Microsoft patches record number of security bugs Microsoft on Tuesday patched a record number of security vulnerabilities, plugging 31 holes in its Windows operating systems, Internet Explorer browser, and other products. The updates were packaged into 10 bulletins, five of which were rated "critical," Microsoft's top severity rating. What's more, Microsoft warned that 15 of …
Good point. I suppose the only real option is to switch operating systems.
(By the way, since when is periodically downloading binaries for which source code is not available and installing them without any clear picture of what they really do, or even permission to properly examine them and find out, good security practice?)
"(By the way, since when is periodically downloading binaries for which source code is not available and installing them without any clear picture of what they really do, or even permission to properly examine them and find out, good security practice?)"
When you're running an OS written by the same people and don't have the source to that either. Your use of Windows is an act of trust in the authors. Patch Tuesday comes from the same authors. If you still trust them, patch. If you don't, switch OS. Sticking with the unpatched version is just about the silliest thing you could do.
Yeah, I know sometimes patches break things. Guess what? Usually they fix things. The cost-benefit analysis is pretty much one way. If you are a huge corporate with squillions of pounds riding on your systems' uptime, you'll try the patches in a sandbox first, but you'd have done that with the original OS as well. There's no difference.
There will always be issues with software even software written within a secure lifecycle like MS have been moving to, it's how quickly and effectivly that it's patched that is important. It's not like all of those patches are for one piece of software they cover a range of products, unfortunatly a few of those products are built into windows but they're still seperate pieces of software.
Word
Excel
Outlook
Windows RPC
IIS
Internet Explorer
I think the fact that they're found and patched is important there's alot of software out there that doesn't get the scrutiny that MS products get that probably have many flaws.
Obviously security is becoming more important. They fixed these flaws, some of them fairly quickly. In the bad old days when security wasn't important, they would have smoldered for months, waiting for a public exploit that was affecting huge numbers of systems before releasing an emergency patch that was guaranteed to break at least one other piece of critical software in your system.
"By the way, since when is periodically downloading binaries for which source code is not available and installing them ......"
When people had a life and really don't give a shit about such utter crap.
When was the last time you stripped down the ECU mapping of your car to check that it's not going to misfire at 5235rpm? Heck i doubt you've ever regapped your spark plugs...
It is not at all clear which OS is most secure. I've been eyeing CERT since the 1990s, and surprisingly the number of reported security advisories for Windows and Linux have been about the same most of the time. The number of reported security problems is the product of the number of actual holes times the rate at which hackers are finding them. In other words, Windows is a lot more bulletproof by now, but a lot more bullets are being fired at it.
Windows is the focus of many hackers, and in addition to that, Microsoft hires a lot of expert hackers from around the world as "penetration engineers" to help find flaws. In Vista and Windows 7, the kernel is being refactored and outfitted with security theorem proving and security relationship structures. Microsoft has been very sophisticated in its approach to security. Certainly they have not allowed an ideological belief about open source to make them complacent, and they don't have to deal with dozens of diverging versions of their OS.
And how many linux ( whatever distro ) users actually read the source code associated with the almost daily patches on that platform, and then decide when they weant to install ?
Whenever the 'there are updates avaialble' box pop up in lousey looser ( or whatver the name of the latests distro is these days. ) all the users click : install . Just like Windows or MAC or Solaris users do.
Okay maybe not all of them , but you will need a calacultor with a lot of decimal places to calculate the percentage of those who do actually go over every line of code , understand exactly what it does, and can make an informed decision wether to install or not , and if it will break any existing thing or add new security problems.
Irregardels of what os you you are running, an update cycle is a crapshoot. Hold my beer while i click this button , hang on to your butt and hope it works after the install is done.
I've sead it before and i'll say it again. Want security on your system ?: Apply hot glue to the network ports and use bolt cutters on the antennas of the wifi card.
I'd love to see them try to get into that machine remotely...
It just doesn't work, no-one looks until someone pipes up and says "umm there may be an issue here, our linux sleeping sloth system seems to have been attacked".
Then like a five year old's game of football they all run about in the same general direction not caring what they foul (up), 500,000 will send a "fix", 20 of them will understand the problem, and maybe 3 will produce a solution that doesn't break god knows what.
How is the poor systems maintainer supposed to cope with this avalanche of oh so helpful messages and code samples? They won't. Only trusted folks will be listened to.
I agree with vincent himpe, except that the machine needs to have the power supply,motherboard and drives smashed with a hammer or better and then buried in concrete.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
