PDA

View Full Version : another reason why windows is evil/how microsoft patches can give you viruses


Wigglytuff
Aug 26th, 2005, 06:16 AM
OK so this is the deal.

microsoft released a security update, one of the vulnerabilities that was fixed was a window 2000 issue. the details of this issue were never made public. however, some people reversed enginered the security updated, found out what vulnerability it fixed, and wrote a worm for it that would affect your system whether or not you had patched within THREE DAYS of the microsoft release of microsoft's update. . :lol: :lol:

basicly in simple terms:
if you use windows you are screwed if you update, you are screwed if you dont. if microsoft releases a patch you are screwed, if they dont you are screwed.

can it be prevented? sure, microsoft can do like every other os and not write these holes into the OS in the first place.

JenFan75
Aug 26th, 2005, 06:24 AM
Answer: Use linux.

Wigglytuff
Aug 26th, 2005, 06:25 AM
Answer: Use linux.

or Mac OS

JenFan75
Aug 26th, 2005, 06:26 AM
Eww. No.

Fingon
Aug 26th, 2005, 06:30 AM
OK so this is the deal.

microsoft released a secrutiy update, one of the vulnerabilities that was fixed was a window 2000 issue. the details of this issue were never made public. however, some people reversed enginered the secruitiy updated, found out what vuleraribily it fixed, and wrote a worm for it that would affect your system whether or not you had patched within THREE DAYS of the microsoft release of microsoft's update. . :lol: :lol:

basicly in simple terms:
if you use windows you are screwed if you update, you are screwed if you dont. if microsoft releases a patch you are screwed, if they dont you are screwed.

can it be prevented? sure, microsoft can do like every other os and not write these holes into the OS in the first place.

do you really think it's possible to write software without holes? maybe if you did it for a living you would know that doesn't make sense.

And you really think Windows is the only software with vulnerabilities?

Firefox had like 8 vulnerabilities discovered within hours of its release. The tiger OS had multiple patches shortly after release.

Oracle, Cisco, Sun are constantly patching their systems. Oracle used to release patches faster than MS, they do now once a month, not because there are less vulnerabilities but because their customers asked them to.

BTW, with open source you don't even need to reverse engineer, just read the source code that is available, if you know what you are looking for ...

Thinking of software with no bugs/vulnerabilities is the same as thinking you can drive without the chance of a mechanical failure or an accident, it's just not possible.

BTW, Windows has a few billion lines of code, I really invite anyone interested to find all the possible security problems and fix them.

another thing, do you really think Microsoft "write the holes"? often the holes are for NOT writing something, missing checks, missing exception handling and if you think MS enjoys it think again, Windows XP sp2 costed 1 billion dollars do develop and rendered zero income, I don't think they amuse themselves with security holes.

Wigglytuff
Aug 26th, 2005, 06:30 AM
Eww. No.
hater!

JenFan75
Aug 26th, 2005, 06:32 AM
hater!


Yup.

Fingon
Aug 26th, 2005, 06:33 AM
Answer: Use linux.

do you use linux?

Wigglytuff
Aug 26th, 2005, 06:33 AM
do you really think it's possible to write software without holes? maybe if you did it for a living you would know that doesn't make sense.

And you really think Windows is the only software with vulnerabilities?

Firefox had like 8 vulnerabilities discovered within hours of its release. The tiger OS had multiple patches shortly after release.

Oracle, Cisco, Sun are constantly patching their systems. Oracle used to release patches faster than MS, they do now once a month, not because there are less vulnerabilities but because their customers asked them to.

BTW, with open source you don't even need to reverse engineer, just read the source code that is available, if you know what you are looking for ...

Thinking of software with no bugs/vulnerabilities is the same as thinking you can drive without the chance of a mechanical failure or an accident, it's just not possible.

BTW, Windows has a few billion lines of code, I really invite anyone interested to find all the possible security problems and fix them.

another thing, do you really think Microsoft "write the holes"? often the holes are for NOT writing something, missing checks, missing exception handling and if you think MS enjoys it think again, Windows XP sp2 costed 1 billion dollars do develop and rendered zero income, I don't think they amuse themselves with security holes.

you miss the point entirely.

and yes microsoft has written a number of these holes into its system on purpose. they have said so themselves. now they have called them "features" until someone with a brain shows them why its stupid. and these things include a GOOD number of things that SP2 does.

i mean what retard at microsoft thought up the "feature" where a website can install a program on your computer without your consent or knowledge?

Wigglytuff
Aug 26th, 2005, 06:35 AM
Yup.
can i ask why come?

Fingon
Aug 26th, 2005, 07:16 AM
you miss the point entirely.

and yes microsoft has written a number of these holes into its system on purpose. they have said so themselves. now they have called them "features" until someone with a brain shows them why its stupid. and these things include a GOOD number of things that SP2 does.

i mean what retard at microsoft thought up the "feature" where a website can install a program on your computer without your consent or knowledge?

First of all, there isn't a feature were a website can install a program on your system without your knowledge, some sites have used vulnerabilities not "features" to do that.

Maybe you would prefer that you can't install anything downloaded? because it's the only way to prevent that from happening, you are supposed to install only software with a valid certificate but there are always ways around it, the same way you can break a lock in a house.

I would like you also to enumarate what are those holes that Microsoft intentionally put there, especially in SP2. The documentation about SP 2 is quite technical and there is a large part of it that I don't understand even though I work in IT, I am only concerned with the features that affect programmers, like authentication in MST, RPC, pipes, messaging, etc.

the only way to make an OS safe (any os) is to stay away from the internet, as simple as that, if you are connected you are vulnerable, and some of the features you think are brainless are also present in the mac os.

Buffer overflow is one of the most exploited vulnerabilities and that's possible in any application or OS, and I can promise you that every application has vulnerabilities, and many of them.

BTW, I use Windows and never had a problem.

another thing, the zero hour vulnerabilities are quite rare. a vast majority of attacks occurred against known vulnerabilities that haven't been patched (the patch exists but hasn't been installed). Most of the vulnerabilities to which there is an exploit and not a patch are not in the wild and are only known in labs. The majority of the security problems are not detected by hackers but by consultants and antivirus companies, hackers take advantage of that information.

You might also find interesting that some of the worst attacks (like DDOS) targetted Cisco and not Microsoft's vulnerabilities. Maybe we should get rid of Cisco?

JenFan75
Aug 26th, 2005, 07:29 AM
do you use linux?


Nope. But I don't whine about windows either so it's all good :)

JenFan75
Aug 26th, 2005, 07:30 AM
can i ask why come?


Because PCs are just an all-around better computer to have. You get more for your money.

Wigglytuff
Aug 26th, 2005, 02:49 PM
First of all, there isn't a feature were a website can install a program on your system without your knowledge, some sites have used vulnerabilities not "features" to do that.
you are just wrong.

its called activex. dont deny active x exists.
from wiki:
ActiveX and Internet Security

A control using ActiveX technologies. An ActiveX control can be automatically downloaded and executed by a Web browser. An ActiveX control is similar to a Java applet. Unlike Java applets, however, ActiveX controls have full access to the Windows operating system.

The embedding of ActiveX into the Internet Explorer web browser created a combination of functions that has led to an explosion of computer virus, trojan and spyware infections. These malware attacks mostly depend on ActiveX for their activation and propagation to other computers. Microsoft recognized the problem with ActiveX as far back as 1996 when Charles Fitzgerald, program manager of Microsoft's Java team said "If you want security on the 'Net', unplug your computer. ... We never made the claim up front that ActiveX is intrinsically secure." [1] ActiveX as it is currently implemented is intrinsically insecure and is the biggest weakness of Internet Explorer not addressed by Internet Explorer Service Pack 2.

Wigglytuff
Aug 26th, 2005, 02:51 PM
Because PCs are just an all-around better computer to have. You get more for your money.

so true. these viruses and worms are pricey and windows gets you more than all other os put together.