Microsoft will be putting out eight security patches on 8 April, five of them with the unlovable critical label, in the latest run of its regular update cycle. The critical updates cover a brace of bugs in Internet Explorer, a pair on Windows and one involving Office. All five might lend themselves to remote execution of …
Thier own worse enemy
Everyone keeps stating that Linux will take down MS. This is not going to happen.
Microsoft will bring about thier own demise through thier underhanded way of dealing with competition. They have decided a long time ago to build such programs as IE and Outlook into the OS so as to circumvent competitors. This is now bitting them in the A$$ as a bug in one will leave the system open to an attack. The best thing that could have happened for MS was that the ruling a few years ago stated they have to split between OS and software. Then with the programs not so tightly intertwined it would be less open to attacks.
Vista-bashing again. Yawn.
Nice jump-on-bandwagon headline there. The issues have affected several releases of Windows (including XP which has been out for much longer and had not one but TWO service packs and Server 2000 which has FOUR, yes FOUR Service Packs already omg!!!!)
Being a developer, I know that if you develop something and nobody breaks it for 7 years (XP), you don't try to completely rewrite it just for the sake of it; it's not profitable to rewrite everything, only the parts where there are problems.
Now it emerges there are previously undiscovered problems and they're fixing it in all supported releases. What's the problem with that? Surely it's a good thing that they fix a problem that emerges in all their releases?
But that wouldn't make a good headline to say they have to fix it in Vista, XP, Server 2k, etc etc; is much more sensational to kick Vista even more so you can 'hang out with the gang' rather than to actually report the facts.
How about this one next: "El Reg keeps rational readers busy commenting on crap, sensationalist knee-jerk journalism"
They arent doing themselves any favours
Is there a reason they couldn't have bundled these in to one critical release which fixes several problems ?
I'm surprised there are no Mac fan boys pointing out their their OS is secure and doesn't need patches. Apparently they like an OS with holes.
RE: They arent doing themselves any favours
"Is there a reason they couldn't have bundled these in to one critical release which fixes several problems ?"
Sometimes a certain fix may cause problems in other areas; for these cases it's better to have separate fixes rather than being bundled because you can uninstall one of them.
Yet more Tud
Sorry I completely forgot that all major OS need security updates... I suppose some of them though just don't bother telling people about it... cough... apple... cough...
infact for the 2 months or so I had crapbuntu installed I was nagged daily for updates.
No matter, we all know what the better and most loved OS is, just look at the stats.
M$ Keeps Admins Busy
Title should be "MS Keeps Admins Busy". That way, M$ hopes to keep them so busy they have no time to think. M$ hopes the idea that they could live without that other OS will not creep in. That other OS is not easy to maintain. Patch it and you have lots of downtime for malware, breakage and re-re-reboots. Don't patch it and you have more downtime for malware. With GNU/Linux, I patch when I want, and the system just keeps running. I feel like the Maytag repairman, with plenty of time to contemplate IT.
Not a saint
@ Mike and SpitefulGOD (really?)
if a company's marketing pitch says (for 20+ years) that its development process is excellent, superior, and puts out highly optimal code for a top-notch product, but the company has to release an endless, regular stream of fixes for remotely exploitable bugs, then people will point and laugh, and rightly so. they point and laugh at Comcast for lying and getting caught, why should MS get a pass?
if the same company points to other people's products and claims they are inferior, it would be more believable if this company did not continually overpromise and underdeliver (have supported Windows since before 95 came out, and Vista is the worst i've seen yet).
Ubuntu makes no promises of perfection, so no reason to whine. Apple has been putting out some marketing tripe recently, especially considering the number of big, ugly problems in the Leopard release, but a bad day on Leopard (with Time Machine) is still better than a bad day with Windows (any version). i speak as one who does not own an iPod or an iPhone, and likely never will.
everybody's biological byproduct smells, but it helps if one does not insist that one's stuff smells like roses, or stinks less than everyone else's mess.
How many of those updates actually required a reboot or two? I think you will have noticed the system just updated itself and kept going. The updates are for the whole installed app base, not just the underlaying Linux. I prefer to get updates immediately, not once a month, that way I know I have safer systems.
Re: Vista-bashing again. Yawn
Oh dear, I guess you didn't get the press release.
Vista was *allegedly* written from the ground up, with new and improved coding standards and security in mind. The reason this is a news story is MS appear to have lied and just copy/pasted chunks of (flawed) code from XP. Again.
Yes, we expect the odd flaw in Vista (tho preferably not remote admin/system exploits) but we don't expect to see the same flaws in Vista as we see in XP.
@Robert Pogson, fellow "Maytag Repairman"
My currently largest client keeps me busier with fixing their Xerox photocopiers than with fixing their desktop PCs. I look forward to "patch tuesday" because I get to so some actual IT work once a month, and that's just to make sure the servers are updated before the weekend backup. The desktops update themselves.
As for waiting in fear before the patches come? I don't lose sleep over it. I do enough stuff before the fact that these so-called "zero day" exploits don't do any damage. No client of mine had to deal with a case of exploitation in five years now. Worst damage I have to undo these days is restoring stuff from backup that users delete by mistake.
Which is good, because I have time to work on improving things further and installing new stuff. And I have time to fix the broken copier again. If Xerox could make a machine that fixed itself...
It's for a reason
Don't you always love how some dimwit comes along and thinks if we have legitimate concerns, if we do anything but praise a product and the company then we must be bashers?
Improvements in everything around us don't come from saying "oh that's great", but rather from pointing out where things need change. That's the way it's always been and the way it'll always be.
@Ross, re: copy/paste of flawed code
Two of the flaws were in Internet Explorer. It's plausible that IE7 has shared code between the XP and Vista versions of it, so the two could share a flaw.
As for the OS base patches, I'd be surprised if the exact same patch was used on both or all three NT-based systems. Same flaw != same code necessarily.
There's a case for retiring XP, and for that matter, retiring 2K. MS has to write, very likely, three different versions of the same patch to address how the same flaw affects two or three differing systems. They're not using up manpower to fix the same browser flaws in Windows 98, ME, or NT4, and they're not using up manpower to fix the same OS flaw in NT4.
I have further commentary about how impatient the user base is regarding OS releases, and how that encourages copy/paste of code, but I'll save that for another rant.
And finally, I like seeing how El Reg is spreading the patch love. Nice to see Apple and the makers of Opera tossed into the same bin these days.
@JC, re: Double Standards
"Don't you always love how some dimwit comes along and thinks if we have legitimate concerns, if we do anything but praise a product and the company then we must be bashers?"
I draw a line between bug reporting and complaints, and outright bashing. There seems to be a knee-jerk reaction to any bug / flaw / exploit / patch related to Microsoft from certain folks, and the same folks do not react as strongly to bugs / flaws / exploits / patches related to any other firm. I think that's why El Reg started providing ready-to-use cut and paste comments.
It's obvious when you compare the two, actually. In 2002, Sophos issued 226 patches for one product, while Microsoft issued 72 patches for their entire product line.
I couldn't find one example of Sophos bashing from 2002 that didn't come from vmyths. Microsoft bashing? I lost count of the Google hits.
@the xerox repairman
Yes well, A lot of Xerox boxen run wince, I believe.
Tell them to ditch that rubbish and buy nice NetBSD based Ricoh machines, which have much better security.
I support various embedded copier systems,Ricoh, Toshiba, Oki, Konica-Minolta.
They are in general the most reliable and secure network boxes I know of. despite the users best efforts.
As they consist of an embedded unix-alike (Linux,BSD,RTOS) Computer with a laser printer, scanner and file,email,web server, etc in one box.
Paris because she has a lot going on in one box.
Service Pack 1 for Vista was feature frozen months ago. Any changes made to it during the beta/RC stage were purely for compatibility and fixes to the pack.
Adding new features during beta/RC stage are what causes problems. "Oh, this one won't make any difference" but when combined with all the other ones being installed at the same time may introduce problems.
Critising MS for updates so soon after SP1 has been released is a bit lame.
If SP1 was only 2 months after release....
It would be a lot different! when XP was realesed, it was a lot of %&*$#, but it was mostly solved by its SP1, and fully solved by SP2...
Why they could not do this with vista is a mystery, or just stupid overconfidence...
a mate of mine said 'what is wrong with vista, why are you bashing it??' - and then we went to help out a freind with their issues... he told me, b.. ..LL, it is really that bad...
to just change the assocition of a file, you cannot find it in 'folder options' any more... Its been given a really fancy long name, that I keep forgetting...
Even 'add/remove' has been renamed to 'program features and defaults' - not what you would look at, to remove a program!!
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops