another major security hole in windows found

[cka]

http://story.news.yahoo.com/news?tmp...crosoft_flaw_2

It's things like this that make me hate Microsoft... (and that includes the xbox!)

[JMET]

And your running server 2003 right?

Windows will never be secure while under the worlds biggest magnified glass.

Linux and OS X would be lowered allot under the same scrutiny...

[cka]

They are, but the thing is that they have patches almost immediately after exploits are found. The problem with MS is that they sit on errors until they become well-known before offering some half-assed duct tape fix. And at least with Linux or OSX, you have the capability to actually do something about the problem from the get-go rather than twiddling your thumbs waiting for windowsupdate to tell you that your shit is full of holes...

And why single out Server 2003? The article claims the exploit can be used on any version of Windows that has RPC, which goes back to NT/2000.

[JMET]

Another article I read only stated 2k3...

The reason why I asked is this is a dumb reason to hate on the XBOX....

[DArque Bishop]

Originally posted by JMET
Windows will never be secure while under the worlds biggest magnified glass.

Linux and OS X would be lowered allot under the same scrutiny...

That argument is a bit of a fallacy, in that while Microsoft holds a monopoly in the desktop market, the server market is another matter entirely.

For example, the most popular web server software in the world is Apache. It runs on more webservers than any other webserver software combined, according to Netcraft. You'd think there'd be nasty uber-worms and hacks affecting Apache machines. Instead, it's MS's IIS webserver software that causes the most havoc. Code Red and Nimda only affect IIS. (Just as an aside, I have a utility called Early Bird installed on my own Linux & Apache-based webserver which looks out for IIS worms. Since February, there've been something like 700-800 attempts at infection from all over the net.)

Also, remember that SQL Slammer worm that brought the net to its knees a few months ago? Microsoft hardly has a monopoly in the database server market either... Oracle, IBM's DB2, and even free packages like MySQL and PostgreSQL have a nice chunk of the market too. However, SQL Slammer only affected servers running MS SQL Server. A lot of those who were infected really can't be blamed, as A) the hotfix which corrected the problem was a long and involved process... which is much less of an excuse than B) a later patch MS released completely reversed the hotfix's changes and made the software vulnerable again. There's something seriously wrong when a patch actually undoes an earlier fix.

Microsoft's problem isn't that so many eyes are looking at it. Its problem is that security wasn't part of the original process, but an afterthought, and they're having to play catchup (hence the Trustworthy Computing campaign et al).

Just my $.02...

[Kidnemo]

*edit*

Nevermind

[JMET]

No go ahead and chime in.

[Wolffen]

Another thing that was nasty about the SQL Slammer is that the MSDE 2000 engine was affected as well. MSDE is basically a very slim version of SQL 2000, and a lot of developers have started including it with their applications (part of the .NET platform and whatnot). This means there is the potential for an end user to be running a SQL database vunerable to the worm (or future iterations) and not really knowing it.

Anyway, as has been mentioned, this vunerability applies to NT 4, NT 4 Terminal Server, Win2K Pro and Server, WinXP (32 and 64 bit versions), and Windows 2003 (32 and 64 bit versions).

Things like this are why I'm looking at migrating my company's desktops to Linux whenever possible, as well as migrating servers to Unix or Linux as well. Samsung Contact is starting to look like a nice alternative to Exchange right now.