XP has no significant bugs that any significant number of us

[Keith Williams]

In article <N2F7e.18911$1S4.1879004@news.xtra.co.nz>, ken123@xtra.co.nz
says...

"Joel Kolstad" <JKolstad71HatesSpam@Yahoo.Com> wrote in message
news:TPmdnf7NN5LXQsPfRVn-hg@comcast.com...
"Fritz Schlunder" <me@privacy.net> wrote in message
news:d3ml9h$ama$1@domitilla.aioe.org...
I know in the past Microsoft has released
security bulletins which detail the possible security loopholes alongside
with the fixes.

They're in a "damned if they do, damned if they don't" scenario here. If
they just tell you, "Hey, here's a new patch that increases security, but
we're not going to tell you exactly what it fixes," people will accuse
them of installing spyware or something equally bad.


But that's because of previous bad behavior by Microsoft. They're damned if
they do and damned if they don't, because they did.

Patching WinBlows is like patching the Titanic. It's designed broken.

--
Keith

 

[Keith Williams]

In article <msCdnQ1t564lb8PfRVn-pQ@comcast.com>,
charleschuler@comcast.net says...

"JeffM" <jeffm_@email.com> wrote in message
news:1113518270.079573.304370@g14g2000cwa.googlegroups.com...
Bill Gates is just a human being.
Charles Schuler

Same for Stalin.

Same for you.

Apparently you're different?

--
Keith

 

[Ken Taylor]

"Keith Williams" <krw@att.bizzzz> wrote in message
news:MPG.1cc90da17f69d799899d5@news.individual.net...

In article <N2F7e.18911$1S4.1879004@news.xtra.co.nz>, ken123@xtra.co.nz
says...
"Joel Kolstad" <JKolstad71HatesSpam@Yahoo.Com> wrote in message
news:TPmdnf7NN5LXQsPfRVn-hg@comcast.com...
"Fritz Schlunder" <me@privacy.net> wrote in message
news:d3ml9h$ama$1@domitilla.aioe.org...
I know in the past Microsoft has released
security bulletins which detail the possible security loopholes
alongside
with the fixes.

They're in a "damned if they do, damned if they don't" scenario here.
If
they just tell you, "Hey, here's a new patch that increases security,
but
we're not going to tell you exactly what it fixes," people will accuse
them of installing spyware or something equally bad.


But that's because of previous bad behavior by Microsoft. They're damned
if
they do and damned if they don't, because they did.

Patching WinBlows is like patching the Titanic. It's designed broken.

--
Keith

I see the analogy more as like 'patching windows is like shuffling deck
chairs on the Titanic'. At least Titanic needed a fairly unlucky hit from an
outside source to sink it - MS does it for itself.

Ken

 

[John Perry]

learning@learning.com wrote:

In <TZGdnT2zV7SUm8LfRVn-ow@comcast.com>, on 04/14/05
at 08:08 PM, "Charles Schuler" <charleschuler@comcast.net> said:

I wrote what is true, and I wrote to explain my position. You just wrote
"you are dead wrong" Even if you don't like what I said, its still gotta
count for more than just "you are dead wrong"

C'mon, guys, Schuler and Schlunder are the sort who nod wisely when some
idiot posts the fact that there are half again as many Google hits on
"linux virus" as there are on "Windows virus".

And S&S never bother to read any of those hits, either. That sort of
approach is why they can write the silliness they do.

I can't believe I'm still reading this crap :-(.

John Perry

 

[John Woodgate]

I read in sci.electronics.design that Charles Schuler
<charleschuler@comcast.net> wrote (in
<mrydnZwgmq_8bMPfRVn-jw@comcast.com&gt about 'XP has no significant bugs
that any significant number of users want fixed', on Thu, 14 Apr 2005:

You attribute too much to their behavior. They are, for the most part,
not "questioning" critics with a modicum of analytic skills. They are
simply whiners and bitchers.

All the while it's fashionable for students to have the language skills
of a retarded Neanderthal, you can't tell whether they actually have a
case or not.
--
Regards, John Woodgate, OOO - Own Opinions Only.
There are two sides to every question, except
'What is a Moebius strip?'
http://www.jmwa.demon.co.uk Also see http://www.isce.org.uk

 

[Guy Macon]

"...there is a considerable effort using Microsoft employees who
"participate" in on-line discussion groups, usually without admitting
they are Microsoft employees.

The most famous "participation" case was the "Barkto incident". A
person calling himself Steve Barkto appeared in OS/2 discussion groups
claiming to be a big IBM customer in Oklahoma who had adopted OS/2.
Barkto had nothing good to say about OS/2 or IBM, and many of the
things he said were outright lies. His posting was traced back to an
account that was paid for by the credit card of Rick Segal, a high
Microsoft executive.

Years ago, on-line postings by Microsoft "shills" were easy to spot.
Not only did they spout the party line precisely, but their grammar
and spelling were always excellent - highly unusual for newsgroup
posts. They learn - today's shills use some of the worst spelling seen
on the net and are often almost incoherent. pro Microsoft "Shill
fests" often follow magazine articles embarrassing to Microsoft but
verified to be true. If you can't deny it, bring out the shills!"

- http://www.aaxnet.com/topics/msinc.html


"Microsoft Corp. acknowledged Thursday that one of its programmers
apparently masqueraded as an independent computer consultant earlier
this week in an effort to discredit America Online's tactics in the
companies' quarrel over instant messaging.

Microsoft had reason to be red-faced about the incident -- first,
because the company was unable to identify which employee had forged
an e-mail message on Tuesday accusing America Online of irresponsible
behavior and second, because whoever did it sent the message to the
one computer security expert who was most likely to find a way to
trace it back to Microsoft."

The ruse has added a bit of Spy vs. Spy melodrama to a bitter dispute
over instant online messaging that American Online and Microsoft --
the world's two largest Internet service providers -- have been waging
for several weeks. ... America Online executives say Microsoft is
making illegal use of proprietary directory information that is
essential to connect instant messenger users with each other via the
Internet."

- San Jose Mercury News, Aug 13, 1999


"Rick Segal is an overt on-line Microsoft representative who is quite
active on CompuServe. If you signed onto Will Zachmann's Canopus forum
about this time last year, you would have seen him there resolutely
trying to improve Microsoft's image. Today Rick is in self-imposed
exile from Canopus following an extremely embarrassing episode which
has become known as 'The Barkto Incident.'

Bartko was an aberration. It's hard to know if the incident was a
one-time thing or if it is symptomatic of widespread disinformation
campaigns. Here's what happened. In January of this year, a newcomer
popped up in the Canopus forum named Steve Barkto. He said he was from
Oklahoma City and had been an IBM customer for seven years. He wasted
little time before attacking IBM, Dave Whittle, and your fearless
reporter over issues we had previously discussed with Rick Segal. This
Bartko character had a writing style which was so similar to that of
Rick Segal's that it immediately caught my eye. In fact, I responded
to his first message to me by asking if he were Segal in drag. Nobody
(including myself) took my question seriously. At least not at first.

Then one of the forum Sysop's noted that instead of calling from
Oklahoma City, where he claimed to be from, Bartko's calls were
originating from the node closest to Microsoft's headquarters in
Redmond, Washinton. This led Will Zachmann, who 'owns' the forum and
is Wizop there, to look more closely. What he found was incredible:
Barkto's account was in fact owned by Microsoft. It had been opened
with a corporate credit card belonging to Rick Segal. Will sent a
letter to the Microsoft Board of Directors demanding an investigation
and explanation, but no explanation has ever been forthcoming. An
internal Microsoft 'investigation' was conducted, headed up by Mike
Maples, an MS vice-president who ironically enough hails from Oklahoma
City. Unfortunately, it appears the investigation was little more than
a cover-up. The Barkto Incident did not escape the attention of the
Department of Justice who was winding up their five-year investigation
of MS when it occured. They flew a special team to Redmond to take
depositions on the matter just weeks before Microsoft agreed to the
Consent Decree designed to stop their predatory and anti-competitive
business practices.

Not long after the Barkto affair, a similar incident occurred on
another forum on CompuServe. In the LANMAG forum (short for LAN
Magazine), a man named Bill Diamond showed up one day and began
offering to one and all his views on varioius networking solutions.
Bill's views just happened to be highly critical of those from IBM
(especially OS/2), and from Novell, whose turf MS is trying to crash
with their NT and NTAS products. But he was very lavish in praise for
those from Microsoft. More than a couple of the forum regulars noticed
this slant to his posts and asked him directly if he were a Microsoft
employee. No, he said: he was an independent consultant. If you're
guessing that he wasn't being entirely honest, you're right: he was a
Microsoft employee.

Becky Campbell, the LANMAG forum Sysop, thought Bill's posts sounded
more like marketing hype that technical savvy and so she made a
discrete call or two and learned that he was indeed a Microsoft
employee. Becky gave him an ultimatum: come clean and admit his
deception or she would do it for him. He did make a public admission,
then tried to erase all evidence of his participation there by deleting
all of his messages..."

- http://www.pjprimer.com/jihad.html


"The messaging war between Microsoft and America Online got even
nastier last week when a Microsoft employee apparently sent phony
e-mail accusing AOL of security violations. A Microsoft worker posing
as security expert "Phil Bucking of Bucking Consulting" (play around
with the syllables and see what comes up), reportedly sent an e-mail
to legitimate security expert Richard Smith, President of Phar Lap
Software. 'Phil' claimed to have found a security hole in AOL Instant
Messenger that helps AOL determine what messaging client is being
used, but also risks the privacy of AIM users.
After trying unsuccessfully to find information about Mr. Bucking,
Smith determined AOL V. Microsoft: War of the Messengersthe sender
used a Yahoo! Mail account that had only been set up the previous day.
Since Y! Mail includes user IP addresses, it didn't take much work for
Smith to trace the message back to Microsoft. When confronted about
the discovery, a Microsoft spokesman initially denied it, but then
admitted that the e-mail did apparently come from Microsoft's
intranet. However, he said it would be impossible to determine which
Microsoft employee had sent Smith the message."

-http://www.msboycott.com/news/99_08_16.shtml


also see:
http://www.usdoj.gov/atr/cases/f3800/msjudgex.htm
http://www.developer.com/net/net/print.php/11087_617341_1
http://www.developer.com/net/net/print.php/11087_617341_2
http://www.developer.com/net/net/print.php/11087_617341_3
http://sysopt.earthweb.com/articles/msftcase/index.html
http://sysopt.earthweb.com/articles/msftcase/index2.html
http://sysopt.earthweb.com/articles/msftcase/index3.html
http://www.langston.com/Fun_People/1994/1994AFH.html
http://news.zdnet.com/2100-9595_22-515423.html

 

[Joel Kolstad]

"Guy Macon" <_see.web.page_@_www.guymacon.com_> wrote in message
news:115tun5k8vfc0e1@corp.supernews.com...

This is sci.electronics.design. We don't consider it to be a good thing
to release a designe with flaws and then to correct them in the field.
To us, sucess is a product that doesn't *need* to be fixed later.

I dunno Guy... it's pretty accepted practice these days that anything
"digital" that can be readily connected to a PC ends up getting at least one
firmware update over time, usually to fix bugs. This is true for cell
phones, digital cameras, LCD projectors, wireless routers, etc. I'm not
saying this is a good thing, just mentioning that nailing every last bug
before product shipment no longer seems to be SOP.

You might also note that MS is currently gearing up to denying security
fixes to those who have pirated copies. If this only hurt the pirates
I wouldn't shed a tear for them, but many of the bugs allow an attacker
to turn a windows box into a spam-spewing zombie, and that hurts *me*.

I bet you support only teaching abstinance in school and never handing out
birth control to kids, right? Just kidding.

 

[Joel Kolstad]

"Charles Schuler" <charleschuler@comcast.net> wrote in message
news:YrmdnYWQWZBOYcPfRVn-vA@comcast.com...

Actually, the kid who has the most servers is the target. Taking down
some grandma isn't nearly as appealing as taking down eBay, Amazon.com,
or Google.

Yes, that is true. Are they all running Windows?

eBay is. Google I'm pretty sure isn't. Not sure about Amazon.

 

[Guy Macon]

Joel Kolstad wrote:

I dunno Guy... it's pretty accepted practice these days that anything
"digital" that can be readily connected to a PC ends up getting at least one
firmware update over time, usually to fix bugs. This is true for cell
phones, digital cameras, LCD projectors, wireless routers, etc. I'm not
saying this is a good thing, just mentioning that nailing every last bug
before product shipment no longer seems to be SOP.

I agree 100%. Having the ability to patch the firmware is a Good
Thing. Never having to make use of that feature because you did it
right the first time is also a Good Thing. Making use of the ability
to update feature thousands of times and still having to make constant
use of it after 5-10 years of bugfixes (which is what MS does) is a
Very bad Thing Indeed.

 

[Guy Macon]

Joel Kolstad wrote:

Yes, that is true. Are they all running Windows?

eBay is. Google I'm pretty sure isn't. Not sure about Amazon.

http://uptime.netcraft.com/up/graph/?host=www.ebay.com

http://uptime.netcraft.com/up/graph/?host=www.google.com

http://uptime.netcraft.com/up/graph/?host=www.amazon.com

http://uptime.netcraft.com/up/today/top.avg.html

 

[Rich Grise]

On Fri, 15 Apr 2005 02:25:15 -0400, John Perry wrote:

learning@learning.com wrote:
In <TZGdnT2zV7SUm8LfRVn-ow@comcast.com>, on 04/14/05
at 08:08 PM, "Charles Schuler" <charleschuler@comcast.net> said:

I wrote what is true, and I wrote to explain my position. You just wrote
"you are dead wrong" Even if you don't like what I said, its still gotta
count for more than just "you are dead wrong"


C'mon, guys, Schuler and Schlunder are the sort who nod wisely when some
idiot posts the fact that there are half again as many Google hits on
"linux virus" as there are on "Windows virus".

This makes me wonder if you're merely not paying attention, or are an
out-and-out liar.
Results 1 - 50 of about 43,500 English pages for "windows virus". (0.36
seconds)
Results 1 - 50 of about 35,500 English pages for "linux virus". (0.09
seconds)

And I could also accuse you of not reading any of them for content - a
quick perusal reveals that in order for any virus to be a real threat
to a Linux system, you have to really trash your own security and overtly
open enough gaping holes to make it as loose as Windows is by default.

Of course, people who know better than to run as root and give write
access to your system files already know this.

Cheers!
Rich

 

[Rich Grise]

On Fri, 15 Apr 2005 08:52:56 -0700, Joel Kolstad wrote:

"Charles Schuler" <charleschuler@comcast.net> wrote in message
news:YrmdnYWQWZBOYcPfRVn-vA@comcast.com...
Actually, the kid who has the most servers is the target. Taking down
some grandma isn't nearly as appealing as taking down eBay, Amazon.com,
or Google.

Yes, that is true. Are they all running Windows?

eBay is. Google I'm pretty sure isn't. Not sure about Amazon.

Well, MICRO$~1 is using IIS - who was that smart aleck that started the
UL that they're running Linux/Apache? Amazon is using Apache.

So, are there any brave scriptkiddies who feel like taking down the M$
site, just for a lark? ;-)

Cheers!
Rich

 

[Charles Schuler]

"Security is, as we all know, a process, not a product. So when you use
Linux, you're not using a perfectly safe OS. There is no such thing. But
Linux and Mac OS X establish a more secure footing than Microsoft Windows,
one that makes it far harder for viruses to take hold in the first place,
but if one does take hold, harder to damage the system, but if one succeeds
in damaging the system, harder to spread to other machines and repeat the
process. When it comes to email-borne viruses and worms, Linux may not be
completely immune - after all, nothing is immune to human gullibility and
stupidity - but it is much more resistant. To mess up a Linux box, you need
to work at it; to mess up your Windows box, you just need to work on it. I
know which one I'll trust. How about you? "

http://www.securityfocus.com/columnists/188

 

[Charles Schuler]

Charles, its now up to you to show me which facts I have distorted. Is it
the one where M$ was found guilty? Is it the one where we learned that
bill blackmailed IBM into bailing on the only OS that could have ever
threatened his empire? Come on, you are not backing up your position, you
are only declaring it.

"Security is, as we all know, a process, not a product. So when you use
Linux, you're not using a perfectly safe OS. There is no such thing. But
Linux and Mac OS X establish a more secure footing than Microsoft Windows,
one that makes it far harder for viruses to take hold in the first place,
but if one does take hold, harder to damage the system, but if one succeeds
in damaging the system, harder to spread to other machines and repeat the
process. When it comes to email-borne viruses and worms, Linux may not be
completely immune - after all, nothing is immune to human gullibility and
stupidity - but it is much more resistant. To mess up a Linux box, you need
to work at it; to mess up your Windows box, you just need to work on it. I
know which one I'll trust. How about you? "

http://www.securityfocus.com/columnists/188

 

[Charles Schuler]

Actually, you're the one who is dead wrong. Windows is different due to
the
way it is used: as an administrator with all protections turned off. Any
process, including the browser, can write to any part of the system at any
time.

A linux user can't catch a virus from a file because the linux hasn't
the ability to modify system files in order for the virus to propagate.
The linux user in the web browser can't install spyware that intercepts
network activity.

As a windows user, you just don't know any better.

"Security is, as we all know, a process, not a product. So when you use
Linux, you're not using a perfectly safe OS. There is no such thing. But
Linux and Mac OS X establish a more secure footing than Microsoft Windows,
one that makes it far harder for viruses to take hold in the first place,
but if one does take hold, harder to damage the system, but if one succeeds
in damaging the system, harder to spread to other machines and repeat the
process. When it comes to email-borne viruses and worms, Linux may not be
completely immune - after all, nothing is immune to human gullibility and
stupidity - but it is much more resistant. To mess up a Linux box, you need
to work at it; to mess up your Windows box, you just need to work on it. I
know which one I'll trust. How about you? "

http://www.securityfocus.com/columnists/188

 

[Charles Schuler]

Yes. "learning" is not much into "learning" as he obviously has his mind
made up and is disoriented/discomfited/confused by facts and other opinions.

 

In <RqadnasFb9TT3v3fRVn-2w@comcast.com>, on 04/15/05
at 06:42 PM, "Charles Schuler" <charleschuler@comcast.net> said:

Yes. "learning" is not much into "learning" as he obviously has his mind
made up and is disoriented/discomfited/confused by facts and other
opinions.

Its hard to say if I get disoriented or confused by facts, because when it
comes to this topic, no facts have been presented from the "I love
Microsoft" gang.

There are a number of guys here from whom I have learned a great deal. You
are certainly not one of them.

As I said tho, there is no point dragging it on and on. Unless there is
actual conversation and give and take, its just a waste of time.

JB

 

[Guy Macon]

Rich Grise wrote:

who was that smart aleck that started the UL that they're
running Linux/Apache?

The Linux part is a fact. Look here:
http://news.netcraft.com/archives/2003/08/17/wwwmicrosoftcom_runs_linux_up_to_a_point_.html
http://uptime.netcraft.com/up/graph?site=download.windowsupdate.com
http://uptime.netcraft.com/up/graph?site=beta.search.msn.com

So, are there any brave scriptkiddies who feel like taking
down the M$ site, just for a lark? ;-)

That would be rather easy to do, except for the fact that Microsoft
runs Akamai. Akamai defends Microsoft against distributed denial-
of-service (DDOS) attacks by spreading the attack among many servers.

Akamai runs only on Linux. So Microsoft does indeed use IIS instead of
Apache to run most of it's websites, but those website are protected by
Linux Akamai.

Also see:
http://www.internetweek.com/shared/printableArticle.jhtml?articleID=13100775

 

[Winfield Hill]

Fritz Schlunder wrote...

Don't get me wrong, Microsoft isn't perfect, and they do have
room to improve.

Please, I just ate.


--
Thanks,
- Win

 

[John Perry]

Rich Grise wrote:

On Fri, 15 Apr 2005 02:25:15 -0400, John Perry wrote:


learning@learning.com wrote:

In <TZGdnT2zV7SUm8LfRVn-ow@comcast.com>, on 04/14/05
at 08:08 PM, "Charles Schuler" <charleschuler@comcast.net> said:

I wrote what is true, and I wrote to explain my position. You just wrote
"you are dead wrong" Even if you don't like what I said, its still gotta
count for more than just "you are dead wrong"


C'mon, guys, Schuler and Schlunder are the sort who nod wisely when some
idiot posts the fact that there are half again as many Google hits on
"linux virus" as there are on "Windows virus".


This makes me wonder if you're merely not paying attention, or are an
out-and-out liar.
Results 1 - 50 of about 43,500 English pages for "windows virus". (0.36
seconds)
Results 1 - 50 of about 35,500 English pages for "linux virus". (0.09
seconds)

Hey, I was trying to point out the pointlessness of trying to convince
boneheads!

Obviously it changes from day to day. I just did the search the way I
intended, without the quotes, and got 18,100,000 for Windows and
10,700,000 for linux. Several months ago (sorry, I should have repeated
the test before posting) it was something like 4,000,000 for windows and
6,000,000 for linux.

Just now I did it the way you obviously did, with quotes, and got 59,400
for Windows, and 58,400 for Linux -- essentially a dead heat.

And I could also accuse you of not reading any of them for content - a
quick perusal reveals that in order for any virus to be a real threat
to a Linux system, you have to really trash your own security and overtly
open enough gaping holes to make it as loose as Windows is by default.

Apparently my intent was not clear here, either -- sorry, I figured it
would be obvious to anyone who looked. A year or two ago when I last
did the test, I read dozens of each, and got almost every one of the
Windows hits as an announcement of some new virus, worm, or Trojan
bringing down thousands to millions of systems.

Many of the linux hits were some security site announcing a (presently
unexploited) vulnerability along with instructions for avoiding it in
the near term, and fixes for closing the hole permanently. Many others
were discussions of possible new approaches that had not previously been
revealed, and yet many others were discussions of historical linux and
unix attacks, such as the infamous Morris worm.

And thanks for calling me on this one: I hadn't looked for quite a
while, and the 6th linux hit was www.viruslibrary.com, which lists 7
linux attacks I hadn't heard of before. There were also a few other
sites that might prove interesting and helpful as I get around to
reading them.

Of course, people who know better than to run as root and give write
access to your system files already know this.

Of course.

John Perry, writing from my SUSE 9.0 box using Thunderbird in my
non-root user account from behind a Netgear firewall (for my wife's and
son's secured (as much as possible) XP Pro boxes . And they use
Netscape 7 -- Explorer and Outlook are forbidden in this house.