You know those Kernel Updates - Well Read this

Kernel updates are a quite regular event in Linux, but not it seem for that of mentioned OS - M$.

Kernel vulnerability found in Vista | Security - CNET News

snippet:

A flaw in Vista’s networking has been found that can crash the system, but no fix is expected until the next service pack
lol!

and what you miss out is that the service pack is already being beta tested. So it will be released within the next few months.

You also miss out that this flaw can only be exploited once administrative rights are given to a program that wants to exploit it

Thirdly is there really a need for this topic? Do you care about this or is it just another anti microsoft stab?

This is chit-chat - about whatever.

A friendly place to converse about your adventures with openSUSE, your weekend, your boss, your new car, and generally stuff that doesn’t fit somewhere else

So keep your hair on.

First time I’ve heard a complaint about that on a Linux forum…

andrewd18 wrote:
> AlienHealer;1900345 Wrote:
>> Do you care about this or is it just another anti microsoft stab?
>
> First time I’ve heard a complaint about -that- on a Linux forum…

Seems AlienHealer has decided to be Micro$oft’s champion here–tamping down all
discouraging words and ‘negative’ thoughts about them.

Probably on Redmond’s payroll he will not leave us in peace to point out the
ways of that CONVICTED anti-competitive company because of its VERY recent
good deeds done from a VERY SMALL fraction of the bloated profits it gouged from
users around the world, since the '80s.

No he’s just from a land where neve a discouraging word is heard
and never a penalty flag is thrown

  • AlienHealer wrote, On 11/26/2008 05:26 AM:

> Thirdly is there really a need for this topic? Do you care about this
> or is it just another anti microsoft stab?

Actually that’s not a problem: If people here want to talk about Microsoft, they can of course do it.

Uwe

buckesfeld, actually it is a problem when this constant stupidity makes the community look like people who are just full of hate to anything other than linux, it looks bad for the community. And my question stands, is there a need for the post, does he care about microsoft’s kernal, or is it just another anti microsoft post.

John Jones, isn’t it funny the stupid replies people can come up with to support being negative towards a company. So because I am tired of the bs that seems to be a daily thing within the linux community i must work for microsoft. gee, I must work for gnome too since I am against people attacking gnome. Oh wait, I am against people attacking KDE as well, I must work for them too. Hang on, I am against the anti ubuntu posts too, I must work for them too. gezz I better go check my bank account there must be a ton of money in there considering I work for so many different companies.

Is it too much to ask that this community puts out a positive vibe and welcomes people into it, rather than allow the small fraction to post posts that make you look like a negative uninviting place to come to.

And perhaps when you reply you can reply with a consructive comment instead of some stupid mumbo jumbo about working for microsoft

‘Calm down dear’. What’s all the fuss about.

I just suggested that there seemed to be some delay in M$ releasing a fix. And considering the implications of the exploit this did not sound very encouraging:

Microsoft told ZDNet UK " It could not confirm the inclusion of a fix for the problem in the next as-yet-unreleased service pack for Vista, nor give the release date for that service pack.

  • AlienHealer,

see my reply in the suggestions forum.

Uwe

AlienHealer, 1st don’t take this the wrong way I know you want to see positive things said about Linux & that you’d like to see an end to negativity.
So here goes stuff like that kernel update, or lack of one, is one aspect of Windows I don’t miss. MSFT does take their merry time about such serious things, don’t they?
In Linux at least we try to get these things taken care of ASAP.
It may take a few days but as soon as one is had & tested it’s out the door to all users. This testing can be & often is tested by the Coumunity on machines in ways that MSFT doesn’t think. Along the way someone comes up with a workaround to patch a system until a real fix is found.
Isn’t great that we don’t wait until the next service pack, which could take months leaving everyone vulnerable?
It’s not exactly all positive AH but would you classify this post as a start?

Hi Sagemta

it’s not critical, therefore there is no need to rush. It can only be exploited in administration mode, that means that the person has to give permission to a program/website trying to exploit it. I’d say looking at past exploits, if someone did try to exploit it, a patch would be put out, but there does not seem to be the need for such a patch yet. Do you patch something that isn’t critical, do you focus your man hours on what needs to be repaired, or on something that possibly somewhere down the track could be exploited, by which time a fix could already be out.

Linux, Apple, Windows, have a long list of bugs that need fixing that take a long time to fix, and some get pushed into the never get fixed pile.

Recently there was a problem with the linux kernel that was bricking Intel hardware, that was fixed quick, but other bugs are allocated to their severity on how they are fixed, that happens in Windows, Linux, Apple, etc.

AH,
I agree partially. The reason I say partially is because I seem to remember from my windows days that one is in the admin mode by default, even in vista where that warning thing comes up. As such, it would be very easy even for an experienced PC guy to allow this in during “one of those unthinkingly thinking moments.” That IMO means it’s priority should be higher. I know this gets into the area of protecting oneself from themselves, however in my travels I’ve found that sometimes it is necessary. This just hits me as one of them.

Here’s the thing, in Vista you have to give the program access. See it wont pop up the request to give the program admin access. You actually have to right click on a program and select to give it admin rights. So, let’s say a program is written to exploit this. The user is going to have to right click on it and select to give it admin rights.

You’ll be surprised on how many people do actually quickly accept that dialog box without even reading it.

Adrian,
That’s exactly the “unthinkingly thinking” moment I was describing,so focused on getting the app nothing else mattered.

to accept it, you have to request it. You have to physically request a program is given admin rights, you have to right click on it and select to run with admin, then you get the dialog box. It’s not a simply case of a dialog box popping up and people giving it rights, you have to select the program to run with admin rights, by right clicking, then you have to accept the dialog giving it permission

I see, but look at the link posted, this paragraph in particular:

Asked about the severity of the flaw, Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow. However, he also said it was possible–but not yet confirmed–that someone could use a malformed DHCP packet to “take advantage of the exploit without administrative rights.”

Anyway, I agree with you about no doing an anti-M$ campaign in order to support Linux, Linux has merits by his own, but I also think that M$ it’s getting so much hits not because it is M$, but because it represents a anachronic way of doing software, an archaic way of distributing knowledge. Like this one, WE M$ don’t fix it because WE think that is not a prority, you can do nothing about it even if you have the knowledge to do it, oh, and if you disclose this bug, you are an evil hacker.

yes. But vista was their attempt to make it more secure, and sadly the people that didn’t understand that the “annoying” pop ups were improving their security complained. I think Singularity is showing very interesting for a way forward for microsoft. Not sure how windows 7 will go.

btw, I can say many things are possible but not yet confirmed, doesn’t mean they actually work :wink: Chances of it getting past Vista’s ALSR are 1/256. With the ALSR, any person trying to run an exploit will have to guess which address out of 256 is correct, and with ALSR it changes every time your reboot.

and btw, there are vast amounts of linux, apple bugs that do not get fixed because they are not priority as well.

On 11/29/2008 adriandelatabla wrote:
> it’s getting so much hits not because it is M$, but because it
> represents a anachronic way of doing software, an archaic way of
> distributing knowledge.

Given the fact that the vast majority of machines out there is running windows, I wouldn’t call it anachronistic, rather “de facto standard”. Feel free to call the Linux way “avantgarde” though :slight_smile:

Uwe