quote:Gates said it is Microsoft's responsibility to make computing trustworthy, adding that computers should have built-in patches to guard against viruses such as the "Sobig," which slowed e-mail systems worldwide last week.
"In every case there has been a virus attack, we actually had improvements in the system that would have prevented it before the virus came out," Gates said. "What was weak though was the ease in which our customers could keep their systems up to date."
That's bull! Blaming it on the "update process" is completely ridiculous and is said just to obscure the following:
If you built the software right in the first place, it wouldn't have gaping security holes which continually need to be patched!Posts: 1907 | From: I hope I'm not repeating myself. Again. And Again. Stop picking on me! Waaahhh!! | Registered: Feb 2000
| IP: Logged
posted
Yep, it's always someone else's fault with him Posts: 655 | From: North Carolina ... the land of Possum & Dumplings | Registered: Jan 2002
| IP: Logged
I don't think any software is completely bug free, the problem is that Windows is EVERYWHERE. Right off the bat, that makes it more appealing to the hacker community. Also, when a virus or worm hits Windows, it can cause SIGNIFICANT problems being as there are so many PCs, servers, notebooks, handhelds, yadda yadda yadda all running the same O/S.
Yes the software should be better, no question about it. In a perfect world it would not need to be patched, but we don't live in a perfect world.
But!! MS is very good about releasing patches, AND making them available when they are needed. They even have that god awful little notification that pops up on the desktop when there are new updates.
This latest worm just REALLY gets under my skin, though, and for once I agree with Gates (normally can't stand the man, the company or anything MS stands for). It bugs me because the patch was out for so long. Any company that became infested with it should take a long, hard look at their IT people to find out why the servers/PCs were not patched a month ago when the patch was released, or why they even had the RPC port open on their firewalls in the first place.
Posts: 210 | From: Budd Lake, NJ | Registered: Apr 2003
| IP: Logged
quote:Originally posted by Mike Bonte: I don't think any software is completely bug free, the problem is that Windows is EVERYWHERE. Right off the bat, that makes it more appealing to the hacker community. Also, when a virus or worm hits Windows, it can cause SIGNIFICANT problems being as there are so many PCs, servers, notebooks, handhelds, yadda yadda yadda all running the same O/S.
I agree with you about any software being completely bug free, BUT, there have been so many holes in Windows over the years that you could drive a friggin' truck through, plus some of these holes have existed FOR YEARS!!! Part of the reason they've existed for so long is that all Gates has been interested in is dominating the market by including all kinds of new (and unnecessary) add-ins in each new version of the OS. (I say unnecessary because usually there are existing software products that provide what the add-in does. Examples of this are internet browsers, media players, financial software, etc.) Up until XP, very little development attention was aimed towards OS security. And even when they did pay attention to it in XP, they still missed the boat in a god-awful amount of areas.
The comment about different machines is moot: if an OS is properly designed, it's rare (but not unheard of) where you can use a particular type or brand of machine to breach security.
Posts: 1907 | From: I hope I'm not repeating myself. Again. And Again. Stop picking on me! Waaahhh!! | Registered: Feb 2000
| IP: Logged
posted
so who that posted in this thread does not use windows at all? anytime, anywhere?
Posts: 65 | From: Garner/Raleigh, NC | Registered: Feb 2002
| IP: Logged
posted
I support HP-UX and Linux for a living and even I am running on a win2k machine to write this right now. It unfortunate that you can't get away from it, after all you need something you can run Baldur's Gate and Diablo on...
That being said, I didn't get any of these viruses, I update security patches via the autoupdater everytime I log on to windows. It's the first thing I do, if it prompts me to reboot, then I live with the hassle and reboot. I am by no means a M$ apologist, but people are slack about applying updates.
Posts: 49 | From: Atlanta GA | Registered: Aug 2003
| IP: Logged
posted
What is really unfortunate is that there is no easy way to catch and identify the perpetrators of all these trojan horses.
It would seem to me that will all the "geniuses" around these days, someone or some group could devise some architecture that would allow easy identification of these people who take advantage of backdoors, loopholes, etc. and reak all this havoc on corporations and private individuals.
I don't care whose operating systems or programs you are using today or will use in the future, there is always going to be someway to create problems. But if there was a foolproof way to track and identify the crooks, then these "attacks" would be greatly minimized.
Posts: 502 | From: Fort Mill, South Carolina....Charlotte | Registered: Aug 2003
| IP: Logged
quote:Originally posted by Mike Bonte: Any company that became infested with it should take a long, hard look at their IT people to find out why the servers/PCs were not patched a month ago when the patch was released, or why they even had the RPC port open on their firewalls in the first place.
Easier said than done. I doubt any reasonable IS shop would ever, ever just simply install whatever patch MS throws out the door. Especially when it can hork up your server and/or your mission critical apps. The amount of regression testing involved, even on a basic system, is huge. I do agree that unused ports on the network ought to be closed tight, as that involves a little less risk to the apps.
In my reality, anyway, MS has historically "fixed" things in service packs and hotfixes that affect how programs run, making it difficult to keep up with the onslaught of hotfixes and service packs that MS releases. But given the alternative of having to patch everything when something like this happens, and the downtime involved, more shops will probably assume that risk.
And I have to note, my Mac Powerbook G4 was not affected by all this.
-------------------- Randy V. SSOA F99-4414 '99 Pewter SS 6 spd, T-tops, grey cloth B&M Ripper w/SLP knob, BMR SFCs, TA Diff Cover & stud kit Posts: 99 | From: Arvada, CO | Registered: Jun 2000
| IP: Logged
This latest worm just REALLY gets under my skin, though, and for once I agree with Gates (normally can't stand the man, the company or anything MS stands for). It bugs me because the patch was out for so long. Any company that became infested with it should take a long, hard look at their IT people to find out why the servers/PCs were not patched a month ago when the patch was released, or why they even had the RPC port open on their firewalls in the first place.
Agree completely on the first point, but RPC is used for domain authentication, Outlook depends on it, replication, etc. So closing it at the firewall is not always possible. FYI, our primary source of infection was laptops coming through the front door and plugging in to the network. Posts: 3403 | From: Woodcliff Lake, NJ, USA | Registered: Dec 2000
| IP: Logged
posted
I love Bill Gates. Anyone who can take a product, make it successful, and keep people buying it/dependant upon it is a great businessman. I'm happy he has the money he does, unlike many people who think he doesn't "deserve" it and are just jealous. He has succeeded at the American dream. I don't even care that he stole the OS....they guy he stole it from should have done something about that ...not us.
That being said, I agree that it should have been made more secure, especially the holes that have been known for years. There are far to many ameteur computer users out there (I'm far from an expert too), who will believe anything you tell them and need to be protected in a way...but its their own gullibility, and automatic trust that can get them in trouble most times. I even received an email the other day with a reply address from "microsoft" saying it came from "Microsoft", and with a file called Patch.exe. Like I'm going to download and open an executable since MS never emails patches out.. But as far as releasing and having to install patches, its not just MS machines. I've worked in telecom for 10years and the amount of patches that we install is fairly high as well. Software for the switches never gets tested correctly in the lab, and to the extent that we do in the field making it not perform correctly. So its not just an isolated issue either.
Just my .02
Posts: 17 | From: Des Moines, Ia | Registered: Sep 2002
| IP: Logged
quote:Originally posted by KevinA: Have any of you actually seen the number of patches issued by linux?????
Yep, alot of patches on alot of different versions of Linux. Cisco has been pretty bad lately too (and it's tough because of so many customized versions for all the hardware). AIX, Solaris, HP-UX, Oracle, etc.. they all have been crappy lately! And will continue to be! There is no escape! Get out the Yellow Pads and Pencils! Posts: 343 | From: Castle Rock, CO | Registered: Jun 2002
| IP: Logged
quote:Originally posted by BDubLS1: so who that posted in this thread does not use windows at all? anytime, anywhere?
Mac OS X here! Unix based, never crashes and can run multiple OS' including Windblows XP. Posts: 260 | From: Coral Springs, Florida | Registered: Dec 2000
| IP: Logged
FireChicken
11 Secret Herbs & Spices
Member # 2067
posted
quote:Originally posted by mikerc: I support HP-UX and Linux for a living and even I am running on a win2k machine to write this right now. It unfortunate that you can't get away from it, after all you need something you can run Baldur's Gate and Diablo on...
That being said, I didn't get any of these viruses, I update security patches via the autoupdater everytime I log on to windows. It's the first thing I do, if it prompts me to reboot, then I live with the hassle and reboot. I am by no means a M$ apologist, but people are slack about applying updates.
same here, but without all the red hat stuff. I update regularly. In almost every case ive heard of a virus or worm taking advantage of a weakness in windows, there have always been updates available BEFORE the worm or virus becomes well known in the news. If people dont update it regularly as the software changes, and software updates are AVAILABLE and FREE, then its their own responsbility. Its not feasable to assume that microsoft should forsee all possible weaknesses and errors in windows, and correct them before hand. The world just doesnt work that way. If people are going to have windows software, they need to update it against weaknesses that were unknown at the time it was released.
Posts: 686 | From: Texas: Hullabaloo, Caneck! Caneck! | Registered: Aug 2003
| IP: Logged
quote:Originally posted by BDubLS1: so who that posted in this thread does not use windows at all? anytime, anywhere?
Red hat and Solaris at work. Probably 50% of the time I'm on a Unix or Linux machine, even at home. However when I'm just surfing the web/boards it's usually a windows machine.
Posts: 1632 | From: Rindge NH, formerly Boylston MA | Registered: Feb 2000
| IP: Logged
posted
Had my Microsoft updates curent, had my virus updates current on 2003 Symantec Antivirus, and messages came back that I had still sent out virused messages to others I don't reven recall having in my email history.
So if you work in the information field as I do, and watch your Ps and Qs, what is enough? Am hearing more good things abut Mac X, and planning to test the waters sooner with a G5 than later. There comes a point where constantly re-building trashed drives and re-constructing your system is just not worth it to be in the most popular evolved cube assembled modular O.S.
With Steve Jobs back at Apple and driving success, they have a very viable alternative to the status quo. This virus issue could help steer business their way.
btw, I keep expecting the source of these attacks to be a foreign enemy, or guru programmer from India or Pakistan, not a 18 yr old US kid.
Posts: 25 | From: Burlington, IA | Registered: Aug 2003
| IP: Logged
quote:Originally posted by FirstLast: Had my Microsoft updates curent, had my virus updates current on 2003 Symantec Antivirus, and messages came back that I had still sent out virused messages to others I don't reven recall having in my email history.
So if you work in the information field as I do, and watch your Ps and Qs, what is enough? Am hearing more good things abut Mac X, and planning to test the waters sooner with a G5 than later. There comes a point where constantly re-building trashed drives and re-constructing your system is just not worth it to be in the most popular evolved cube assembled modular O.S.
With Steve Jobs back at Apple and driving success, they have a very viable alternative to the status quo. This virus issue could help steer business their way.
btw, I keep expecting the source of these attacks to be a foreign enemy, or guru programmer from India or Pakistan, not a 18 yr old US kid.
Someone is spoofing your email addy. You probably are NOT sending out email viruses. One of your friends who has your email addy got the virus and now the virus creators sucked yours up and now spoof viruses. Now you get emails from people saying you sent them ect when you really didn't.
Posts: 2502 | From: Binghamton, NY | Registered: Feb 2000
| IP: Logged
quote:Originally posted by FirstLast: Had my Microsoft updates curent, had my virus updates current on 2003 Symantec Antivirus, and messages came back that I had still sent out virused messages to others I don't reven recall having in my email history.
......
Someone is spoofing your email addy. You probably are NOT sending out email viruses. One of your friends who has your email addy got the virus and now the virus creators sucked yours up and now spoof viruses. Now you get emails from people saying you sent them ect when you really didn't.
Kevin is correct: I've been receiving the same thing recently - when an email address is active, I'll get the rejection returned to me with an email I never sent to a user who isn't in my address.
I also know, from my programming an email gateway in Java, it's very, very easy to misdirect and disguise emails.
Posts: 1907 | From: I hope I'm not repeating myself. Again. And Again. Stop picking on me! Waaahhh!! | Registered: Feb 2000
| IP: Logged
Printer-friendly view of this topic
![[Roll Eyes]](rolleyes.gif)
![[Smile]](smile.gif)
![[Mad]](mad.gif)
![[Eek!]](eek.gif)
![[Confused]](confused.gif)
![[Big Grin]](biggrin.gif)
