(O.T.) Microsoft wants to scan your computer.

[John Corliss]

And it's FREE!

http://www.techweb.com/wire/security/174402915

I say, "no thanks!"

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.

 

[Roger G]

And it's FREE!

http://www.techweb.com/wire/security/174402915

I say, "no thanks!"

Why not? Done here.

 

[Guest]

Why not? Done here.

"Whoops. The scanner doesn’t work with your Web browser or operating
system."

Funny the scanner requires you to use a browser with security holes to find
stuff that exploited the holes to get there in the first place.

 

[Daniel Mandic]

-

 

[Morten Skarstad]

http://www.techweb.com/wire/security/174402915

"This issue was originally publicly reported in May as being a stability
issue that caused the browser to close. Since then, new information has been
posted that indicates remote code execution could be possible. Microsoft is
concerned that this new report of a vulnerability in Internet Explorer was
not disclosed responsibly, potentially putting computer users at risk."
http://www.microsoft.com/technet/security/advisory/911302.mspx

Oh my. They knew something was wrong for half a year, but still haven't
pulled their heads out of their asses to fix it. And now it turns out that
their bug can pose a security threat, Microsoft is concerned. Well, _I_ am
concerned that Microsofts grave lack of focus on quality coding is putting
Windows and IE users at risk!

Microsoft has quite a lot to learn about proactive security. Or maybe they
know but just don't care.

I say, "no thanks!"

AOL.

 

[Roger G]

Oh my. They knew something was wrong for half a year, but still haven't
pulled their heads out of their asses to fix it. And now it turns out that
their bug can pose a security threat, Microsoft is concerned. Well, _I_ am
concerned that Microsofts grave lack of focus on quality coding is putting
Windows and IE users at risk!

Well the issue about Bind server out of bound in almost every linux distro
is known since januari (and also a potential security risk) . Yet, last
slackware is distributet with that bind server.

 

[Vrodok the Troll]

On Thu, 1 Dec 2005 17:03:47 +0100, in alt.comp.freeware, "Morten Skarstad"
wrote:

[snip]

Microsoft has quite a lot to learn about proactive security. Or maybe they
know but just don't care.

[snip]

- - - - - - -
Ignorance = didn't know.
Stupidity = knew, but didn't care.
Idiocy = still doesn't know.
- - - - - - -

Given the above criteria, I would have to say Micro$oft could be classified
under *both* Stupidity & Idiocy.

 

[elaich]

Oh my. They knew something was wrong for half a year, but still
haven't pulled their heads out of their asses to fix it. And now it
turns out that their bug can pose a security threat, Microsoft is
concerned. Well, _I_ am concerned that Microsofts grave lack of focus
on quality coding is putting Windows and IE users at risk!

All the people who have posted in this group pointing out that Firefox has
had x number of security exploits, and that's why they use IE instead need
to read this. However, I bet we won't hear a peep out of a single one of
them in this thread. LOL.

 

[Fuzzy Logic]

"This issue was originally publicly reported in May as being a stability
issue that caused the browser to close. Since then, new information has
been posted that indicates remote code execution could be possible.
Microsoft is concerned that this new report of a vulnerability in
Internet Explorer was not disclosed responsibly, potentially putting
computer users at risk."
http://www.microsoft.com/technet/security/advisory/911302.mspx

Oh my. They knew something was wrong for half a year, but still haven't
pulled their heads out of their asses to fix it. And now it turns out
that their bug can pose a security threat, Microsoft is concerned. Well,
_I_ am concerned that Microsofts grave lack of focus on quality coding
is putting Windows and IE users at risk!

Microsoft has quite a lot to learn about proactive security. Or maybe
they know but just don't care.


AOL.

What about this long standing bug with Firefox. Can kill a Mac laptop by
draining the battery:

https://bugzilla.mozilla.org/show_bug.cgi?id=141710

I guess Mac users don't rate:-(

 

[Fuzzy Logic]

All the people who have posted in this group pointing out that Firefox has
had x number of security exploits, and that's why they use IE instead need
to read this. However, I bet we won't hear a peep out of a single one of
them in this thread. LOL.

I use IE (actually Avant) because I prefer it. Security is a process not a
piece of software or hardware. Regardless of what browser you use you are at
risk. The level of risk varies as new vulnerabilities are discovered and
addressed. What's 'safe' today may be totally vulnerable tomorrow.

My advice is find a browser YOU like, keep it up up to date, learn it's
security functions and use them and probably the most important thing is to
practice safe surfing techniques.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

What about this long standing bug with Firefox. Can kill a Mac
laptop by draining the battery:

https://bugzilla.mozilla.org/show_bug.cgi?id=141710

I can't believe you'd bother to bring that up in a discussion of a
remote code execution vulnerability in IE.

 

[John Corliss]

Why not? Done here.

YMVs.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.

 

[Fran]

OK, so IE has bugs. It's nothing new. There's a new free service in town,
shouldn't acf be happy? After all, remember MS antispyware? That turned out
pretty good, didn't it?

 

[Fuzzy Logic]

I can't believe you'd bother to bring that up in a discussion of a
remote code execution vulnerability in IE.

My response was to this:

Oh my. They knew something was wrong for half a year, but still haven't
pulled their heads out of their asses to fix it. And now it turns out
that their bug can pose a security threat, Microsoft is concerned. Well,
_I_ am concerned that Microsofts grave lack of focus on quality coding
is putting Windows and IE users at risk!

I guess a complete battery drain of Mac laptop is not a concern?! Based on
the bug report it appears this problem is at least a year old.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

OK, so IE has bugs. It's nothing new.

When a new remote code execution vulnerability hits, people should
know about it. In the case of this one, the user's choices are
simple: stop using IE (at least until it's patched) or keep using
it and run the risk.

There's a new free service in town, shouldn't acf be happy?

I don't have a problem with the new scanning service, but it would
be much better if they'd fix their software. The "we don't know
what to do about it yet" advisory they put out seems a bit week,
given that they've known about the bug since May (though not about
its severity).

After all, remember MS antispyware? That turned out pretty good,
didn't it?

As long as they're really working to fix their software, I guess it
can't hurt to release tools to help people live with the
insecurities of their current versions.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

My response was to this:

I saw it.

I guess a complete battery drain of Mac laptop is not a concern?!

A minor concern compared to a remote code execution vulnerability. A
Mac Firefox user has to switch themes to stop the CPU usage; an IE
user has to stop using IE to avoid the risk of having his computer
taken over.

Based on the bug report it appears this problem is at least a year
old.

Over three years old.

 

[Fuzzy Logic]

I saw it.


A minor concern compared to a remote code execution vulnerability. A
Mac Firefox user has to switch themes to stop the CPU usage; an IE
user has to stop using IE to avoid the risk of having his computer
taken over.

Entirely false. I continue to use IE (actually Avant an IE shell) and have
even visited sites that attempt to use this flaw. I left unscathed because I
don't rely on one level of defense.

Since security is a process not a piece of software there are many ways to
deal with this issue (use some combination of the following):

Disable active scripting.
Use an anti-virus program that will prevent this (mine does).
Practice safe surfing and avoid malicious sites all together.
Configure IE to put all but trusted sites in the Restricted Zone.

If you are expecting your browser to be your sole line of defense you are
just asking for trouble. Serious flaws will be found and exploited
regardless of the browser you use.

 

[Margrave of Brandenburg]

Since security is a process not a piece of software there are many ways to
deal with this issue (use some combination of the following):

Disable active scripting.

Exactly. This one change provides a tremendous amount of protection.

Practice safe surfing and avoid malicious sites all together.

I wish my idiot brother-in-law would understand this!

Configure IE to put all but trusted sites in the Restricted Zone.

Easy enough. And other people are out there creating "forbidden" lists. For
me ... no effort and no cost.

If you are expecting your browser to be your sole line of defense you are
just asking for trouble. Serious flaws will be found and exploited
regardless of the browser you use.

You mean that you DON'T see this as a PC vs. Mac vs. Linux flame war?

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

Entirely false.

Not entirely -- the part before the semicolon was right.

I continue to use IE (actually Avant an IE shell)
and have even visited sites that attempt to use this flaw. I left
unscathed because I don't rely on one level of defense.

Since security is a process not a piece of software there are many
ways to deal with this issue (use some combination of the
following):

Disable active scripting.
Use an anti-virus program that will prevent this (mine does).
Practice safe surfing and avoid malicious sites all together.
Configure IE to put all but trusted sites in the Restricted Zone.

Thanks for the correction. I didn't chase enough links this time, and
I missed the workaround on non-MS sites. It's a shame MS won't ship IE
with ActiveX turned off, or at least recommend turning it off in their
security advisories.

If you are expecting your browser to be your sole line of defense
you are just asking for trouble. Serious flaws will be found and
exploited regardless of the browser you use.

In general, I agree. I just recommend that an important part of safe
hex should be using browsers that you don't have to worry about and
fiddle with so much.

 

[dszady]

Why not? Done here.

<quote>
Microsoft acknowledged Tuesday that malicious software targeting an
unpatched bug in Internet Explorer is on the loose, and urged users to
run a complete system scan on its new Windows Live Safety Center --
which has a quirk of its own -- to detect and delete the code.

"which has a quirk of its own"
<Sheesh>