Important Windows Patch!
CForrester
P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
in Off-Topic
<div class="IPBDescription">For NT, 2000, XP, and 2003</div> From <a href='http://www.grc.com' target='_blank'>GRC.com</a>:
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Microsoft has released a patch which ALL USERS OF
WINDOWS NT, 2000, XP, and 2003 should apply immediately!
This vulnerability is being called "the mother of all Windows vulnerabilities" because it allows Windows-based commercial Internet servers and regular Windows users to be remotely compromised by malicious hackers.
Security experts were upset to learn that Microsoft was informed of this extremely serious vulnerability more than six months ago, yet took until now to cure the problem. The vulnerability was obvious and easy to fix once it was known, yet Windows NT, 2000, XP, and 2003 machines have remained susceptible. Now known publicly, the vulnerability is readily exploitable.
Users of Microsoft Outlook and Outlook Express are made vulnerable through their eMail client as well as other avenues, and Windows machines with default "network bindings", which are not protected by a personal firewall or NAT router, are directly vulnerable to remote Internet compromise.
Security experts expect one or more new Internet worms, and new eMail exploits to appear shortly, so please update all potentially vulnerable systems as soon as possible. This is a big one folks . . .<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Microsoft's security bulletin is <a href='http://www.microsoft.com/technet/security/bulletin/MS04-007.asp' target='_blank'>here</a>.
Make sure you apply the patch!
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Microsoft has released a patch which ALL USERS OF
WINDOWS NT, 2000, XP, and 2003 should apply immediately!
This vulnerability is being called "the mother of all Windows vulnerabilities" because it allows Windows-based commercial Internet servers and regular Windows users to be remotely compromised by malicious hackers.
Security experts were upset to learn that Microsoft was informed of this extremely serious vulnerability more than six months ago, yet took until now to cure the problem. The vulnerability was obvious and easy to fix once it was known, yet Windows NT, 2000, XP, and 2003 machines have remained susceptible. Now known publicly, the vulnerability is readily exploitable.
Users of Microsoft Outlook and Outlook Express are made vulnerable through their eMail client as well as other avenues, and Windows machines with default "network bindings", which are not protected by a personal firewall or NAT router, are directly vulnerable to remote Internet compromise.
Security experts expect one or more new Internet worms, and new eMail exploits to appear shortly, so please update all potentially vulnerable systems as soon as possible. This is a big one folks . . .<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Microsoft's security bulletin is <a href='http://www.microsoft.com/technet/security/bulletin/MS04-007.asp' target='_blank'>here</a>.
Make sure you apply the patch!
This discussion has been closed.
Comments
... =\
Seriously though, 6 months? WTH?
In other news, a while ago MS (finally) patched the IE bug that allowed a mallicious link to send you to one domain, while displaying a different domain in the address bar.
Patch: <a href='http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp' target='_blank'>Here</a>
Interesting note:
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->eliminates the following three newly-discovered vulnerabilities:
...
A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:
http(s)://username:password@server/resource.ext<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
In other words, they didn't fix the bug, the removed the (very basic) feature that it exploited. Somehow I wasn't surprised.
EDIT:
Monse: the username:password@domain syntax is an agreed upon standard (RFC 1738), this is true, but MSs implimentation was (AFAIK) the only one affected by this exploit.
What a shock, someone posts up a useful bit of patching information and someone has to come in and start an MS rant. Tell you what, I'm going to post every single patch that was released <i>just</i> for linux Suse 9.0, and just since December 2003 - that's in a whole 2 months:
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->02 Feb 2004
RPM gaim 0.67-67 (i586) 1794 kB
Patch-RPM gaim 0.67-67-patch (i586) 351 kB
Source-RPM gaim-0.67-67.src.rpm
Security Update!
Security Fix:
The chat-client gaim is vulnerable to a buffer overflow
in the parse url code. This bug leads to remote system
compromise with the privileges of the user running gaim.
--------------------------------------------------------------------------------
29 Jan 2004
RPM cups 1.1.19-85 (i586) 2022 kB
Patch-RPM cups 1.1.19-85-patch (i586) 179 kB
Source-RPM cups-1.1.19-85.src.rpm
The fix solves a memory leak in the cups protocoll. The problem
appears mainly under Gnome, xd2.
--------------------------------------------------------------------------------
29 Jan 2004
RPM cups-client 1.1.19-85 (i586) 139 kB
Patch-RPM cups-client 1.1.19-85-patch (i586) 22 kB
Source-RPM cups-1.1.19-85.src.rpm
The fix solves a memory leak in the cups protocoll. The problem
appears mainly under Gnome, xd2.
--------------------------------------------------------------------------------
29 Jan 2004
RPM cups-devel 1.1.19-85 (i586) 121 kB
Patch-RPM cups-devel 1.1.19-85-patch (i586) 71 kB
Source-RPM cups-1.1.19-85.src.rpm
The fix solves a memory leak in the cups protocoll. The problem
appears mainly under Gnome, xd2.
--------------------------------------------------------------------------------
29 Jan 2004
RPM cups-libs 1.1.19-85 (i586) 103 kB
Patch-RPM cups-libs 1.1.19-85-patch (i586) 69 kB
Source-RPM cups-1.1.19-85.src.rpm
The fix solves a memory leak in the cups protocoll. The problem
appears mainly under Gnome, xd2.
--------------------------------------------------------------------------------
28 Jan 2004
RPM whois 4.6.6-77 (i586) 32 kB
Patch-RPM whois 4.6.6-77-patch (i586) 17 kB
Source-RPM whois-4.6.6-77.src.rpm
Fixed 64-bit archs problem, which caused problem with some IPs?
--------------------------------------------------------------------------------
27 Jan 2004
RPM nmap 3.30-70 (i586) 355 kB
Patch-RPM nmap 3.30-70-patch (i586) 159 kB
Source-RPM nmap-3.30-70.src.rpm
Security Update!
Security Fix:
nmap does not run as root due to bad interaction between kernel
and user-space for pre calculated IP checksum. Thanks to Dirk Mueller
for debugging.
--------------------------------------------------------------------------------
26 Jan 2004
RPM netpbm 10.11.4-126 (i586) 1161 kB
Patch-RPM netpbm 10.11.4-126-patch (i586) 252 kB
Source-RPM netpbm-10.11.4-126.src.rpm
Security Update!
Security-Fix:
Some tools of the netpbm suite create files in an insecure manner
that can lead to local privilege escalation.
--------------------------------------------------------------------------------
26 Jan 2004
RPM tripwire 2.3.1-138 (i586) 3242 kB
Patch-RPM tripwire 2.3.1-138-patch (i586) 3192 kB
Source-RPM tripwire-2.3.1-138.src.rpm
This update fixes a segmentation fault caused by a change in the "binutils"
package.
--------------------------------------------------------------------------------
22 Jan 2004
RPM ltmodem 8.26a-172 (i586) 806 kB
Patch-RPM ltmodem 8.26a-172-patch (i586) 803 kB
Source-RPM ltmodem-8.26a-172.src.rpm
Enabled modversions to allow the driver to work after a kernel update.
--------------------------------------------------------------------------------
20 Jan 2004
RPM quagga 0.96.2-74 (i586) 985 kB
Patch-RPM quagga 0.96.2-74-patch (i586) 875 kB
Source-RPM quagga-0.96.2-74.src.rpm
Security Update!
Security Fix:
Local users can send malicious netlink messages that cause
denial-of-service conditions in the routing-daemon quagga.
--------------------------------------------------------------------------------
19 Jan 2004
RPM tcpdump 3.7.2-82 (i586) 197 kB
Patch-RPM tcpdump 3.7.2-82-patch (i586) 153 kB
Source-RPM tcpdump-3.7.2-82.src.rpm
Security Update!
The code for handling ISAKMP and RADIUS messages contained bugs
which allowed remote attackers to crash tcpdump or to execute arbitrary code.
--------------------------------------------------------------------------------
15 Jan 2004
RPM gnome-filesystem 0.1-117 (i586) 22 kB
Patch-RPM gnome-filesystem 0.1-117-patch (i586) 21 kB
Source-RPM gnome-filesystem-0.1-117.src.rpm
Security Update!
Security Fix:
This update fixes the insecure handling of temporary files.
--------------------------------------------------------------------------------
15 Jan 2004
RPM gtk2 2.2.3-49 (i586) 2220 kB
Patch-RPM gtk2 2.2.3-49-patch (i586) 847 kB
Source-RPM gtk2-2.2.3-49.src.rpm
Fixes focus loop in gtk_socket_focus().
Solves 100% CPU load problem in Notification Area Applet with
GAIM, GnomeICU, ACME, Rhythmbox etc.
For more see <a href='http://bugzilla.gnome.org/show_bug.cgi?id=122327' target='_blank'>http://bugzilla.gnome.org/show_bug.cgi?id=122327</a>
--------------------------------------------------------------------------------
13 Jan 2004
RPM cvsup 16.1h-90 (i586) 1339 kB
Patch-RPM cvsup 16.1h-90-patch (i586) 1286 kB
Source-RPM cvsup-16.1h-90.src.rpm
Security Update!
Security Fix:
Removed public-writable directories from shared library search path.
--------------------------------------------------------------------------------
10 Jan 2004
RPM mpg321 0.2.10-419 (i586) 43 kB
Patch-RPM mpg321 0.2.10-419-patch (i586) 21 kB
Source-RPM mpg321-0.2.10-419.src.rpm
Security Update!
Security Fix:
A format-bug in mpg321 can be exploited (even remotly by HTTP streaming)
to execute code with the permissions of the user running mpg321 on
special MP3 files.
--------------------------------------------------------------------------------
09 Jan 2004
RPM XFree86 4.3.0.1-43 (i586) 9927 kB
Patch-RPM XFree86 4.3.0.1-43-patch (i586) 398 kB
Source-RPM XFree86-4.3.0.1-43.src.rpm
Security Update!
Security Fix:
Due to inproper checking of failure-conditions of pam_setcred()
in XDM while using pam_krb5 a user with valid login credentials
(Kerberos) may get root access to the system.
--------------------------------------------------------------------------------
09 Jan 2004
RPM inn 2.4.0-47 (i586) 2411 kB
Patch-RPM inn 2.4.0-47-patch (i586) 315 kB
Source-RPM inn-2.4.0-47.src.rpm
Security Update!
Security-Fix
INN handles certain control messages in an insecure way. This may allow
remote attackers to execute arbitrary commands. INN 2.3.x is not affected.
--------------------------------------------------------------------------------
09 Jan 2004
RPM mc 4.6.0-210 (i586) 1403 kB
Patch-RPM mc 4.6.0-210-patch (i586) 280 kB
Source-RPM mc-4.6.0-210.src.rpm
Security Update!
Fix for exploitable bug in mc's virtual file-system (VFS).
This bug can be exploited by using a special archiv.
The user which opens this archiv may execute arbitrary code
and may therefore compromise the system security.
--------------------------------------------------------------------------------
07 Jan 2004
RPM opera 7.50-1 (i586) 4795 kB
Patch-RPM opera 7.50-1-patch (i586) 4631 kB
Source-RPM opera-7.50-1.nosrc.rpm
Security Update!
Opera didn't check the X509 certificate so anybody could eavesdrop
the https communication.
--------------------------------------------------------------------------------
07 Jan 2004
RPM python 2.3-52 (i586) 2998 kB
Patch-RPM python 2.3-52-patch (i586) 1736 kB
Source-RPM python-2.3-52.src.rpm
The python-devel package was missing the symlink libpython2.3.so, so
that linking programs against python was not possible. This updates
fixes this problem.
--------------------------------------------------------------------------------
06 Jan 2004
RPM 3ddiag 0.703-176 (i586) 26 kB
Patch-RPM 3ddiag 0.703-176-patch (i586) 17 kB
Source-RPM 3ddiag-0.703-176.src.rpm
Security Update!
Security Fix:
Some scripts of 3Ddiag handle local temporary files in an insecure manner
which may lead to local privilege escalation.
--------------------------------------------------------------------------------
05 Jan 2004
RPM pin 0.29-47 (noarch) 8 kB
Patch-RPM pin 0.29-47-patch (noarch) 6 kB
Source-RPM pin-0.29-47.src.rpm
Security Update!
Security Fix:
Pin handles local temporary files in an insecure manner which may lead to local
privilege escalation.
--------------------------------------------------------------------------------
27 Dec 2003
RPM kopete 0.7.3-8 (i586) 3040 kB
Patch-RPM kopete 0.7.3-8-patch (i586) 2089 kB
Source-RPM kopete-0.7.3-8.src.rpm
Support again MSN chat, after last protocol change.
--------------------------------------------------------------------------------
19 Dec 2003
RPM cvs 1.11.6-73 (i586) 506 kB
Patch-RPM cvs 1.11.6-73-patch (i586) 231 kB
Source-RPM cvs-1.11.6-73.src.rpm
Security Update!
Security Fix:
The cvs server side can be tricked in creating files in the root file-system.
--------------------------------------------------------------------------------
19 Dec 2003
RPM k_smp 2.4.21-166 (i586) 25819 kB
Source-RPM k_smp-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
19 Dec 2003
RPM k_smp4G 2.4.21-166 (i586) 25783 kB
Source-RPM k_smp4G-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
19 Dec 2003
RPM memprof 0.5.1-115 (i586) 149 kB
Patch-RPM memprof 0.5.1-115-patch (i586) 91 kB
Source-RPM memprof-0.5.1-115.src.rpm
Bugfix:
libmemintercept.so, required for running memprof, was missing from the
package.
--------------------------------------------------------------------------------
18 Dec 2003
RPM ethereal 0.9.14-115 (i586) 5259 kB
Patch-RPM ethereal 0.9.14-115-patch (i586) 4853 kB
Source-RPM ethereal-0.9.14-115.src.rpm
Security Update!
Security Fix:
This update fixes a crash condition in ethereal. The bug appears in the code
that handles SMB packages (needs to be selected) and can be triggered remotely.
--------------------------------------------------------------------------------
18 Dec 2003
RPM k_athlon 2.4.21-166 (i586) 25313 kB
Source-RPM k_athlon-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
18 Dec 2003
RPM k_deflt 2.4.21-166 (i586) 25211 kB
Source-RPM k_deflt-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
18 Dec 2003
RPM k_um 2.4.21-166 (i586) 30584 kB
Source-RPM k_um-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
18 Dec 2003
RPM kdepim3 3.1.4-45 (i586) 1621 kB
Patch-RPM kdepim3 3.1.4-45-patch (i586) 288 kB
Source-RPM kdepim3-3.1.4-45.src.rpm
Security Update!
It was possible to use a buffer overflow via a special crafted vcard file
to run code during generating previews. By default it was only possible
on local filesystems, but the user can enable this also for remote file
systems.
--------------------------------------------------------------------------------
18 Dec 2003
RPM popper 1.0-727 (i586) 48 kB
Patch-RPM popper 1.0-727-patch (i586) 39 kB
Source-RPM popper-1.0-727.src.rpm
Security Update!
This update fixes unsecure temp file handling.
--------------------------------------------------------------------------------
17 Dec 2003
RPM cdrecord 2.01a18-60 (i586) 448 kB
Patch-RPM cdrecord 2.01a18-60-patch (i586) 291 kB
Source-RPM cdrecord-2.01a18-60.src.rpm
This update fixes a problem that prevented cdrecord from working
on a machine running the Linux 2.6 kernel.
Installations running the 2.4 kernel are unaffected.
--------------------------------------------------------------------------------
17 Dec 2003
RPM kernel-source 2.4.21-166 (i586) 44236 kB
Source-RPM kernel-source-2.4.21-166.src.rpm
Security Update!
Paul Starzetz of iSEC reported a vulnerability in the mremap system call,
which allows local attackers to crash the machine, and even to obtain super
user privileges under some circumstances.
This update fixes the vulnerability.
--------------------------------------------------------------------------------
16 Dec 2003
RPM fontconfig 2.2.1-58 (i586) 127 kB
Patch-RPM fontconfig 2.2.1-58-patch (i586) 9 kB
Source-RPM fontconfig-2.2.1-58.src.rpm
The default for subpixel hinting is set to "none" in these updated
fontconfig packages. If you switch off subpixel hinting in the
KDE control centre, KDE removes all rules concerning subpixel hinting
from ~/.fonts.conf, but the global default may still be to use
subpixel hinting on some TFT displays. Making the global default "none"
means you can really switch it off in the KDE control centre.
--------------------------------------------------------------------------------
16 Dec 2003
RPM fontconfig-devel 2.2.1-58 (i586) 204 kB
Patch-RPM fontconfig-devel 2.2.1-58-patch (i586) 33 kB
Source-RPM fontconfig-2.2.1-58.src.rpm
The default for subpixel hinting is set to "none" in these updated
fontconfig packages. If you switch off subpixel hinting in the
KDE control centre, KDE removes all rules concerning subpixel hinting
from ~/.fonts.conf, but the global default may still be to use
subpixel hinting on some TFT displays. Making the global default "none"
means you can really switch it off in the KDE control centre.
--------------------------------------------------------------------------------
15 Dec 2003
RPM irssi 0.8.6-148 (i586) 691 kB
Patch-RPM irssi 0.8.6-148-patch (i586) 479 kB
Source-RPM irssi-0.8.6-148.src.rpm
Security Update!
Security Fix:
This update fixes a remote denial-of-service attack against irssi irc client.
--------------------------------------------------------------------------------
10 Dec 2003
RPM lftp 2.6.6-71 (i586) 668 kB
Patch-RPM lftp 2.6.6-71-patch (i586) 281 kB
Source-RPM lftp-2.6.6-71.src.rpm
Security Update!
Security Fix:
This update fix' a remote exploitable buffer overflow while using HTTP/HTTPS.
--------------------------------------------------------------------------------
10 Dec 2003
RPM perl 5.8.1-81 (i586) 12393 kB
Patch-RPM perl 5.8.1-81-patch (i586) 5373 kB
Source-RPM perl-5.8.1-81.src.rpm
Update to official perl-5.8.1; fix srand bug; fix problems with
setenv in applications with embedd perl (e.g. mod_perl).
--------------------------------------------------------------------------------
08 Dec 2003
RPM screen 4.0.1-33 (i586) 569 kB
Patch-RPM screen 4.0.1-33-patch (i586) 168 kB
Source-RPM screen-4.0.1-33.src.rpm
Security Update!
Security fix for possibly remote privilege escalation in screen.
--------------------------------------------------------------------------------
04 Dec 2003
RPM rsync 2.5.6-193 (i586) 226 kB
Patch-RPM rsync 2.5.6-193-patch (i586) 179 kB
Source-RPM rsync-2.5.6-193.src.rpm
Security Update!
This update fixes an exploitable heap overflow in rsync.
This problem has no security impact if rsync is run over
an authenticated ssh connection or similar, because rsync
runs with the privilege of the authenticated user.
However, if rsync is run in server mode (i.e. invoked from
inetd to handle anonymous downloads), the bug becomes security
relevant.
--------------------------------------------------------------------------------
04 Dec 2003
RPM unace 2.5-68 (i586) 212 kB
Source-RPM unace-2.5-68.src.rpm
Security Update!
Security Fix for buffer overflow with long file-names.
--------------------------------------------------------------------------------
01 Dec 2003
RPM bastille 2.0.4-61 (i586) 239 kB
Patch-RPM bastille 2.0.4-61-patch (i586) 25 kB
Source-RPM bastille-2.0.4-61.src.rpm
Security Update!
This update adds the missing symbolic link that permits bastille to work on SUSE LINUX 9.0.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Oh wait, maybe those Debian guys are just extra moronic. I'm sure they have no need for all these patches over at Redhat; aftter all, they are the industry leader and have the most Linux marketshare for a reason right? Well, let's just take a look at their patch server and...
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Parent Directory 12-Nov-2003 02:03 -
SRPMS/ 11-Feb-2004 14:11 -
bash-2.05b-34.i386.rpm 23-Dec-2003 10:30 1.5M
binutils-2.14.90.0.6-4.i386.rpm 19-Dec-2003 10:43 2.7M
debug/ 11-Feb-2004 14:11 -
dia-0.92.2-1.i386.rpm 19-Dec-2003 10:03 2.3M
epic-1.0.1-16.i386.rpm 12-Nov-2003 15:37 673k
ethereal-0.10.0a-0.1.i386.rpm 18-Dec-2003 11:22 3.3M
ethereal-gnome-0.10.0a-0.1.i3..> 18-Dec-2003 11:22 2.5M
foomatic-3.0.0-21.3.i386.rpm 11-Feb-2004 11:54 2.0M
gaim-0.74-5.i386.rpm 05-Dec-2003 15:15 2.4M
gdm-2.4.4.5-1.2.i386.rpm 10-Feb-2004 10:27 1.9M
ghostscript-7.07-15.1.i386.rpm 11-Feb-2004 12:01 7.5M
ghostscript-devel-7.07-15.1.i..> 11-Feb-2004 12:01 32k
gimp-print-4.2.6-4.i386.rpm 11-Feb-2004 12:05 2.3M
gimp-print-cups-4.2.6-4.i386.rpm 11-Feb-2004 12:05 19.0M
gimp-print-devel-4.2.6-4.i386..> 11-Feb-2004 12:05 546k
gimp-print-plugin-4.2.6-4.i38..> 11-Feb-2004 12:05 45k
gimp-print-utils-4.2.6-4.i386..> 11-Feb-2004 12:05 19k
glibc-2.3.2-101.1.i386.rpm 14-Nov-2003 12:19 3.3M
glibc-2.3.2-101.1.i686.rpm 14-Nov-2003 12:19 4.9M
glibc-2.3.2-101.4.i386.rpm 12-Jan-2004 08:55 3.3M
glibc-2.3.2-101.4.i686.rpm 12-Jan-2004 08:55 4.9M
glibc-common-2.3.2-101.1.i386..> 14-Nov-2003 12:19 12.3M
glibc-common-2.3.2-101.4.i386..> 12-Jan-2004 08:55 12.3M
glibc-debug-2.3.2-101.1.i386.rpm 14-Nov-2003 12:19 23.0M
glibc-debug-2.3.2-101.4.i386.rpm 12-Jan-2004 08:55 23.0M
glibc-devel-2.3.2-101.1.i386.rpm 14-Nov-2003 12:19 1.8M
glibc-devel-2.3.2-101.4.i386.rpm 12-Jan-2004 08:55 1.8M
glibc-headers-2.3.2-101.1.i38..> 14-Nov-2003 12:19 507k
glibc-headers-2.3.2-101.4.i38..> 12-Jan-2004 08:55 507k
glibc-profile-2.3.2-101.1.i38..> 14-Nov-2003 12:19 1.0M
glibc-profile-2.3.2-101.4.i38..> 12-Jan-2004 08:55 1.0M
glibc-utils-2.3.2-101.1.i386.rpm 14-Nov-2003 12:19 67k
glibc-utils-2.3.2-101.4.i386.rpm 12-Jan-2004 08:55 69k
gnome-libs-1.4.1.2.90-36.i386..> 09-Feb-2004 10:12 1.0M
gnome-libs-devel-1.4.1.2.90-3..> 09-Feb-2004 10:12 1.1M
gnucash-1.8.8-1.i386.rpm 18-Dec-2003 12:15 7.4M
gnucash-backend-postgres-1.8...> 18-Dec-2003 12:15 107k
gnupg-1.2.3-2.i386.rpm 10-Dec-2003 22:06 1.5M
gphoto2-2.1.3-1.i386.rpm 23-Dec-2003 10:30 872k
gphoto2-devel-2.1.3-1.i386.rpm 23-Dec-2003 10:30 105k
grep-2.5.1-17.4.i386.rpm 10-Dec-2003 12:46 169k
headers/ 11-Feb-2004 14:11 -
hpijs-1.5-4.1.i386.rpm 11-Feb-2004 12:01 173k
httpd-2.0.48-1.2.i386.rpm 07-Jan-2004 11:59 1013k
httpd-devel-2.0.48-1.2.i386.rpm 07-Jan-2004 11:59 146k
httpd-manual-2.0.48-1.2.i386.rpm 07-Jan-2004 11:59 1.2M
initscripts-7.42.2-1.i386.rpm 01-Dec-2003 14:34 621k
iptables-1.2.9-1.0.i386.rpm 04-Feb-2004 08:03 168k
iptables-devel-1.2.9-1.0.i386..> 04-Feb-2004 08:03 39k
iptables-ipv6-1.2.9-1.0.i386.rpm 04-Feb-2004 08:03 115k
kernel-2.4.22-1.2140.nptl.ath..> 07-Jan-2004 11:39 12.0M
kernel-2.4.22-1.2140.nptl.i58..> 07-Jan-2004 11:39 12.0M
kernel-2.4.22-1.2140.nptl.i68..> 07-Jan-2004 11:39 12.2M
kernel-2.4.22-1.2149.nptl.ath..> 13-Jan-2004 14:55 12.0M
kernel-2.4.22-1.2149.nptl.i58..> 13-Jan-2004 14:56 12.0M
kernel-2.4.22-1.2149.nptl.i68..> 13-Jan-2004 14:56 12.2M
kernel-2.4.22-1.2166.nptl.ath..> 10-Feb-2004 14:30 12.1M
kernel-2.4.22-1.2166.nptl.i58..> 10-Feb-2004 14:30 12.1M
kernel-2.4.22-1.2166.nptl.i68..> 10-Feb-2004 14:30 12.3M
kernel-BOOT-2.4.22-1.2140.npt..> 07-Jan-2004 11:39 6.4M
kernel-BOOT-2.4.22-1.2149.npt..> 13-Jan-2004 14:55 6.4M
kernel-BOOT-2.4.22-1.2166.npt..> 10-Feb-2004 14:30 6.4M
kernel-doc-2.4.22-1.2140.nptl..> 07-Jan-2004 11:39 1.7M
kernel-doc-2.4.22-1.2149.nptl..> 13-Jan-2004 14:55 1.7M
kernel-doc-2.4.22-1.2166.nptl..> 10-Feb-2004 14:30 1.7M
kernel-smp-2.4.22-1.2140.nptl..> 07-Jan-2004 11:39 12.5M
kernel-smp-2.4.22-1.2140.nptl..> 07-Jan-2004 11:39 12.7M
kernel-smp-2.4.22-1.2149.nptl..> 13-Jan-2004 14:55 12.5M
kernel-smp-2.4.22-1.2149.nptl..> 13-Jan-2004 14:56 12.7M
kernel-smp-2.4.22-1.2166.nptl..> 10-Feb-2004 14:30 12.5M
kernel-smp-2.4.22-1.2166.nptl..> 10-Feb-2004 14:30 12.8M
kernel-source-2.4.22-1.2140.n..> 07-Jan-2004 11:39 39.4M
kernel-source-2.4.22-1.2149.n..> 13-Jan-2004 14:55 39.4M
kernel-source-2.4.22-1.2166.n..> 10-Feb-2004 14:30 39.5M
lftp-2.6.10-1.i386.rpm 12-Dec-2003 18:24 577k
mc-4.6.0-8.4.i386.rpm 09-Feb-2004 10:14 1.5M
mod_python-3.0.4-0.1.i386.rpm 04-Feb-2004 10:04 481k
mod_ssl-2.0.48-1.2.i386.rpm 07-Jan-2004 11:59 82k
mozilla-1.4.1-18.i386.rpm 19-Nov-2003 10:26 14.3M
mozilla-chat-1.4.1-18.i386.rpm 19-Nov-2003 10:26 119k
mozilla-devel-1.4.1-18.i386.rpm 19-Nov-2003 10:26 3.2M
mozilla-dom-inspector-1.4.1-1..> 19-Nov-2003 10:26 160k
mozilla-js-debugger-1.4.1-18...> 19-Nov-2003 10:26 209k
mozilla-mail-1.4.1-18.i386.rpm 19-Nov-2003 10:26 1.8M
mozilla-nspr-1.4.1-18.i386.rpm 19-Nov-2003 10:26 103k
mozilla-nspr-devel-1.4.1-18.i..> 19-Nov-2003 10:26 174k
mozilla-nss-1.4.1-18.i386.rpm 19-Nov-2003 10:26 621k
mozilla-nss-devel-1.4.1-18.i3..> 19-Nov-2003 10:26 475k
mutt-1.4.1-5.i386.rpm 11-Feb-2004 14:11 1.1M
net-snmp-5.1-2.1.i386.rpm 11-Dec-2003 09:54 1.7M
net-snmp-devel-5.1-2.1.i386.rpm 11-Dec-2003 09:54 1.0M
net-snmp-perl-5.1-2.1.i386.rpm 11-Dec-2003 09:54 156k
net-snmp-utils-5.1-2.1.i386.rpm 11-Dec-2003 09:54 149k
netpbm-9.24-12.1.1.i386.rpm 06-Feb-2004 10:31 92k
netpbm-devel-9.24-12.1.1.i386..> 06-Feb-2004 10:31 120k
netpbm-progs-9.24-12.1.1.i386..> 06-Feb-2004 10:31 1.2M
nptl-devel-2.3.2-101.1.i686.rpm 14-Nov-2003 12:19 887k
nptl-devel-2.3.2-101.4.i686.rpm 12-Jan-2004 08:55 889k
nscd-2.3.2-101.1.i386.rpm 14-Nov-2003 12:19 65k
nscd-2.3.2-101.4.i386.rpm 12-Jan-2004 08:55 67k
nss_ldap-207-6.i386.rpm 09-Feb-2004 16:40 913k
pam_krb5-2.0.5-1.i386.rpm 09-Feb-2004 16:41 53k
pango-1.2.5-4.i386.rpm 09-Feb-2004 14:39 341k
pango-devel-1.2.5-4.i386.rpm 09-Feb-2004 14:39 134k
php-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 3.5M
php-devel-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 233k
php-domxml-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 43k
php-imap-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 419k
php-ldap-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 27k
php-mysql-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 28k
php-odbc-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 33k
php-pgsql-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 42k
php-snmp-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 20k
php-xmlrpc-4.3.4-1.1.i386.rpm 07-Jan-2004 11:59 44k
postgresql-7.3.4-11.i386.rpm 25-Nov-2003 16:18 1.6M
postgresql-contrib-7.3.4-11.i..> 25-Nov-2003 16:18 339k
postgresql-devel-7.3.4-11.i38..> 25-Nov-2003 16:18 1.4M
postgresql-docs-7.3.4-11.i386..> 25-Nov-2003 16:18 4.5M
postgresql-jdbc-7.3.4-11.i386..> 25-Nov-2003 16:18 186k
postgresql-libs-7.3.4-11.i386..> 25-Nov-2003 16:18 89k
postgresql-pl-7.3.4-11.i386.rpm 25-Nov-2003 16:18 379k
postgresql-python-7.3.4-11.i3..> 25-Nov-2003 16:18 42k
postgresql-server-7.3.4-11.i3..> 25-Nov-2003 16:18 2.6M
postgresql-tcl-7.3.4-11.i386.rpm 25-Nov-2003 16:18 26k
postgresql-test-7.3.4-11.i386..> 25-Nov-2003 16:18 1.1M
privoxy-3.0.3-1.i386.rpm 04-Feb-2004 08:06 500k
procps-2.0.17-5.i386.rpm 09-Dec-2003 10:14 156k
pstack-1.2-3.i386.rpm 12-Nov-2003 23:03 18k
quagga-0.96.4-0.fc1.i386.rpm 09-Dec-2003 23:28 1.2M
quagga-contrib-0.96.4-0.fc1.i..> 09-Dec-2003 23:28 11k
quagga-devel-0.96.4-0.fc1.i38..> 09-Dec-2003 23:28 332k
rdesktop-1.3.0-2.i386.rpm 30-Jan-2004 02:00 69k
redhat-config-packages-1.2.7-..> 24-Nov-2003 15:29 159k
redhat-config-printer-0.6.79...> 12-Dec-2003 14:37 833k
redhat-config-printer-gui-0.6..> 12-Dec-2003 14:37 95k
rhdb-utils-2.0-2.i386.rpm 25-Nov-2003 17:26 20k
rhn-applet-2.1.4-3.i386.rpm 26-Nov-2003 10:16 271k
rsync-2.5.7-2.i386.rpm 04-Dec-2003 15:25 130k
sed-4.0.8-2.i386.rpm 19-Dec-2003 10:43 117k
slocate-2.7-4.i386.rpm 26-Jan-2004 14:14 33k
strace-4.5.1-1.i386.rpm 14-Nov-2003 00:52 76k
vnc-4.0-0.beta4.3.2.i386.rpm 17-Nov-2003 14:31 147k
vnc-server-4.0-0.beta4.3.2.i3..> 17-Nov-2003 14:31 1.3M
xboard-4.2.7-1.i386.rpm 04-Dec-2003 11:33 276k <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Wow, weird, they have tons of patches too!
Wow, I feel an uncontrollable urge to point out how many flaws those idiot linux developers have allowed in their code. I mean, releasing patches is bad right? We have a zero-tolerance bug rule in computing after all, right?
Man, where would the internet be without logic like this...
Have to also note that you've listed stuff like the patches for gAIM (a multi-protocol IM client), at least two of which are to update the handlers as MSN and Yahoo changed their protocols no less than four times in the last month.
And cups... enhanced printer support.
mpg321... gotta be careful, never know when there might be an exploit hidden in that MP3 you've been listening to for years.
If anything, I'd say that list is almost solid points /for/ Linux, rather than against.
Not to mention that those patches are for a computing environment. It'd be like listing the Half-Life patches, Photoshop patches, Trillian patches, and Maya patches along with the stuff MS has had to toss out.
In any case, this probably would be better back in the Linux discussion thread.
So this list from Mandrake right shows that Linux has no security patches?
<a href='http://www.mandrakesecure.net/en/advisories/updates.php?dis=9.2' target='_blank'>http://www.mandrakesecure.net/en/advisorie...tes.php?dis=9.2</a>
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Date Advisory Synopsis
2004-01-30 MDKSA-2004:006-1 Updated gaim packages fix multiple vulnerabilities
2004-01-28 MDKA-2004:009 Updated php-ini package fix module location
2004-01-26 MDKSA-2004:008 Updated tcpdump packages fix several vulnerabilities
2004-01-26 MDKSA-2004:007 Updated mc packages fix buffer overflow vulnerability
2004-01-26 MDKSA-2004:006 Updated gaim packages fix multiple vulnerabilities
2004-01-23 MDKSA-2004:005 Updated jabber packages fix DoS vulnerability
2004-01-23 MDKSA-2004:004 Updated slocate packages fix vulnerability
2004-01-23 MDKA-2004:008 Updated mrproject package fix segfault
2004-01-22 MDKA-2004:007 Updated dhcp package fix problems with dynamic DNS
2004-01-22 MDKA-2004:005-1 Updated qt3 package fix problems with accelerator keys
2004-01-20 MDKA-2004:006 Updated drakxtools package fix problems with drakconnect
2004-01-14 MDKSA-2004:003 Updated kdepim packages fix vulnerability
2004-01-14 MDKA-2004:005 Updated qt3 package fix problems with accelerator keys
2004-01-14 MDKA-2004:004 Updated kdegames package fix crash with kwin4
2004-01-14 MDKA-2004:003 Updated krozat package fix memory leak
2004-01-13 MDKSA-2004:002 Updated ethereal packages fix vulnerabilities
2004-01-07 MDKSA-2004:001 Updated kernel packages fix local root vulnerability
2004-01-05 MDKA-2004:001 Updated drakxtools package fixes drakbackup's daemon behavior.
2003-12-31 MDKSA-2003:095-1 Updated proftpd packages fix remote root vulnerability
2003-12-19 MDKSA-2003:118 Updated XFree86 packages fix xdm vulnerability
2003-12-18 MDKSA-2003:117 Updated irssi packages fix remote crash
2003-12-18 MDKA-2003:039 Updated chkauth packages fix NIS support
2003-12-18 MDKA-2003:038 Updated GConf2 packages fix patch
2003-12-15 MDKSA-2003:116 Updated lftp packages fix buffer overflow vulnerability
2003-12-11 MDKSA-2003:115 Updated net-snmp packages fix vulnerability
2003-12-10 MDKSA-2003:114 Updated ethereal packages fix multiple remotely exploitable vulnerabilities
2003-12-10 MDKSA-2003:112-1 Updated cvs packages fix malformed module request vulnerability
2003-12-10 MDKA-2003:037 Updated gaim packages restore MSN support
2003-12-08 MDKSA-2003:113 Updated screen packages fix buffer overflow vulnerability
2003-12-08 MDKSA-2003:112 Updated cvs packages fix malformed module request vulnerability
2003-12-04 MDKSA-2003:111 Updated rsync packages fix heap overflow vulnerability
2003-12-04 MDKA-2003:036 Updated shorewall packages fix loading of modules
2003-12-04 MDKA-2003:030-1 Updated rpm packages fix database locking bug
2003-12-02 MDKA-2003:035 Updated dump packages fix bug in rmt
2003-12-02 MDKA-2003:034 Updated mandrake_doc packages provide updated documentation
2003-12-01 MDKA-2003:027-2 Updated drakxtools packages fix multiple bugs
2003-11-28 MDKSA-2003:109 Updated gnupg packages fix vulnerability with ElGamal signing keys
2003-11-28 MDKA-2003:033 Updated kde-i18n-es packages fix translation problems in kmail
2003-11-28 MDKA-2003:032 Updated kopete packages fix MSN compatibility
2003-11-25 MDKA-2003:027-1 Updated drakxtools packages fix multiple bugs
2003-11-18 MDKA-2003:030 Updated rpm packages fix database locking bug
2003-11-18 MDKA-2003:029 Updated nss_ldap packages fix dependency problem
2003-11-18 MDKA-2003:028 Updated gawk packages fix segfault
2003-11-14 MDKA-2003:027 Updated drakxtools packages fix multiple bugs
2003-11-12 MDKSA-2003:106 Updated fileutils and coreutils packages fix vulnerabilities
2003-11-12 MDKA-2003:026 Updated SnortSnarf packages fix dependency problems
2003-11-12 MDKA-2003:025 Updated totem packages fix crash
2003-11-12 MDKA-2003:024 Updated OpenDX packages fix problem starting dx
2003-11-11 MDKSA-2003:105 Updated hylafax packages fix remote root vulnerability
2003-11-03 MDKSA-2003:103 Updated apache packages fix vulnerabilities
2003-10-31 MDKA-2003:023 Updated libbonobo packages fix problems with users on NFS homes
2003-10-31 MDKA-2003:022 Updated GConf packages fix problem starting gnucash
2003-10-27 MDKA-2003:021 Updated kernel packages problems with LG-based CD-ROM drives
2003-10-24 MDKSA-2003:096-1 Updated apache2 packages fix CGI scripting deadlock
2003-10-22 MDKA-2003:020 Updated packages fix various bugs in Mandrake Linux 9.2
2003-10-16 MDKSA-2003:101 Updated fetchmail packages fix DoS vulnerability
2003-10-16 MDKSA-2003:100 Updated gdm packages fix local vulnerabilities
2003-10-08 MDKA-2003:018 Updated gnome-applets packages fix the Stock Ticker applet
2003-09-30 MDKSA-2003:098 Updated openssl packages fix vulnerabilities
2003-09-30 MDKSA-2003:097 Updated mplayer packages fix buffer overflow vulnerability
2003-09-26 MDKSA-2003:095 Updated proftpd packages fix remote root vulnerability
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Are you actually trying to argue that Linux does not or should not patch security holes?
Also, a good portion of those are, again, LOCAL exploits. Meaning you can't get hit from just visiting an URL. The others require a touch more intelligence to accomplish, unlike the aforementioned 'latest gaping hole'.
And once again, you're listing application patches along with the OS-level.
Ain't it a pain that IE counts as part of the OS, with Microsoft claiming that they can't be seperated and all? ^_^
I think he's arguing the opposite; <i>everything</i> gets patched, whether it's a gaping security hole, a crash-inducing bug, a theoretical security risk under certain configurations or just an annoying misfeature.
I've had the SuSE update notification utility running since I installed 9.0; few of the updates have been critical ones, and even fewer have affected some base functionality like the kernel.
Yes, flaws are present in all software, but I think I prefer the free software mentality of patching things straight away instead of sitting on things for months.
I list the apps because the vendor lists them. Your linux web server isn't much use without web services, and if Apache lets you get rooted that's a problem with both. If I go to <a href='http://www.linuxsecurity.com/advisories/index.html' target='_blank'>http://www.linuxsecurity.com/advisories/index.html</a> and start browsing, I see things like:
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->2/4/2004 10:32 - Debian: kernel Privilage escalation MIPS patch
Integer overflow in the do_brk() function of the Linux kernel allows local users to gain root privileges
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->2/3/2004 22:30 - Red Hat: kernel Multiple vulnerabilities
Updated kernel packages are now available that fix a few security issues.
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->2/6/2004 17:58 - Red Hat: netpbm Red Hat: 'netpbm' temporary file vulnerabilities
A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities.
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
This page alone just shows the last week, and that's 17 separate security patches. If you look into the distro-specific ones on the side you will see hundreds more. Patches are a fact of life. Bugs are a fact of life. Saying that Linux patches are good and MS patches are bad is simply being fanatical and illogical; two things that I find very disagreeable in a system engineer or architect - you have to be flexible and open to various ideas to be a good one.
I get made out to be an MS lover, but in reality I have worked on many different OS's in my professional career, be it MS, Linux, HP Unix, Sun Solaris, Netware, OS/2, Mac, and others. All of them have problems, all of them have advantages. Blindly denouncing one over the other simply shows either a lack of experience or a predisposition towards stubborn pigheadedness.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->
Why is it then that if I go down the security patch list at <a href='http://www.linuxsecurity.com/advisories/index.html' target='_blank'>http://www.linuxsecurity.com/advisories/index.html</a> via OS, I see differences of weeks or months between patch releases for the exact same issues, depending on the vendors? Because *ding ding ding* releasing a patch straight away without properly testing it leads to releasing application patches to fix your security patches. Large corporations don't care if you release a patch 24 hours after a vulnerability is released - they can't release it to 3000 servers right away unless they go through and test it out themselves, run through their own procedures, and verify that it doesn't break a database in the quest to secure it. They feel much more comfortable with patches that obviously got some thorough burn-in testing. I'm not speaking from opinion, just experience.
And Mr.Evil, its great what for fixes you list there... like MC, wich is a programm, second, its a console filemanager(i mean... how many times a attacker gets acces to a local konsole file manager???).... i could programm a crappy programm for windows with thousends of bugs in it and then blame M$ that they have bugged software....
Much less something as stupid as, say, typing an URL. Or better yet, renaming an .XML as .JPG (which only works as IE ignores MIME filetype extensions and guesses every time... which is in direct standards violation).
Wanna talk Apache bugs? Sendmail? FTPd? Compare to the disaster that is IIS.
Perhaps browsers are more your cup of tea. After all, end-users are more likely to be running them rather than web services. IE versus Mozilla, or Konqueror, or lynx if you like.
Outlook Express going head to head with MozMail or pine.
In short, if we're going by comparison, there is no contest.
What few Linux vulnerabilities there have been are lesser in scope, more difficult to understand or exploit (to the majority of those who would take advantage of it), and tend to have a quicker turnaround time on a patch, when neccessary.
Windows is notorious for its security flaws, instability, and overhead. It appears more to be a daily scramble from patch to patch, just trying to get the worst of it hammered shut, while another leak springs up, hoping no one will notice or see.
<!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Are you talking about Valve? Because when I say they "rushed" a patch, I didn't mean it came out quickly. It just came out sooner than usual.
Much less something as stupid as, say, typing an URL. Or better yet, renaming an .XML as .JPG (which only works as IE ignores MIME filetype extensions and guesses every time... which is in direct standards violation).
Wanna talk Apache bugs? Sendmail? FTPd? Compare to the disaster that is IIS.
Perhaps browsers are more your cup of tea. After all, end-users are more likely to be running them rather than web services. IE versus Mozilla, or Konqueror, or lynx if you like.
Outlook Express going head to head with MozMail or pine.
In short, if we're going by comparison, there is no contest.
What few Linux vulnerabilities there have been are lesser in scope, more difficult to understand or exploit (to the majority of those who would take advantage of it), and tend to have a quicker turnaround time on a patch, when neccessary.
Windows is notorious for its security flaws, instability, and overhead. It appears more to be a daily scramble from patch to patch, just trying to get the worst of it hammered shut, while another leak springs up, hoping no one will notice or see. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Well, I can see you're not open to real discussion. You win, I surrendor, Linux is gr8, MS$ sux, go back to /. where you can talk without benfit of thought.
Oh, and make sure you say hi to Debian on the way over. After all, their main development servers were rooted just a couple months ago by an EXTERNAL ATTACKER because they have infallible software. See, I can type in all fanatical caps too, it's easy.
You still have the double-standard and refuse to address it: when MS has a patch, it's bad coding. When Linux has a patch, it's good security. I especially like where you refer to things as 'notorious', that shows such impartiality. ^_^
I was talking about Linux. And we all know that valve is a M$ controlled firm....
Yeah, the testing. I realised I'd forgotten to mention it as soon as I clicked on the 'Add Reply' button. It's what you're paying the company building the Linux distribution for, after all - testing the patch, and if necessary backporting it to the version of the software used in your particular distribution, blah blah blah.
Very similar for Windows, really, but for 'distribution' read 'version of Windows', etc.
Microsoft is in a pretty unenviable position - they announce a patch for an as-yet-unknown-in-the-wild security vulnerability, and people go wild. I bet there'll still be people studiously ignoring the patches (the 'why would anyone want to hack me?' mentality) and complaining in a few months time when their machine gets broken by a worm.
The moral of the story? Appreciate your sysadmin more, whatever their computing persuasion. Go on, people, buy him/her a box of chocolates. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
thanks monse ^^
As for the Debian rooting, if you looked a bit closer you'd see that the cause of that was OpenSSH.
Oh, and a patch was released within hours. Not next-day... within <i>hours</i> to fix the overflow vulnerability.
Impartial or not, are you going to deny that Windows is notorious for its security holes? Nobody said I was impartial. Hell, I wouldn't be debating if I was. That does not, however, immediately classify me as a 'fanatic'. I simply have a firmer grasp on the details of computing than most care to, and have formed opinions based on that experience.
OS/2 Warp
BeOS
and
MPE (no, not MP3).....
Together we should work together to stop OS's from making us type
listf , 2 just to see a directories contents..!!!!!
<!--emo&;)--><img src='http://www.unknownworlds.com/forums/html//emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif' /><!--endemo-->
Sorry I tend to stay out of the way in these discussions... but I had to....
Also, please keep in mind that MS bashing != Linux praising. A lot of these people who bash Microsoft probably cant live without their pirated WinXP. Next time, no one explode on Linux and carry the thread to unholy directions when someone takes a jab at MS.