Posted Tuesday 30th October 2007 09:35 GMT
It grieves me that someone who pretends IT competence doesn't ken the difference between NUL and NULL.
NUL is the name of the (ASCII) character with the binary value of 0000 0000.
NULL is empty, not value, undefined. As in a NULL pointer, a pointer that has not been initialised.
A NUL is commonly used in programs (and hence the strings of characters the use) to denote the end of a string, and this would be why Internet Exploder ignores them.
Posted Tuesday 30th October 2007 09:35 GMT
While it is refreshing to see antivirus vendors under attack for poor detection, rather than, as is traditional, end users for allowing their machines to get infected - a car analogy usually helps with this - I can't help feeling that an anti-IE paragraph is required in this article.
People have been told again and again how unsafe IE is. If they continue to use it, they must take part of the responsibility when one of its myriad vulnerabilities trips them up.
Posted Tuesday 30th October 2007 09:35 GMT
<flamebait>Use a proper operating system like Linux instead of Windows</flamebait>
Posted Tuesday 30th October 2007 09:40 GMT
Microsoft put in a large effort to bury IE in the operating system. This is utterly wrong; as has been discussed here many times before.
Surely the time has come to get the EU to force MS to unbundle IE from the operating system? At least then there will be a genuine market for browsers; more browsers mean fewer attacks.
Posted Tuesday 30th October 2007 09:40 GMT
on which anti-virus that you use. Some are excellent, some are so-so, and some are complete rubbish (like Norton) and are almost as bad as a virus itself.
Or just don't use Windows anymore.
Posted Tuesday 30th October 2007 09:40 GMT
This only encourages the statement that we are seeing an end of black listing software, so called anti-virus. There are many new products that takes care of "anything" using white listing. Not saying that it applies to web traffic but it does prevent the computer from executing non-allowed software that these malicious pages makes IE execute.
Posted Tuesday 30th October 2007 11:38 GMT
If an operating system intended for use on the internet needs third party software to keep it secure then it is NOT FIT FOR PURPOSE.
Why the public allow Microsoft to continue to ship broken by design software is a mystery.
There will always be bugs that need fixes but Microsoft seem to go out of their way to design in holes that will eventually be exploited. Isolation is the key to security and the browser should protect, not infect, a computer.
Posted Tuesday 30th October 2007 11:38 GMT
Seems the new hotmail gives firefox the runaround during logins, until firefox complains the page fails to redirect properly.
Happening on an some email addresses not others. I'd think it was a bug, but this is Microsoft and the same thing works on Safari and IE.
Posted Tuesday 30th October 2007 11:38 GMT
The only reason that NUL is NUL is that the control codes in the ASCII code set (values 0 - 31 Decimal) is the are either 2 or 3 character labels. If the developers had allowed 4 character descriptors then NUL would have probably been NULL.
Posted Tuesday 30th October 2007 11:38 GMT
The company I work for uses Symantec Corporate Edition for virus/malware protection. Usually at least once a month I have a user complaining that his/her machine is 'slow', 'broken', or 'acting weird'. At which time, I find that it's infected with something that Symantec completely misses. Usually I can clean the machine by pulling the hard drive and examining common locations for viruses like the System32 directory, then eventually booting it and cleaning up the registry. Who knows how many infected machines are out there with AV software merrily ticking away, running system scans at designated times, the users (and many IT depts) oblivious to the infections, even proud that they're "doing what they're supposed" to do to be safe. As the sophistication of malware increases, so must the method used to protect. Using Firefox with 'Noscript' installed is a good start IMHO, but my company has adamantly refused to let users install Firefox. So it goes.
Posted Tuesday 30th October 2007 12:48 GMT
Presumably your company believes that by sticking with the market leaders - Microsoft and Symantec - they can come to no harm. But an infection a month is a very high rate - they should understand that someday it won't just be one person's workstation "acting weird" but their entire network. And that their 'stick with IE' policy will be to blame. It's your duty, AC, as perhaps the only person in your organization who actually knows about this stuff, to insist on a change of policy.
Posted Tuesday 30th October 2007 13:24 GMT
Perhaps I'm wrong here, but wouldn't (NULL!=NUL) be a more correct way of putting it?
Posted Tuesday 30th October 2007 13:24 GMT
The public are the *last* people to have their voices heard in this picture. There is an unholy alliance in the Windows ecosystem, starting with MS itself, continuing with the big name PC vendors, including the MS-dependent IT media (consumer and pro) and all the other outfits whose continued survival depends on the continued success of Windows. Line all that lot up and Linux doesn't stand much chance, though Vista is providing the best opportunity there has been in *years*.
Posted Tuesday 30th October 2007 14:03 GMT
Sûnnet Beskerming needs to read vmyths.com before writing anything else. Enough said.
Posted Tuesday 30th October 2007 14:48 GMT
While computer programming language occasionally creeps into my writing too, the mind is a far better "compiler" than gcc.
NULL ^= NUL makes some sense, as ^ is the bitwise exclusive OR operator. And if applied to a variable with a value of zero, would simply turn it into 255 (1111 1111) if it was a char type anyways. So it would be the functional equivalent of the NOT (!) operator is this particular instance. However NULL is defined as a constant, and hence cannot be assigned a new value.
I would have to agree with Cameron here, as the intent of the statement is to demonstrate that NULL is not equal to NUL; even though they are both zero, NUL is a string termination character (/0), and NULL is a value for invalid or uninitialized data, and can exist in different data types. They are not the same, but using the ^ operator is incorrect to demonstrate it.
Posted Tuesday 30th October 2007 14:48 GMT
The public is supposed to resist the evil corporations and set things right ?
If "the public" was able to do that, "the public" would never elect a President with less culture and intelligence than a monkey, nor would they listen to politicians who change their stance on important subject every time the wind changes, nor would they forget that the moron they are voting for now is the same one that said or approved the exact contrary just months ago.
"the public" is the worst possible failsafe, and can be deemed directly responsible for not caring, not having a clue, and not being arsed enough to find out what the L is actually going on.
You have the democracy, the entertainment, the operating system and the spam that you are worthy of.
The only way things are going to get better is by MAKING people pay attention - at gunpoint if necessary. And that is not going to happen.
Posted Tuesday 30th October 2007 14:48 GMT
ecosystem (n): An ecological community together with its environment, functioning as a unit.
Stop this needless corruption of the word ecosystem.
Now where's my L'Oreal collagen biosphere cream? I'm sure I left it in one of my coat pockets...
Posted Tuesday 30th October 2007 16:03 GMT
If you try to open such files with NIS/NAV2008 installed it easily detects the underlying vulnerability. Testing with Virus Total is bogus as flat-file scanning is yesterday's technology.
Posted Tuesday 30th October 2007 21:33 GMT
It's bad when the cure is almost as bad as the desease...
http://www.symantec-sucks.blogspot.com/
Posted Tuesday 30th October 2007 21:33 GMT
Actually as every SQL beginner knows, the test is
IF nul IS NOT NULL
ayethengyou
Posted Tuesday 30th October 2007 23:35 GMT
...is ready for the desktop - has been for years, apparently. Bwah-ha-ha-haaa.
Posted Thursday 1st November 2007 00:35 GMT
The real problem here is that the normal online user has no idea what we are talking about. Yet they stand to lose the most.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
