Microsoft scrambles to patch Windows' flaw

[habari]

You can get free antivirus with your Mac.com membership.

The anit-virus that .mac offers is a email only solution on your .mac email address - similar to the one google, and most other large ISPs offer.

here have been a number of exploits that have been fixed with patching... but mac users seem to forget that for some reason.

I believe the correct term would be vulnerability - its not an exploit until someone takes advantage of it.

Back to the topic in hand - I'm glad microsoft didnt wait until Patch tuesday to sort out this latest exploit out - just amazed its been around for so long.

 

[Darth Garth]

Well well ... just hot of the press ... Microsoft have just released a patch for this vulnerability ... so much for them scrambling around .

Either use Windows Update or download it from here
http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx

 

[Darth Garth]

Are you implying that there are viruses for OS X?

A rather low incidence rate (mostly macro and scripting exploits) compared to Windows environment obviously which more reflects their 3% worldwide desktop market share than any particular technical reason.

Do you apply the Security Updates ???.

Thirdly OS X can function as a server.

Well so can XP ... running Apache, MySQL and PHP on it to host WordPress.

 

[Carlhead]

The anit-virus that .mac offers is a email only solution on your .mac email address - similar to the one google, and most other large ISPs offer. I believe the correct term would be vulnerability - its not an exploit until someone takes advantage of it.

My client got this stupid little virus on his mac, I stopped him from opening some programs... I went online and download an antivirus app... I was sure I got it from mac.com, but I might be wrong it was a while a go when OSX panther just came out.

 

[Turtle]

... which more reflects their 3% worldwide desktop market share than any particular technical reason.

Do you really believe that Windows market share is the 'main reason' it's historically been such a security nightmare? Fact is, historically, Windows (and in fact Linux but more so Windows) has had tonnes of security vulnerabilities over the years due to a sloppy approach to security resulting in lots of security bugs (e.g. ActiveX in IE, WTF!?), while BSD has always had a much stronger focus on security and also has an excellent security record (one of the BSDs used to brag on their homepage "five years without a remote exploit in the default install" - not one! And BSD runs a lot of servers and a BSD branch powers all OS X systems). If it were really market share related, then why isn't Linux more vulnerable in a world where Linux has the biggest market share for webservers and the majority of hackers actually use Linux as their platform and most major hacking tools have historically run on Linux? Also, OS X has a bigger market share than Linux, so why are there more exploits for Linux than OS X if it's proportional to market share?

There is this myth (propagated by Microsoft propaganda) that exploits can simply be 'created' for systems and that this happens as a function of market share. It doesn't work this way, exploits cannot be created unless there is a defect in a system that they can take advantage of (or use social engineering). A system can have 100% market share and have zero vulnerabilities if it's written very well. In many cases major viruses and spyware spread through known defects for which there was no patch, and there will always be some time inbetween a vulnerability becoming known, and the patch being issued.

Do you apply the Security Updates ???.

Of course, and I have a firewall. I'm not sure what that's got to do with anything, unless you are genuinely making the suggestion that the only reason people are ever vulnerable on Windows is if they don't patch!

Well so can XP ... running Apache, MySQL and PHP on it to host WordPress.

Huh? You completely missed my point here; I was stating yet another reason why you might legitimately need an antivirus on OS X (in response to the apparent implication that the existence of Norton for OS X must mean that there are Mac viruses): OS X can function as e.g. a mailserver for Windows clients, and thus even though it itself is immune to all the e-mail viruses coming through it, you still want to block any incoming e-mail viruses before the Windows machines collect them. (The fact that XP can also function as a server seems about as relevant a response as stating that the sky is blue, as it's already completely obvious why an anti-virus needs to exist for XP.)

 

[Carlhead]

I think you kind of missed tibby.dude's point. He simply meant that due to the massive market share, vulnerabilities are much more likely be exploited. Infact I'm sure that if OSX or any other OS had as bigger market share as windows there would be many more exposed vulnerabilities.

You're right though, windows is renoundly sloppy for it's sloppy approach to security; in fact MS put the deveopment of Server 2003 on hold to send all the developers on security courses before continuing. I think Longhorn is going to be the first Windows OS that'll be secure on install. Microsoft realises that if they don't step it up, they will start losing more people to Mac's far superior hardware.

 

[TheRoDent]

Alright, let's hose the OS testosterone from the walls and simply agree that this vulnerability has been exploited (yes, there's 0-day exploits in the wild) and that Microsoft are looking like tits because they figured they'd just give it the usual complacent treatment and update it with the next "update-shot".

 

[Carlhead]

Alright, let's hose the OS testosterone from the walls and simply agree that this vulnerability has been exploited (yes, there's 0-day exploits in the wild) and that Microsoft are looking like tits because they figured they'd just give it the usual complacent treatment and update it with the next "update-shot".

LOL... I love that statement "Microsoft are looking like tits", hehehehe, classic

 

[Crash]

Obviously not an issue with lose98, as no updates there.

That would be because Microsoft no longer support Windows 98 and will only release major critical patches for 2000.

I love linux myself, but there are more security flaws in most linux distributions than windows. (This I can prove with US Cert, so lets not start a Linux is better than Windows aurgument. To me the fact that more security flaws are picked up with Linux than Windows is a good thing).

MAC OS X, is so secure, cause no one uses it.
I do remember a nice trojan that could basically pull all the info from a box. It could pull things like e-mail addresses and lots of other yummy stuff.

Sorry to be so blunt, but heres the reality check.

 

[Carlhead]

Linux / Windows / MAC are better arguements are so stupid.

Each platform has created a spot for itself in the market, and each one is the best in that spot... here is my OPINION:

Windows: office computers, gaming machines, directory servers, .Net web servers.

I know linux freaks will tell me that I can use open office etc. etc. but in this case Windows is your only real option.

Linux: file / web servers, firewalls, email servers, proxies, PBX's and a host of other odities.

There are hundreds of other random applications as well. I tried using it as a desktop, but found that everything was a mission, even installing Adobe Acrobat Reader. I also couldn't get into Open Office or Star Office.

MAC: Obviously design machines, Mobile (power books) machines are absolutely awsome but very very expensive, good work horses, but they're too expensive to implent for basic things, there are so few games. [entry level mac is R6k I think, then you still need to buy MS office to function like a human]

 

[Mercury]

I love linux myself, but there are more security flaws in most linux distributions than windows. (This I can prove with US Cert, so lets not start a Linux is better than Windows aurgument. To me the fact that more security flaws are picked up with Linux than Windows is a good thing).

Groklaw has an article on why the CERT numbers should be carefully looked at if you are going to be making Windows/Linux comparisons.