MS chooses to leave critical security hole unfixed.

[mobrien_12]

http://news.zdnet.com/2100-1009_22-6082307.html?tag=zdfd.newsfeed

Microsoft will not fix a serious flaw in Windows 98 and Windows Millennium Edition because a patch could break other applications.

The security bug relates to Windows Explorer and could let an intruder commandeer a vulnerable PC, Microsoft warned in April. The software maker has made fixes available for Windows Server 2003, Windows XP and Windows 2000, but it has found that eliminating the vulnerability in Windows 98 and ME is "not feasible," it said.

Yeah... right, not feasible.  Take some of that billions of reserve money and do your freaking jobs.

[Orethrius]

Just substitute "profitable" for "feasible" in that statement and you'll get the generic MS mindset.  Hell, do that for ANY of their releases.

[Calum]

perhaps it really isn't feasible due to poor system design in the first place?

they are really saying that their win32 (not NT) based systems are shit, and considering they were the standard for 5 to 7 years, that's pretty appalling. how much money do you think microsoft made from windows 95. 98 and ME? for a system this poor that serious security vulnerabilities cannot be fixed without making the system unusably unstable?

and nobody cares! none of the windoids ask for their money back or anything, they just put up with it!

[Aloone_Jonez]

Since they're planning on killing support for Windows 98 next month I don't really blame them for not being arsed to fix it, that said they should either support something or not, not just do a half arsed job of supporting something which is what they do anyway.

[Jack2000]

i wonder if they will abondon 98 in full
as in "relese source and let the open comunity to picker  on it "

[Orethrius]

i wonder if they will abondon 98 in full
as in "relese source and let the open comunity to picker  on it "

 Not a chance in hell.  That being said, it seems that nobody noticed that Windows 2000 was made open source quite some time ago.  A lack of willingness to use it doesn't make it any less leaked.  

[H_TeXMeX_H]

Yay, I hope they keep doing this

[piratePenguin]

BTW:

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = Off

It's not a huge deal (I don't know any situation where security information is revealed), but I think display_errors should be off.

[Calum]

well firstly, open source does not mean you can see the source, it means you have a right to use the source to develop new code.

secondly, there is no possibility of windows' source code ever being released to the public as it would compromise a great deal of software in microsoft's current products which is unstable and insecure. they have stated this publicly, and even in court as part of a defense argument i believe! unlike most other popular operating systems microsoft windows really is too far down the road to ever be fixed up, in terms of security and stability, to the point where it can safely have the source code available to be viewed by just anyone.

to me, this makes it a failure as a secure and viable operating system.

[worker201]

Well, that's what you get for not following Microsoft's regimented upgrade schedule.  If you want your computer to be more secure, you better upgrade.  To XP.  Then, in a couple months, when Vista is ready, you can upgrade to Vista to avoid a hole in XP that they've decided would be "unfeasible" to fix.

[xyle_one]

I see nothing wrong with them not supporting an 8 year old operating system. Sure, 98 isn't good, they admit that, but it's 8 years old. Time to move on people.

[worker201]

Maybe it is time to move on.  But that should be the customer's decision, not the vendor's decision.  This is like Microsoft almost forcing people to upgrade, whether they have the hardware/opportunity or not.  Windows XP won't run on everything, you know.  And, believe it or not, some people have locked themselves into mission critical applications that need Win98 to function.  Let's not punish the less fortunate (and anyone with a 486 who is dependent on Win98 is definitely less fortunate) simply for being less fortunate.

xylon?

[xyle_one]

xylon?

Yeah, the one and only

How's it going worker201? How was your trip?

Maybe it is time to move on. But that should be the customer's decision, not the vendor's decision. This is like Microsoft almost forcing people to upgrade, whether they have the hardware/opportunity or not. Windows XP won't run on everything, you know. And, believe it or not, some people have locked themselves into mission critical applications that need Win98 to function. Let's not punish the less fortunate (and anyone with a 486 who is dependent on Win98 is definitely less fortunate) simply for being less fortunate.
 

I can't fault the company for discontinuing support for an ancient os even if people are still using it for critical applications (yikes!). I remember reading about this on, I think, slashdot, and windows 98 was just too poorly written to fix, so they didn't. If a company wants to continue to run critical apps on that, then so be it, but to expect MS to continue support is ridiculous. If not now, then when would it be an ok time to stop supporting it? 5 years? 25 years? Apple stopped supporting all older versions of it's classic os in 2002. And I believe Redhat no longer supports older versions of it's OS.

I don't see anything wrong :/

[piratePenguin]

Yeah, the one and only

How's it going worker201? How was your trip?

I can't fault the company for discontinuing support for an ancient os even if people are still using it for critical applications (yikes!). I remember reading about this on, I think, slashdot, and windows 98 was just too poorly written to fix, so they didn't. If a company wants to continue to run critical apps on that, then so be it, but to expect MS to continue support is ridiculous. If not now, then when would it be an ok time to stop supporting it? 5 years? 25 years? Apple stopped supporting all older versions of it's classic os in 2002. And I believe Redhat no longer supports older versions of it's OS.

I don't see anything wrong :/

MS said they would support it for longer than this - that's what's wrong.
The Ubuntu people say they'll support 6.06 for 5 years, and I'd be pissed at them if they ended it any shorter than that (and I do NOT plan to use 6.06 for much longer).

[xyle_one]

MS said they would support it for longer than this - that's what's wrong.
The Ubuntu people say they'll support 6.06 for 5 years, and I'd be pissed at them if they ended it any shorter than that (and I do NOT plan to use 6.06 for much longer).

I doubt they planned for a security fix to be impossible to add without breaking the system even more. Given that, I would have dropped support for this particular patch as well.