September 8th, 2002, 03:57 AM
48 flaws so far this year?
I couldn't believe it when I read it, but according to ZD Net there have been 48 security vulnerabilities in Microsoft products so far this year! The latest is a flaw in an ActiveX control that thwarts SSL and digital certificates. Astonishing.
Please don't get me wrong, I am not anti-Microsoft. I have 4 out of 6 machines on my network here at home running one version or other of Windows, the other two running Red Hat 7.3. But whatever happened to the trustworthy computing directive? SSL is at the very heart of internet commerce as we know it today, and if that isn't secure then what does that mean for e-commerce and .Net?
It just puzzles me.
Time is a created thing -- to say \"I don\'t have time\" is like saying \"I don\'t want to.\"
September 8th, 2002, 04:14 AM
Who knows, Microsoft might purposlly be putting in these security vulnerablilities just so peopel keep buying there products and upgrades so they can get even richer. Big companies care more about money these days than to actually help people.
September 8th, 2002, 04:22 AM
48 that seems a little low for microsoft.
Its not software piracy. Iím just making multiple off site backups.
September 8th, 2002, 05:09 AM
But then agian... the year isn't over. Who knows there could be many many undiscovered flaws(Probably), OR! Microsoft could be getting better(Probably not).
September 8th, 2002, 07:34 AM
I am not surprised by the number of security vulnerabilities found. I actually thought it would be a higher number than that. Spinnaker: That would not come as a shock to me at all; M$ still places in my top 5 greed list. It's a cycle that they see as a catalyst for profit. Release the software before it's fully tested for security holes, then make money off of upgrades and the like. Just a theory...who knows for sure? I mean, don't get me wrong, the lion's share of my experience in IT has been with M$ software, and that's part of the reason I would like to expand my horizons to world of *nix. I do, however, like some of their software.
Opinions are like
holes - everybody\'s got\'em.
September 8th, 2002, 09:42 AM
Actually there were about 45 flaws found in Mandrake Linux 8.2 this year. But keep in mind that the number of security flaws found in a system have absolutely no bearing on the actual security of the system. The security is up to the administrator, in my case I check http://www.mandrakesecure.net daily for updates and patches. A good Windows admin will do the same and the security will not be a problem.
bdhoff dont confuse the ssl issue with a MS specific problem. *nix systems using SSL were forced to update too.
Spinnaker I truly doubt that MS would purposefully put malicious code in their programs, after all, they use them too.
Its easy to look at the number alone and assume the microsoft isnt doing their job, but the truth is that there have been quite a few *nix vulnerabilities found this year also but since MS is used by so many more people than *nix, the spotlight is on them.
September 10th, 2002, 08:16 PM
MS has released 50 security notifications so far this year. That does not mean that they have only found 50 flaws in there products, it is just the number of flaws that can be exploited to bypass system security in some way...
50 at this time of the year is actually kind of low for MS.. They had somewhere in the neighborhood of 90 last year... Given all of the products that MS produces this is actually not that bad... By the last post(which I have not confirmed), if mandrake fixed 45 bugs so far this year.. There were far more bugs in that OS then in any MS operating system...
Keep in mind that MS releases security bulletins for Win9x-Win2k, WinXP, Office XP, Office2000, MS SBS, IIS, etc.. etc.. etc....
September 13th, 2002, 01:32 AM
Well I have to update the new computer almost everday.M$ have decided to buy a security firm so they could write better software.(more secure).But the fact of the matter is every OS has bugs and every OS needs patches....but m$ by far has the biggest problem with this.
..But I was away from work for 2 days and I came back to find out the microsoft has released 4 patches when I was gone.This makes the job of keeping all the os's updated really hard.
[glowpurple]A_420_hacker_24::.\"A man without a computer is just a man, a man with a computer is a Admin\" ... \"If its not 4:20 on your clock, it\'s time to change the time\"..:Quotations from Larry Wall:.
\"I think you didn\'t get a reply because you used the terms \"correct\" and \"proper\", neither of which has much meaning in Perl culture. :-) \"