ALL Windows versions open to serious attack by “old” bug

The Register has picked up news of yet another Microsoft Windows bug. The really scary thing about this one however is that it was originally recognised, and seemingly fixed, in 1999! According to the article this bug is apparently still real, and affects ALL versions of Windows. Including their very recent, and supposedly re-written from scratch, Vista line.

Microsoft bug squashers are investigating reports of a serious security vulnerability in Windows operating systems that could allow attackers to take control of vast numbers of machines, particularly those located off US shores.

Microsoft appears to have released a patch for the vulnerability in 1999. But the patch only protected domain names ending in .com, so WPAD servers using all other addresses have remained vulnerable.

That’s all right then. Although not if you are on a .co.uk or even perhaps a .gov.uk (oh no… NOT http://www.hmrc.gov.uk/ . Surely they wouldn’t be using Windows would they?) or any of the other TLDs out there that aren’t .com.

It makes me very glad to be Redmond Free

I originally read about this story on Matt Assay’s blog.

Microsoft using FUD to try and sell Vista?

I really can’t believe this story.

In a particularly pointless and shameless security “exercise” by yet another UK Government Quango (seemingly sponsored by Microsoft) they show how easy it is to hack into a PC running Windows XP service pack 1 with no firewall, filtering or other security techniques employed… Big deal…

A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both “enlightening and frightening.”

Oh good grief…

Nick McGrath, head of platform strategy for Microsoft U.K., was surprised by the incident.

“In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer,” said McGrath. “But the computer was new, not updated, and not patched.”

McGrath also said that Service Pack 2 for XP had a firewall and that Vista was not as “accessible to the average hacker” due to “operating system components.”

What complete bollocks. I’m sorry but this smacks of using FUD to try and get naive and scared companies to migrate from XP. Why would they want to otherwise?

Just go and get Ubuntu. It works, is very secure and its FREE.

How to speed up M$ Windows [only kidding]

I just came across this post and couldn’t resist a comment or two…

At first I thought it was just a bit funny and would give me a chance to take another “quick pop” at M$. But the more I read and thought about this article, the more serious I think it’s, very accurate, observations are:

Before I get going though, the source blog is entitled 4sysops and I am not knocking the author, Michael Pietroforte, in anyway, shape or form. He admits to using some Linux his University anyway :-) I’m sure Michael is competent, knowledgeable and a great sys admin. And it isn’t his fault that Windows is so slow and crappy is it? [In fact, if you pick this up Michael, I would love to hear your opinions on Open Source alternatives, how they "fit" in your University, and I'd really welcome any comments you have on how Linux may be worse or more troublesome than Windows.]

Anyway the piece in question is called “Windows is so slow? 10.5 ways how to speed up Windows XP or Vista“. Lets take a look at a couple of the suggestions he makes.

Uninstall unused programs

I used to use Windows too. And the number of times I tried to remove stuff and it didn’t work or left stuff lying around or clogging up that beast, the registry. I found the only real solution was to buy some more software to clean the system regularly.

Defragment the hard drive

Yep, I had to do that too; before I discovered Linux. Yet another program you have to buy from somebody else because M$’s defrag is not too hot. If you are interested, try Google for “defrag linux” and see what you get ;-)

Locate malfunctioning programs
Sometimes a computer hangs even though there are no performance consuming tasks running…

Oh yes, I remember that happening too! Vaguely. Weird times when the thing would just stop. . . CTL-ALT-DEL didn’t do much either. The power button worked though. Funnily enough, this hasn’t happened to me at all since I started using Linux all the time.

Add system memory
If all the tips above didn’t help, you probably just need more memory.

Hmmmm, who was it who said no one would ever need more than 640K of memory? ‘If in doubt, add more RAM; that should fix it’ is the usual M$ response. Each release and update seems to consume more and more of the stuff. Maybe they hold shares in the ram chip makers???

Replace system files with their original version
Some applications replace Windows system files during the installation procedure…

How scary is this? One of the biggest problems with Windows , aside from the generally poor reliability & performance, is it’s lack of proper user based security. Under Linux, Unix, Solaris and even Macs (now they use a BSD core) this can’t happen unless you are stupid enough to run as root. A normal user just can’t do this. With Windows, any user can pretty much simply download, or slot in a disk/CD, and install what they want. The install routines can write over pretty much anything on the hard disk. Be afraid. Be very afraid…

Reinstall Windows

Yes. This was the only real solution I found too. About once every 12-18 months things got so bad that it was worth a day or so to rebuild everything. But, you have to be very diligent about backing up your data. Because Windows puts your stuff all over place: some of it in the Docs and Settings folders hierarchy, some in My Documents, some in the registry, and some just randomly dotted about that you will never find because you can’t “grep” for file contents that easily… Unix systems [by their design], and if they follow the FHS, will keep your data and all your personal settings in your /home/your_username directory. System and application configuration files will be in /etc. That’s it. Simple. Keep your home directory on a separate disk partition and you can run multiple operating systems but just have one place for your stuff. Irrespective of what OS you choose to run. Try and do this with Windows.

Michael’s final comment, a bit tongue in cheek I’m sure but:

Try Meditation
Meditation can help you to be much more relaxed next time when your compi doesn’t react for several minutes while you are working under time pressure.

Blimey; several minutes… I forgot just how bad Windows really is.

Go on; try Ubuntu, OpenSuse, Fedora, Gentoo, Debian, or any of the many other free and open source alternatives. I don’t think you’ll suffer from ANY of the above problems.

Would you upgrade to Vista?

I have just read this article by Andrew Kantor. In it he describes some of the problems and bugs he uncovered after trying Windows Vista. Ouch…

The bit about not being able to make Firefox your default browser really made me sit up and think some more about what he had discovered…

If you are a business, and have just spent oodles of cash/time/resources getting your desktop hardware upgraded so you can support Vista. How pleased would you be when you find that:

  • To get Firefox (the web browser that has captured around a 1/3rd of the global user base in a few years mainly for it’s inherently better security) working as the default you need to hack the registry?
  • Or how about you want to run Paintshop and having to get users to login to the “hidden” administrator account to do so?
  • Or even better that you are unable to backup users’ directories without having to use obscure and inherently dangerous hacking tools!

It’s completely mad… I can’t see THAT improving your company’s productivity, can you?

Go on. Go and download Ubuntu (it’s free), give it to some staff and see how they get on – when the support calls dwindle you’ll start to see that there is a real alternative.

His article on IE7 and Office 2007 also makes for interesting reading too. ;-)

« Previous Page