Microsoft leaked code several hundred decimal degrees slim

Friday the Thirteenth Part III

Hi Mike and the good folks at the Inq,

Well, I've read the entire post at NeoWin about the leaked code, and the comments left about it, and also several news reports on differing news sites,all basically saying the same thing.

I can say that (without seeing the code itself (yet), that if the reports about "Its the entire OS, we can make DietWin, WinUX...." completely false. The fact that the code is probably locked down tigher than some launch codes for ICBMs, makes the probability that the entire OS code has been released (some 40GB of it in total, acording to the news being reported) is slim, several hundred decimal places of slim.

The code is doing the rounds of the p2p networks, its probably the most looked at code that has been made for some time, with the exception of everyone's first BASIC program "20 ECHO 'HELLO WORLD'". It will come to naught, I can see that now. I looked over what happened the last time MS code was leaked: DOS 6.2. People looked over it, then dismissed it.

But, this might be different, the code that has been released IS running on several hundred million PCs (desktop, and otherwise) globally. Reports cite that its code from driver layers, several APIs, and the task manager.

Well, "OH NO! Microsoft is going to be made bandkrupt, the world economy is going to collapse. And, I won't be able to 'END PROCESS' IE when it opens 50,000 instances of itself"

Yeah, that is going to bring the world to an end.

Come on, what IS all the fuss about.

That Microsoft's servers have been hacked, hardly a rarity with all the viruses that are in the wild. Or, that Microsoft's code has been seen in the wild expanses of p2p heaven? Or, that really, the world is news starved, all annoyed at Microsoft's monoply on the desktop OS front, and want to drop their share price by a few %?

Thanks for allowing me to vent,

Nathan.

Aye Aye - a Disservice

I think you do your readers a tremendous disservice posting an article and a link like that. Nowhere have you alerted your faithful viewers that safer more secure versions of Microsoft's operating systems exist. I think you owe to us all to point out that the 9x family is not affected by these critical security vulnerabilities that Microsoft has abandoned in full view. At least while I'm rebooting I know it still belongs to me! Shame!

Arden Payne

Lindows, Windows and Irony

Dear Ed. and dear Naseem Javed,

as far as i understand Lindows(.com) is a company that distributes its own versions of linux and it is not "the Linux camp" or "Linux" - correct me if i missed something.

I have been following the legal battle between Lindows.com and MS but as a Linux user i never really identified myself with either of these companies. I do nevertheless hope that Lindow.com comes out successful of this battle and i believe many people feels the same way.

As for the name, copycat or not, the name "Lindows" comes with a subtle touch of humor, and i prefer it over the rather primitive sounding "Windows". Of course, you may argue, though, that for this humor to work, there had to be a (MS) "Windows" before...

This all is, of course, just my personal opinion.

With best regards

imre vida

Virus Propagation

"There is a way for every ISP in the world to prevent the propagation of viruses, no matter the nature of the payload."

I agree, we have POP authentication (on receiving email) so we could easily have SMTP (on sending) authentication as well. It is already implemented in every email server -- it just has to be turned on and the users asked to enter same username and password setting as for receiving. That means a lot of emal rejected instead of distributed. But it won't happen since ISPs _love_ the high traffic involved in distributing unsolicited content.

"The same sequence of events that authenticates a user or organization can also ensure that there's a working application with up to date virus and firewall definitions—even if it's a mobile. If you let your subscription lapse, you can't logon or you're re-directed to a dead-end that demands you update your software."

This is a brain dead idea. Another way for monopolistic companies to take our money away on needless things. Firewall is part of the operating system anyway and if the people are careful enough and operating systems are bug free there is no need for antivirus software.

"Those individuals and organisations using products from Symantec, McAfee, IVG, Sophos, and tonnes of other firewall/virus protection software vendors didn't have any problem with MyDoom, Blaster, or others."

This is not true. Also, Symantec products suck.

"Those that didn't have given us all a headache and full mailboxes."

So you are accusing me for your headache and full mailbox? Because I don't use antivirus even now and until Blaster I didn't use firewall as well. But I never had any virus, trojan or worm on my computer.

My ways to protection are as follows:

1. Install all security updates
2. Enable and configure firewall
3. Close preview pane in Outlook or Outlook Express
4. Do not open emails with attachments unless they are from trusted source and you requested them personally and even then ask the person to confirm it if you can

Or it can be even simpler:

3. Use email client that doesn't execute embedded scripts in html emails

You could have spent the time it took you to write the article to make comparative test of antivirus and firewall software instead.

Hint #1: firewall which passed most security tests was Agnitum's Outpost Personal Firewall Pro. Hint #2: antivirus is not needed especially if you use Outpost. Hint #3: www.agnitum.com

Regards
Igor

More YourDoom

In response to the "Yourdoom.a arrives" article, in which the writer wrote "individuals using products... didnt have any problem with MyDoom, Blaster, or others", I dont know the specifics of MyDoom, but I know for sure that anti-virus software had/has no effect on the blaster virus, the only thing you can do is patch. Even with firewall software, it was a problem with tcp/ip, you had to patch AND use firewall software, either Microsoft's built-in or someone else's to fix it. Check Symantec's diagnosis and removal if you dont believe me, I had to patch hundreds of machines when it came out, so I know. As far as requiring authentication of user's anti-virus and firewall subscriptions, that has to be the worst idea Ive ever heard of. One problem with that is not everyone uses Windows, and even beyond the Mac and Linux arguement, are you to say that XBox and PS2 owners should have anti-virus software up-to-date when they try to play games online? It would be an enormous headache for ISP's to try to do what you are saying, and I think its not worth the raise in my monthly fee.

And even more YourDoom

Ryan Hunters Article titled YourDoom.A arrives, makes a good point about people letting virus subscriptions lapse, but I have a problem with the following paragraph:

"Those individuals and organisations using products from Symantec, McAfee, IVG, Sophos, and tonnes of other firewall/virus protection software vendors didn't have any problem with MyDoom, Blaster, or others. Those that didn't have given us all a headache and full mailboxes."

Even people with current antivirus subscriptions propagate viruses. The two most common reasons are:

1) There is a delay between when a virus gets "in the wild" and when updated definitions are available from your Antivirus vendor of choice

2) In addition to the delay above each antivirus program has a minimum time between update checks. Some are as often as every hour, while others are every three hours, or as little as once a day. Sometimes the default update is even less often, and must be adjusted within the program.

As a Network consultant I have seen the above two delays combine to allow many people to be caught with their Anti-virus pants down, during the first 2 days of a new virus.

Therefore some of the "headache" came from people who did everything they could with the software they had.

You may publish my name, but not my e-mail address

Rob Andrews

PA RISC is Super Duper

Hi Mike

I was reading your artical on the new PA-8800 and the "hard core" of PA-RISC people within hp. I am one of those PA-RISC fans and will continue to sell PA over Itanium on the HP-UX platform for some time. The problem is not with the design of Itanium more with the ISV support. It just isn't there yet. Try and run any of the mySAP business suite on UX+Itanium and you will find that much of it isn't supported yet. The same goes for the Oracle E-Business suite. If the 2 biggest application vendors are being slow on the take up then what hope is there for the rest of the smaller ISVs who don't have the R&D budget? Windows on Itanium is another matter entirely though. I am seeing a big take up in this area, mainly because people don't trust Opteron yet and are runnning in to the 4GB per process brick wall with Xeon.

Within the high performance space we are seeing a large amount of IA-64 take up mainly due to the applications being run are usually bespoke and so re-compiling them for the new architechture to gain an extra boost of performance is an acceptable trade off. Itanium with HP-UX will have it's day but that day is not here yet. Unfortunately the hp marketeers don't seem to realise that the ISV support is a major stumbling block and continue to ram IA-64 down our customers throats. Some customers I have spoken to recently have had the message driven home so well, they thought that PA-RISC was discontinued. This is a bad message to be giving out in my opinion. Marketing should concentrate on what we can do NOW not what the next great thing is. People are being put off hp unix servers because of this.

Name supplied