back to article Critical Windows vulnerability under attack, Microsoft warns

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines. The vulnerability in a Windows component known as DirectX is being targeted using booby-trapped QuickTime files, which when parsed can …

COMMENTS

This topic is closed for new posts.
  1. E

    No title

    Or... just don't use Windows?

  2. Anonymous Coward
    Linux

    Typical MS...

    1) They've only just noticed a security vulnerability that's presumably been around for years...

    2) "(We got an error when using Firefox, but it worked fine with Internet Explorer.)"

    Why am I not surprised? :)

    Here's the best fix:

    1) Turn your computer off

    2) Buy a Linux magazine

    3) Turn computer on

    4) Insert CD into computer

    5) Kiss goodbye to Windoze

    Why Tux? Do I have to explain?!

  3. Anonymous Coward
    Gates Halo

    Marketing Ploy ??

    MS want us to adopt Vista crap.

  4. Kwac
    Gates Horns

    @AC

    Re advice for Windows users - transpose items 3 & 4.

    Apart from that, makes a lot of sense.

  5. Camilla Smythe

    This Fix It

    Is being fixed...

    http://yfrog.com/63screenshotlryp

    I was just checking if it would work in Firefox under Ubuntu just in case the authors problem was trying to use Firefox under Windows. I'll let you know, if I can be bothered, if they get around to fixing the fix it but, for the moment, everyone else will have to use the fix it to fix Internet Explorer under Windows when they manage to fix it.... the fix it that is...

    Perhaps someone else can check, when it is fixed, whether it fixes the problem using Safari, or whatever browser folks use, on a Mac.

    Can't be too careful about this Critical security stuff you know!

  6. DT

    damned if they do, damned if they don't = asper (yawn)

    @a/c you missed out the other vital steps

    6) Migrate all your old data.

    7) Take a course on learning how to use linux

    8) Spend a month attempting to find/learn programs which did the same as your previous windows programs.

    9) Spend another week learning/re-configuring your machine to dual boot as you realise that half your business/engineering/accounting software and none of your games will run on linux

    10) Another half day to give up, uninstall linux and reinstall all the apps you were used to.

    11) five seconds to click on the link provided

    Or you could just skip to stage 11.

    Linux might be fine for surfing tinternet, hosting websites and doing all manner of techy things that get you guys wet, but frankly it's niche. Computers are for running software and last time I checked gloating isn't a "killer app" , but an effective way of putting people off your little club.

  7. passionate indifference
    Dead Vulture

    i don't use linux because...

    ...I can't turn up to work at 11am in a black teeshirt and jeans my mum bought for me

    surely "this is why you should use Linux" type comments must now be regarded as trolling?

    saying this mind, I can't get the fix working either

  8. Camilla Smythe

    @AC @Kwac

    Sigh..... Although I may be wrong as well...

    1) Turn off Computer.

    2) Turn on Computer.

    3) Tap DEL (or as appropriate) during boot.

    4) Find appropriate settings, Under Advanced Cmos settings ?, and select Boot From CD as first option.

    5) Select boot from HDD0 as second option.

    6) Insert Live CD

    7) Save settings and exit, F10 Y, ?

    Oh...... silly me. It's Windows. Autorun/Autoplay will sort things for you.

    1) Insert LiveCD.

    2) Follow On Screen Instructions.

    That's the trouble with you Linux people. It's always got to be so 'bloody' complicated. Even Windows makes migration to Linux simpler than your sort would have things.

  9. Camilla Smythe

    This Fix It...

    Which was being fixed......

    Has now gone AWOL

    http://yfrog.com/89screenshot1crep

  10. Slappy Frogg

    Work around on MS website returns 404

    Thank you for the notice of the vulnerability, wanted to share that as of 7:26pm San Francisco time, the referenced Microsoft article's workaround link returns a 404 error in IE 8.

  11. Camilla Smythe

    @Slappy Frog

    "wanted to share that as of 7:26pm San Francisco time"

    OH CRAP!!!!!!

    "This Fix It By Camilla Smythe Posted Friday 29th May 2009 00:27 GMT

    Is being fixed..."

    Sorry about that peeps. Looks like trying to use the fix in Firefox under Ubuntu ended up breaking Miscrosofts website. :-(

  12. JC
    Gates Horns

    Linux Isn't The Answer

    If enough people start running 'nix, crackers will just start targeting it too. Enjoy your exclusive club boys, the worst thing for you is to get every lame user out there on the boat. Pretty soon they'd have to dumb down the interface and sprinkle large rainbox colored boxes and wizards into it, push self-destructing updates and start charging more through OEMs to support all these less savvy users.

    OEMs then have to pay more for people that know more than clicking a mouse in windows which raises the OEM cost to nearly what it is with windows since MS nearly gives it away to OEMs.

    Things are the way they are for a reason, there is balance in the world it's just not an OS market share balance.

  13. Anonymous Coward
    Anonymous Coward

    Me too

    @Slappy Frog - same here - 8:17 PDT "Internet Explorer cannot download enableadvisory971778.msi" Goes on to say, not able to open the site...

    And Swedish Chef says "Bork, Bork!!" :)

  14. Charley
    Thumb Up

    If Windows is the answer

    ...it was a bloody stupid question.

  15. Anonymous Coward
    Anonymous Coward

    DirectX is a Security Hole

    Don't blame Microsoft because the whiny developers keep writing stuff that needs DirectX.

  16. Ceiling Cat
    Linux

    @ Linux Isn't The Answer

    You have a point.

    Of course, targeting 'nix would STILL require more work than targeting Windows boxes.

    Since most "crackers" are looking for little more these days than :

    1) Your credit/bank info, so they don't have to go work for a living.

    2) Your online game username/pass, so they don't have to work for a living

    3) Some pron, 'cos they're unemployed w*nkers..

    Then they are infinitely less likely to go to the trouble of trying to crack linux, and instead will stick with their tried-and-tru methods of using the latest pre-built 'pwning' tool.

    Tux, cos he's a flippin' penguin!

  17. Anonymous Coward
    Linux

    Oh gee!

    Another hole the size of a bus in Windwoes. How surprising. And the fix broken? Gee.

    Beats my why anyone continues to buy this crap.

  18. wobbly1

    (puts on sh*t proof coat)

    With some trepidation ... Isn't one of the advantages of 'nix that open source means not just the authors can look at a fix? I run windoze and unix derived op syss here. The revisions and updates seem to come faster on the open source software on both op syss, the difference being that more of the software on the unix derived machines is open source. There may well be an argument that there is more to be fixed on the open source software... but in use , there seems little difference in the failure rate (crash vulnerability or non functionality) . If I could run dragon dictate and my winodze games under a 'nix variant , I'd happily drop the last b*stard calf of the Microsoft cash cow in an instant. My in-house rule is all new apps must be open source and run on both opsyss.

  19. Anonymous Coward
    Anonymous Coward

    Am I wrong but...

    isn't quicktime apple, and the article says that the quicktime filter was removed in vista, wouldn't apple have made the quicktime filter? I mean if you don't install quicktime but have direct x are you still vunerable?

  20. Anonymous Coward
    Thumb Up

    Hey

    Maybe MS should add two more buttons to that page:

    1. Uninstall Windows

    2. Install Linux

  21. michael

    re:Typical MS...

    6) get the s*%t licked out of you by your it department cos now all your companys programs will not work

    most of the windows computers in the world are in a corprate inviroment and most companys use windows and windows programs for very good reasions

  22. Anonymous Coward
    Linux

    polarity

    It increases.

    Every new story of yet another Microsoft fuck-up brings out those who are now at peace and can laugh at this because they've moved on to Linux/Mac.

    Then there's those who clearly tried Linux but gave up after a couple of days and think themselves most clever and witty as they go about flinging mud. (Whereas really they just look silly. What a brave decision - I'll keep this OS that I know is badly written, that I know is over priced, by a company oft convicted of dodgy behaviour, that is just waiting for someone to discover the hole that will bring Windows down globally, that I have to add extra software to in order to make it halfway safe to use online and all this SO I CAN PLAY GAMES!)

    And then there's the last hopeless few - still defending the indefensible (Microsoft). Still flinging words of hate and bitterness at those who have escaped. Stockholm Syndrome doesn't even come close to describing these folks.

    Point being that each and everytime a story like comes out the contrast seems a little more pronounced.

    OS's are tools. Microsoft make demonstrably poor quality tools. Apple make reasonably high quality tools.

    Linux is just awesome - can be frustrating but that is almost always down to lack of user knowledge rather than lacking functionality.

    The biggest attacks on Windows (in my own experience) come from animated icons in MSN and game key-generators and cracks.

    Moral of the story is - if you hang about in disreputable places inserting your unprotected tool into places you're not sure of - you get infected.

    Just like sex really.

    But Linux still pisses all over the competition.

  23. Anonymous Coward
    Anonymous Coward

    Ah as normal...

    a possibly useful post about a ms vunerability (which is actual fact looks more like a apple vun as far as i can, as i'm sure quicktime filters are not installed as default so if its not installed, no issue ,but there you go ) causes rants about using linux.

    there are different O.S's for different people, as half the users in the world can barly handle windows way of installing drivers how the hell do you think they are going to manage to recompile a kernal to install a driver!!

    Different od for different people, understand that, and kindly sod off from hijacking a comment thread to spew anti ms crap. If you don;t like it actually do something proper about it, rather than wasting your time ranting on the internet!

  24. DutchOven
    Stop

    RE: damned if they do, damned if they don't = asper (yawn)

    DT wrote: "Linux might be fine for surfing tinternet, hosting websites and doing all manner of techy things that get you guys wet, but frankly it's niche. Computers are for running software and last time I checked gloating isn't a "killer app" , but an effective way of putting people off your little club."

    ...and what do the majority of users do with their computers. Oh, wait. It's number one on your list "surfing tinternet". They might also need a copy of Open Office, just in case. Apart from that, they're good to go. It no longer takes a PhD in Computer Science to understand Linux, my friend installed in instead of WIndows on his PC and he's a computer amatuer. So far he has asked me for advice a total of zero times...

  25. Anonymous Coward
    Anonymous Coward

    hum just read...

    .. that the parser in error is apparently not quicktimes own one, but is MS's one (didn;t think apple woudl allow ms to code that but hey ho :p)

    my rant about anti ms people is still valid tho!

  26. Anonymous Coward
    Joke

    boobytrapped quicktime files?

    If you're going to target windows, you might as well use a common windows format file to do it. Seriously, how many windows users routinely use* quicktime files?

    *if iTunes didn't secretly install every other apple program ever written along with itself, most people wouldn't even be able to play them.

  27. Anonymous Coward
    Anonymous Coward

    This is where the title should go.

    @DT - Incredibly well said.

    Where's the evil Tux icon?

  28. Fred

    Nice to See AV firms business plan in action

    I think that Anti-virus firms are the only working example of perpetual motion machine!

    If these so called 'anti-virus' businesses where actually interested in security they would most likely start to issues advice about changing to a secure operating system.

    While they have to put bread on their tables there is no doubt they could other ways to make money, and from what I know they list they have of options is very long...

    Does anyone else notice that when they comment here they get some interesting firewall logs, or is it just me?

  29. DS

    Make the change NOW.

    For years, you've been told not to run as admin.

    Take note, make the change, or pay the penalty.

    There are no excuses for running as admin on your day to day account. End of discussion.

  30. Anonymous Coward
    Jobs Horns

    The simplest answer is

    Do what I do, and don't let that dirty abomination of a file format anywhere near your computer.

    It's just as bad, if not worse than wmv for DRM infections. At least WMV has some redeeming features, like compression that doesn't come straight from the stone age.

    I've been seeing the qt format replacing wmv files as the malware speading choice on p2p networks for quite some time now.

    And remember, kiddies. This isn't a vulnerability in the OS. This isn't a vulnerability in the in the DirectX API. This is a vulnerability in the Quicktime implementation, which was supplied by....

    Apple! The purveyors of the worst 3rd party software in the world, by a full length.

    Their media player is so shonky that it belongs in the dustbin alongside Realplayer. This is the reason we have open source codecs called Real Alternative and Quicktime Alternative.

    ITunes is one of the biggest piles of gated community excrement ever to have insulted our collective intelligence. Never mind open source, it's not even open functionality, and it breaks most 3rd party disc writing software when you install it as it tries to DRM your system up to the hilt.

    Don't believe me? Google "itunes upper filters" to discover a torrent of tear soaked forums filled with people desperately trying to get their CD drives back.

    Quicktime is a creaky old format, and as with all old standards it was inevitable that gaping security holes were to be discovered. The only reason it still exsists at all is because appletards are still forced to use it.

  31. Lionel Baden

    would this work

    on quicktime alternative codec ???

    and why is nobody blaming apple for this ??

    their bloody codec and player are as bad a malware once installed on ur computer ...

    Although i would agree in thinking that M$ have waited till win7 was almost ready for release before admiting to this !

  32. Juan Inamillion
    Flame

    Move along

    nothing to see here...

  33. Rob Crawford

    404 Error

    In IE6 & 7 and it's even less happy under chrome.

    As a Linux user since 94 I feel that I have to point out that I can't stand the Linux fanboi mentality (or BSD, windows, apple or even BeOS fanboi).

    If everybody switched to Linux tomorrow you would switch to BSD or something as all the refugees would bring down the tone of the neighbourhood.

    Now if only my house could support the power and cooling requirements to satisfy the VME machine I have just been offered

  34. Anonymous Coward
    Thumb Up

    @DT

    LOL! well said - finally some realistic perspective on things.

  35. Anonymous Coward
    Thumb Down

    known as DirectX?

    "The vulnerability in a Windows component known as DirectX is being targeted"

    Is this a site for IT Pros? I'd be very surprised to find a reg reader that doesn't know what DirectX is, I'm not sure why of late the Reg feels the need to write as though it's articles are going to be printed in The Sun.

  36. Chris Matchett
    Thumb Up

    Microsoft should fix this on newer and current operating systems

    Oh wait. They did already.

    It's all very well the *nix fanbois having a laugh about this but this affects operating systems that are at least 7 years old now.

  37. Doogs

    Linux v Windows

    Recently started playing with Linux (would have been sooner but the sometimes rather rabid fanboyism tended to put me off).

    Actually got interested in OS's again, so thought I'd create a couple of partitions on my aging machine with 512MB RAM, whacked Windows 7 RC on one, tried a couple of flavours of ubuntu on the other.

    Wanted something to watch tv, browse a bit of 'net, p2p - nothing too taxing.

    Windows 7 ran surprisingly well with IE8 and FF3 running several tabs each and Freeview in Media Centre coming from an old Freecom USB stick (once I'd found drivers for it; Win7 didn't find them automatically) - although that was obviously it's limit as I'd get a pause or two occasionally.

    Seeing comments on the good ol' Reg repeatedly telling me Linux is so much less demanding on older machines than Windows, I gave Ubuntu a go.

    Tried "standard" Ubuntu - damn that default brown theme is ugly ;), tried Mythbuntu for the TV - failed to install properly; probably my fault for not being clued up enough on Linux.

    Then had a look at Kubuntu - now we're talking, I thought. Really liked it with the gadgets an' all - excellent idea to have your UI gadget based I reckon. Took some time to get it to work on both my screens, mostly because of X server config file permissions not letting me save the changed settings.

    Running Firefox and Opera with the same tabs as I had in Windows 7 and Kaffiene for TV seemed to work slightly less well than Windows 7, more pauses and telly quality not as good.

    Now, I don't know if I could improve Kubuntu performance with the right configuration and optimisation settings, but right now I'm still leaning towards Windows, with Linux an interesting "hobby" OS for when I can afford either a new computer or at least some more RAM.

    Windows just seems "to work" a little bit more than the distros of Linux I tried. Perhaps I'm more biased because I'm used to the way Windows works - but that could also apply to the majority of computer users out there, too.

  38. Anonymous Coward
    Gates Horns

    Fix doesn't even work in IE for me

    When I try to download the file the "fix it" button links to, it gives me a file not found error. Top job Microsoft! Not only does your operating system not work, neither does your fix for it!

  39. Eddie Edwards
    Gates Halo

    @ polarity

    Yeah, I noticed how many Linux zealots were posting from their mothers' homes / student digs today too.

    Fortunately they are balanced by more sensible industry commentators who use computers to do actual work.

  40. Russel Sprout

    @AV Firms

    Aren't AV firms really just software houses? So yes, why change a good thing!

    "exploited in the wild" - Where else is this new nasty going to be exploited??!

  41. Anonymous Coward
    Stop

    Stick with Windows, all will be calm again

    Stay with Windows, don't look to OS X or Linux, there is nothing to see over there.

    Everything will be right, Redmond is looking into the problem and all will be fixed and calm again.

    Peace!

  42. Anonymous Coward
    Stop

    This is not an Apple component

    Before people start blaming Apple for this because the vulnerability mentions QuickTime, note that the problem is with the QuickTime Movie Parser Filter that Microsoft provides with DirectShow pre Vista. The QuickTime Movie Parser Filter is Microsoft software used for working with QuickTime 2.0 files and older.

  43. Pyrrho Huxley
    Linux

    Just how bad does Windows have to get?

    No matter how bad Windows is revealed to be, or how good the alternatives are, there will always be those who are can't bear to give up on what they spent so much time learning. In the mid 90's I worked with someone who'd learnt his computing using DOS and when Windows 95 came out was simply too terrified to give up DOS (even though Windows 95 was an excellent version of DOS). His idea of teaching people to use word processing was to show them EDLIN! The excuse he used was that the new OS wouldn't run games or "business apps" properly. The real reason was that he'd invested so much emotion in learning DOS that the arrival of a new OS made his knowledge seem obsolete and threatened his psychological equilibrium.

  44. Geoff Mackenzie

    To the people suggesting the switch is difficult ...

    6) Migrate all your old data.

    Like when you upgrade Windows and it feels the need to trash everything on the way in?

    7) Take a course on learning how to use linux

    If you need a course to switch to Ubuntu from Windows you probably shouldn't be using a computer.

    8) Spend a month attempting to find/learn programs which did the same as your previous windows programs.

    It doesn't take a month; most are installed by default on Ubuntu.

    9) Spend another week learning/re-configuring your machine to dual boot as you realise that half your business/engineering/accounting software and none of your games will run on linux

    Configuring dual boot adds less than 15 seconds to an Ubuntu install, assuming you want to tweak the configuration. A week my arse. By comparison, note that Windows cannot set up a dual boot configuration with an existing Linux installation or even resize partitions during installation (as far as I recall, but I"m prepared to stand corrected if they've fixed this with Vista / 7.

    10) Another half day to give up, uninstall linux and reinstall all the apps you were used to.

    Actually most users will find that Windows is harder to install and get running. No full end-to-end GUI installer, no Live CD. No office applications installed by default after you reinstall. Product activation. Etc., etc.

    ... and ...

    3) Tap DEL (or as appropriate) during boot.

    Not required; my BIOS is configured to boot from optical first if a disk is there. Not my doing, but the hardware manufacturer's. Also, please note, you'll need to do this to install Windows too.

    4) Find appropriate settings, Under Advanced Cmos settings ?, and select Boot From CD as first option.

    Again, you can't blame Linux for your BIOS menus. Mind you, on my PC this is under 'Boot order' which seems reasonable enough.

    5) Select boot from HDD0 as second option.

    Again, should be easier than that with a modern BIOS. Mine labels this option 'Internal hard drive' and also has this as the default setting anyway.

    6) Insert Live CD

    A Windows Live CD? Really? Where can I get one of those?

    7) Save settings and exit, F10 Y, ?

    Oh...... silly me. It's Windows. Autorun/Autoplay will sort things for you.

    1) Insert LiveCD.

    Again I say, a Windows Live CD? Or a Linux one? Are you telling me Windows Autoplay will understand how to boot a Linux Live CD? Or boot a Windows DVD so you can have a play with it without installing?

  45. Gareth Williams
    Paris Hilton

    Re: @ Chris Matchett

    I wouldn't say that Microsoft fixed this vulnerability in newer and current OSes (according to Microsoft, XP is still a current OS so your argument is flawed from the beginning!) - they simply didn't include the affected component in versions of DirectX released with Win2K8 and Vista. That doesn't mean however that they fixed it... capiche?

    Additionally, I'd disagree with the implication you're making that this vulnerability isn't serious because it affects systems that are at least 7 years old now. That means that, as well as the operating system, the vulnerability has been around for a long time too. It hasn't been disclosed until now - possibly because any cases of it being exploited weren't public until now- but we'll never know when Microsoft were made aware of it. Maybe they only became aware of it very recently... maybe they knew flippin' ages ago but decided it wasn't in their interest to disclose it. Who knows? We never will.

    The "security by obscurity" model that Microsoft continues to adhere to means that these vulnerabilities can remain hidden from the user base for potentially years. However, that's not to say that the Bad Guys aren't aware of such vulnerabilities and secretly using them.

    One of the great things about open sourced software is that it opens it up to be scrutinised by a million pairs of eyes... sure some bad people may look through the code to try and find flaws, but they do that with Windows, OS X, etc... in any case. I'd rather have millions of the Good Guys actively looking for and fixing bugs rather than expecting Microsoft or Apple to pick these things up once the code is already written and out there (which they weren't able to do before it got released so what makes them more likely to do so afterwards?).

    ps - anyone else getting very bored of the tedious OS flame wars that are becoming too commonplace at El Reg? This ain't Slashdot.... I thought we were all IT professionals.

    Paris.... cause she's not adverse to opening herself up for scrutiny by millions of pairs of IT geeks' eyes either.

  46. Anonymous Coward
    Anonymous Coward

    A title is required

    I don't want to get all fanboi-y, but all these "but linux is hard" complaints are rather outdated. I've recently moved my notioriously computer-scaredy housemate over to linux (linuxmint, the even-friendlier, and much prettier, version of ubuntu), and she loves it. She doesn't care what the OS is, she runs her windows games under wine without knowing what she's doing - they just work, and that's all that matters. She browses the web, writes documents, manages her photos, does email, prints stuff, watches iPlayer, uses Spotify, blah blah blah - it all just works.

    Every so often, I have to help her with something. But usually only ever once, because - being a human being, she's capable of learning and the logical, consistent and above all human-readable nature of linux means learning is a lot easier. I get a LOT fewer requests for support over the six months she's been using linux than I ever did when she was running windows, which she's been doing for almost ten years. What I do get is comments like "isn't this linux thingy clever" and "my computer feels so much faster". For my part, I don't have to worry about her picking up anything nasty from browsing around the internet, nor do I have to run around installing patches and fixes and so on - apt does that all for me. From my point of view, and from my housemate's point of view, using linux is a no-brainer.

    Not trying to make any judgements about which OS is bestest or anything, just saying that the old preconceptions about linux being hard to use are a bit outdated now. In my experience, it's far simpler to install - and to run - than Windows is for the vast majority of cases. Yes, sometimes the less mainstream stuff can take a bit more effort, but then it's not like everything under Windows is always entirely effort-free. Whether that makes linux 'better' or not is a moot point. I'm sure other people can argue all day about that, I don't really care. It's better for me, and it's better for my housemate and that's all I can say with any certainty.

    Just for the record, installing linux these days is, as Camilla would like:

    1) Insert LiveCD.

    2) Follow On Screen Instructions. (which include "Would you like your current bookmarks/addressbook/filez/etc migrating to your new linux install?")

    Honestly that simple. You don't need to mess about booting from CD, it'll all just happen using - wait for it - Autoplay. Not hard. Easy. Also, DT, most users don't need a course to learn how to use a windowing gui. They already can. They can click a menu, drag-and-drop a file, make a folder and fill it up, open a downloaded file, etc - and that's all most people need to do. I have the same low opinion of users as anyone who's worked in IT support, yet even I don't think they're so stupid they can't manage using some slightly different-coloured windows/menus.

    Oh, and Eddie - my computer does actual work, under my instruction. I'm an IT professional, and I use linux in my job because, for me, it means I can get more work done for less effort. For me. Your experience might be different. Attitudes like yours are just as bad as the freetard's default whine about "teh 3vil Micr0$0ftz".

  47. Anonymous Coward
    Thumb Up

    @Marketing Ploy ?

    Exactly what I was thinking, have I really become that jaded by MS antics lately?

    Sorry Bill and Steve, but we know you need to dump the older installs so you can move forward, but why not stop allowing backwards compatability junk in each new revison, rework a new O/S ala Apple?

    Oh no of course you can't, you would lose all that loverly wonga from the businesses who need to you to maintain the backwards compatibility else they would all simply load up Ubuntu and run Wine to keep those 10-15 year old 16 bit Windows apps going!

    Bill and Steve B, you made you're beds, now lie in them!

  48. The Fuzzy Wotnot
    Thumb Up

    @Charley

    You or the Reg have got to put that on a T-Shirt, that is the best, neat little comment I have read all day!

    Well done sir!

  49. Jon Brunson

    There is a fix!

    If there is a fix for this, then which haven't MS pushed it out using Windows Update?

  50. Anonymous Coward
    Anonymous Coward

    @ Geoff

    "If you need a course to switch to Ubuntu from Windows you probably shouldn't be using a computer."

    so with that comment i will admit you hit the nail on the head, but you hit the nail into your own head.

    A high perentage of windows users are NOT TECH SAVVY, they get confused by mice and double clicking let alone anything else. Comments like yours just reinforce the fact that windows is better for the average users becuase hte average user WOULD need a course/book to help them switch to anything else anyway! let alone anything that requires command line and can't be done with a double click.

  51. Chika
    Coat

    Fanbois?

    Seems odd that there is so much whimpering about *nix fanbois here but nobody seems to have noticed the whining from the Muckysoft fanbois. It works both ways, folks!

    And yes, I too think that the timing of this situation is a little too much like a coincidence. I'd like to see an example of this exploit rather than just a notice to say that it is possible.

    (So that's where I put that openSUSE Live CD!)

  52. Joe M
    Unhappy

    Posting about Linux here?

    Disclosure: I program Windows from application to driver level as well as using it to watch movies, edit DVDs, 3D render, play games etc. I also program Linux to driver level, have embedded Linux to run on Intel and non-Intel platforms and custom hardware, do real-time mods to the Linux kernel, use it as a mission critical server etc. etc.

    To all of you posting about Linux here: how about relocating the many fine Linux forums which abound on the net. In case you haven't noticed, this is about a bug IN WINDOWS. If you don't like Windows, why are you even here?

    Each time a Windows bug is mentioned a cacophony of "rah rah Linux" starts up which is about as helpful here as a truckload of manure (which most of you are shovelling at a great rate). You are just creating noise.

    In a word: FUCK OFF!

  53. Anonymous Coward
    Linux

    @AC

    "A high perentage of windows users are NOT TECH SAVVY, they get confused by mice and double clicking let alone anything else. Comments like yours just reinforce the fact that windows is better for the average users becuase hte average user WOULD need a course/book to help them switch to anything else anyway! let alone anything that requires command line and can't be done with a double click."

    I think the point Geoff was trying to make was that it requires as little savvy (arguably less) to use a modern desktop linux as it does to use a windows. If something needs CLI config, then it's something A Bit Hard, something these people probably couldn't do under windows either. 99% of anything people with understanding problems need to do is done with a nice simple GUI these days (or, more likely, auto-configures itself). Not sure when you last tried a linux, but it's got a great deal more user-friendly over the last few years.

  54. Anonymous Coward
    Anonymous Coward

    Windows vs Linux

    I recently switched to Ubuntu having endured the monstrOSity that is Vista for 6 months and I'm planning never to switch back. I've committed myself to finding open source alternatives to all the software I used under Windows.

    It might not always be easy, but I'm man enough for the challenge. (Come on, Googling a problem and then following instructions isn't THAT hard)

    It seems there are 2 classes of user; those like me who actually like technology and are open to trying new software and those who claim to hate technology and feel that they're just "putting up" with their computer problems because it'd be far too much trouble to look into alternatives.

    That said I don't feel I'm a fanboi, I'm not actively trying to convert anyone. I'm happy for Windows to remain the dominant OS as I don't feel the software I use needs to be justified in terms of popularity. Plus I like the idea that there's a vulnerable class of pwnables that will almost never be exhausted.

    I accept that both Windows and Linux have their own pros and cons. Only difference is one is produced by a huge monopoly with a history of anti competitive practices.

    Anyway, that post has nothing to do with this latest vuln - just my two cents.

  55. Joe Good
    Thumb Down

    @DS

    Have you ever actually TRIED working on a Windows machine in non-admin mode? I have two dedicated Windows XP machines for my kids to:

    (1) Play games I've installed

    (2) Use Firefox to play games on the Web at sites I've OKed and bookmarked. (And yes, I have NoScript installed in case they wander or click on any links).

    I originally set them up with user accounts. Over 2/3 of the games I'd installed couldn't run in user mode. Similarly, most of the nefarious Web sites such as PBSkids.org didn't work correctly. Drivers wouldn't work, simple applications wouldn't open, files wouldn't save, and I ended up having to troubleshoot every single time they tried to do something new.

    Now take that to a work environment for a software company, where you're constantly installing your company's own software to test/use/take screen shots of it. Can't do any of that in user mode!

    In short, user mode wasn't even good enough to surf the Web, play games, or edit files. If it can't do that, then what the h*** good is it?

    (OK. I guess I could have spent a couple of hours sorting through Windows security permissions to figure out which ones to enable to make all those things work, but it was a heck of a lot easier to give the kids admin permissions and tell them not to install anything without my permission).

    Joe

  56. Chris Matchett
    Stop

    I'm just saying...

    ... that all the new OS's from M$ since 2002 don't have this bug. Inference is that they are slowly learning to program more secure operating systems. There's little point criticising M$ for something they have already learnt from.

    If Windows 7 has some design flaw leading to security holes then you'd expect them to sort that out by the time Windows 8 rolls along.

  57. Anonymous Coward
    Happy

    answering back

    @Joe

    "Fuck off" is two words.

    Windows is a piece of shit, sold by a company that owes more to Black Beard than any reputable company.

    Do you know how much money they have stolen from School Budgets with their vendor lock in and multi-year contracts?

    The hospitals?

    The Governments?

    Most of you don't even care.

    How can you claim any kind of moral awareness when you continue to give money to thieves, bullies and liars?

    Cus it's easier than bothering to grow up and learn something new?

    Of course Linux gets mentioned whenever there's another "new hole found in Windows" story. Not because Linux doesn't have any holes but because Windows is so bloody easy to exploit.

    Run levels, the need to run as Admin online or get faced with "you don't have the necessary permissions to install this plugin" messages (cus they're too stupid and stubborn in Redmond to copy the Unix security model).

    Linux was designed by Users. Windows was designed by bitter twisted dwarves in a cave somewhere (or so it would seem from the way it behaves).

    It's not that Windows users aren't tech savvy - it's because Microsoft brag about how safe each new Windows release is and they believe. Gullible perhaps - ignorant - not really.

    Can't say I've ever noticed iTunes fucking up cd writers and I've run it on Windows and OSX (with 3rd party writing apps in both cases).

    YMMV as the saying goes.

  58. vincent himpe

    @geoff McKenzie

    > Like when you upgrade Windows and it feels the need to trash everything on the way in?

    Just buy a new computer.Stimulate the economy a bit. I store my data on a NAs anyway ( raided in the nas and across 2 NAS boxes ) No need to move anything.

    >If you need a course to switch to Ubuntu from Windows you probably shouldn't be using a computer.

    Alas, for some of the stuff you need the command line ... sudo blabl apt-get blabla .. to a windows user : that is chinese to a non-chinese.

    > It doesn't take a month; most are installed by default on Ubuntu.

    Oh goody, so now Ubuntu or whatever is the 'darling distro' this minute comes with Autocad, Paintshop, Adobe Premiere / After effects / Illustrator / Photoshop / Lightroom / Dreamweaver , Altium Designer, Visual Studio, Nero and some other stuff i use (like Ride, Keil's ARM tools, Lauterbach tools) . Yay i'm switching right now !

    > dual boot

    Is for whiners that can't decide. You either go route A or you go route B. If linux is all its crack'd up to be, you should not need your windows anymore. So you don't need dual boot.

    > A Windows Live CD? Really? Where can I get one of those?

    Try BartPE ... works fine. and you can preinstall all your favorite stuff. Even runs from USB memory stick ...

    [insert bullet riddled penguin icon here]

  59. Richard

    Hold on a second ...

    "It's all very well the *nix fanbois having a laugh about this but this affects operating systems that are at least 7 years old now."

    Um, isn't the 7+ year old OSes the one that MS users prefer because MS hasn't produced a non-steaming pile of OS since? (Not that I conder XP, aka The Longhorn Stopgap, all that great, either.)

  60. dave hands

    Mr McKenzie.

    "> It doesn't take a month; most are installed by default on Ubuntu.

    Oh goody, so now Ubuntu or whatever is the 'darling distro' this minute comes with Autocad, Paintshop, Adobe Premiere / After effects / Illustrator / Photoshop / Lightroom / Dreamweaver , Altium Designer, Visual Studio, Nero and some other stuff i use (like Ride, Keil's ARM tools, Lauterbach tools) . Yay i'm switching right now !

    > dual boot

    Is for whiners that can't decide. You either go route A or you go route B. If linux is all its crack'd up to be, you should not need your windows anymore. So you don't need dual boot."

    You muppet. You gave in to the anger.

    1) Perhaps you should be asking why it is that so many people accept being held hostage by bloated software houses for over priced software. Why is it ok that poor people don't get a look-in unless they pirate? Why do "you" just roll over and accept the mindless profiteering?

    Any standard that is dependent upon expensive, proprietary software is not a standard. It's a trick to lock you and everyone else in to a never-ending cycle of pay and pay again.

    2) Dual boot is for whiners who can't decide.

    I hope you feel thoroughly ashamed of that statement.

  61. Anonymous Coward
    Gates Horns

    trolls everywhere

    If MS is so worthy of defending, why do its defenders usually respond to the obvious Linux troll rants rather than the sensible posts? Because they're trolls too. It's one thing to say (quite rightly) that you can't leave MS because you're already locked in, but why when making such a statement do so many people frame it as a good thing? Because they're trolls.

    If I see one more person joining in an OS flamewar here I'm going to post links to every Reg article on Digg. I'm not bluffing!

  62. vincent himpe

    @dave

    1) Ok , so then , give me an equivalent for Premiere and After Effects and Lightroom . As for some of the other software i mentioned... there is one equivalent for linux... you need to fork over 20 grand every year for a licence... the windows version is a fraction of that cost. the difference ; the linux version can run on a farm to speed up simulations, the windows version does not... i don't need the farm. a quad core is speedy enough for what i do.

    2) nope. why should i. Just build a separate computer. I have a box running ubuntu (lamp), and two machines running XP (one for video and photo editing that has calibrated monitors) The hardware is cheap compared to the cost the invested time and projects. 300$ buys you a quad core + mobo +4 gig ram ,slap on 130 for XP oem licence and 160 more dollars gives you 3 terabyte of storage... Heck the videocamera costs 3x more than the computer and that is without the cost of the underwater house for it...

    Besides : There is plenty of 299$ deals out there that buy you a modern machine to have a bit of fun. i got a couple of those i use to develop hardware, most of them have wires soldered to the motherboard so i can hook up a scope or logic analyser.

  63. Apocalypse Later

    Instead

    If the jiffy fix button on the Microsoft site doesn't work for you, try this less jiffy method from their other pages-

    In XP, open a command line window, by clicking "Start" (bottom left) then "Run". Now type "cmd" in the dialog (without the quotes). A black command line window appears.

    Now copy the line below and paste it into the command line, then press return.

    Regsvr32.exe %WINDIR%\system32\quartz.dll

    Windows media player won't be able to play .avi or .wmv files anymore, so use something else.

  64. dave hands
    Alert

    @Vincent

    1) I agree with what you say.

    My point is that it's wrong that it is happening. It ought not to be this way. Why should tools be withheld from the poor? It's outrageous.

    In just the same way that certain people are OK with the idea that in a world where we have the where-with-all to treat everyone for a lot of low level medical issues, we don't. We shrug and put the medicine in the cupboard and say "when you can afford it you can have it" - this is a monstrous crime. And while I realise that software isn't the answer to the world's problems, it, like everything else, is kept in the cupboard for those who can afford it.

    And this way of thinking and behaving stinks to high heaven.

    (Spare me any diatribes on motivation and any grotesque nonsense about "capitalism is the best system we ever had" - (if that's true there is no hope)).

    2) Waste of time money and electricity. Though of course, if you need more than one pc running at any one time then yes, you're right.

  65. Apocalypse Later

    @dave hands

    Capitalism is the best system that has ever existed. Without it there is literally no hope.

    If you are handing out free tools to the poor, I need a drill press and a bandsaw.

This topic is closed for new posts.

Other stories you might like