Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP security exploits


  • Please log in to reply
9 replies to this topic

Poll: Is it Microsoft's fault for having security issues with Windows XP? (75 member(s) have cast votes)

Is it Microsoft's fault for having security issues with Windows XP?

  1. Yes-It's Microsoft's fault for having a faulty Operating System. (50 votes [66.67%])

    Percentage of vote: 66.67%

  2. No-The hackers that use the holes are to blame. (21 votes [28.00%])

    Percentage of vote: 28.00%

  3. no opinion-I dont mind the monthly patches. (4 votes [5.33%])

    Percentage of vote: 5.33%

Vote Guests cannot vote

#1 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:04:42 PM

Posted 16 October 2004 - 07:21 AM

Is it Microsofts fault for having an Operating System that needs so many patches for it to work flawlessly?

Some say that it is their fault for not finding the holes prior to release. They are one of the largest companys in the world, and they shoud have spent the money needed to have the research to prevent something like this from happening. Especially after the recent SP2 release, there should not be any more problems, but there is.

Another opinion is that they could not have prevented something like this from happening. With Windows XP being the most popular Operating System, it would only make sence that someone would want to target it. The more people that would be possible to exploit, the better the chances that the hackers would be successful.



My opinion is that it could not be prevented. Granted, it should not get to a point that security updates are necessary every week. I know that there are people worldwide that their full-time job is nothing but finding exploits and problems with Windows XP. Some are doing it for the good-finding, fixing, and writing patches to repair them. Some are doing it for negative reasons though-they may be employed by the portion of the industry that wants to take advantage.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

BC AdBot (Login to Remove)

 


#2 PRODRiVER

PRODRiVER

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Earth
  • Local time:05:42 PM

Posted 16 October 2004 - 07:43 AM

I think it's Microsoft's fault, cause as you have said it's the big leading company in the operating systems field (as known to the public), and it must have a specialist team to find and patch these vulnerabilities.

And we can say that the HACKER must share a bit of the fault for finding and not telling the company about these vulnerabilities...

Any way Microsoft lately issued SP2 and it still have vulnerabilities. :thumbsup:

Final Word : There are no absolute security.

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:42 PM

Posted 16 October 2004 - 10:29 AM

The excuse that MS is used by 95 per cent of the world and therefore is subject to attacks does not outweigh the poor coding and testing by programmers. In theory, each new version of Windows should have been more secure than its predecessor, which has not been the case. Buffer overflow security problems, for example, were understood several years back, but even now are found on XP--- those who do not learn from history are condemned to repeat it. Moreover, the integration of a browser into an operating system was a business decision that ignored basic security best practices in favour of securing a MS monopoly.

Perhaps the slip-shod mindset that seems to have dominated the company is being changed by Gates' "trustworthy computing" iniative and perhaps the challenge of open source alternatives that appear to be more secure will change the practices of the programmers at MS. But if one considers the number of patches issued each month, and the lag time between proof of concept and the creation of patches, it certainly does not appear that MS is very focused on providing users a secure operating system.

Cheers,
John

PS. The excellent tutorial should be included with each new computer:

http://www.bleepingcomputer.com/tutorials/safely-connecting-a-computer-to-the-internet/

Edited by jgweed, 16 October 2004 - 09:25 PM.

Whereof one cannot speak, thereof one should be silent.

#4 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:42 PM

Posted 24 October 2004 - 09:25 PM

I voted for the "no" choice, as I lean more toward the bad guys being at fault in constantly exploring every vulnerability these possibly can to take advantage of users. I can also see how many folks can vote "yes" as MS has more security improvements ahead. Still, from what I've seen they are making progress.

Still, when I look at the methods of attack out there I have to give primary blame always to the bad guys. Even if MS has left the door partially unlocked in some cases, no one has the right to steal or cause damages to other users :thumbsup:

#5 PRODRiVER

PRODRiVER

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Earth
  • Local time:05:42 PM

Posted 27 October 2004 - 06:28 AM

Still, when I look at the methods of attack out there I have to give primary blame always to the bad guys.  Even if MS has left the door partially unlocked in some cases, no one has the right to steal or cause damages to other users :thumbsup:


As i said later, i blame the guys that enter the door to cause damage, not to just explore the weakness . :flowers:

#6 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 27 October 2004 - 02:37 PM

This vulnerability business (exploiting with HJ and spyware through MSIE) is a fairly recent and troublesome situation. I worked for an ISP 4 years ago and it was not then such a problem. My wife told me a few days ago "if all this time must be spent getting rid of HJ and Spys. then it's not hardly worh having a computer" It may be that more people will soon start feeling that way-not a good thing. The situation of a person getting his first computer and logging onto the net (thinking that Dell or MS has him protected) is like the rank amatuer player sitting in on his first poker game at the tables in Vegas. The outcomes are equal and very predictable. I did note, however that SP2 comes with a firewall-a good move, but why did it take this long? :thumbsup: :flowers:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:42 PM

Posted 27 October 2004 - 03:40 PM

My wife told me a few days ago "if all this time must be spent getting rid of HJ and Spys. then it's not hardly worh having a computer"



I've heard that point raised before. It's valid. If you watch cable news for news, use the post office for mail and shop at malls why deal with problems that we do?

The answer must lie somewhere within the problems we deal with. Advertising, banking and/or money exchanges, entertainment, business organization & security of documents. More or less basically understanding these. What's stopping us from knowing we are secure in doing those things?
  • a bad OS?
  • a Bad Internet?
  • Bad People?
  • Bad Information?
Whatever the reason, it is stopping people from using the Internet successfully.
patiently patrolling, plenty of persisant pests n' problems ...

#8 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:42 PM

Posted 27 October 2004 - 04:40 PM

Most of what I have read leads me to believe that many people just do not understand the security issues of using the internet. For example, there are people out there that do not even have an antivirus application running, or if they do, have never bothered to update the definitions. Others do not bother with a firewall. Even more do not understand the rising problems associated with spyware or identity theft.
I have suggested elsewhere that computer companies become involved, and include some kind of security information (even a two page foldout with cute pictures) or a splash screen with such information that shows the first time the computer is booted.
I think too many users tend to treat computers as the do the television---just turn it on and use it; unlike other appliances, the nature of the web is that it has a double arrow between the user and the world, and this interaction is the key to its awesome power in the world, but also the point of most danger.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#9 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 October 2004 - 09:57 AM

Having Best Buy or other PC retailers give out brocures explaining what this BB can do (and others) would be a giant leap forward. However, they would NEVER do it because rather than scare away one customer they'd just as soon have 80% of the purchasers fall into the HJ-Spyware pit. Very short sighted but that's how it works. To say that spyware/HJ are out there is "dissing" the product they are trying to push out the door. :flowers: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#10 JeanInMontana

JeanInMontana

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 PM

Posted 15 November 2004 - 11:51 PM

Ok, when a car is manufactured and it has a flaw that is discovered by a user, no one says the user is to blame. Even when they may have been doing something that actually caused the flaw to become apparent. I'm thinking of the short wheel base SUV's that roll so easy. Proper driving of one of these and you will never roll it, but get up to much speed and take a corner too fast over you go. No one ever focused on the fact that the vehicles could be safe with proper driving habits. Maybe add some roll bars, better suspension , driving lessons. All of this is at the cost of the buyer mind you.

Just like Windows and IE can be reasonably safe if you make damn sure you have all the software to plug the holes. Yes it is the fault of the maker for making the same faulty "vehicle" over and over. Buffer over runs that were identified clear back to 98 still not fixed, there is no excuse.

Oh they graciously add a firewall that will give the false sense of security that all is protected. Why didn't they make a real firewall? What good is a firewall that will let out what ever wants out? Zone Labs makes a FREE firewall that actually does what it is supposed to, and so do others. Yet Bill Gates and crew promised SP2 would fix all the things that should have been gone in the first place and they still haven't.

What other type of company do you know of that can get away with one Tuesday a month you need to check in and get a patch for their product? If Windows was a food or drug, a car of some kind even a small appliance it would get pulled off the market. There is no governing body for PC software and Microsoft is taking full advantage of that fact.

Thanks for letting me spout that. :thumbsup:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users