Author Topic: MS chooses to leave critical security hole unfixed.  (Read 2769 times)

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
http://news.zdnet.com/2100-1009_22-6082307.html?tag=zdfd.newsfeed

Quote

Microsoft will not fix a serious flaw in Windows 98 and Windows Millennium Edition because a patch could break other applications.

The security bug relates to Windows Explorer and could let an intruder commandeer a vulnerable PC, Microsoft warned in April. The software maker has made fixes available for Windows Server 2003, Windows XP and Windows 2000, but it has found that eliminating the vulnerability in Windows 98 and ME is "not feasible," it said.

Yeah... right, not feasible.  Take some of that billions of reserve money and do your freaking jobs.
In brightest day, in darkest night, no evil shall escape my sight....

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: MS chooses to leave critical security hole unfixed.
« Reply #1 on: 10 June 2006, 06:03 »
Just substitute "profitable" for "feasible" in that statement and you'll get the generic MS mindset.  Hell, do that for ANY of their releases.

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Re: MS chooses to leave critical security hole unfixed.
« Reply #2 on: 10 June 2006, 10:56 »
perhaps it really isn't feasible due to poor system design in the first place?

they are really saying that their win32 (not NT) based systems are shit, and considering they were the standard for 5 to 7 years, that's pretty appalling. how much money do you think microsoft made from windows 95. 98 and ME? for a system this poor that serious security vulnerabilities cannot be fixed without making the system unusably unstable?

and nobody cares! none of the windoids ask for their money back or anything, they just put up with it!
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: MS chooses to leave critical security hole unfixed.
« Reply #3 on: 10 June 2006, 12:05 »
Since they're planning on killing support for Windows 98 next month I don't really blame them for not being arsed to fix it, that said they should either support something or not, not just do a half arsed job of supporting something which is what they do anyway.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

Jack2000

  • Guest
Re: MS chooses to leave critical security hole unfixed.
« Reply #4 on: 10 June 2006, 13:28 »
i wonder if they will abondon 98 in full
as in "relese source and let the open comunity to picker  on it "

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: MS chooses to leave critical security hole unfixed.
« Reply #5 on: 10 June 2006, 13:56 »
Quote from: Jack2000
i wonder if they will abondon 98 in full
as in "relese source and let the open comunity to picker  on it "

 Not a chance in hell.  That being said, it seems that nobody noticed that Windows 2000 was made open source quite some time ago.  A lack of willingness to use it doesn't make it any less leaked.  :D

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: MS chooses to leave critical security hole unfixed.
« Reply #6 on: 11 June 2006, 03:58 »
Yay, I hope they keep doing this :D

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: MS chooses to leave critical security hole unfixed.
« Reply #7 on: 11 June 2006, 04:19 »
BTW:
Quote from: my php.ini
; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = Off
It's not a huge deal (I don't know any situation where security information is revealed), but I think display_errors should be off.
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Re: MS chooses to leave critical security hole unfixed.
« Reply #8 on: 11 June 2006, 14:37 »
well firstly, open source does not mean you can see the source, it means you have a right to use the source to develop new code.

secondly, there is no possibility of windows' source code ever being released to the public as it would compromise a great deal of software in microsoft's current products which is unstable and insecure. they have stated this publicly, and even in court as part of a defense argument i believe! unlike most other popular operating systems microsoft windows really is too far down the road to ever be fixed up, in terms of security and stability, to the point where it can safely have the source code available to be viewed by just anyone.

to me, this makes it a failure as a secure and viable operating system.
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
Re: MS chooses to leave critical security hole unfixed.
« Reply #9 on: 12 June 2006, 22:09 »
Well, that's what you get for not following Microsoft's regimented upgrade schedule.  If you want your computer to be more secure, you better upgrade.  To XP.  Then, in a couple months, when Vista is ready, you can upgrade to Vista to avoid a hole in XP that they've decided would be "unfeasible" to fix.

xyle_one

  • VIP
  • Member
  • ***
  • Posts: 2,213
  • Kudos: 135
Re: MS chooses to leave critical security hole unfixed.
« Reply #10 on: 15 June 2006, 22:15 »
I see nothing wrong with them not supporting an 8 year old operating system. Sure, 98 isn't good, they admit that, but it's 8 years old. Time to move on people.

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
Re: MS chooses to leave critical security hole unfixed.
« Reply #11 on: 16 June 2006, 00:00 »
Maybe it is time to move on.  But that should be the customer's decision, not the vendor's decision.  This is like Microsoft almost forcing people to upgrade, whether they have the hardware/opportunity or not.  Windows XP won't run on everything, you know.  And, believe it or not, some people have locked themselves into mission critical applications that need Win98 to function.  Let's not punish the less fortunate (and anyone with a 486 who is dependent on Win98 is definitely less fortunate) simply for being less fortunate.

xylon?

xyle_one

  • VIP
  • Member
  • ***
  • Posts: 2,213
  • Kudos: 135
Re: MS chooses to leave critical security hole unfixed.
« Reply #12 on: 16 June 2006, 00:39 »
Quote from: worker201
xylon?
Yeah, the one and only :)

How's it going worker201? How was your trip?
Quote from: worker201
Maybe it is time to move on. But that should be the customer's decision, not the vendor's decision. This is like Microsoft almost forcing people to upgrade, whether they have the hardware/opportunity or not. Windows XP won't run on everything, you know. And, believe it or not, some people have locked themselves into mission critical applications that need Win98 to function. Let's not punish the less fortunate (and anyone with a 486 who is dependent on Win98 is definitely less fortunate) simply for being less fortunate.
 
I can't fault the company for discontinuing support for an ancient os even if people are still using it for critical applications (yikes!). I remember reading about this on, I think, slashdot, and windows 98 was just too poorly written to fix, so they didn't. If a company wants to continue to run critical apps on that, then so be it, but to expect MS to continue support is ridiculous. If not now, then when would it be an ok time to stop supporting it? 5 years? 25 years? Apple stopped supporting all older versions of it's classic os in 2002. And I believe Redhat no longer supports older versions of it's OS.

I don't see anything wrong :/

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: MS chooses to leave critical security hole unfixed.
« Reply #13 on: 16 June 2006, 00:46 »
Quote from: xylon
Yeah, the one and only :)

How's it going worker201? How was your trip?

I can't fault the company for discontinuing support for an ancient os even if people are still using it for critical applications (yikes!). I remember reading about this on, I think, slashdot, and windows 98 was just too poorly written to fix, so they didn't. If a company wants to continue to run critical apps on that, then so be it, but to expect MS to continue support is ridiculous. If not now, then when would it be an ok time to stop supporting it? 5 years? 25 years? Apple stopped supporting all older versions of it's classic os in 2002. And I believe Redhat no longer supports older versions of it's OS.

I don't see anything wrong :/
MS said they would support it for longer than this - that's what's wrong.
The Ubuntu people say they'll support 6.06 for 5 years, and I'd be pissed at them if they ended it any shorter than that (and I do NOT plan to use 6.06 for much longer).
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

xyle_one

  • VIP
  • Member
  • ***
  • Posts: 2,213
  • Kudos: 135
Re: MS chooses to leave critical security hole unfixed.
« Reply #14 on: 16 June 2006, 01:08 »
Quote from: piratePenguin
MS said they would support it for longer than this - that's what's wrong.
The Ubuntu people say they'll support 6.06 for 5 years, and I'd be pissed at them if they ended it any shorter than that (and I do NOT plan to use 6.06 for much longer).
I doubt they planned for a security fix to be impossible to add without breaking the system even more. Given that, I would have dropped support for this particular patch as well.