M$ outlines security plans

[Xeen]

http://story.news.yahoo.com/news?tmpl=story&ncid=1209&e=2&u=/pcworld/20031028/tc_pcworld/113150&sid=95612683

I still say the only way to secure Windows is to unbundle and unintegrate all the dozens of poorly written applications from the OS's core.

[mc0282]

now they discover this ? geez, i always knew the Window Messenger(Messenger)service. was useless since release of windows xp.. damn, people are fucking dumb. i know common computer(idiot users) using windows xp  have about 20 processes running as default and plus the extra crap they have seting on there system tray... so default services the microsoft set as default cause security risk and doors for  attackers .. like remote registry services, windows messenger(Messenger Services), Visual Basic Script,and  the list goes on.. every day my firewall reports a packet try to been send from this system.. this one sa.windows.com. so think about idiots dont know what they have runnin g on theres system sending packets back and forward..

one thing, you want secure just FUCKING switch to a mac. i wont recommend linux would be to advance for them , they cant even handle windows ,geez.

[ October 30, 2003: Message edited by: mc0282 ]

[Calum]

i will freely admit that i can't handle windows properly, however i am fairly confident as a linux user, but yes i agree to switch from windows to linux will take sense and willingness.

[xyle_one]

quote:Originally posted by Calum:
i will freely admit that i can't handle windows properly, however i am fairly confident as a linux user, but yes i agree to switch from windows to linux will take sense and willingness.

The switch is difficult coming from a windows only background. You expect it to behave the same. When it doesnt, the first defense is, "it sucks, it cant do this, or cant do that" when in fact it does, it just does it differently. Or it has a dif name. "System Preferences" to "Control Panel". "My Documents" to "Home".

Windows is easy because you have no control over it. I dont know how to back that up right now. But it makes perfect sense in my head. Its like evolution, or adaptation. If a child is brought up in a home with no discipline or drive, he eventually grows to be a very lazy person. Inneficient. Half assed. Where as, the child who has been guided from the start to achieve, something, will grow to be a very level minded, "together", and "on top of it" adult. More successful. THe thing about the lazy child is that the parents had alot of money and just gave him everything. He did not work for it. Has no real respect for it. Does that make sense?

[jtpenrod]

quote:
 Microsoft will detail plans to disable the Windows Messenger Service and activate the Internet Connection Firewall by default on Windows XP machines in an effort to protect computers from malicious attacks, a company executive said Tuesday.

If they were really serious about Internet security, they'd issue a service pack that disables all WinModems  
 

quote:
 Among other things, Microsoft will announce a new API (application programming interface) for RPCs (remote procedure calls) that limits access to resources on the local machine, Carroll said.

How about fully documenting the existing APIs  :rolleyes:
 

quote:
 The company will also be talking about its plan to recompile Windows using new technology that is designed to sniff out security vulnerabilities in the code, Carroll said.

Buffer overruns are a common avenue for attacks against Windows systems, allowing hackers to send long streams of data that cause Windows machines to crash or to unintentionally execute code written by the attacker. On Tuesday, Microsoft will be encouraging developers to take advantage of the same compiler technology in the latest editions of Visual Studio to catch buffer overruns and other problems in their code, Carroll said.

Sounds a lot like "Valgrind", a programming aid that does exactly that. Already available for Linux, and is included with Slackware.  
 

quote:
 The service has been a standard part of Windows operating systems since the introduction of 32-bit operating systems in the mid-1990s, according to Russ Cooper, Surgeon General of TruSecure and moderator of the NTBugtraq newsgroup. [...] Within the last year, spammers discovered the feature and began using it to barrage unsuspecting users with pop-up messages containing solicitations, he said.

And it took these folks 15 years to find it?(!)   :eek:  makes you wonder just who the real dumb-asses are, doesn't it?  
 

quote:
While the Messenger Service will definitely be disabled by default in XP Service Pack 2, Microsoft is still investigating the problem and talking with customers about how to address the issue, Carroll said.

The company cannot comment on specific plans, but disabling the service in XP Service Pack 2 is not the final word. Other changes to address the issue in Windows Server 2003 and Windows 2000 are still in the works, and Microsoft is not ruling out disabling the service before releasing XP Service Pack 2, Carroll said.

Then why not just get rid of the damn thing altogether? Why have it wasting HD space if it's no longer going to be used by the vast majority of Win (l)users? Is making this an optional install for those who really need it asking too much?  :confused:  Then, again, they could do what I did: ditch Winderz and install Linux, the ideal solution to Win(In)Security issues.
________________________________________
Live Free or Die: Linux

"There: now you'll never have to look at those dirty Windows anymore"
      --Daffy Duck

[istruthfull]

Listening to people like ya'll gave me the info to turn messenger off for good.
  First go to the toolbar with running applications, right click messenger and turn it off. Then go to (on my system) C:\windows\program files\messenger and rename it.
 
As far as those running applications that a person doesn't want to be running this will take care of that, also another way to fix the messenger problem.
  Start-run-msconfig....then click the startup. Uncheck the applications you don't want to run until you want to use them. I found the breakdown for these applications at http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

I have the manuals for mandrake 9.1 and am looking forward to learning enough on how to use it without getting frustrated.