Remote flaw found in Vista existed since December 2006

[mechBgon]

Check out the link above your post and you will see the proof.

What link? You mean the YouTube one? Looks like I know more about that one than you do...

I finally understand why you Windows users are so disillusioned. YOU KNOW NOTHING ABOUT SECURITY lol.

And this cockiness is exactly what I was talking about. You feel you're so invicible but yet these things happen.

I happen to be a Microsoft MVP with hundreds of thousands of malware-free machine-hours on Windows systems to my credit. And you are whom again...?

Anyhow, you bring on your big collection of live malware-bearing sites, Quinton McLeod, and I'll be happy to go check them out Yes, with IE7 and stuff. Got any?

 

[stash]

And this cockiness is exactly what I was talking about. You feel you're so invicible but yet these things happen.

I think you're confusing the responses here with those of the stereotypical Mac zealot.

 

[n0cmonkey]

Originally posted by: stash

And this cockiness is exactly what I was talking about. You feel you're so invicible but yet these things happen.

I think you're confusing the responses here with those of the stereotypical Mac zealot.

I own 3 Macs, convinced at least one switcher, and want a couple more. Am I a Mac zealot?

Or am I one of those blind Windows users?

I just wish I knew something about security...

 

[n0cmonkey]

Quinton McLeod, out of curiosity, what do you do for a living?

 

[stash]

I own 3 Macs, convinced at least one switcher, and want a couple more. Am I a Mac zealot?

I knew you would take that the wrong way From what I've seen, you aren't in the RDF.

 

[n0cmonkey]

Originally posted by: stash

I own 3 Macs, convinced at least one switcher, and want a couple more. Am I a Mac zealot?

I knew you would take that the wrong way From what I've seen, you aren't in the RDF.

I was just playing, didn't take it the wrong way at all.

I'll be back in the RDF when 10.5 comes out. For about 2 months.

 

[Quinton McLeod]

Originally posted by: n0cmonkey

Originally posted by: Quinton McLeod
Tell me n0cMonkey. How many of those *nix vulnerabilities have actually been exploited?
This ani "exploit" has been around since February. Here it is, the end of March, and it has not been patched until recently.
Hackers all over the place are abusing this vulnerability like nobody's business.

You didn't ask for things that have been exploited a lot, you asked for vulnerabilities. You want to talk about ****** open source stuff? Let's talk the pile that is PHP.

I didn't ask for anything. I'm not even talking about Open Source stuff either. So, you're arguing a moot point.

As far as the Apple thing. From what I understand, those two guys have been bickering and fighting about a vulnerability that more or less does or does not exist. The rest of Apple and the world have yet to validate the claims both of them are making on their blogs.

It does exist, and plenty of info has been released including information on the black bag job Apple's PR group did.

Ok...

You also have not been able to find any vulnerabilities that have not been patched yet.

Yes, I did. I ****** the links, but you're a big boy you can figure it out (I sure as hell can't edit it :|).

First of all, you didn't. Second, that is a vulnerability for a program for OS 10. What is this supposed to tell me?

I'm not arguing that OSes can't get vulnerabilities, but I'll tell you this, Microsoft was touting that Vista was more secure than Linux. I look at this news and just laugh.

Microsoft has come a long way. They deserve credit for the work they've done, regardless of the marketing team. Apple on the other hand...

It is true that Microsoft has come a long way. However, they are nowhere near as secure as Linux. To say they are more secure is a joke.

 

[Quinton McLeod]

Originally posted by: n0cmonkey
Quinton McLeod, out of curiosity, what do you do for a living?

I'm a computer repair technician

 

[RebateMonger]

Originally posted by: Quinton McLeod
It is true that Microsoft has come a long way. However, they are nowhere near as secure as Linux. To say they are more secure is a joke.

Ah. How soon we forget stuff like last year's: Debian locks out OS developers after Debian developers' server is hacked.

"The developer said the attacker then used a recently discovered vulnerability in the Linux kernel to gain root--or admin--access on the server."

"The security breach is not the first for the Debian project. In November 2003, several of Debian's servers were similarly compromised and pulled offline."

All software developers make mistakes. Including Windows, MAC, and Linux. The only claim from Microsoft that I'm aware of is that "Vista is the most secure version of Windows, ever".

 

[Aluvus]

Originally posted by: Quinton McLeod
I finally understand why you Windows users are so disillusioned.

You keep using that word. I don't think it means what you think it means.

 

[KeypoX]

Originally posted by: Quinton McLeod

Originally posted by: fyleow
If you prefer to run Firefox instead of Internet Explorer but want protected mode you still can. Firefox defaults to a medium integrity level but you can set it so it runs at low. That should protect you from attacks like these.

More info from Joanna Rutkowska's blog here

Basically:

If you don?t like surfing using IE, you can very easily setup your Firefox (or other browser of your choice) to run as Low integrity process (here we assume that Firefox user?s profile is in j:\config\firefox-profile):

C:\Program Files\Mozilla Firefox>icacls firefox.exe /setintegritylevel low
J:\config>icacls firefox-profile /setintegritylevel (OI)(CI)low

True, but Firefox isn't a Windows only application. IE7 is.

you are such a i love you dude.... every os has problems ... windows has the most cause it has the most users ...

also you act like everyone is fighting for windows the majority only use it cause it comes with your computer and is user friendly. Also is the main OS that software is designed for including games. You cannot play games very well in Linux or Mac. I have no allegiance to windows, hell i would love a free OS, if Linux or mac was better i would use it..... alas it is not!

Maybe less secure maybe more viruses, but that once again comes with the territory or being the most used OS. I hope your not stupid enough to believe that Ubuntu Linux Edgy 6.10 was as popular as windows it wouldnt have problems popping up. Though if it was the most used you wouldnt use it now would you? Oh the feeling of being a teenager i really miss it

 

[Quinton McLeod]

Originally posted by: RebateMonger

Originally posted by: Quinton McLeod
It is true that Microsoft has come a long way. However, they are nowhere near as secure as Linux. To say they are more secure is a joke.

Ah. How soon we forget stuff like last year's: Debian locks out OS developers after Debian developers' server is hacked.

"The developer said the attacker then used a recently discovered vulnerability in the Linux kernel to gain root--or admin--access on the server."

"The security breach is not the first for the Debian project. In November 2003, several of Debian's servers were similarly compromised and pulled offline."

All software developers make mistakes. Including Windows, MAC, and Linux. The only claim from Microsoft that I'm aware of is that "Vista is the most secure version of Windows, ever".

You really need to read the stuff you're using in your defense.
One of the Developer accounts were compromised. The system was not. If the hacker has access to the server by legit means (valid username and password), then the security of the OS goes right out the window since the server assumes the person logging in is legit. That is exactly what happened last year. It had nothing to do with a remote vulnerability that the Windows XP of last year (and Vista now) was plagued with.

 

[Quinton McLeod]

Originally posted by: KeypoX

Originally posted by: Quinton McLeod

Originally posted by: fyleow
If you prefer to run Firefox instead of Internet Explorer but want protected mode you still can. Firefox defaults to a medium integrity level but you can set it so it runs at low. That should protect you from attacks like these.

More info from Joanna Rutkowska's blog here

Basically:

If you don?t like surfing using IE, you can very easily setup your Firefox (or other browser of your choice) to run as Low integrity process (here we assume that Firefox user?s profile is in j:\config\firefox-profile):

C:\Program Files\Mozilla Firefox>icacls firefox.exe /setintegritylevel low
J:\config>icacls firefox-profile /setintegritylevel (OI)(CI)low

True, but Firefox isn't a Windows only application. IE7 is.

you are such a i love you dude.... every os has problems ... windows has the most cause it has the most users ...

also you act like everyone is fighting for windows the majority only use it cause it comes with your computer and is user friendly. Also is the main OS that software is designed for including games. You cannot play games very well in Linux or Mac. I have no allegiance to windows, hell i would love a free OS, if Linux or mac was better i would use it..... alas it is not!

Maybe less secure maybe more viruses, but that once again comes with the territory or being the most used OS. I hope your not stupid enough to believe that Ubuntu Linux Edgy 6.10 was as popular as windows it wouldnt have problems popping up. Though if it was the most used you wouldnt use it now would you? Oh the feeling of being a teenager i really miss it

This is simply not true and has been proved a thousand times before. Don't make me pull the IIS vs. Apache example out.

Windows is attacked more because it wasn't originally built with security in mind. Microsoft bypassed security for user convenience. What happened thereafter was the creation of millions of viruses and vulnerabilities.

Games run very very well in Linux and on the Macintosh. For example, Quake 4, Unreal Tournament, Doom 3 and Prey all run extremely fast in Linux. World of Warcraft runs perfectly under the Macintosh. So, you honestly have no idea what you're talking about in this area.

If Ubuntu Linux was as widely used as Windows, I doubt it would be plagued with viruses and vulnerabilities as bad as Windows is.

 

[Nothinman]

I never said I was l33t. However, you have no proof that windows users don't deny their problems. In fact, you had to result to bashing me because you couldn't find enough information to support your original claim.

Oh please, your entire first post (not counting the pasted crap from your "sources") is misinformation and Windows user "bashing".

You really need to read the stuff you're using in your defense.
One of the Developer accounts were compromised. The system was not. If the hacker has access to the server by legit means (valid username and password), then the security of the OS goes right out the window since the server assumes the person logging in is legit. That is exactly what happened last year. It had nothing to do with a remote vulnerability that the Windows XP of last year (and Vista now) was plagued with.

No, it's you who needs to read and comprehend. Yes, they found a weak password to get access to a shell account but that doesn't mean the they automatically own the box. From there they used a Linux kernel exploit to take over the box. It's on par with the .ani exploit because in both cases they have to find some way to get onto the system to attack it, in the Debian case it was a weak password and in the .ani case it's getting you to visit a malicious webpage or read a malicious email. Neither is 100% automatic.

Looks like Microsoft even admitted that this vulnerability is on the rise as more hackers are deciding to use it.

That means absolutely nothing, there's a ton of "hackers" out there that still run bots using years old IIS and SQL Server exploits.

You cannot play games very well in Linux or Mac.

Actually you can, the only reason that more games aren't ported to Linux or OS X is because most developers like DirectX. id has proven multiple times that it's possible to write extremely good, highly portable games but most developers aren't willing to put forth the little bit of extra effort or to trade OpenGL/SDL for DirectX. And with the extreme low quality of games coming out of companies like EQ and THQ I can't say I blame them, they can't even support what they're doing currently so changing their methods would only make things worse for them.

This is simply not true and has been proved a thousand times before. Don't make me pull the IIS vs. Apache example out.

But can you come up with another example? And have you looked at IIS lately? IIS 6.x only has 3 exploits listed on Secunia and all are patched but Apache 2.2 has 3 with 1 remotely exploitable one not patched yet. And Apache 2.0 has 33 with 3 not patched vs IIS 5.x only having 14 total with 2 unpatched.

If Ubuntu Linux was as widely used as Windows, I doubt it would be plagued with viruses and vulnerabilities as bad as Windows is.

Be careful what you wish for, especially since it's obvious that you have no real understand about what you're talking.

 

[nerp]

Wow linux is bug free! Amazing!

Anyone else find fanboyism boring?

 

[Pabster]

Originally posted by: Quinton McLeod
You also have not been able to find any vulnerabilities that have not been patched yet. I'm not arguing that OSes can't get vulnerabilities, but I'll tell you this, Microsoft was touting that Vista was more secure than Linux. I look at this news and just laugh.

Be realistic here. Vista already has more market share than all Linux distributions combined. Security through obscurity.

The mere fact that it has taken 6 months to discover a vulnerability is a testament to how great Vista is. When you consider hackers have been pouring over it for over 6 months looking for exploits. AND when you consider how many people are using Vista.

PS drop your trolling. You prefer Ubuntu? Great. Start a thread about it.

 

[n0cmonkey]

Originally posted by: Quinton McLeod
I didn't ask for anything. I'm not even talking about Open Source stuff either. So, you're arguing a moot point.

Name one single remote vulnerability that has not been patched on any *nix that is still supported today.

You did. I did.

First of all, you didn't. Second, that is a vulnerability for a program for OS 10. What is this supposed to tell me?

What is OS X? It's the applications and the kernel. That is one of the applications that comes with OS X. It's part of OS X. It's a remote vulnerability in OS X. tada!

It is true that Microsoft has come a long way. However, they are nowhere near as secure as Linux. To say they are more secure is a joke.

To assume that they're not is also a joke. The security world changes hourly.

EDIT: Fixed formatting.

 

[n0cmonkey]

Originally posted by: Quinton McLeod

Originally posted by: n0cmonkey
Quinton McLeod, out of curiosity, what do you do for a living?

I'm a computer repair technician

That explains a lot. Thanks.

 

[n0cmonkey]

Originally posted by: Quinton McLeod
This is simply not true and has been proved a thousand times before. Don't make me pull the IIS vs. Apache example out.

Do it. IIS6 vs. Apache 2.0.

 

[Pabster]

Originally posted by: n0cmonkey
Do it. IIS6 vs. Apache 2.0.

This is gonna be fun

 

[Kappo]

Anyone else find Quentin's comments on disillusioned and cocky windows ironic?

Let's let the little child have his newfound fun as a noob linux user.

 

[Tegeril]

Man, I come to these threads just to watch Nothinman walk all over Quinton left and right.

I've said it before, but I'll never understand why people who are unanimously unliked by a community remain in that community.

 

[mechBgon]

I've said it before, but I'll never understand why people who are unanimously unliked by a community remain in that community.

It's actually reverse psychology. QM probably works for Microsoft, and is trying to build community respect for Vista by playing the role of a poorly-informed FUD-slinging Windows-hater.




(...hey, it's working, isn't it? )

 

[stash]

Originally posted by: mechBgon

I've said it before, but I'll never understand why people who are unanimously unliked by a community remain in that community.

It's actually reverse psychology. QM probably works for Microsoft, and is trying to build community respect for Vista by playing the role of a poorly-informed FUD-slinging Windows-hater.




(...hey, it's working, isn't it? )

Hmm, there's an idea...

 

[RebateMonger]

I'm betting that QM is actually Bill Gates himself. Brilliant!