We don't like their sound, and guitar music is on the way out - Decca rejects The Beatles
|
|
|
Microsoft gives up on Windows security flaw
DEVELOPER OF INSECURE SOFTWARE Microsoft has seemingly given up on finding a solution to a security vulnerability that takes advantage of the way Windows uses shortcuts.
As The INQUIRER reported on Monday, just about every operating system released by the Vole in the past decade is affected by the security flaw, which allows hackers to remotely execute code on Windows systems. Microsoft was relatively quick to admit to the problem, saying that the fault lies with the fact that "Windows incorrectly parses shortcuts".
The risk was increased by removable and network storage mechanisms such as USB memory drives, which can be 'autoplayed' when connected. Due to a dodgy digital certificate in a driver, users would be none the wiser as control of their system was being outsourced to someone else.
While the software outfit might have been able to pinpoint the cause of the problem, it seems that a proper fix is beyond reach for the coding gurus at Redmond. At the time, Microsoft suggested that a workaround would be to disable shortcut icons altogether.
We initially laughed off the security by obscurity model as an interim measure, but it seems that Microsoft believes that to be the best solution for its hairball operating system code.
As the bodge required users to modify registry settings manually, Microsoft thought it would be mighty handy to help system administrators out by issuing a 'fix it' patch.
The fix essentially does the same thing as before, that is, it disables shortcuts, though it does offer an easy way to uninstall the patch, should you actually want to use your machine. Phew, for a moment there we thought that Microsoft was decreasing functionality for better security.
Given the sheer number of Volish operating systems that are affected by this security flaw, it is shocking that Microsoft is unable to come up with a proper solution to cover its inability to design a secure operating system.
If this gaffer tape approach to security patches becomes the norm at Microsoft, perhaps a better and more permanent solution to Windows' insecurities will be to remove it altogether. µ
Tags: Microsoft
Share this:
Share
Sorry to disappoint Microsoft fans, but if you think about it, Microsoft gave up the goal of a secure operating system long ago.
How many "critical flaws" do they patch each month?
How long do these "critical vulnerabilities" STAY patched?
Nine years of continuous patching still have not managed to "plug" all the security holes in Windows XP, so I think that it is relatively safe to conclude that Microsoft is just shuffling these holes (like deck chairs on a large, doomed ocean liner). So this latest band-aid patch would seem to be consistent with their past practice of band-aid solutions.
I'm no fan of Microsoft but this article is misleading and borderline libelous. Microsoft has NOT given up..this is a workaround..not a permanent fix. Yes the fixit is draconian...but they have not given up on fixing this.
After reading this "journalistic" story, I see that /. has nothing on MS hatred. More here than in a week's worth of stories from /.
Oh, did I ask if this was supposed to be a real news story or opinion? Yes, opinion. That what it is.
I also suggest that the author start reading up what software security companies, and other security researchers have to say about Microsoft, Windows, and other operating systems. Then he can start presenting facts and not just spout his anti-Microsoft bias.
Finally, the editors and publisher of The Inquirer should be ashamed for publishing such rubish.
will approve of the new Microsoft Windows that has had all graven images removed.
And so will strictly observant Jews, of course.
I doubt that Microsoft will leave this issue hanging, they already have too much pressure to do this. However, it does bring up an interesting point about totally removing Windows. I am too in the IT world for my career and I choose Linux hands down. In my opinion, it's better to migrate from Windows to Linux, and put away all of your security and cost worries.
Microsoft did not give up on this problem, they merely provided a temporary fix for those at risk until they release a proper security patch.
This is how every security problem has been addressed so far.
Please stop spreading false rumors on the net. This is horrible journalism.
Simply put, you suck a journalism... Go join the New York times if you want to be completely useless.. misinformed.. and opinionated.
I work in the computer industry and anyone with more than just a basic knowledge of computers knows that you need windows. Just another MAC/Linux fan boy on a keyboard power trip.
Don't get me wrong I use Linux all the time for work, and its a great piece of software, but if you put into consideration the amount of computers/servers/everything that Microsoft Windows must work on its astonishing that its as stable as it is.
So again.. you are terrible at writing articles. You're on your way to being the next Steve Jobs.. aka douche.
It is obvious from the above article that you are a passionate Microsoft hater. You may even be a computer hater. That's fine if you are, most of us out here don't care about your loves or hates, but what is the point of your article? The "I hate Microsof"t drum is beaten all of the time, so you aren't offering anything new by joining that crowd. You seem to be saying that Microsoft isn't unique in having this problem, other OS providers suffer from the same issues. You offer no alternate solutions, but slam only Microsoft for offering an admittedly weak work-around.
The only thing that I got from your article is that you hate Microsoft and that all OS vendors are having the same shortcut problem.
Some additional information would have been nice, something other than your personal rant about hating Microsoft.
If the only thing you can offer is your hate for Microsoft I wish you would join or start a blog that would be a more appropriate forum for you hatred. Please allow someone who can offer usefull information to take over your space in The Inquirer.
While giggling over this Monday, I wondered at the cause, and they may have added a key word: "incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed." -- DISPLAYED. Not autorun. If happens merely displaying icons, explains the panic-mode registry hack and graphics in the latest announcement showing the nice blank icons that you may have to live with for a while even on shiny new 7. ... Heh, heh.
A window breaks easy, so the name Windows fits. Since I only feel safe using Linux I wish I could could my money back from the Microsoft OS I don't use or want.Thats the real scam.
Security must be the base of the OS, not patches for every problem, But then Microsoft is about making money and not safe OS's, and there good at that. In this day and age where we use our computers for most everything security must be number one and it's not. Most people can barely turn on there computers and security is left to other people they don't even know.
There is an aggressively vocal minority who demand that everything should "just work". They are not prepared to learn how to use a system, or put any thought or any effort whatsoever in instructing it what to do. They expect - and *demand* - that they just plug something in and it should "know" what to do without them having to think. Autorun is, of course, a natural consequence of this.
Unfortunately, people who dont know and dont care what happens when they plug something in are, as mr brownstool so elegantly put it above, sitting ducks when the first virus comes down the pike.
Windows would likely not be anywhere near as successful as it is if it did not pander to these idi^H^H^Hpeople. However, its greatest "strength" (if you can call it that when a system does things without being asked) is also its greatest weakness.
Conversely, if you dont trust M$ to take control of your system and do everything for you, then you are less likely to be affected when the bad guys usurp those mechanisms to act against you.
TL;DR: you get the OS you deserve.
autorun is for lazy and/or thick people aka 'the sitting ducks of the pc world'
anyone with half a brain disables it