On TV.com: Top 15 TV THEME Songs
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 39 of 46:
Next »
« Previous
My thoughts exactly...
Yesiree...

In my previous post above, I was about to end with a 5,000-word diatribe about how Microsoft could have headed off this whole mess in 1996 or 1997 by ditching ActiveX (most malware spread over the Internet since then has involved some sort of exploit of ActiveX security flaws). But then I figured--explaining this to MS-brainwashed IT people and Windows users would be like trying to explain Particle Physics to hamsters (yes, even *I* bought the MS line up until around 1999 or so. Then my sister's system was wiped by 20 or so lines of VBScript code in a Web page. She lost everything). MS doesn't get it...the Flock doesn't get it. Even though security people like Georgi Guninski have been pointing out for YEARS that ActiveX is a malware writer's wet dream. Perhaps they'll fix it with the first production release of Longhorn. In which case, the fix will have occurred about TEN YEARS after the problem was pointed out.

And for all you folks who contend that if Linux, Mac, Commodore128, Proctor-Silex Toaster Ovens, (insert your favorite platform here) etc. etc. ad nauseum were as popular as Windows, there would be as much malware for that particular platform: NONSENSE. ActiveX is responsible for the overwhelming, vast majority of tojans and worms to affect Windows/IE/Outlook/Outlook Express/Media Player/Office since Microsoft "embraced and extended" the Internet to include exclusive, proprietary, buggy ActiveX functionality in their Internet offerings in a vain attempt to make the Net their own. If it weren't for ActiveX, Windows would suffer just a few more attacks from crackerz than other platforms. The first computer virus I ever saw? nVir, circa 1988. Platform? Mac. Seen many Mac trojans, worms or virii since then? How many AS/400 exploits have you seen? That would make much more sense for crackerz...there's TONS more exploitable, useful (to a cracker) info on your average old, decrepit AS/400 than on any 100,000 Windows boxes. Mid-sized corporations still tend to keep their critical info (like payroll and accounts payable) on old AS/400s and other minis (or on Big Iron), NOT on Windows servers. Unless you think 23,742 inter-office memos reporting "My office chair still squeaks, and by the way how's that Smith account going?" would be interesting to a cracker. NOT. Windows is cracked because it's BEGGING TO BE CRACKED. It's the computing equivalent of leaving your car unguarded, unlocked, engine running, in front of a chop shop.

Think you're safe if you've got the latest MS patches and a desktop or server AV system? Think again: George Guninski has revealed several exploits in everything from OfficeXP to Windows Media Player to IE to Outlook/Outlook Express that remain unfixed by Microsoft TO THIS VERY DAY. Even after he reported them to MS and BugTraq. Some of these exploits are over a year old. Heck, I think one or two are going on two or three years old.

Here's just a small sample of UNPATCHED IE exploits, compiled on a Chinese Web site:

http://die.leox.com/ie_unpatched/index.html

Whoever this Liu Die Yu is, MS needs to hire this person at around, oh, $2,000,000 a year because apparently he or she is much better at finding security flaws in MS products than MS's own people. Am I right, or what?
Posted by: Yen_z   Posted on: 11/05/03 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Makes Sense  ndelc | 11/04/03
Well...  Yen_z | 11/04/03
i agree  stephen732@... | 11/04/03
So...  vdraken | 11/05/03
Reality Check  Quiller | 11/05/03
Robin Hood???  JimSatterfieldW | 11/05/03
ROBIN HOOD???  beepster | 11/05/03
Makes not sense, just makes it more exciting for virus writers  DonnieBoy | 11/04/03
The Myth of Code Security at MS  AbsolutelyNot | 11/05/03
Medieval  Harry Bardal | 11/04/03
Medieval?  stephen732@... | 11/04/03
Will the criminal trial be televised?  David Mohring | 11/04/03
WILL THE CRIMINAL TRIAL BE TELEVISED?  beepster | 11/05/03
Don't fix it - buy silence  madmanx | 11/04/03
The Real reason  eyadmask | 11/04/03
Irrelevancies  Octol | 11/04/03
wish I knew  lmaxwell | 11/04/03
$250,000 is cheap  Iain_Peters | 11/05/03
A better idea  jellyclock | 11/05/03
An even Better idea!  Octol | 11/05/03
Why not address the issues Octol?  jellyclock | 11/05/03
What issues?  JimSatterfieldW | 11/05/03
Truth hurts, doesn't it?  Jack-Booted EULA | 11/05/03
MS Creates MicroCop The Bounty Hunter  DragonBRockin | 11/05/03
Clueless as to real problem  Quiller | 11/05/03
Re: Clueless as to real problem  DragonBRockin | 11/05/03
Greed Wins  Quiller | 11/05/03
Quiller YOUR AN IDIOT!!!  DragonBRockin | 11/05/03
To simple minds there's only 1 solution  JMVella | 11/05/03
Correct  JimSatterfieldW | 11/05/03
free copies of windows instead of cash  blahblahblah | 11/05/03
Hunt and Kill  Quiller | 11/05/03
Terminator HK 900  Quiller | 11/05/03
Hmm... If only the protocols were tested in Open Source  hackman_z | 11/05/03
New Profession  dwest_z | 11/05/03
They forgot to mention one thing !  NT Admin | 11/05/03
Hey MS offer $250,000 bonuses to your staff  Tammee | 11/05/03
Total costs  voska | 11/05/03
My thoughts exactly...  Yen_z | 11/05/03
Based on the Ex-Microserfs I know  AbsolutelyNot | 11/05/03
Well its about time!  Mad Scientist | 11/05/03
Dirty money from a dirty company!  orlando@... | 11/05/03
Bollogni No 2  michael-t | 11/05/03
Reward to Break the System  michael-t | 11/05/03
Lets hope what MS has done does not lead to more nasty programs.  shakey_z | 11/06/03
RE: Microsoft to offer bounty on hackers  OgreMHDW | 02/14/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here