blinks
WinXP does WHAT? Where did you hear that? And why haven’t I seen it?
quote:
Originally posted by Doug:
Doddler, what you're saying is how the system is supposed to work. Turrican, myself, and others are trying to show how seriously this system could be abused to perpetuate certain agendas.
Yeah, your right. Sometimes I get started, and go off on a rant, then nothing can stop me [img]http://princess.cybrmall.net/ubb/biggrin.gif[/img]. Hope no one thinks badly of me. But you have to realize that microsoft has more than a few eyes on it, it would really feel the heat if they did something stupid. I think its just like the WinXP "You MUST register it to work" issue. People were ranting and raving about how its so unjust, how its going to be so horrible, they'll make you buy the OS again if you format, etc, and you don't hear anything today. Once its out there, I envision only pirates will end up complaining, because microsoft will just be sticking a very large, uncomfortable object right up its a** if it does anything stupid.
And besides, anything can be abused. You can rant on about how we shouldn't fly airplanes because someone might hijack them, or ban kitchen knives because they cause murders (ok, thats a bit wierd, but its just an example). Its a tool to stop software piracy, and while there is potential for abuse, it really is a step that should be taken, either by microsoft with Palladium, or by IBM with TCPA.
Doddler
[This message has been edited by Doddler (edited 09-06-2002).]
[This message has been edited by Doddler (edited 09-06-2002).]
quote:
Originally posted by Doddler:
Yeah, your right. Sometimes I get started, and go off on a rant, then nothing can stop me [img]http://princess.cybrmall.net/ubb/biggrin.gif[/img]. Hope no one thinks badly of me. But you have to realize that microsoft has more than a few eyes on it, it would really feel the heat if they did something stupid.[This message has been edited by Doddler (edited 09-06-2002).]
[This message has been edited by Doddler (edited 09-06-2002).]
1) No one who has noticed has seemed to care about this so far, and
2) They're Microsoft. They've consistently shown that they think they ARE the PC market and that they wield too much power. Everyone was watching when they did the illegal stuff they got caught for, too.
quote:
Originally posted by Doddler:
And besides, anything can be abused. You can rant on about how we shouldn't fly airplanes because someone might hijack them, or ban kitchen knives because they cause murders (ok, thats a bit wierd, but its just an example). Its a tool to stop software piracy, and while there is potential for abuse, it really is a step that should be taken, either by microsoft with Palladium, or by IBM with TCPA.Doddler
[This message has been edited by Doddler (edited 09-06-2002).]
[This message has been edited by Doddler (edited 09-06-2002).]
Put that straw man away. Do you really think it will stop piracy? No. If I make an exact duplicate it will still work fine. And there are plenty of ways to make exact duplicates. This is a way for Microsoft to get control over your computer.
http://theregister.co.uk/content/archive/24815.html
The article regarding file search submission information to Microsoft.
quote:
Originally posted by Nandemonai:
Put that straw man away. Do you really think it will stop piracy? No. If I make an exact duplicate it will still work fine. And there are plenty of ways to make exact duplicates. This is a way for Microsoft to get control over your computer.
I think a while back someone mentioned the only efective anti software piracy was one like halflife, where they could stop you from playing the game. This system could do the same, with normal apps. But I'll stop arguing. I have the feeling I'm upsetting people, and I hate to get a reputation as a troll.
Doddler
quote:
Originally posted by TurricaN:
It's getting rather ridiculous. The only thing that we can do now is stick with old versions of Windows or switch to an alternative Operating System, such as Linux, Mac OS X, Irix, BSD, Unix, BeOS, OS/2, etc... I predict that most PC users will be using Linux several years from now.And, if you're using Windows XP, you're already using an un-safe Operating System. I bet you didn't realise that every time you search for files on your hard disk, Windows XP submits information to Microsoft regarding your search! I'm staying well away from anything beyond Windows 98, and I've even gone to lengths to surgically rip out Internet Explorer intergration entirely from my Windows 98 partition too, which is as bigger security hole as they come.
Eh? Doesn't Microsoft already own Apple? Linux won't get acceptance until my sister can use it too ^_^. Besides if Linux ever became that great I'm pretty sure we'd have the Microsoft distribution.
Maybe you’ve never used Mandrake Linux 8.2 with KDE? It’s easier to use than Windows. And I hear that Mandrake 9.0 is even better and easier than 8.2, which should be released very soon.
quote:
Originally posted by TurricaN:
http://theregister.co.uk/content/archive/24815.htmlThe article regarding file search submission information to Microsoft.
*read* *read*
Actually, the article says that it doesn't send your local hard drive search terms. Unless I misread it. But it's still bad.
quote:
Originally posted by TurricaN:
Maybe you've never used Mandrake Linux 8.2 with KDE? It's easier to use than Windows. And I hear that Mandrake 9.0 is even better and easier than 8.2, which should be released very soon.
This is a matter of person what is easier. We got people here in my company who can't use windows, but are perfect in AS/400 green screen monitor and only a a keyboard. (I am technical person and I have problems using those things.)
Also it is a matter of style. My sisters like XP because it has cuter icons. (or at least they can download them.) So they rather use something that look pretty than something they don't understand. (linux doesn't also give good error message, I know Windows doesn't always either. But a core dump sounds rude.)
As said before on another forumn. Anything that is made by a human can be cracked/broken. It's stupid to believe otherwise. Windows seems more lacking because people would rather hunt a lion than a rabbit. It's more fun, challenging and you get more bosting rights.
To be honest I want all OSes to do well. Do not care if they copy one another. As long as I get to play my cute girl games or any other games I do not care. Oh, they pay my bills too since I can program Windows/Linux/OS X.
I did like the KDE interface. The whole multiple desktop interface is really nice. But until it is supported by the applications I use its just a novelty to me.
One has to remember that hardware manufactures are not always the friends of the software and media, only sometimes. As for DMCA, I don’t think any of the cases have reached the Supreme Court, so it still has not been settled. As for any built in hardware lock, well, we shall see. It is fairly hard to keep software from running on an OS. Plus if Microsoft wanted to keep control of what programs it would allow to run on it’s OS, well first their are the obvious Monopoly legal problems, second, the staff need to look at and grant certificates to every program produced would be so large and costly, even the 30 billion Microsoft has in cash would not last long. It would make their legal bills look cheap. As for collecting the data on the searches, well, there is something called data overload. Even with computer assistance, it would take decades for them process it and put it to use. Same with the data from Hotmail. If they do keep every bit of data, well, I just want to see the number of hard drives they have.
As for OSs, My version of WinXP Professional came legally cracked. I know what you are going to ask, and it has to do with Microsoft’s licensing agreement with the state universities of the state of Ohio. The agreement, which is extremely favorable to the schools, is that Microsoft allowed them to set sell select Microsoft software to their students at a price set by the school, and my university, Wright State University, set the price to 0 for all the selected software titles,all OSs except server and enterprise versions(which at this time are Win98 Second Edition, Win2000, and WinXP Professional), Office Professional, Visual Studio Professional, and a few other programs. So to make it easier, the hardware check, as well as the CD Key were removed by Microsoft. Well the CD Key is used, but not check if the copy has already been registered. Now if only the school firewall didn’t mess up windows update…
[This message has been edited by CJCaesar (edited 09-10-2002).]
[This message has been edited by CJCaesar (edited 09-10-2002).]
Well well well, look what we have here:
quote:
From http://www.grc.com
Attention Windows XP UsersA little-known but critical vulnerability exists in Windows XP.
It has recently been repaired in Service Pack 1.
This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon.
This vulnerability is so dangerous that it would be irresponsible for me to say more. Microsoft has known of this problem for months and has, inexplicably, done nothing before now. Although XP’s Service Pack 1 is not small (approx 30 MB for express installation or 140 MB for the network install), and even though a much quicker and easier solution to this problem exists, the only thing I can safely recommend (without revealing too much) is to urge all XP users to somehow obtain and install Service Pack 1 immediately. (If you have a slow Internet connection, perhaps a friend can download the executable Service Pack file and burn it onto a CD for you?)
This problem does not affect any systems other than Windows XP. If you have any friends or co-workers running Windows XP, please urge them to update their systems’ too. Once the details of this vulnerability have leaked through other channels I will provide additional information.
Now, you might be thinking; “Quick! I should go and download the Service Pack fix right now!”… Wrong. Why? Does anyone not see what Microsoft are trying to do here? They have known about this critically dangerous security flaw for almost three months and have done absolutely nothing about it! That is, until now with Service Pack 1. Why would they do this? Well, it’s obvious. By effectively forcing users to upgrade to Service Pack 1, which includes far more than just the security fix, they can modify the EULA on users’ systems with Service Pack 1. This means that when you install Service Pack 1, you’re probably giving up what little freedom you had left on your Windows XP system. When you install Service Pack 1, Bill Gates probably gets root privilages of your system. It would hardly surprise me if this was a deliberate flaw so that Microsoft can effectively force users to upgrade at a point that they felt they (Microsoft) would benefit from it.
Fortunetly for you, if you are unfortunate enough to be using Windows XP, you DON’T have to install Service Pack 1 to remove this dangerous security problem. You can simply rename or delete the “uplddrvinfo.htm” file, which will fix the problem.
In the end, with problems like this, it really does bring into question whether people should be using Microsoft products at all… Though I expect that this sort of serious problem will become normal in the future and people just won’t take it seriously because they will become desensitised to it, just like all of the Internet Explorer and Outlook security problems and vulnerabilities today… It’s sad, but that’s probably what will happen.
[This message has been edited by TurricaN (edited 09-10-2002).]
quote:
Originally posted by TurricaN:
[B]
In the end, with problems like this, it really does bring into question whether people should be using Microsoft products at all... Though I expect that this sort of serious problem will become normal in the future and people just won't take it seriously because they will become desensitised to it, just like all of the Internet Explorer and Outlook security problems and vulnerabilities today... It's sad, but that's probably what will happen.
If you've ever programmed any web specific applications, then you'd realize just how easy it is to leave a back door. I just created a very simple PHP script the other day to post to a custom message board on my server, and my friend showed me several ways that he can retrieve the password list and gain complete access to my HD, just through this script I made. Its not hard to do, even overlooking the simplest thing can do it. People forget that real people are behind these things, its not just a big faceless corperation. The *nix's arn't pefect either, they have their fare share of holes too. Its just with 90% of the world on MS, most hackers will obviously try to exploit it. The Nix's are still better than microsoft products for security, mainly because the open source makes bugs much easier to find that closed source. But neither are perfect, and probably never will be.
Doh, I forgot I said I wouldn't post here again... Oh well...
Doddler
Yeah, but really, I mean, come on, I’m no expert of Internet technology, but this is a web browser we’re talking about, not a PHP script. A web browser is locally stored application which only reads files. It should be much easier to maintain security on this level than something running from a server such as PHP. How someone could “accidently” include code in a web browser application that deletes files from your computer is far far beyond me, and making it capable of doing this through web based URL’s is sheer stupidity.
I mean, a web browser has no business deleting files in the first place, it’s supposed to view web pages, not manage files. It should NOT include any capability for deleting files at all. There’s really no excuse for this kind of security vulnerability.
I’m not claiming that Linux or any other Operating System is perfect, but Windows has certainly got a long way to go before it reaches Linux’s level, especially when you’re gonna be waiting three months for fixes to critically dangerous known security problems. The fact that they took so long is reason enough not to trust Microsoft.
PHP script is a web program. And yes A web browser started as a simple read only thing. Now due to demand in more than just reading, people want apps on the web. Ie you shopping cart, this BBS etc… You need programs in order to that. Also the demand for more flashy stuff to be shown on browsers such as Flash, Java and other multimedia stuff doesn’t help either. (I am a pure text person myself, but you can’t say that for the majority.)
This is turn makes it hard to plug every hole in the system. When you apps on You can grab people passwords. There are many ways. One example is you impersonate someone else. You can easily do by studing how a site works by source and then seeing the results of random form filling. If you see a pattern you can slow reverse engineer the site. Some are harder than others for sure. Second you (most common, but need technical knowledge) can have a second computer and sniff the packets. I won’t go into details here now. If you’re technical and know about packets and sockets programming you know what I am talking about.
I doubt any OS will ever be secure. But if MS knows a flaw they should try and fix it ASAP.
(For windows programmers)
If want to know huge flaw. The Win32 API is flawed. It does check the original singal before executing and pass messages. So in thoery I get a small program and acts innocently as simple program that a guess user can execute. Pass naughty (lacking a better term) command to win32 and win32 will happliy execute it. This is now known. ut I doubt they can fix it since this is the kernal and basically the OS itself. This is scary if you’re a programmer.
““Outstanding flaws”
…using the flaws for making your product sell. Original !!!”
^_-
Forgot where I saw it but it was a reponse to a post of the flaws still left, like the one pointed out by Turrican.
[This message has been edited by Zorian (edited 09-11-2002).]
Actually it is up to each program to see the incoming messages and determine if it has rights. Quite a few programs don’t do this. We didn’t know this and assume the OS will be smart enough to send messages where is came from and what security access they have. Had to reprogram quite a few of our program to check where the messages are from and if we trust the messages. Just extra work I can’t be bother doing. Unix base OSes doesn’t have this problem. OS handle security.