Posted on 01/28/2005 6:24:09 PM PST by 1LongTimeLurker
*
A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs.
The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.
The company notified Microsoft of the problem Dec. 22, but it apparently decided not to wait for the software giant to patch the flaws.
Neither Microsoft nor Positive Technologies immediately responded to requests for comment Friday.
After several delays, Microsoft began rolling out SP2 in August of last year, at which time company Chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks."
Do you ever get the feeling that Microsoft doesn't know as much about it's own system and code than these hackers do? If they do know as much as the Hackers they have a serious quality control and supervisory problem. If they don't as much they need to hire these people to help them in securing their obviously porous software.
Maybe if Microsoft weren't so interested in having access to your computer themselves they could prevent others from doing the same thing.
I haven't updated to SP2, i don't know if i will. I use good antivirus and firewall programs on my pc.
I'm waiting for microsoft to prove that they can have a patch that fixes all their problems before i bother installing Sps after Sps.
I updated to the last fix and got all sorts of trouble so I had to uninstall. There is another one waiting for installation and I am reluctant to do it.
better call up bush2000 to defend his employer, bill gates.
Just run a program coded in .Net - DEP is not turned on for .Net programs at all.
Total size of team programming SP2: SEVEN. Even figure they pay these guys a million a year and it took 2 years, that is a lousy $14 million. Meanwhile MS pulls in BILLIONS a year.
That must be fustrating to have an installation not go through smoothly. That's the other reason i was hesistant to even try it because i heard there are issues and some programs don't work after SP2 being installed. I don't blame you for not doing it.
Your right. LOL, i figured as much, computers will be reinvented before microsoft figures out they need to go back to basics. They have the ability to go back to basics and remake windows even better. it doesn't have to be fancy, all we want is good connectivity and program reliablity.
I think you have hit the nail on the head.
Microsoft is like the monkey holding the datenut in the jug. Until the monkey lets go, it will never escape.
Microsoft is trying to keep its back doors open for its future pay every month or your computer will not work system.
Also there are more than enough easter eggs in the microsoft system for those interested in looking. I am sure SOMEBODY here has a few of them.
My next machine will be either Linux based or a Mac, I'm tired of all the patches ,updates and BS that comes with a MS product.
Especially if you are technologically challenged. I will say, however, that everything I have learned about computers I leaned here on FR. I read through all the threads on compter issues, understand maybe 1%, but still pick up tons of information. ;-)
Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off.
The problem with Bill Gates' "Conquer the World" strategy is that there is always another young protege in the wings preparing to take it from him.
Such are the liabilities and travails of being a Sith Lord.
drt1 wrote:
Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off.
* Bullseye, i think you hit the nail right on the head.
ping for later
As usual, there will be an update. I've never had a virus. I just update whenever there is one and use a hub with a firewall. No problem.
I have a hard time believing MSFT only had 7 developers working a major upgrade to, by far, their most important product. Do you have a source for this or are you just some disgruntled Mac-geek talking trash? Seven managers maybe.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.