re: Black Hats are STILL finding security holes to exploit in Internet Exploder 6
Saturday, January 30, 2010 at 12:05 pm
Windows 98 Annoyances Discussion Forum
Posted by gewg_
(4444 messages posted)
Alan Masterman wrote:
|Blaming all security lapses on the software
|is a bit like blaming all motor accidents on vehicle defects.
|
You don't seem to remember the Pinto fiasco
where Ford produced a product that erupted into flames
under circumstances where other companies' products didn't.
As to your metaphor,
how about blaming the company that wrote/maintains the software?
It has become apparent that M$ knew about this exploit since August 2009.
M$ **only** paid it the slightest attention once it became clear
that the bad publicity attached to it would impact their bottom line.
Another security hole that has been in Windoze for 17 years
was noted by journalists in the same week this other irresponsibility was revealed.
MSFT's approach to security is INFURIATING.
|The great majority of security problems can be eliminated
|by educating users appropriately.
|
The insecurity is lessened by using products that are more secure to start with.
All a user should have to do with PROPERLY written / PROPERLY maintained software
is apply the patches available.[1]
|[...]Ultimately[...]all security problems arise from wrong decisions made by users.
|
Yes, choosing garbage software is the first step in the process of getting infected.
Alternatives to M$'s online apps have been available FOR YEARS.
The US Government's computer security experts (CERT)
have advised using ANY browser OTHER than what is available from Redmond.
In this thread, I already linked to that advisory from 2004.
That advisory has _never_ been revoked or amended;
ALL those insecurities are still there to be exploited.
...and thinking that users are going to stop clicking on the dancing bunnies is naive.
|99% [install] NOD32 or Norton AV and they think they have done enough.
|
MS's junk is the ONLY ecosystem that needs that silliness.
Putting band-aids on your software is a poor approach to security.
PROPER software security exists at the CORE of the software.
PROPER security involves actually PATCHING the insecure code
--something M$ has shown time and again they are uninclined/unwilling to do.
How can a *user* do the right thing when **THE VENDOR WON'T**?
What educated users do, first thing,
is get a browser that is more secure than Internet Exploder.
Those that are a bit more educated, stop using Micros~1's other online tools
(which call IE to do tasks, thereby exposing them to those same insecurities).
VERY educated users choose a more secure operating system.
Those folks also know that OSes which fit that description are available FOR FREE
and will run on their *current* hardware.
...and for those thinking about *new* hardware, Linux is STILL a better choice:
cache
of http://blogs.techrepublic.com.com/10things/?p=1194
cache
of http://community.zdnet.co.uk/blog/0,1000000567,10014283o-2000498448b,00.htm
cache
of http://it.toolbox.com/blogs/locutus/linux-gives-me-confidence-36243
cache
of http://ubuntulinuxhelp.com/some-things-linux-can-do-that-windows-wont
[1] When a file is downloaded
by an operating system that follows the Unix security model
(that would be ALL OSes **except Micros~1's**[2]),
the file's executable bits are automatically set to *non-executable*.
The user has to consciously grant a file executable status for it to run.
Drive-by infections which routinely corrupt the core of the OS
are _unknown_ in all computing environments EXCEPT M$'s.
[2] ...since the time Mac OS 9 was abandoned by Apple
|
All messages in this thread [show all]
 | |  | re: Black Hats are STILL finding security holes to exploit in Internet Exploder 6 (gewg_: Sat, Jan 30, 2010, 12:05 pm) |
| |
| |
| |
Return to the Windows 98 Discussion Forum
|
|
