back to article Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday

Microsoft is planning a high-impact edition of Patch Tuesday with seven bulletins this month - six of which cover critical flaws. The less-than-magnificent seven cover all supported versions of Windows and every version of MS Office, as well as updates for Lync, Silverlight, Visual Studio and .NET. Internet Explorer, from IE6 …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Surprise!

    Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

    People need to give themselves a shake and stop using MS products!!!! ;-P

    1. BristolBachelor Gold badge
      Coat

      Re: Surprise!

      I thought that it was usually Adobe with acrobat or flash...

      1. Grikath

        Re: Surprise!

        You forgot JAVA....

    2. Anonymous Coward
      Anonymous Coward

      Re: Surprise!

      Sounds like you're saying "How dare they try and fix things promptly"

      I guess you like the Java and Apple model of head in the sand?

    3. El Andy
      Facepalm

      Re: Surprise!

      Yes, of course. Because the fact The Register never bothers to write articles about every Linux/Mac OS/Android/whatever patch release is an indication that they never happen ever.

      1. Anonymous Coward
        Anonymous Coward

        Re: Surprise!

        Well there's that story at the moment about the security flaw in Android and the patch...oh.

        1. Anonymous Coward
          Anonymous Coward

          Re: Surprise!

          Wot, you mean discovery of the master key allowing malicious apps to run?

          http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

      2. eulampios

        @El Andy

        Microsoft owns a patent for "Remote code execution", so others are afraid to infringe on it.

    4. eg0r

      Re: Surprise!

      Because they, unlike some companies, publicly inform people when there are problems with their software. I would much rather that than being kept in the dark.

      If you think Microsoft have more issues, considering the size of their offerings and indeed the scale of the products themselves, than other software houses you're woefully misinformed.

      One truth, software is never perfect!

      1. Jamie Jones Silver badge

        @egor: Re: Surprise!

        "One truth, software is never perfect!"

        I see you follow the microsoft philosophy.. That's fine if you program games etc.

        Let's hope that the software engineers behind the space programme, nuclear power plants, ICBM's, traffic lights etc.etc. never fall into that trap

        1. Crisp Silver badge
          Boffin

          Re: Let's hope that the software engineers behind the space programme never fall into that trap

          Yeah.... Let's hope that never happens.

          Mariner 1

          1. Jamie Jones Silver badge

            Re: Let's hope that the software engineers behind the space programme never fall into that trap

            "Yeah.... Let's hope that never happens.

            Mariner 1"

            :-) Fair point!

            1. John Smith 19 Gold badge
              Unhappy

              Re: Let's hope that the software engineers behind the space programme never fall into that trap

              ""Yeah.... Let's hope that never happens.

              Mariner 1"

              :-) Fair point!"

              In 1962.

              Let me describe how the team behind the Shuttle software wrote it.

              1) Devise specs

              2)Implement specs. Maintaining detailed bug lists and error rates and regular walkthroughs by other people. It's a project. No one "owns" their code. The project does.

              3)When you find a bug work out how your review process did not catch it.

              4)Modify the system to catch future instances.

              5)Scan the codebase for all similar cases and fix them as well.

              If you work in a dev shop look around you and ask yourself "Do we do any of that?"

              It's estimated that their code was 10x the cost per line than the average cost.

              That's why Shuttle flew 134 missions and the software never failed.

        2. AndrueC Silver badge
          Boffin

          Re: @egor: Surprise!

          Let's hope that the software engineers behind the space programme, nuclear power plants, ICBM's, traffic lights etc.etc. never fall into that trap

          No, let's hope they include fail safes and monitoring facilities. "No software is perfect" need not be the same thing as "Our product sometimes fails" ;)

          1. Jamie Jones Silver badge
            Happy

            Re: @egor: Surprise!

            "No, let's hope they include fail safes and monitoring facilities. "No software is perfect" need not be the same thing as "Our product sometimes fails" ;)"

            Yeah - I can't argue with that - although these posts are in the context of microsoft security alerts, so obviously not only is their software not perfect, but neither are any fail safes and monitoring facilities :)

        3. Anonymous Coward
          Anonymous Coward

          Re: @egor: Surprise!

          or the NHS "one system" project....oops.

      2. oldcoder

        Re: Surprise!

        Not surprised...exactly. Surprised it is only 22 though.

        RH actually has a larger kit.

      3. Tom 38 Silver badge

        Re: Surprise!

        One truth, software is never perfect!

        Well, there's Z. You'd hope that someone writing a nuclear power plant's systems isn't just firing up vim and going "Aha, what we going to write today!".

        1. Anonymous Coward
          Anonymous Coward

          Re: Surprise!

          " someone writing a nuclear power plant's systems isn't just firing up vim and going "Aha, what we going to write today!"."

          No, what they're doing in recent years is probably far worse than that.

          Is 'Aha' a typo for 'Ada'?

          Ada might be a decent language for doing a low level design, but it's far too complex a language to be able to trust the compiler and tools.

          There's someone round here whose screen name mentions 'forth'. A custom subset of forth, or something similar, might be appropriate for some safety critical setups. The language and implementation could be simple, efficient, testable, maybe even provably correct in the right circumstances. Given a bit of investment the tool vendors could put some tools around to make it cool and trendy, but Ada seems have become the posterchild for the safety critical folks (at least in aerospace).

          AC, obviously.

        2. Roo
          Boffin

          Re: Surprise!

          Wow, I haven't seen Z mentioned for a while !

          I liked the idea behind Z, but at the end of the day I found that writing unit test & integration tests can accomplish the same goal, so I am left thinking that there isn't really any point in having the Z language in addition to your programming language du jour.

          The thought processes behind applying Z are the useful bit, but I have found that you don't really need Z to think that way. (Hint: It is possible to 'animate' Z constructs in pretty much any mainstream language these days).

      4. eulampios

        @eg0r

        considering the size of their offerings

        if one is considering the size of Debian's offerings... things become more clear.

    5. Anonymous Coward
      Anonymous Coward

      Re: Surprise!

      You forgot to login again, Eadon.

    6. Anonymous Coward
      Anonymous Coward

      Re: Surprise!

      Microsoft has far fewer patches than say an enterprise Linux distribution with far fewer days at risk...Hence why you are much more likely to be hacked running a Linux internet facing server than a Windows one...

      1. Steven Raith

        Re: Surprise!

        I'd love to see you put your money where your mouth is and produce some hard numbers on that for both systems....

        Particularly for vulnerabilities exploited in the wild.....

        1. Anonymous Coward
          Anonymous Coward

          Re: Surprise!

          Here you go: http://www.zone-h.org/news/id/4737

          http://www.zdnet.com/linux-trailed-windows-in-patching-zero-days-in-2012-report-says-7000011326/

          1. Anonymous Coward
            Anonymous Coward

            Re: Surprise!

            Wrt the zdnet article, did readers notice the bit that said "the data shouldn't be interpreted as a claim that an OS built off the Linux kernel is necessarily less secure than using a Windows OS".

            Or the bit that says: "The Trustwave report says the number of critical vulnerabilities, as determined by the Common Vulnerability Scoring System (CVSS) assessment of factors like potential impact and exploitability, identified in the Linux kernel was lower than in Windows last year, with nine in Linux compared to 34 in Windows. The overall seriousness of vulnerabilities was also lower in Linux than Windows, with Linux having an average CVSS score of 7.68 for its vulnerabilities, compared to 8.41 for Microsoft."

            Don't take my word for it, read the full article.

          2. Anonymous Coward
            Anonymous Coward

            Re: Surprise!

            Me again, having just posted some bits from the zdnet article.

            As for zone-h: if "security" means anything, it would be helpful to distinguish between finding an actual exploit in the OS on the one hand (unauthenticated remote code execution, unauthorised elevation of privilege, whatever) or a boring but embarrassing defacement (e.g. via dumbass SQL injection in the Web-facing application). Please do not use records of "defacements" (eg zone-h or similar) as your primary source of "systems being hacked". Please also do your best to identify separately exploits using defects which have been corrected but where the sysadmins have not applied the corrections in reasonable timescales.

            MS supporters when talking about desktop security have a tendency to say "Windows isn't less secure, it's more interesting to hackers because there's so much more of it out there". There's no dispute that there are more Windows than Linux desktops out there. There is less of a consensus about which is more secure.

            Does the same logic also apply to web servers: "Linux isn't less secure, it's more interesting to hackers because there's so much more of it out there"? There's no dispute that there are more Linux than Windows webservers out there. There is less of a consensus about which is more secure.

            If the same logic does not apply, please explain why not.

            [Seen much of this before? Sorry! The zone-h meme needs to be put down sooner rather than later]

      2. Anonymous Coward
        Anonymous Coward

        Re: Surprise!

        "much more likely to be hacked running a Linux internet facing server than a Windows one..."

        Citation needed, but even when it is provided:

        MS supporters when talking about desktop security have a tendency to say "Windows isn't less secure, it's more interesting to hackers because there's so much more of it out there". There's no dispute that there are more Windows than Linux desktops out there. There is less of a consensus about which is more secure.

        Does the same logic also apply to web servers: "Linux isn't less secure, it's more interesting to hackers because there's so much more of it out there"? There's no dispute that there are more Linux than Windows webservers out there. There is less of a consensus about which is more secure.

        If the same logic does not apply, please explain why not. When you've thought about that fairly basic starting point, here's another one.

        If "security" means anything, it would be helpful to distinguish between finding an actual exploit in the OS on the one hand (unauthenticated remote code execution, unauthorised elevation of privilege, whatever) or a boring but embarrassing defacement (e.g. via dumbass SQL injection in the Web-facing application). Please do not use records of "defacements" (eg zone-h or similar) as your primary source of "systems being hacked". Please also do your best to identify separately exploits using defects which have been corrected but where the sysadmins have not applied the corrections in reasonable timescales.

        Have a secure weekend.

    7. Anonymous Coward
      Anonymous Coward

      Re: Surprise!

      because 95% of the world's PCs run Windows, so it becomes SIGNIFICANT news.

      So what if someone exploits something that runs on 2% of the world's PCs? Big Deal.

  2. RonWheeler

    Tiresome

    Every single month, the same old schtick from The Reg. Criticism for releasing security patches with the usual snarky tone that there is something amiss. Seriously - criticism for releasing fixes? As! Tired! As! The! Endless! Yahoo! Exclamation! Marks!

    1. hplasm Silver badge
      Windows

      Re: Tiresome

      Don't like shitty smells?

      Don't try to cover them up- stop making shit in the first place!

      1. returnmyjedi

        True

        But Microsoft also suffer from being the most popular target for naughty miscreants to look for flaws. If all the dastardly types that target Redmond's platforms went looking at OSX, the chances are the fruity one would be similarly lambasted.

        1. Jamie Jones Silver badge

          Re: True

          "But Microsoft also suffer from being the most popular target for naughty miscreants to look for flaws."

          Change the tape - it's beginning to wear out

          1. Anonymous Coward
            Anonymous Coward

            Re: True

            Just because it gets said every month on the Patch Tuesday announcement, doesn't mean it's not true. MS has the largest desktop/server OS market share. There would be something pretty odd if they weren't the number 1 target for people looking for vulnerabilities, especially as we keep getting told that their product is "swiss cheese" full of security holes.

            1. Jamie Jones Silver badge

              Re: True

              "Just because it gets said every month on the Patch Tuesday announcement, doesn't mean it's not true. MS has the largest desktop/server OS market share. There would be something pretty odd if they weren't the number 1 target for people looking for vulnerabilities, especially as we keep getting told that their product is "swiss cheese" full of security holes."

              MS has the largest desktop share, yep, but not the server share. Also, servers are by their definition "providing services" so they are more visible.

              Granted, the typical server is run better than grandmas home pc, but still, saying "of course MS has the most reported holes because it's the most popular" is a cop-out.

        2. oldcoder

          nahh

          Windows is the easiest target...

          So everybody and his 5 year old can hack it.

          Thus more attempts. Unfortunately, more success too.

        3. Anonymous Coward
          Anonymous Coward

          Re: True

          ^^ On the desktop. On the Server, its much more Linux that's the risk.

          1. eulampios

            @AC

            Saying "halva-halva" doesn't necessary make your mouth sweet.

        4. Ryan Nix
          Windows

          Re: True

          Nonsense. I still don't understand why people make the market share argument. At its core OS X is Unix which is inherently more secure. Its more secure because of its open source nature, which is subject to harsh peer review. Apple has done a marvelous job with security in OS X. Flash out of date? You can't use it in Safari until you update it. Java is out of date? OS X will also shut it down and also push you the latest version.

    2. Tom 13

      Re: the usual snarky tone that there is something amiss.

      There is something amiss and it deserves the usual snarky tone.

      MS engineered their software for ease of use at the expense of security. Despite many remakes and PR efforts that remains at the heart of their exploit issues. The *nix kernels are even bigger targets because in the server world they run most of it on the Really Good Stuf (TM). And in theory* because the code is out there you ought to be able to hack it more easily. But the number of critical flaws in the *nix kernel are lower precisely because unlike MS, their kernel is ONLY a kernel, not a mishmash of everything from the kernel through the applications.

      *In practice the many eyeballs seems to negate theory, but the meme persists.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: the usual snarky tone that there is something amiss.

        The *nix kernels are even bigger targets because in the server world they run most of it on the Really Good Stuf (TM).

        What you are doing is comparing apples and oranges, here. Servers are not workstations. The protections and vectors are not the same. Compare Windows servers versus Windows workstations in an enterprise setting and you should find that the workstations get hit at a far higher rate. On the other hand, the argument that higher numbers make more attractive targets is being borne out by the increasing pressure on Android devices.

        Where there are enough assets to make an attack worthwhile, there will be an attack. Eventually, the attack will be successful. At the enterprise level, setting up all machines with one OS is a weakness as someone who can compromise one machine should have no problem with the rest. Better security is based on multiple layer, from OS, to AV and onward.

        1. eulampios

          Re: the usual snarky tone that there is something amiss.

          targets is being borne out by the increasing pressure on Android devices.

          Not true, it was heard long before Android, a pretty controversial theory. And BTW, for Android it's only trojans to talk about, illegitimate apps. One installs those on his/her own risk when not examining permissions and perhaps outside of G. Play (MS Windows lacks even that). It's still unheard of to get a trojan through an RCE.

          Compare Windows servers versus Windows workstations in an enterprise setting and you should find that the workstations get hit at a far higher rate. both need AV according Microsoft.

      2. Anonymous Coward
        Anonymous Coward

        Re: the usual snarky tone that there is something amiss.

        ". But the number of critical flaws in the *nix kernel are lower precisely because unlike MS, their kernel is ONLY a kernel,"

        Erm, you know there are well over 900 critical flaws known in the Linux kernel alone? Versus say 450 in the WHOLE of the worst Microsoft OS ever - Windows XP?

        Windows has historically had a couple of orders of magnitude fewer kernel vulnerabilities than *nix kernels...

        1. localzuk

          Re: the usual snarky tone that there is something amiss.

          @AC - Try to keep up. The Linux kernel has gone through hundreds of versions. If you're going to compare lets try to compare like for like shall we? What number of Linux kernel vulnerabilities were during the Windows XP years?

    3. Ryan Nix
      Mushroom

      Re: Tiresome

      Tired? Hardly. M$FT is one of the most profitable companies in the history of capitalism and they can't make their products better or more secure. Quite frankly, M$FT lacks the culture to make great products.

      1. Anonymous Coward
        Anonymous Coward

        Re: Tiresome

        Every month they make their products better and more secure... That's kind of the point of patch Tuesday...

  3. Anonymous Coward
    Anonymous Coward

    'ugly'?

    has there been a beautiful patch Tuesday then?

    1. theblackhand Silver badge

      It seemed a beautiful patch Tuesday at the time.

      I was very, very, very drunk at the time though......

      Disclaimer: patch Tuesday may have been very drunk as well, I didn't take the short route through the ugly tree....

  4. andy gibson

    Same old article

    And the same old comments. Why not just save everyone the time and bother, just close the thread to comments and direct it to last month's Patch Tuesday arguments.

  5. TS330

    @AC bashing MS...

    Every piece of widely used software is subject to issues. Non-MS products are no exception. Linux/Cdorked and DarkLeach are a good example. And they [the reports everyone is giving] still don't seem to know how they work. I'd much rather MS patch things pronto than deny their existence like some other software vendors.

    1. Tom 13

      @TS330: I'll concur with this statement:

      I'd much rather MS patch things pronto than deny their existence like some other software vendors.

      The problem of course is that until fairly recently MS engaged in precisely that sort of behavior. In fact since they have both private and public lists of known vulnerabilities you can't actually claim they aren't deny[ing] their existence like some other software vendors.

      And no, the Linux kernel is historically more secure than Microsoft's OS. Yes, it is comparing apples and team buses, but that's not the kernel's problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: @TS330: I'll concur with this statement:

        "The problem of course is that until fairly recently MS engaged in precisely that sort of behaviour"

        No they didn't - they have had pretty much the same policy since ~ 2002 when Bill gates made security the #1 priority @ Microsoft.

        Incidentally since when Windows has every single year had fewer vulnerabilities than enterprise Linux distributions, that were on average fixed faster....

        1. Anonymous Coward
          Anonymous Coward

          Re: @TS330: I'll concur with this statement:

          "2002 when Bill gates made security the #1 priority @ Microsoft."

          Security can have multiple meanings and Gates may not directly have meant what you seem to have thought.

          Back then, Gates agenda was to make Windows more "secure" from the point of view of the content providers at the RIAA and MPAA and friends. Unbreakable DRM, copy protection all the way from high definition source to high definition screen. That kind of "security" isn't directly related to protecting users' data and systems from (eg) unauthorised code execution, though that kind of security may well benefit from measures which prevent unauthorised access to protected data, by unauthorised elevation of privilege or whatever.

          If such measures also happened to make it more secure from the point of view of the end user, that was a nice side effect, but the security of the user wasn't the primary driving force.

          Don't take my word for it, go read (properly) about the Trusted Computing Platform concept, its sponsoring organisations, and the behind the scenes activities of the content providers.

          1. Anonymous Coward
            Anonymous Coward

            Re: @TS330: I'll concur with this statement:

            According to CNet, Microsoft announced the move to a monthly patch cycle in October 2003. I'm not sure that there's anything in the IT world that would be considered "fairly recent" if it dates from 2003.

            http://news.cnet.com/Microsoft-details-new-security-plan/2100-1002_3-5088846.html

  6. This post has been deleted by a moderator

    1. Beezle Bob
      FAIL

      Re: It's very unfortunate...

      You have never read an EULA, have you?

    2. AndrueC Silver badge
      Thumb Down

      Re: It's very unfortunate...

      ...that Microsucks was not sued out of business for selling such defective O/Ss for the past 25 years, IMO.

      Defective OSes to the point of being unusable? The Windows family has been powering over 75% of the world's desktops and is possibly - just - the most common server platform. It's probably been the most successful OS in history. It has flaws and limitations - yes. But calling it defective and implying that it isn't fit for purpose is silly. It is clearly very fit for purpose (although I reserve judgement on Windows 8).

      1. oldcoder
        WTF?

        It isn't fit for purpose.

        How many people have gotten the wrong medicine due to Windows security failures? unknown - because they will not advertise the fact.

        How many lawsuits over it - unknown - the EULA bars lawsuits, and even blocks talking about it.

        Why do you think the major financial markets dropped windows? It couldn't perform.

        Why did NASA drop Windows from ISS support? Can't be configured, can't be secured.

        So "not fit for purpose" is completely valid.

        Is it ok for games - sure, nobodies life is on the line.

        Is it ok for general desktop use? Borderline. Your job depends on it working correctly - does it really?

        1. Anonymous Coward
          Anonymous Coward

          Re: It isn't fit for purpose.

          To propose a question that can't be answered, suggest that a software vendor is sitting on the information that answers the question and to then cite that as a reason to not use the company's OS is intellectually dishonest.

          You'll find the EULA is pretty standard fair across all commercial software, and FOSS software, most of which is presented "as is" and has absolutely no warranty.

          The major financial markets have not dropped Windows, this implies that a few servers replaced with Linux represents all of the major markets totally stopping using Windows. Again, not the case. You'll also find that a few of these Linux installs have had significant problems of their own.

          No, NASA dropped Windows from the laptops in the ISS because they have a commitment to FOSS, this is a good thing, it's not because Windows can't be configured or secured which is patently rubbish, besides - they're on the ISS, laptop security is a total non-issue.

          Linux has its good points and it's bad point, Windows has its good points and bad points, to make up rubbish that you just want to be true doesn't help Linux develop. Anything about about 100mEadons puts people off FOSS, you were up at about 0.5 an Eadon by my Edometer there.

        2. kain preacher Silver badge

          Re: It isn't fit for purpose.

          Yes windows is so bad that bot CVS and wall greens use windows XP as their OS in the pharmacy dept. Only time I've seen some get the wrong meds at wall greens is when a human screwed up.

        3. This post has been deleted by a moderator

        4. kain preacher Silver badge

          Re: It isn't fit for purpose.

          How many people have gotten the wrong medicine due to Windows security failures? unknown - because they will not advertise the fact."

          Actually hospitals do research on the most common reason for medicine mixes up. It comes down to people. Miss reading scripts, entering it in wrong. 1mg of a blood thinner looking the same as10mg of the same blood thinner. Not single report I've ever read said it was do to a Windows security failures. So please just tell me just one case were it's even possible that some one got the wrong meds cause Windows security failures. Before you down vote me I'm a CPht RPht so I work with dispensing meds.

          1. Anonymous Coward
            Anonymous Coward

            Re: It isn't fit for purpose.

            Incorrect prescripions was a pretty crap example, undeniably.

            On the other hand, there used to be lots of reports of big-hospital IT downtime due to virus outbreaks. Those were quite inconvenient.

            Not so many reports lately. That could mean that they aren't happening, which would be good. It could also mean that they are still happening and are being kept quiet. That would not be a surprise.

            As an insider, are you able to comment (or refer readers to independent analysis) without too much personal risk?

            1. kain preacher Silver badge

              Re: It isn't fit for purpose.

              Biggest problem I see at the pharmacy level (places like wal greens) is running XP with 256 megs of memory on an 8 year old PC thats never been defraged and is slower than civil servant being asked a question on their break. Apps written by a monkey that does not release memory right. Local pharmacy that have thick net as the back bone. Now go into a private run hospital things are much better. The OS can be agnostic as they are connecting to the back end via tty . I've seen docs write scrips on ipads.

      2. Anonymous Coward
        Anonymous Coward

        Re: It's very unfortunate...

        "The Windows family has been powering over 75% of the world's desktops"

        But that's very little to do with Windows fitness for purpose, much more to do with MS being able to strongarm the volume PC builders into shipping Windows on every desktop they sell, which they do directly with the Windows tax and indirectly via the certified MS dependent ecosystem that supports MS. Y'know, the ecosystem that historically included people like El Reg's own Trevor Pott, and many many others less visible round here. Now, have you noticed anything about people in Trevor's position lately? If not, you might want to read Trevor's article on the death of Technet, and the associated comments.

        At another level re fitness for purpose: never mind Windows 8 - have you forgotten about Vista? Or, prior to the introduction of imported non-MS technology in Windows NT/2K/XP/etc, how about Windows ME, or even Windows 3.1?

        Open your eyes, open your mind. No, not a lead in to a plug for open source. Just a plug for choosing the right tool for the right job, by genuinely understanding the advantages and disadvantages of particular tools that might be relevant in a given set of circumstances. A plumber that only ever used polypipe rather than copper would not normally be regarded as competent. Why is it OK for IT folk to only ever use MS?

        1. AndrueC Silver badge
          Stop

          Re: It's very unfortunate...

          But that's very little to do with Windows fitness for purpose, much more to do with MS being able to strongarm the volume PC builders into shipping Windows on every desktop they sel

          I wasn't saying that Windows got where it is by being good. Anyone who looks at the workstation market would have to concede that it has been incredibly successful and has revolutionised the world. To suggest that the dominant OS running those machines throughout all that time is not fit for the purpose is ridiculous. For sure Windows is not perfect but then nor is anything else we buy. However like most products Windows is 'good enough' for most people most of the time.

          Now if you are working on something like a plane, ATC or a nuclear power plant Windows is not a good choice. But then the EULA says (or used to - I haven't read it recently) that Windows should not be used for that. If you're going to work in IT you need to understand the difference between 'fit for the purpose' and 'has no flaws' otherwise your project and budget meetings are going to be awkward.

          1. Anonymous Coward
            Anonymous Coward

            Re: It's very unfortunate...

            "[windows] has been incredibly successful and has revolutionised the world."

            It's shipped a lot, no doubt. It's changed a lot of things, no doubt.

            "Windows is not perfect but then nor is anything else [anybody] buys."

            Agreed. I don't buy software for ATC etc, but somebody does. Windows for Warships [1] was a frightening concept though, probably still is. What version of Windows will they be on now?

            "understand the difference between 'fit for the purpose' and 'has no flaws' "

            Absolutely agreed. Some tiny proportion of software is sufficiently simple that it is provably correct. Most isn't, and ends up being demonstrably incorrect in one or more respects. And then there's the difference between correct as specified, and usable for the intended purpose (e.g. Windows 8 on desktops).

            "However like most products Windows is 'good enough' for most people most of the time."

            It certainly ships lots, though its route to market mostly doesn't actually involve the user in the purchasing decision (ie whether the product truly is 'good enough') most of the time. That decision is made for the end users by the PC vendor, IT department/consultant, etc.

            When the end users have the freedom to make their own purchase decision, as they apparently now do with the joys of BYOD etc, it increasingly tends not to be MS-based kit.

            "Every alternate version is a crap version" didn't come from nowhere, even if it is a bit inaccurate.

            The most awkward meetings I have are the ones where IT's MS-dependent staff and tactics are holding the organisation back. What's good for MS isn't necessarily and inherently always what's good for the non-IT side of any given organisation. Horses for courses. What's so hard for any IT department (or so-called consultant) to understand about that?

            [1] http://www.theregister.co.uk/2007/02/26/windows_boxes_at_sea/

  7. Anonymous Coward
    Anonymous Coward

    I was hoping that the first Post-Eadon Patch Tuesday comment thread may have had rather more mature and rather less tediously predictable comments.

    1. Arctic fox
      Windows

      "I was hoping the first Post-Eadon Patch Tuesday......

      ...Your hopes were in vain - after all some "brain-deads" actually used to upvote him.

      1. hplasm Silver badge
        Gimp

        Re: "I was hoping the first Post-Eadon Patch Tuesday......

        "..."brain-deads" actually used to upvote him...."

        Windows buyers voting EADON UP?

        How rare.

    2. Pascal

      "I was hoping that the first Post-Eadon Patch Tuesday comment thread may have had rather more mature and rather less tediously predictable comments."

      Post-Eadon? For real? I must admit I have been reading comments less and less because the fanaticism was taking up more and more effort to sift through, and obviously Eadon was one of the primary catalysts that derailed what could otherwise have been interesting arguments.

      Now I realize that the few things I read lately, I've seen many Eadon references but not him actually posting.

      Can we now safely open comments on articles about topics that have any sort of chance of being twisted into anti-Microsoft rants that drown out anything else?

      1. Chairo

        Post-Eadon? For real?

        Yes, I guess it's for real. I checked some older articles, which had "Eadon" comments in them, and all his posts were "deleted by moderator".

    3. Anonymous Coward
      Anonymous Coward

      less tediously predictable comments?

      Why would you expect that? Only Eadon got banned, the anti-Eadons, all the MS shills/fans are still around, upvoting each other and making the same tired old comments about ms desktop market share being the main responsible for the vulnerabilities found...

  8. Jim Preis

    Uh, when I upvote... CAN YOU JUST REFRESH THE PAGE WITH THE UPVOTE TALLY INCEMENTED!!!

    #GOML

  9. Tree

    Windows is vulnerable because Microsoft made it easy to use?

    Ask the Windows 8 people how easy it is to find things and use them. Is it safer than 7? It sure is harder to use.

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows is vulnerable because Microsoft made it easy to use?

      My 3 year old can use Windows 8 just fine.... Are you 2?

      1. Anonymous Coward
        Anonymous Coward

        "My 3 year old can use Windows 8 just fine"

        Of course he can! He is part of the target demographic of the fischer-price notro interface!

  10. Stevie Silver badge

    Bah!

    I just watched a colleague ask for "this week's" patches (his words, don't shoot the messenger) for his Debian set-up and the list scrolled for several seconds of unpaginated humongous line. Hundreds and hundreds of issues.

    When I expressed the opinion that I couldn't see the advantage over the windows patching process (which he had been loudly criticizing, lifelong, ultra-militant non-windows user that he is) he indignantly snapped "Well, you don't have to apply them *all*!

    Comedy gold.

    Another bloke came round while I was diddling with a Raspberry Pi in my lunch hour.

    "What's it running?"

    "Debian, sorta""

    "Is there an Ubuntu port for it?"

    "Yes"

    "You should use that. It's better."

    "In what way?"

    "Easier to use."

    "I'm not having problems using what I have."

    "Ubuntu is better."

    "You do get that the O/S isn't why I bought the box nor the purpose in owning it, don't you?"

    "Well, if you are going to be like *that*" - and he stormed off in high dudgeon.

    1. hplasm Silver badge
      Meh

      Re: Bah!

      "Hundreds and hundreds of issues."

      Not this week- what was he running- potato?

      I smell porkies.

      1. Steven Raith

        Re: Bah!

        I've just run an update on a light Debian install that hasn't been touched for a few weeks - 26 updates.

        You smell porkies, I smell utter bullshit.

        1. Steven Raith

          Re: Bah!

          ...and my Debain Samba server, also not touched for a couple of weeks as it Just Works?

          one update. to the Tiff handling library.

          As I say, bullshit.

  11. Laie Techie

    Re: Bah!

    When you see hundreds of updates in *nix, it's looking at all software installed through a package manager (such as apt) and not just updates for the OS itself. That's like blaming M$ for the Flash update for Windows.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      "it's looking at all software installed through a package manager (such as apt) and not just updates for the OS itself"

      You mean exactly like Windows Update updates other installed Microsoft products, and the shipped version ofFlash?

  12. Anonymous Coward
    Anonymous Coward

    Human error

    Software problems are the result of human error. An effective way to reduce human error is to reduce complexity. That can be done by turning a big, complex problem into a lot of small, simple problems, and solving each of these small simple problems by writing code in a small simple language.

    The problem, of course, is ensuring that you do not introduce errors when you map the big complex problem into a number of small simple problems, but at least that only requires a small number of people to be brilliant, instead of everyone working on the project.

  13. John Smith 19 Gold badge

    So MS can *just* handle their own updates but Linuxes can do *all* apps running under them

    Mmm.

    I sense my next OS choice is getting easier.

    BTW I note plenty of AC's posting.

    MS PR dept out in force are we?

    1. Anonymous Coward
      Anonymous Coward

      Re: So MS can *just* handle their own updates but Linuxes can do *all* apps running under them

      No, its the Linux "head up their arse dept" posting.

    2. Anonymous Coward
      Anonymous Coward

      Re: So MS can *just* handle their own updates but Linuxes can do *all* apps running under them

      I've just updated my backup servers to NetBackup 7.5.0.6, let me assure you, Linux repos don't magically supply updates for anything other than the FOSS components of their systems. If you run any commercial software or anything the disro doesn't like you either have to hope that they offer their own repo, which is practically unheard of, or you have to update with your own methods.

      So, in other words, just like Windows, MS update all their stuff, plus a couple of other bits (Flash, IIRC?) but don't update other companies software. In some situations that means that you get everything, however if you're using your servers for anything not totally FOSS, you're out of luck at least to some extent.

  14. Anonymous Coward
    Anonymous Coward

    Backdoor Bolting

    How long did Snowden say they had access to such companies as Microsoft and most websites ?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019