____/ Sinister Midget on Friday 07 December 2007 20:22 : \____
> On 2007-12-07, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> claimed:
>> ____/ Sinister Midget on Friday 07 December 2007 17:17 : \____
>>
>>> On 2007-12-07, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> claimed:
>>>> Microsoft says 'Merry Christmas' with seven security fixes
>>>>
>>>> ,----[ Quote ]
>>>>| The critical issues relate to all currently supported versions of
>>>>| Windows, including Vista, and to DirectX, Internet Explorer and the
>>>>| Windows Media Format Runtime.
>>>> `----
>>>>
>>>> http://www.itwire.com/content/view/15687/1054/
>>>>
>>>> More Vista flaws below (some "critical", which is the highest level of
>>>> severity in this context). Let is shatter the myth (lie) that Vista is
>>>> ultra secure.
>>>
>>> Hey, it's not like this really affects anybody. Nobody uses it. So bad
>>> people are wasting their time.
>>
>> A recent article in a British news site said that only about 2% of all
>> businesses will have migrated to Vista by the end of this year (~13 months
>> after RTM phase).
>>
>> $Troll says: "Windows flaws are found just because it's widely used on the
>> desktop".
>>
>> Evidence suggests otherwise.
>
> In this case, obviously, it has little to do with how many are using it
> because so few do. So it has to be something else.
>
> The only "something else" that comes to my mind is the one that many of
> us have been saying all along: Windwoes gets trashed by bad people
> because it's so easy to trash it. It's so easy that even people who
> aren't really bad can do it in a matter of minutes.
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
They've considered Singularity, but it's a research project. Vista (Longhorn)
suffered a "development collapse"/"reboot" (in Microsoft's /own/ words), so
it's somewhat of a rebranded Windows XP with many of the same flaws and some
pseudo-security bolted on (UAC nags, among other things).
Should Microsoft take another look at Xenix? Should it move to
services/advertising for revenue? The console biz has thus far lost many
billion and brought almost nothing in return (the financial department seems
to be cooking the books and merging divisions to hide losses). Office is in
great danger also because it fails to evolve with the Web's maturity.
Meanwhile, Microsoft resorts to corruption and 'raping' of ISO, which had a
major person retire and rant about Microsoft a few days ago. This hurts
Microsoft's image like hell and ODF appears to be winning regardless (many
countries have already adopted it, along with other office suites). Seattle
P-I reports about Microsoft's cash piles, which appear to have halved in the
past couple of years. People haven't really bought a new O/S or office suite
since 2002/3, unless they bought a new PC. What does Microsoft feed on?
> I forget which virus it was, but I recall one that caused some damage
> and the anti-virus companies came up with a detection mechanism to stop
> it. But in the case of this virus, some kid in Minnesota did a minor
> niggle to what already existed and it started trashing machines again.
> The details were sketchy. But from what I read the only thing the clown
> really did was change something that made his name or moniker show up
> in the signature, probably with a hex editor or something simple to
> use.
Virus paranoia is commonplace, so when something goes wrong (e.g. program bugs,
random reboots, data loss), an outside intervention is often assumed. Earlier
today the BBC published an article about a Web host that forced all customers
to change password and even locked some of them out. Why? From what I can
gather, many of these companies have zombie PCs. 25%-50% of all Windows PCs
are apparently compromised (see below), but the authorities keep quiet about
it as to not incite panic. So, people's passwords got stolen the the host had
its servers hijacked endlessly. That's how sad things have become
and /everyone/ pays for the hassle.
___
"A little over a year ago, I wrote an editorial where in back-of-the-envelope
style (.pdf) I estimated that perhaps 15-30% of all privately owned computers
were no longer under the sole control of their owner. In the intervening
months, I received a certain amount of hate mail but in those intervening
months Vint Cert guessed 20-40%, Microsoft said 2/3rds, and IDC suggested
3/4ths. It is thus a conservative risk position to assume that any random
counterparty stands a fair chance of being already compromised."
http://blogs.zdnet.com/security/?p=661
"The report also reveals that more than 50% of corporate desktop worldwide are
infected with some type of spyware with the rate of infection as high as 70%
in the United States."
http://www.crn-india.com/breakingnews/stories/66870.html
"Cerf estimated that between 100 million and 150 million of the 600 million PCs
on the internet are under the control of hackers, the BBC reports. "
http://www.theregister.co.uk/2007/01/26/botnet_threat/
> The moral is, Winders is so easy to write malware for that really
> stupid people can do it without having to actually write anything.
>
> Fisted is no different. Stupid people are beginning to attack it, not
> because it's gaining popularity, but because it's easy and so few are
> doing it.
Many XP viruses are compatible with Vista (security vendors have said so for
over a year, even before the Vista build was finalised). So, while Vista is
incompatible with many real programs, botnets will have little or no trouble
adjusting. Be prepared for seeing a /minority/ of users actually controlling
their /own/ PCs, unless they wake up and ditch Windows.
It is rather funny to find that the FBI is now going after botmasters rather
than actually address the problems that they exploit. It's like trying to
protect a cardboard stronghold using many guards instead of just building
proper walls (with something other than cardboard).
--
~~ Best of wishes
Roy S. Schestowitz | "Computers are useless. They only solve problems"
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 128 total, 1 running, 127 sleeping, 0 stopped, 0 zombie
http://iuron.com - knowledge engine, not a search engine
|
|
