Humor or truth?

J

Joh N.

I'd say a mixture of both, read on:


Judge: Court is now in session. Microsoft, you are charged with negligence and
incompetence. The prosecution will call its first witness.

Prosecution: We call Microsoft to the stand. Do you swear to tell the truth, the
whole truth, and nothing but the truth?

Microsoft: I'm sorry, you used a word in there that I don't completely
understand. Could you rephrase the question?

Prosecution: Never mind. Would you just please state your full name for the
benefit of the court?

Microsoft: You can call me Maynard G. Krebs.

Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I assume you are aware of
the so-called Blaster-B worm that exploits a remote procedure call in Windows
in order to cripple machines. Can you tell the court what happened?

Microsoft: The RPC gives customers the application compatibility they demand,
but the feature wasn't intended for use in a hostile environment like the
Internet. We were caught by surprise when we found out Windows XP customers
were connecting to the Internet. We have since cautioned customers against
doing this. We really can't be responsible if they use our technology
recklessly.

Prosecution: Given that you must have known some people would connect Windows XP
to the Internet, can you tell me why you made it so easy for a malicious coder
to exploit this RPC?

Microsoft: We are committed to the kind of innovation that gives the end user
the best possible computing experience. Now, this is an RPC - the operative
word being "remote," and we want the RPC to be as easy to locate and use as,
say, a television remote.

Prosecution: Are you aware of the fact that infected machines reboot every 10
minutes, which doesn't even give the user time to download the patch that fixes
the problem?

Microsoft: This is actually a brilliant part of our innovative
embrace-and-extend approach to reducing cost of ownership. IT administrators
tell us they need to reboot their Windows machines frequently to keep them
operational. So we responded by making it possible for a worm to force the
machine to reboot automatically on a regular basis, thus relieving
administrators from the costly job of having to reboot the machines manually.

You could say we embraced and extended Blaster-B, which we now call
ActiveReboot. The fact that users can't access the patch in 10 minutes is
deliberate on our part, since it prevents users from installing a patch that
would break ActiveReboot. We always try to stay one step ahead of customer
needs and protect them from themselves.

Prosecution: [sarcastically] Have you also embraced and extended the Sobig
e-mail Trojan horse?

Microsoft: As a matter of fact, we've taken Sobig and produced two new products
from the code. The first, SoFirm, is a privacy-enhancing feature that uses your
address book to make outgoing messages appear to others as if they were sent
from someone other than yourself.

Our next product, SoFullyPacked, packs your in-box with thousands of copies of
the latest version to make it convenient to apply updates whenever they're
released. In fact, we use ActiveTrojan technology to make installation and
updates so easy that it's almost automatic, which is another way to reduce cost
of ownership.

Prosecution: Speaking of cost of ownership, is it true that your own company
employs 3,000 administrators for 7,000 servers worldwide? That's one person for
every 2.3 servers, isn't it?

Microsoft: Yes, and we're proud of this, since we know that with every server we
sell, we're doing our part to reduce unemployment. We like to think of it as
"what's good for Microsoft is good for America."

Prosecution: That's admirable, but how can you calculate a low total cost of
ownership for Windows with one administrator for every 2.3 servers?

Microsoft: Well, I'm not an accountant, but I think it has something to do with
outsourcing. I can call the India office where we did the study and get a copy
for you. . . . You look like you are getting a headache, Mr. Prosecutor.
Perhaps you'd like to rest your case?

***
Nicholas Petreley is a consultant and author in Kansas City, Mo., and founding
editor of VarLinux.org. He can be reached at (e-mail address removed).



Enjoy,

Joh N.
 
M

Mike Hall

There will be a faction of computer users who will always spend their time
trying to undermine Microsoft.. no doubt if Linux was as popular, that same
faction would be working on loopholes in Linux..

Joh N. said:
I'd say a mixture of both, read on:


Judge: Court is now in session. Microsoft, you are charged with negligence and
incompetence. The prosecution will call its first witness.

Prosecution: We call Microsoft to the stand. Do you swear to tell the truth, the
whole truth, and nothing but the truth?

Microsoft: I'm sorry, you used a word in there that I don't completely
understand. Could you rephrase the question?

Prosecution: Never mind. Would you just please state your full name for the
benefit of the court?

Microsoft: You can call me Maynard G. Krebs.

Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I assume you are aware of
the so-called Blaster-B worm that exploits a remote procedure call in Windows
in order to cripple machines. Can you tell the court what happened?

Microsoft: The RPC gives customers the application compatibility they demand,
but the feature wasn't intended for use in a hostile environment like the
Internet. We were caught by surprise when we found out Windows XP customers
were connecting to the Internet. We have since cautioned customers against
doing this. We really can't be responsible if they use our technology
recklessly.

Prosecution: Given that you must have known some people would connect Windows XP
to the Internet, can you tell me why you made it so easy for a malicious coder
to exploit this RPC?

Microsoft: We are committed to the kind of innovation that gives the end user
the best possible computing experience. Now, this is an RPC - the operative
word being "remote," and we want the RPC to be as easy to locate and use as,
say, a television remote.

Prosecution: Are you aware of the fact that infected machines reboot every 10
minutes, which doesn't even give the user time to download the patch that fixes
the problem?

Microsoft: This is actually a brilliant part of our innovative
embrace-and-extend approach to reducing cost of ownership. IT administrators
tell us they need to reboot their Windows machines frequently to keep them
operational. So we responded by making it possible for a worm to force the
machine to reboot automatically on a regular basis, thus relieving
administrators from the costly job of having to reboot the machines manually.

You could say we embraced and extended Blaster-B, which we now call
ActiveReboot. The fact that users can't access the patch in 10 minutes is
deliberate on our part, since it prevents users from installing a patch that
would break ActiveReboot. We always try to stay one step ahead of customer
needs and protect them from themselves.

Prosecution: [sarcastically] Have you also embraced and extended the Sobig
e-mail Trojan horse?

Microsoft: As a matter of fact, we've taken Sobig and produced two new products
from the code. The first, SoFirm, is a privacy-enhancing feature that uses your
address book to make outgoing messages appear to others as if they were sent
from someone other than yourself.

Our next product, SoFullyPacked, packs your in-box with thousands of copies of
the latest version to make it convenient to apply updates whenever they're
released. In fact, we use ActiveTrojan technology to make installation and
updates so easy that it's almost automatic, which is another way to reduce cost
of ownership.

Prosecution: Speaking of cost of ownership, is it true that your own company
employs 3,000 administrators for 7,000 servers worldwide? That's one person for
every 2.3 servers, isn't it?

Microsoft: Yes, and we're proud of this, since we know that with every server we
sell, we're doing our part to reduce unemployment. We like to think of it as
"what's good for Microsoft is good for America."

Prosecution: That's admirable, but how can you calculate a low total cost of
ownership for Windows with one administrator for every 2.3 servers?

Microsoft: Well, I'm not an accountant, but I think it has something to do with
outsourcing. I can call the India office where we did the study and get a copy
for you. . . . You look like you are getting a headache, Mr. Prosecutor.
Perhaps you'd like to rest your case?

***
Nicholas Petreley is a consultant and author in Kansas City, Mo., and founding
editor of VarLinux.org. He can be reached at (e-mail address removed).



Enjoy,

Joh N.
Click to expand...
 
J

Jim Byrd

"that same faction would be working on loopholes in Linux"

Of which there are considerably more, BTW, not to defend MS, but in the
interest of truth :)

http://www.debian.org/security/
http://infocenter.guardiandigital.com/advisories/
http://www.mandrakesecure.net/en/advisories/mdk-updates.php?dis=8.2
http://rhn.redhat.com/errata/rh8-errata-security.html
http://rhn.redhat.com/errata/rh9-errata-security.html
http://sunsolve.sun.com/pub-cgi/sea...o=date&coll=fsalert&zone_32=category:security
http://www.suse.com/us/private/support/security/index.html


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Mike Hall said:
There will be a faction of computer users who will always spend their
time trying to undermine Microsoft.. no doubt if Linux was as
popular, that same faction would be working on loopholes in Linux..

Joh N. said:
I'd say a mixture of both, read on:


Judge: Court is now in session. Microsoft, you are charged with
negligence and
incompetence. The prosecution will call its first witness.

Prosecution: We call Microsoft to the stand. Do you swear to tell the truth, the
whole truth, and nothing but the truth?

Microsoft: I'm sorry, you used a word in there that I don't
completely understand. Could you rephrase the question?

Prosecution: Never mind. Would you just please state your full name
for the
benefit of the court?

Microsoft: You can call me Maynard G. Krebs.

Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I assume you are aware of
the so-called Blaster-B worm that exploits a remote procedure call in Windows
in order to cripple machines. Can you tell the court what happened?

Microsoft: The RPC gives customers the application compatibility they demand,
but the feature wasn't intended for use in a hostile environment
like the Internet. We were caught by surprise when we found out
Windows XP customers
were connecting to the Internet. We have since cautioned customers
against doing this. We really can't be responsible if they use our
technology recklessly.

Prosecution: Given that you must have known some people would connect Windows XP
to the Internet, can you tell me why you made it so easy for a
malicious coder
to exploit this RPC?

Microsoft: We are committed to the kind of innovation that gives the
end user
the best possible computing experience. Now, this is an RPC - the operative
word being "remote," and we want the RPC to be as easy to locate and
use as,
say, a television remote.

Prosecution: Are you aware of the fact that infected machines reboot
every 10
minutes, which doesn't even give the user time to download the patch
that fixes
the problem?

Microsoft: This is actually a brilliant part of our innovative
embrace-and-extend approach to reducing cost of ownership. IT administrators
tell us they need to reboot their Windows machines frequently to
keep them operational. So we responded by making it possible for a
worm to force the machine to reboot automatically on a regular
basis, thus relieving administrators from the costly job of having
to reboot the machines manually.

You could say we embraced and extended Blaster-B, which we now call
ActiveReboot. The fact that users can't access the patch in 10
minutes is deliberate on our part, since it prevents users from
installing a patch that
would break ActiveReboot. We always try to stay one step ahead of
customer needs and protect them from themselves.

Prosecution: [sarcastically] Have you also embraced and extended the
Sobig e-mail Trojan horse?

Microsoft: As a matter of fact, we've taken Sobig and produced two
new products
from the code. The first, SoFirm, is a privacy-enhancing feature
that uses your
address book to make outgoing messages appear to others as if they
were sent
from someone other than yourself.

Our next product, SoFullyPacked, packs your in-box with thousands of copies of
the latest version to make it convenient to apply updates whenever
they're released. In fact, we use ActiveTrojan technology to make
installation and updates so easy that it's almost automatic, which
is another way to reduce cost
of ownership.

Prosecution: Speaking of cost of ownership, is it true that your own company
employs 3,000 administrators for 7,000 servers worldwide? That's one person for
every 2.3 servers, isn't it?

Microsoft: Yes, and we're proud of this, since we know that with
every server we
sell, we're doing our part to reduce unemployment. We like to think
of it as
"what's good for Microsoft is good for America."

Prosecution: That's admirable, but how can you calculate a low total
cost of
ownership for Windows with one administrator for every 2.3 servers?

Microsoft: Well, I'm not an accountant, but I think it has something
to do with
outsourcing. I can call the India office where we did the study and
get a copy
for you. . . . You look like you are getting a headache, Mr.
Prosecutor. Perhaps you'd like to rest your case?

***
Nicholas Petreley is a consultant and author in Kansas City, Mo., and founding
editor of VarLinux.org. He can be reached at (e-mail address removed).



Enjoy,

Joh N.
Click to expand...
Click to expand...
 
J

Joh N.

Jim Byrd, after spending 3 minutes figuring out which end of the pen to use,
wrote:
"that same faction would be working on loopholes in Linux"

Of which there are considerably more, BTW, not to defend MS, but in the
interest of truth :)

http://www.debian.org/security/
http://infocenter.guardiandigital.com/advisories/
http://www.mandrakesecure.net/en/advisories/mdk-updates.php?dis=8.2
http://rhn.redhat.com/errata/rh8-errata-security.html
http://rhn.redhat.com/errata/rh9-errata-security.html
http://sunsolve.sun.com/pub-cgi/sea...o=date&coll=fsalert&zone_32=category:security
http://www.suse.com/us/private/support/security/index.html
Click to expand...



Ah, but see...most if not all were found *before* any were exploited. The open
source community finds them faster and fixes them faster. Not only that, most
if not all of them, would mainly only affect the user, not root (so long as you
of course kept your firewall up correectly and use a little common sense...a
defacto case for the most part with most Linux users). Besides...the open
source community hasn't tried to screw other businesses, users, etc., or lied
in court or been convicted of rotten business practices and of being a
monopoly.

Joh N.
 
R

Ron Martell

Ah, but see...most if not all were found *before* any were exploited. The open
source community finds them faster and fixes them faster. Not only that, most
if not all of them, would mainly only affect the user, not root (so long as you
of course kept your firewall up correectly and use a little common sense...a
defacto case for the most part with most Linux users). Besides...the open
source community hasn't tried to screw other businesses, users, etc., or lied
in court or been convicted of rotten business practices and of being a
monopoly.
Click to expand...

The vulnerability exploited by Blaster found and fixed before it was
exploited.


The sequence of events, as I understand was:
1. The vulnerability was discovered by some developers who informed
Microsoft.
2. Microsoft confirmed the problem and developed the patch and
released it.
3. Another group, in China I believe, reverse engineered the patch to
determine the exact location and nature of the vulnerability and then
released that information on a web site, together with prototype code
showing how to exploit it.
4. Blaster was released within a few days of the information being
posted on the web.

The patch was available as a "critical update" for several weeks prior
to the release of Blaster. Those who were infected either were not
using the automatic update function or were among the relatively few
who purchased new computers after Blaster was released and who got
infected before they could get the patch downloaded and installed.



Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
 
J

Jim Macklin

There are lot of lazy and sometimes ignorant computer user
and even a lot of IT sysadmin who did not patch their
desktops AND servers.

Windows is 80-90% of the world-wide computer market and so
is the biggest target. I was looking at McAfee's virus
lists and there are viruses that target Linux, Unix and
MACs, they just don't cause as much trouble or news because
they effect so many fewer systems/

IF the user follows the practices listed by MS and McAfee
(or Norton) they are pretty safe.
1. Don't open attachments
2. Don't open attachments
3. Run a firewall
4 Don't open attachments
5 Install patches regularly, check daily it only takes a
moment to check.
6. Don't open attachments
7. Run a current anti-virus program all the time and scan
everything.
8. Delete the spam and don't buy anything from a spam email
9. Don't open attachments
10, Don't open attachments.


|
|
| >
| >Ah, but see...most if not all were found *before* any
were exploited. The open
| >source community finds them faster and fixes them faster.
Not only that, most
| >if not all of them, would mainly only affect the user,
not root (so long as you
| >of course kept your firewall up correectly and use a
little common sense...a
| >defacto case for the most part with most Linux users).
Besides...the open
| >source community hasn't tried to screw other businesses,
users, etc., or lied
| >in court or been convicted of rotten business practices
and of being a
| >monopoly.
| >
|
| The vulnerability exploited by Blaster found and fixed
before it was
| exploited.
|
|
| The sequence of events, as I understand was:
| 1. The vulnerability was discovered by some developers
who informed
| Microsoft.
| 2. Microsoft confirmed the problem and developed the
patch and
| released it.
| 3. Another group, in China I believe, reverse engineered
the patch to
| determine the exact location and nature of the
vulnerability and then
| released that information on a web site, together with
prototype code
| showing how to exploit it.
| 4. Blaster was released within a few days of the
information being
| posted on the web.
|
| The patch was available as a "critical update" for several
weeks prior
| to the release of Blaster. Those who were infected either
were not
| using the automatic update function or were among the
relatively few
| who purchased new computers after Blaster was released and
who got
| infected before they could get the patch downloaded and
installed.
|
|
|
| Ron Martell Duncan B.C. Canada
| --
| Microsoft MVP
| On-Line Help Computer Service
| http://onlinehelp.bc.ca
|
| "The reason computer chips are so small is computers don't
eat much."
 
J

Jim Macklin

Funny, but how do you explain the majority of users did not
get the Blaster worm? Did they know something the others
should have known?

Answer, Yep.
Run a firewall. MS should have made the firewall ON by
default.
Update regularly and apply the patches. Patched systems did
not get infected. MS did have the patch out for several
weeks before Blaster hit.

Now, about the lawsuit against Boeing because some
terrorists stole two airplanes. Maybe they can include MS
because Boeing used computers to design airplanes and the
airlines used computers to issue tickets.


|
| I'd say a mixture of both, read on:
|
|
| Judge: Court is now in session. Microsoft, you are charged
with negligence and
| incompetence. The prosecution will call its first witness.
|
| Prosecution: We call Microsoft to the stand. Do you swear
to tell the truth, the
| whole truth, and nothing but the truth?
|
| Microsoft: I'm sorry, you used a word in there that I
don't completely
| understand. Could you rephrase the question?
|
| Prosecution: Never mind. Would you just please state your
full name for the
| benefit of the court?
|
| Microsoft: You can call me Maynard G. Krebs.
|
| Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I
assume you are aware of
| the so-called Blaster-B worm that exploits a remote
procedure call in Windows
| in order to cripple machines. Can you tell the court what
happened?
|
| Microsoft: The RPC gives customers the application
compatibility they demand,
| but the feature wasn't intended for use in a hostile
environment like the
| Internet. We were caught by surprise when we found out
Windows XP customers
| were connecting to the Internet. We have since cautioned
customers against
| doing this. We really can't be responsible if they use our
technology
| recklessly.
|
| Prosecution: Given that you must have known some people
would connect Windows XP
| to the Internet, can you tell me why you made it so easy
for a malicious coder
| to exploit this RPC?
|
| Microsoft: We are committed to the kind of innovation that
gives the end user
| the best possible computing experience. Now, this is an
RPC - the operative
| word being "remote," and we want the RPC to be as easy to
locate and use as,
| say, a television remote.
|
| Prosecution: Are you aware of the fact that infected
machines reboot every 10
| minutes, which doesn't even give the user time to download
the patch that fixes
| the problem?
|
| Microsoft: This is actually a brilliant part of our
innovative
| embrace-and-extend approach to reducing cost of ownership.
IT administrators
| tell us they need to reboot their Windows machines
frequently to keep them
| operational. So we responded by making it possible for a
worm to force the
| machine to reboot automatically on a regular basis, thus
relieving
| administrators from the costly job of having to reboot the
machines manually.
|
| You could say we embraced and extended Blaster-B, which we
now call
| ActiveReboot. The fact that users can't access the patch
in 10 minutes is
| deliberate on our part, since it prevents users from
installing a patch that
| would break ActiveReboot. We always try to stay one step
ahead of customer
| needs and protect them from themselves.
|
| Prosecution: [sarcastically] Have you also embraced and
extended the Sobig
| e-mail Trojan horse?
|
| Microsoft: As a matter of fact, we've taken Sobig and
produced two new products
| from the code. The first, SoFirm, is a privacy-enhancing
feature that uses your
| address book to make outgoing messages appear to others as
if they were sent
| from someone other than yourself.
|
| Our next product, SoFullyPacked, packs your in-box with
thousands of copies of
| the latest version to make it convenient to apply updates
whenever they're
| released. In fact, we use ActiveTrojan technology to make
installation and
| updates so easy that it's almost automatic, which is
another way to reduce cost
| of ownership.
|
| Prosecution: Speaking of cost of ownership, is it true
that your own company
| employs 3,000 administrators for 7,000 servers worldwide?
That's one person for
| every 2.3 servers, isn't it?
|
| Microsoft: Yes, and we're proud of this, since we know
that with every server we
| sell, we're doing our part to reduce unemployment. We like
to think of it as
| "what's good for Microsoft is good for America."
|
| Prosecution: That's admirable, but how can you calculate a
low total cost of
| ownership for Windows with one administrator for every 2.3
servers?
|
| Microsoft: Well, I'm not an accountant, but I think it has
something to do with
| outsourcing. I can call the India office where we did the
study and get a copy
| for you. . . . You look like you are getting a headache,
Mr. Prosecutor.
| Perhaps you'd like to rest your case?
|
| ***
| Nicholas Petreley is a consultant and author in Kansas
City, Mo., and founding
| editor of VarLinux.org. He can be reached at
(e-mail address removed).
|
|
|
| Enjoy,
|
| Joh N.
| --
| People Against Perditta's
Smelly,Myopic,Egotistical,Assinine,Retardation
| (P.A.P.S.M.E.A.R.)
 
J

Joh N.

Jim Macklin, after spending 3 minutes figuring out which end of the pen to use,
wrote:
Funny, but how do you explain the majority of users did not
get the Blaster worm? Did they know something the others
should have known?
Click to expand...

Where did you pull "...the majority of users did not get the Blaster worm"
from? Magic statistics?
It isn't hard to see you're not a laugh a minute at any party. Hell, find a
big bag of humor somewhere and eat it...if the british can have a sense of
humor, maybe you can too.

Joh N.
 
J

Jim Byrd

Well, I didn't intend to turn this into a pissing contest, but it has
started an interesting discussion. Just to follow up - I'm beginning to
think that some of the common assumptions about the relative vulnerabilities
of the two OS families is, to some degree at least, "urban legend" at least
for some classes of systems. I found interesting the following post by
Johannes Niebach in grc.security on 9/11:

"Linux, not Microsoft Windows, remains the most-attacked operating system, a
British security company reports. During August, 67 per cent of all
successful and verifiable digital attacks against on-line servers targeted
Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892
Linux on-line servers running e-business and information sites were
successfully breached in that month, followed by 4,626 Windows servers,
according to the report.

Just 360 - less than 2 per cent - of BSD Unix servers were successfully
breached in August.

The data comes from the London-based mi2g Intelligence Unit, which has been
collecting data on overt digital attacks since 1995 and verifying them. Its
database has tracked more than 280,000 overt digital attacks and 7,900
hacker groups.

Read More
http://makeashorterlink.com/?U2D8420E5"




--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
J

Joh N.

Jim Byrd, after spending 3 minutes figuring out which end of the pen to use,
wrote:
Well, I didn't intend to turn this into a pissing contest, but it has
started an interesting discussion. Just to follow up - I'm beginning to
think that some of the common assumptions about the relative vulnerabilities
of the two OS families is, to some degree at least, "urban legend" at least
for some classes of systems. I found interesting the following post by
Johannes Niebach in grc.security on 9/11:

"Linux, not Microsoft Windows, remains the most-attacked operating system, a
British security company reports. During August, 67 per cent of all
successful and verifiable digital attacks against on-line servers targeted
Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892
Linux on-line servers running e-business and information sites were
successfully breached in that month, followed by 4,626 Windows servers,
according to the report.

Just 360 - less than 2 per cent - of BSD Unix servers were successfully
breached in August.

The data comes from the London-based mi2g Intelligence Unit, which has been
collecting data on overt digital attacks since 1995 and verifying them. Its
database has tracked more than 280,000 overt digital attacks and 7,900
hacker groups.

Read More
http://makeashorterlink.com/?U2D8420E5"
Click to expand...

Saw it the other day. As some of the replies to that post of his say...It's
the 'servers', since Linux is used as a server more than M$, and the same
system security applies to those admins for those servers as any other
OS...keep updated and patched...and of course, many don't. Also, MI2G is a
friggin' joke. Do some research on them and you'll see what I'm talking about.

Joh N.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Important message from Dixons Carphone 1
Best Anti Virus software ? 2
Editorial Why is data protection important? 0
Microsoft HoloLens now available for pre-order in the UK 0
Offer Remote Assistance - stopped working - change RPC? 1
Windows 10 Microsoft updates HELP 5
The Truth Seeker's Audio System 12
Proposal to Keep WinXP Support "Alive" 62

Top