So.... not changing the name to Windows smash-the-window-and-ransack-the-joint?
any other suggestions...
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use. The bug, CVE-2018-0986, was patched on Tuesday in the latest version of the Microsoft Malware …
It's been obvious for at least thirty years - Microsoft is the Monopoly and Marketing Giant....
......but has NEVER been much good at software. Here we have (yet another) an example of M$ taking a perfectly good piece of someone else's software and totally screwing it up. The other examples, I hear you ask? How long have you got? Powerpoint, Lattice C, Multiplan, Avalanche, Internet Explorer (purchased/licensed from NSCC), Visio........the list is endless.
The error here wasn't destroying perfectly good open source code, the error is the defender program itself. Anti virus isn't the solution. We should go the Mr Burns route and infect our systems with ALL the malware, then none of it will be able to fit through the door!
That's a little harsh...
Maybe there's a little group? IBM (points at Notes - just in general not necessarily security. I mean it may have security bugs if anyone cared and were prepared to expose themselves to the horror), Apple with OSX "security patches", Microsoft, Adobe (for everything), Sun (Java), Oracle (unbreakable....).
Maybe it would be easier to make a list of the Midas companies?
"... day Micro$hit makes a product that doesn't suck is the day it starts making vacuum cleaners ..."
Eyewateringly overpriced, overmarketed, shiny, horrible looking, not very good vacuum cleaners?
Too late, Dyson got that particular halfwitted market segment sewn up years ago.
This shitty code is in your medical devices, cars, industrial systems, phones and most devices in your homes. It's present on every website you visit.
Insecure by negligence and stupidity, it's everywhere in your life.
But hey - psychopaths are running the companies that make this stuff & they don't give a shit. They are cutting cost to get paid. You are not the 1% so fuck you.
Even Billy G and Ballmer had standards when it comes to patching software.
SatNad, since becoming CEO, had lowered the bar to record new lows. He's outsourcing the software testing to the users, especially to those useful idiots called 'Insiders'. That's irresponsible and Microsoft should be sued.
"This shitty code is in your medical devices, cars, industrial systems, phones and most devices in your homes."
Cobblers. Embedded systems (i.e. pretty much everything you're talking about here) programming is a world apart from desktop/cloud programming - when you know you can't always push out bugfixes to all your existing customers simply by sticking a new binary onto an update server, you do tend to spend far more time making sure the code you do send out the door is as bug free as you can possibly make it.
"But hey - psychopaths are running the companies that make this stuff"
No, they really aren't. At least not on the planet the rest of us are living on. Maybe on your world (you know, the one where your post might actually make any sense) things are different...
" Embedded systems (i.e. pretty much everything you're talking about here) programming is a world apart from desktop/cloud programming"
Remind me how secure is SCADA code again. And how many cars have been hacked via on-board systems. And how many medical devices have been hacked.
You are living in cloud cuckoo land mate. All the code written is shit, insecure and done to the lowest possible cost and quality.
All code, or just the code you choose to hate?
I'd agree with you if you said every piece of code ever written by anybody was a giant fuck-up and the internet needs deleting.
Maybe you should be a leader and start by wiping your PC?
Just on a side note, why do people still use RAR archives? I saw a firmware update for download just today that was packaged as a RAR. The majority of OS have some support for opening ZIP built in so why use a archive format that requires your end user to download an extra piece of software to open it?
RARs are proprietary format as well so you need to buy WinRAR to create a RAR archive so surely even 7-zip would be a better option as that is open-source.
7z is still one of those 'exotic' archive file formats... it's similar to what Ogg or FLAC is for audio files.
I still remember the ARJ and ACE file formats.
You don't need WinRAR to open/decompress RAR files. If you want, you can always use the shareware WinRAR... or there are not-so-legal ways to overcome the restriction. ;)
There is also no shame paying Rarlabs for its excellent software.
Proprietary isn't always necessarily bad... depends on the spirit of the person or company owning the software.
Unsigned integer values? Even Microsoft's own development documentation recommends not using unsigned integers in Windows applications because of the unforeseen side-effects. It sounds like Microsoft isn't taking their own advice. And retrofitting existing code like that is just a bad idea.
"Even Microsoft's own development documentation recommends not using unsigned integers"
I can't decide whether to upvote this as top-shelf satire, or downvote it as a huge WTF?
I mean, yes, if your integers are unsigned, anyone can replace them with other integers and you won't be able to tell. On the other hand, integer signing has never been useful as a form of DRM, and can make it more difficult to update the integers if it turns out one requires patching.
The problem, as ever, is backward compatibility.
Computers were designed from the start to use integers without cryptographic signatures, so it is not possible for applications to detect whether an integer is signed or unsigned just by looking at it. A program must be compiled with foreknowledge about which integers to check for signing. Signing is a "cool hack" first used in the late 90s as an attempt to prevent piracy, pioneered first by Microsoft, quickly followed by most of the rest of the industry. Applications designed for unsigned integers will run fine on modern operating systems, but if signed integers are used by mistake, this can result in crashing, especially if the numbers involved are modern numbers that can be quite large. This is because cryptographic signing uses a "hack" that takes over the topmost bit, which may be flipped in some circumstances. This confuses older software.
Microsoft's hacking of the modern RAR program to force the use of outdated "unsigned" integers is an example of how the company has failed to move with the times. This dinosaur's days are limited.
Biting the hand that feeds IT © 1998–2019