General discussion


Dealing with continuing worm attacks

By debate ·
What do you think about Jonathan Yarden's proposal that Microsoft should distribute Windows service packs on free CD-ROMs? How do you feel about Microsoft's idea to make software updates automatic? Share your comments about dealing with continuing worm attacks, as discussed in the Sept. 8 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Would you defend GM

by JimHM In reply to ho de hum

I hate this analogy - but if your car broke down every two or 3 days or you had to restart it every two or three miles ... I wouldn't want MS software running a heart-lung bypass machine ... would you ... or other critical machine...

Would you defend GM in the same zellot flavor..

Collapse -

Cost is 9.95

by LeoBloom In reply to ho de hum

I dont think they are free. I went to order a CD for Win 2K SP4 and it cost 9.95

Collapse -

While the CD's are free

by HAL 9000 Moderator In reply to Cost is 9.95

There is a $9.95 postage and shipping fee so MS can still say that they provide the CD for free but in actual fact they do cost you money to recieve them.

The only stuff that MS actually sends out for nothing is "Trial" software to get companies, indivules to buy new software thsi is where one of the problems is.

Collapse -


by ccue In reply to ho de hum

automatic updates is a terrible idea. when paying long distance or hotel connection charges, I certainly do not want Microsquash adding to my bill.
I would like a plain vanilla OS that I could selectively add features to that could not interact directly with the OS kernel.

Collapse -

Yes you are quite right that MS

by HAL 9000 Moderator In reply to ho de hum

Make Service Packs available for free but by the time that you actually get them it's too late.

The time taken between MS releasing the service pack and a person actually recieving it is somewhat lengthy. Also by the time that you actually recieve them they are all well past their needed date but they do prove usefull when it comes time to reload as it saves time in downloading all those patches/hot fixes from MS at last count there where over 80 MB for XP Pro and that takes a lot of time on a 56 KBS modem.

You are however correct that it is because of just how popular MS actually is that they are subject to so much attack but by the same token at the recent Windows 2003 release MS told everyone that this was the most "Secure" OS so far and it was built on their "Trustworthy Computing" what they didn't tell anyone was that there was a problen already known about IE6 well before 2003 was released.

Then shortly after its release they came out with at least 5 fixes some of which where described by MS as "Critical." Now for a home user this may be OK but for any business user who relys soly on MS products they have a real problem just think how many MS ISA servers there are out there and all with potential problems that the new beaut ISA can't stop.

Education is the best form of defence but relying soly on MS for this education and defence is leaving yourself wide open for problems. You need to use third party software just to keep things in order from AV to Firewalls in any DMZ of any business butif you do ths you no longer reap the benifits of the MS Software policy and you end up paying more for your software as you no longer have a company wide MS only policy that only good for a 25% discount.

While I take your point about RedHat they aren't the only Linux Distro out there and places like Mandrake and SUSE offer a better service without the need for payment so only relying on US based Software Companies may be your real problem.

Now if only MS had something like the Mandrake Club where for $5.00 US per month you had access to a whole host of software that was available to download for only the cost of membership and your ISP's costs. And just how much of an OS and Software can you buy from MS for $300.00 US when you can get a complete package from Mandrake, SUSE, Lycoris or even Debian which is by far the most stable OS I have ever used now if only it was more user friendly and not at the same stage that Windows was at when they had 3.11. Given time it will get better but it won't happen overnight but here is a perfect example of a Linux Distro not russhing out with the lattest just for the sake of it and not first proving its stability.

The one real outside connection to company networks with the "One Step Connection Process" is that now I not only have to Secure my network but everyone's home computer that has access to the network as this is where the biggest security isues are going to come from latter down the track and while it's a good idea it needs a lot more thought before it is allowed to be impelmented into general pratice.

Collapse -

Home users and Ports

by robwaybro In reply to ho de hum

How many home users do you think use MS SQL? So why should it be open by default?

Also, when was the last time you downloaded an MS update via dialup? I have broadband at work and at home and some of the updates can take several minutes to download. This is at a download speed of 50 - 100 kbs, now try it at 2kbs.

No, MS SHOULD do a much better job at producing their software, not just bloat it as full as possible and send it out as quickly as possible.

Mac and Novell software do not have anywhere near the vulnerability that MS does, and Novell products do have a VERY large customer base.

Making CD updates as readily available as the MSN and AOL CD's is a reasonable request. Granted, they will not be as timely as being able to download them, but for those users who are still on a 56K (or less) connection, this would be a beneficial and practical solution.

As far as Automatic Updates, NO STINKING WAY do I want to be FORCED to install an update from MS. How many of their patches/SP have BROKEN more than they fixed?????

Also, for the IT professional at work with a broadband connection, it should be simplier to get the downloads to distribute within their LAN.

I realize there are several products out that will allow some form of management of patches, but with the number of them that MS has to distribute there should be something availble from MS. I have looked into the SUS, but I am not thus far impressed enough with its functionality to implement it.

Just think of the SAVINGS MS would see if a viable solution was available to the corporate (meaning any size business) environment in bandwidth and server farm costs.

Collapse -

by stephencurtin In reply to Right on the money

Oz is right, I was in the same situation with clients that I support. But Oz try Vmware over Linux. All the features of windows , half the hassle

Collapse -

Actually it's a kinda sorta modified Linux

by Oz_Media In reply to

I startde a Red Hat box about a year ago. It was originally quite buggy but a friend of mine wrote some nice code to give me a workable GUI and it seem to be fine. I haven't rebooted in a while and haven't needed to reinatl since the original install.
I technically run Red Hat Linux (starting base) but as I've been sent scripts and patches from developer friends, I now run a similar idea to Lindows. Looks like Windows, stability like an old Unix.

I think they are releasing a prepacked CD form to some of the schools around town for testing in a larger Network. Who knows, maybe they'll be the next people to get their code stolen by MS!

Collapse -

microsoft patch downloads

by barffalong In reply to Dealing with continuing w ...

I complained about this to microsoft sometime ago, either give a download area where the download can be stored on zip or cdrom, so the customer can have it permanently. It would be a lot better for people if they have to format and reinstall, then go thru the whole routine of downloading all the patches again.

Collapse -

So many questions, so little time...

by dnvrtechgrrl In reply to Dealing with continuing w ...

As long as you are working with Microsoft Windows 2000 SP 3 or higher software platform, Windows updates are now "automatic."
The problem? Slow connection speeds for home users who are unfamiliar with how the process works and critical patches that are newly released are not included. They require a separate download, which can only be done if you are aware you need to install the patch. Find me a basic home user, or a satellite office with no on-site support, and I'll find you a vulnerable machine.

The proposed solution is to offer free cd's readily available for installation at select stores. This too brings up a thousand and one thoughts and questions.

If the product is free, does that automatically mean "rushed?" Windows ME is a perfect example of beating a clock to production. I'd hate to think in haste to get the solution on the market, shoddy programming and unchecked bugs would wreak more havoc. And you have the added problem of patches and fixes coming out multiple times a day. How many times a day are we going to need to run to a store and pick up a cd or three to harden our pc's?

I also have free trade issues with this. Don't get me wrong, I don't exactly qualify as a poster child for a Microsoft world. Though if you buy a car, you do not expect free maintenance on your oil changes, hose replacements or other small duty work. You pay for the car, accept the warranty and the rest is up to you. Why should Microsoft not turn a profit on upgrades the same way the automotive industry turns a profit on maintenance and upkeep?

Answer: One is an industry, one is a single corporation who has a choke hold on the American consumer. I do not apologize for my bluntness. I buy my computer, I have a warranty and product guarantee. I buy hardware or peripherals, many not as expensive as the operating system, I get a warranty and a product guarantee. Yet I do not find these things with the software that turns my computer from being an over-priced paper weight to a functioning machine. Why is that? Why did it take several billion dollars in losses and downtime for accountability to just become an issue?

I see IBM taking on Linux OS as a good thing. Microsoft will now have to compete against the knowlege that another software option is readily available. Linux has been around for quite some time, it's just not been a common thought for most home users. Maybe this is the push Micrsosoft needs to put out a better, more reliable product? We'll have to wait and see.

Until that time, I don't see only one solution to the problem. I think it will take many people, many months to figure out how to reach all areas and abilities of the market.

Related Discussions

Related Forums