing significant economic problems due to wasted bandwidth, scrambling computer users and crippled networks, but also for opening up so many to vulnerability. Would an automaker who kept producing cars that had failing safety systems be allowed this level of immunity?
At the very least, I would like some legislation introduced that prevents the government from bedding with this convicted monopolist and security risk. Or some accountability on the part of Microsoft or the government in making the decisions that have been made to use their software.
Thank you for you attention to this matter,
Sammy B, an as yet undecided voter for the 2004 presidential election
Not too biased, I hope.
Originally posted by torifile
When is MS going to be held accountable for all this insecurity? I'm not just talking about the public's disdain, but some real action taken by the Powers That Be. It's just wrong how on a weekly basis people need to deal with this. Write your senators!! When do you think something will come of this? Never? Probably.
Have you seen anything that indicates neglegence on Microsoft's part? It would be interesting to know. If there isn't, then Microsoft can (rightfully so) claim that they are targeted for being the largest vendor of OS software.
Originally posted by Jukebox Hero
Have you seen anything that indicates neglegence on Microsoft's part? It would be interesting to know. If there isn't, then Microsoft can (rightfully so) claim that they are targeted for being the largest vendor of OS software.
I don't know if this is negligence, but they definitely seem to be out of their league here. They are working outside of their area of expertise. If I were to do that, I'd be held accountable. For example, if I try to treat patients for sexual dysfunction, I'd be behaving unethically since I don't have training in that area. Is it negligence? Perhaps not. Should I be accountable? Absolutely.
Originally posted by torifile
I don't know if this is negligence, but they definitely seem to be out of their league here. They are working outside of their area of expertise. If I were to do that, I'd be held accountable. For example, if I try to treat patients for sexual dysfunction, I'd be behaving unethically since I don't have training in that area. Is it negligence? Perhaps not. Should I be accountable? Absolutely.
Uh oh. Microsoft is out of their area of expertise in designing operating systems? Care to back that up?
Originally posted by Jukebox Hero
Uh oh. Microsoft is out of their area of expertise in designing operating systems? Care to back that up?
Don't be a dolt. They're out of their area of expertise in developing SECURE software. I'm a trained therapist. It doesn't mean I'm trained to do all aspects of psychotherapy.
Originally posted by torifile
Don't be a dolt. They're out of their area of expertise in developing SECURE software. I'm a trained therapist. It doesn't mean I'm trained to do all aspects of psychotherapy.
It seems to me that they must have hired a few "experts" when they had the whole "security initiative" going a year or two back.
http://grc.com/dos/xpconference.htm
It's an old page, but you get the point. And it's probably also pretty well known around here.
Originally posted by CubeDude
There is proof that MS doesn't care about security. I have a link.
http://grc.com/dos/xpconference.htm
It's an old page, but you get the point. And it's probably also pretty well known around here.
Wow. That's a damning article if I ever read one. They have a dilemma: make Win9x apps look as though they are running normally but open the computer up to security risk OR figure out some other way. Apple had this dilemma with OS9/classic and they took the best route available. MS did not. And now they are reaping the benefits. Laziness won out at MS.
All apps on WinXP home running as root?!? That's insane. They are a liability.
Originally posted by CubeDude
There is proof that MS doesn't care about security. I have a link.
http://grc.com/dos/xpconference.htm
It's an old page, but you get the point. And it's probably also pretty well known around here.
Ok, when Steve Gibson is asserted as a security authority, I guess we can declare a thread dead.
Maybe we should have a security analog to godwin's law. Call it the Gibson Law.
Originally posted by CubeDude
There is proof that MS doesn't care about security. I have a link.
http://grc.com/dos/xpconference.htm
It's an old page, but you get the point. And it's probably also pretty well known around here.
I read the article and its an extremely weak argument. What hacker doesn't have root access on his OSX or Linux box?
Hate to say it. I agree with Microsoft on this one.
Originally posted by Jukebox Hero
I read the article and its an extremely weak argument. What hacker doesn't have root access on his OSX or Linux box?
Hate to say it. I agree with Microsoft on this one.
You sir, have no idea.
The idea is that a trojan or other malicious code will have a difficult time making a nuisance of itself on a computer that isnt logged in as superuser (root). Most people dont know how to access the root user (administrator is not the same) on OSX (it isnt difficult, just obscure) and Linux people should not have themselves logged in as root for daily operation of the computer. A windows home user when logged in has the equivilent of root privledges and any code they execute (or is executed in their name) will have the same privledges.
Originally posted by Jukebox Hero
It seems to me that they must have hired a few "experts" when they had the whole "security initiative" going a year or two back.
And it didn't really work, did it?
As a person that pretty much lives and eats because of microsoft and their products, I still think it is high time that they pay for their security problems. Literally, pay money. Every hour that a business is down costs them X amount of dollars. Every hour that someone like me is there fixing the problem costs them X amount of dollars. This quickly adds up... and all because of m$ product. Every year businesses spend billions of dollars buying m$ product, either to upgrade or install something new because m$ has decided not to support the older stuff that seems to be working fine.
M$ must be held accountable or they will continue to do things as they have been. They need a "heartattack" to open their eyes. And if every business in the world sending them a bill for down time and loss of revenue is it.. then so be it. They need to realize that the world can run without windows and their product, and should keep that in mind as they design and write their new software.
Just my opinion... and ideas.
ME
Originally posted by AsLan^
You sir, have no idea.
The idea is that a trojan or other malicious code will have a difficult time making a nuisance of itself on a computer that isnt logged in as superuser (root). Most people dont know how to access the root user (administrator is not the same) on OSX (it isnt difficult, just obscure) and Linux people should not have themselves logged in as root for daily operation of the computer. A windows home user when logged in has the equivilent of root privledges and any code they execute (or is executed in their name) will have the same privledges.
I see what you're saying.. I was thinking of using the socket to replicate. The virus has to find a different way to replecate, but once a virus is on the system, being logged in as root gives it more permission by having access to the socket API.
OOOO... ahhh.. The things we learn!!!
If the virus replicated part of the API when it replicated itself, would it have access to the socket resources without root permissions? Socket connections get mapped just like other device drivers under unix, right? so permissions would prohibit?
Thats so cool. Hahaha. Microsoft. DOH!!!
Unless you can break the profitable software snake oil business, people won't be desperate enough to demand something be done about the insecurity of their platform and their software.