Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Privilege escalation vulnerability affects Windows Vista SP1, XP

By Scott M. Fulton, III, BetaNews

April 18, 2008, 6:30 PM

It is the type of vulnerability that Microsoft wanted to head off as long as possible, especially since Windows Vista's new kernel was designed to thwart this possibility.

Now, as the company acknowledged in a security bulletin yesterday, a malicious program running as a local or network service can leverage another local or network service running in the same system, to elevate its own privilege and potentially cause damage.

As of early Friday evening, there was no known exploit for this vulnerability, and thus security firm Secunia has given it a "less critical" rating. The nature of Microsoft's report today indicates that it may have been alerted to the problem by a security engineer who discovered a proof of concept, though no credit has yet been given.

It would be a very sophisticated exploit, and if it were tested in the field, the likelihood of it causing damage would appear to be low...unless a separate malicious payload were somehow crafted to ensure the running status of one network service, in order to leverage it to elevate its own privilege, and then use that privilege to execute a second payload. Unfortunately, Microsoft's bulletin admits, SQL Server and Internet Information Services -- two widely used network services -- are among the network services that could conceivably be leveraged in such an attempt.

Even more unfortunate is the news that Windows Server 2008, in the 32-bit and 64-bit as well as Itanium-based editions, are susceptible, as well as Windows Server 2003 SP2 -- server systems where those two network services would most likely be implemented. Windows Vista with Service Pack 1 and Windows XP Professional with Service Pack 2 are also on the list.

Three suggested workarounds for the problem, in a sense, offer more insight into the nature of the problem itself: They all involve IIS 6.0 or 7.0, and instruct administrators to create a worker process identity for application pools to utilize a specially crafted, privileged account -- apparently one that cannot be leveraged. They then suggest that admins disengage the Distributed Transaction Coordinator, which would presumably disable network transactions from services not added to the pool. Microsoft warns that doing this will likely increase system overhead and slow down execution.

Add a Comment (164 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By cescam66

posted Apr 21, 2008 - 7:46 PM

hey pitdingo2 CAN YOU AT LEAST ONCE IN YOUR F U C K I N G LIFE SHUT THE F U C K UP?!! CAN YOU STOP WITH YOUR CHILDNESS PLEASE? PLEASE DUDE GODD AMN MAN CAN YOU GIVE IT A F U C K I N G BREAK??? I THINK THAT BILL GATES F U C K E D YOUR MOM AND THAT'S WHY YOU MAD AT WHATEVER MICROSOFT DOES BUT HEY... I DONT GIVE A F U C K
BESIDES I THINK YOU ARE JUST A 15 YEAR-OLD IN HIS BASEMENT AND YOU ARE SO FAT THAT YOU CANT MOVE FOR S H I T! ARROGANT MOTHERF UCKER... YOU ARE GIVING US, THE LINUX AND MAC COMMUNITY, A BAD LOOK YOU DUMBF UCK..... F U C K YOU MOTHERFUKER

Score: 0

By tscar13

posted Apr 22, 2008 - 9:52 AM

Gee.. thanks for the cap lock, with my poor eyesight , I couldn't of seen the inane comments you made. I guess this is one of those post that does not violate BO's TOS.

One other thing you might trying cutting back on the coffee or speed:)
Otherwise, Have a nice and calm day:)

Score: 0

By PC_Tool

posted Apr 22, 2008 - 8:50 AM

*laughing*

What? Make yourself look like an a** because someone else is making themselves look like an ass?

Yeah...that'll work.

Sniff glue much?

Score: 0

By cescam66

posted Apr 22, 2008 - 7:36 PM

dude no hell no i dont do drugs im just tired of pitdingo and his "$" sign and anti-microsoft campaign... that's all and don't assume things you dont know such as "sniff glue much" ok thank you

Score: 0

By PC_Tool

posted Apr 24, 2008 - 8:42 AM

*laughs*

Re-read your post.

You gave us license to assume anything we want with that baby. :)

Score: 0

By AntiochMedia

posted Apr 21, 2008 - 9:30 AM

Geeze ... sensationalistic article...

I have to hand it to Scott -- he's not really misleading anyone -- it sure does affect XP and Vista ... but as stated, the vulnerability is in IIS 6 and 7 --- it's not in the operating system unless IIS (which does run as administrator and IS supposed to be completely secure) is active.

Most home users don't use IIS, but most servers DO.

And just like apache - a great amount of security is in the hands of the system administrator. The 'workaround' here seems to be reasonable too although I understand that MS did not intend for this to be necessary and yeah, it slows down some things.

So - if anything, this is another tick on the security list comparisons between Apache and IIS in my books...

Score: 0

By tscar13

edited Apr 21, 2008 - 8:59 AM

Def. of Acknowledge- to admit the existence,reality, or truth. Implied in the word is that you are agreeing with a previous statement and , in this case, there is no previous statement. Standard Journalism only uses this word in reference to a statement from another.
By using words in such a way you slant the story to convey a certain viewpoint. BN is very good at that.
One other point, where are the stories that I posted that put Apple in a negative light? Nowhere on BN.

As far as Google, that was just a potshot at Bn..nothing more.

Score: 0

By foxfyre

posted Apr 21, 2008 - 8:44 AM

Listen up folks and become edumacated!

This from the same source as:
"Well according to Apple reps the only security software used on their system is Norton.
Second the core code is based on Unix which was used in the 70's. I had to take classes on this code and Maces were developed during this time. The fluff has changed but the core code hasn't."

Thanks BN! ....always good for a laugh!

Score: 0

By tscar13

edited Apr 21, 2008 - 9:02 AM

I believe you meant educated not "edumacated!"

We do agree that BN is good for a laugh and so are you:)

Have a good day:)

Score: 0

By foxfyre

posted Apr 21, 2008 - 7:08 PM

Considering your nonsensical information, I indeed meant "edumacated".

Thanks for the history lesson. ROFLMAO.

Next time we can laugh at you trying to find Chicago on a map and trying to figure out what continent Mexico is constituent.

Its nice to finally know just who those dysfunctional high school seniors are!

Score: 0

By tscar13

edited Apr 22, 2008 - 10:00 AM

nice attempt at covering your misspelling. I give you an A for effort. Actually, I do suck at geography:)

Have a nice day:)

Oh, and thank you for promoting me from being 13 (not a senior ) to now a senior in high school:)

On a more serious note- I've only seen kids use ROFLMAO. also, "continent Mexico is constituent."- What does this mean? Is this some secret special language ?

Petty soon I might actually be elevated to college...OH... I hope my college essay flies and I know I can come to you for advice on spelling:)

Score: 0

By foxfyre

edited Apr 22, 2008 - 2:19 PM

Mr. Wizard, the word "edumacated" was an intentional misspelling used sarcastically in reference to your nonsensical accounting of computer history and to your conception of various internal UNIX security architectures - none of which are dependent upon Norton anything!

Perhaps you are typing this on your 1970's "Maces" from which you examined the internal UNIX code which was not available for public evaluation between the 1974 and 1978 when you said you did this!

Nor was the original MacOS in Any way dependent upon UNIX. What you have proven is that you haven't a clue about anything that you have posted; nor do you have the capacity to recognizing sarcasm nor the parody implied by your attempt to edumacate us with your expose that is more reminiscent of Fractured Fairy Tales than anything remotely resembling reality.

Score: 0

By tscar13

edited Apr 23, 2008 - 2:10 AM

"Mac OS is the trademarked name for a series of graphical user interface-based operating systems developed by Apple Inc. (formerly Apple Computer, Inc.) for their Macintosh line of computer systems. The Macintosh user experience is credited with popularizing the graphical user interface."

I was wrong and admit it. Maybe that is what Separates myself from others here. MY willingness to acknowledge that I am wrong. But to admit one is wrong requires not having an over-inflated ego.
So Fox, edumacate me on what source code the original Macs used since the original mac os seems to be more of a GUI than a code based OS.

If I am wrong on this than educate me.
Also, the only relation that I made between Norton and a Mac was that a Mac only can use this security software (according to reps) so, if true, this means the OS code won;t allow for better security security software or are you going to argue that Macs don't need security software? If this is the case why then why does reps and sales people mention that you can only use a trash security software like Norton? Or are you going to argue that Norton is a fine piece of security?

Also when I am wrong, I like to do research and try to correct my error. Here's a trip down memory lane which some who used MACs back then might remember:
"One of the Apple ///'s many problems was it's poor ventilation. The heat often caused the logic boards to warp, which resulted in the chips coming loose from the board. It is reported that when one called Apple to report this problem, they actually suggested you pick the computer up and drop it a few inches from the ground. Good old fashioned way of fixing things... nice to hear a story like that when nearly all tech help today is actually no help at all." I would agree that Tech support, in general, is sorely lacking today.

Score: 0

By fewt

posted Apr 22, 2008 - 12:56 PM

If you don't understand what edumacated means then you haven't been properly schooled.

My parents used the term when I was a kid 25 years ago, so it's been around a while.

It's slang for not getting a good education.

Thx.

Score: 0

By tscar13

posted Apr 22, 2008 - 1:30 PM

Well, since I don't tend to use slang and slang was not part of my education, I stand corrected. A good education would seem to not include slang but that's just my opinion.

Have a nice day:)

Score: 0

By fewt

edited Apr 22, 2008 - 1:34 PM

It was a joke, hope you took it that way.

;-)

Score: 0

By tscar13

posted Apr 22, 2008 - 1:37 PM

no problem..I have developed a thick skin..well...sort of. :)

Score: 0

By PC_Tool

edited Apr 22, 2008 - 3:25 PM

Educated where, out of curiosity?

Always amused using slang on those educated in only The King's English (applies to most outside the US).

It amazed me as a teen that the kids my age in Germany spoke fluent English and the most I could do in German was order french fries. :p

...ahhh....but they didn't know a lick of slang. ;)

Score: 0

By PC_Tool

posted Apr 22, 2008 - 1:09 PM

He just needs to watch a few more Simpsons episodes.

Then he'd also know what a saxamaphone is. :p

Score: 0

By tscar13

edited Apr 22, 2008 - 1:33 PM

You're right PC..I'll start watching the Simpsons:)

ok..I'll bite..laughing.. what does saxamaphone mean:)

Score: 0

By PC_Tool

posted Apr 22, 2008 - 3:19 PM

Don't be dense. Think about it for a second:

edu-ma-cation = edu-cation ("ma" removed)

saxa-ma-phone = (Hint, remove the "ma")

Sheesh....

Score: 0

By tscar13

edited Apr 22, 2008 - 6:25 PM

Ahh..thank you and here I thought I might have to get out my secret slang decoder ring:)

and Have a Sheesh evening:) oh wait, that's slang...I get it
Have a good evening:)
I thought that but one can never be sure about slang. or the education level here.

I went to Purdue University...1974-1978. Now what country I came from is my business but I am a U.S. citizen but can't run for President. Me and Arnold. Between his steroid use and Kennedy connection and my ..well...my use of experimental drugs in the early 70's, we would make a pretty good team. I only smoked and I didn't inhale. Oh well.

Score: 0

By tscar13

posted Apr 20, 2008 - 10:48 PM

Just to even the playing field over this Os issue , here is 2 links on Apple. Let the flaming begin:

http://www.news.com/8301-13579_3-9922461-37.html

http://www.news.com/8301...7-37.html?tag=cnetfd.mt

And these are found on a site that tends to be any Os but MS friendly.

Score: 0

By preinterpost

posted Apr 21, 2008 - 10:26 AM

Who cares. There are not too many web SERVERS running Apple OS.

Score: 0

By tscar13

edited Apr 20, 2008 - 7:48 PM

Just proves my point . Thank you. Can you imagine Apple or Linux providers doing the same thing...?uh no.... they would keep their mouth shut like the backdating of stock options Jobs got and Apple didn't report.

Score: 0

By comeoffit

posted Apr 20, 2008 - 7:43 PM

My oh My, when the CEO admits the hype is in the OS pudding, maybe the horses mouth can shed some light on these problems for you//

http://www.channelregist...allmer_vista_incomplete/

Score: 0

By AntiochMedia

posted Apr 21, 2008 - 9:52 AM

I think that Ballmer's comments were pretty well balanced here. I don't think he was "admitting the hype is in the OS pudding" whatever that was supposed to mean.

Ballmer admits that there are good things in Vista and that 5 years didn't go to waste, but that Vista is bigger and that there are unfavorable things associated with it.

Unfortunately, Vista improves on XP, but not always in the right way. My 2c is that the problem is the baggage of backwards compatibility - which is a hallmark of Microsoft and something Apple has been able to shrug off twice in 10 years thanks to a smaller, non-corporate user-base that it was able to convince to buying new versions of software to move forward.

Score: 0

By tscar13

edited Apr 20, 2008 - 7:53 PM

The main thing this article shows is that BO err..BN slants the News:

"It is the type of vulnerability that Microsoft wanted to head off as long as possible, especially since Windows Vista's new kernel was designed to thwart this possibility." Nowhere does the article or any other article quote MS people as saying this only BO.

"Now, as the company acknowledged in a security bulletin yesterday," Using the word "acknowledged" implies that one is agreeing with another statement and this exploit was announced by MS so once again the writers and I using that term loosely has deemed it necessary to try and trash under the guise of "news" a company.

Look at the top and you can see who pays these hack writers salary. Each click sends you god only know where and makes Google money. I especially like the "ads" from Google for Key registration hack sites.

Score: 0

By Gungistoker

posted Apr 20, 2008 - 11:20 PM

Sounds like a newsworthy article to me. And using the term 'acknowledged' is a standard form of journalism to expand on a subject being reported. Whether the reporter agrees or not isn't important. It's an unbiased report, not an Editorial. Nor do I understand what Google has to do with a Windows exploit.

Score: 0

By Anastasia2007

posted Apr 20, 2008 - 2:24 PM

Looks like this news blogger (reporter?) is looking for a rise in traffic to this site. The report reads as if this is a terrible problem.

When in fact, you have to actually get the code running on the local machine (and that machine has to be running IIS, most aren't.)

Relax everyone!

Score: 0

By PC_Tool

posted Apr 20, 2008 - 3:41 PM

Heh...

Oh, man...I hope you brought your flame-proof vest.

Lemme jump in front of that bus for ya:

Hey Dingo and sjc001:

Newsflash: IIS != an OS, or even part of the OS. Aren't you the pathetic losers who are always claiming the Linux vulnerabilities are for all of the apps installed with it??? Hmmm???

...and yet you are more than eager to jump all over Vista and XP for the same issue.

Silly little trolls...

Score: 0

By tscar13

edited Apr 20, 2008 - 8:40 AM

Ok.. this post is more than blah blah..

The one piece that is missing from the equation below is critical mass (for some you can call it market share). If Macs or Linuxs ever achieves a market share even approaching MS than they will show the same vulnerabilities maybe more given the # already.
BUT, at the end of the day-

If you like the mac OS then use it and good for you
If you like Linux then use it and good for you
If you like XP or Vista then use it and good for you.

To think that there is any system that is invulnerable is burying your head in the sand. No system will ever be design that does that. At the end of the day, it is all about market share and whether or not people try and break into your system.
I do think that what everyone needs to realize is a simple fact and that is you need good security and good common sense. Macs need to change their code enough to allow more than a trash security software like a striped down version of Norton. MS needs to continue to work on developing their own security software that is better than what they have now. Linux needs to do the same. At the end of the day though, it is the user that determines whether or not a vulnerability is used by what email they open or what sites they go to (common sense). So use whatever OS you want but realize that none are perfect and you have to have common sense.

Just as a side note- some major companies where I lived have had security breaches and they use LInux. The fact that Apple has to issue security fixes shows that even a code based on a 70's old code is still vulnerable.

Use common sense and these vulnerabilities won't affect you.

Yes I use a certain OS but use anyone you like but understand that no OS is without problems that are compounded by lack of common sense.

Have a nice day:)

Score: 0

By foxfyre

posted Apr 20, 2008 - 8:15 PM

"Ok.. this post is more than blah blah.."

Thanks for the warning. It certainly was!

Someone with such a limited notion of what is involved in secure design from the ground up - and not as as an afterthought should do a bit more listening. Of course, with the plethora of fanboys posting here without a clue regarding OS design - what do you expect?

How do you top such an asinine statment as: "Macs need to change their code enough to allow more than a trash security software like a striped down version of Norton. MS needs to continue to work on developing their own security software that is better than what they have now. Linux needs to do the same."

Score: 0

By tscar13

edited Apr 20, 2008 - 8:43 PM

Oh and O mighty exalted one, if a security watchdog doesn't consider it a Biggie than you must be wrong or do you know something that experts in security don't. Please share with us your insight with Facts not one line statements..
And you have no idea of what my experience may or may not be just as I don't know yours. So, again, if you are in the know, please inform us with Facts.

Score: 0

By tscar13

edited Apr 20, 2008 - 8:34 PM

Well according to Apple reps the only security software used on their system is Norton.
Second the core code is based on Unix which was used in the 70's. I had to take classes on this code and Maces were developed during this time. The fluff has changed but the core code hasn't.

And Saying something is asinine just shows you to be nothing more than a Fan boy or girl.

The core of comment is use whatever OS you want but no system is invulnerable.

Score: 0

By foxfyre

posted Apr 21, 2008 - 8:37 AM

"the only security software used on their system (Macs) is Norton.
Second the core code is based on Unix which was used in the 70's. I had to take classes on this code and Maces were developed during this time. The fluff has changed but the core code hasn't."

You obviously didn't learn much then!

So "Maces" were developed in the 70's... And as UNIX was developed in the 70's (well, at least one was!) - while the "fluff has changed the core code hasn't"

You must be right. The "core code" of the Mac hasn't changed since the "70's". And neither has UNIX.

I guess neither have changed since the 1970's then. What is interesting is that the Mac did not use the UNIX kernel until the release of OSX.

You might want to take a few more classes regarding OS design and security. And take a history class as well!

I am assuming the "13" applies to your age and our luck to be able to learn from your nonsense.

Score: 0

By tscar13

posted Apr 21, 2008 - 9:50 AM

Just proves my point that Macs use the OS kernel talked about. As for into a one line put-down contest with you, I'm not going to do that because there is enough of that already but, in fact, I have retired and went to college 1974-1978. This, of course was back in the days of having to write programs on a card punch machine and then wait for a printout to tell you that you misspelled a line but not give all the mistakes at once. Truly a mind-numbing experience.
I do give Apple credit for producing the 1st user friendly GUI.

Score: 0

By foxfyre

edited Apr 21, 2008 - 7:17 PM

Proves your point? ROFLMAO!

I am glad you studied UNIX code before it was released to the public in the 70's - and one wonders if it would just have been easier to run it on your Mac that was developed in the 70's as well, instead of playing with it on your PDP-7.

One wonders why folks bothered playing with the AppleII's with the Mac just sitting there?

Your revisionist fantasy is fascinating.

Score: 0

By mjm01010101

posted Apr 20, 2008 - 11:44 AM

Applications with wide share don't have to be vulnerable. Look at Apache on Linux, and IIS on Windows, both with very few vulns and very very wide marketshare (IIS now taking over).

Score: 0

By Second Shadow

posted Apr 19, 2008 - 10:33 PM

I hate to ruin this lively discussion with some boring FACTS, but I thought that some of you may find them interesting:

http://skitza.net/imgs/i.../Secunia_wiecrfC2ZC.jpg

As much as I *hate* to admit it, Vista DOES seem to be more secure than XP (and even slightly more than OS X)
Oh, well ...

Score: 0

By pitdingo2

edited Apr 20, 2008 - 6:17 AM

Gotta love M$ employees referencing random pictures on image hosting sites. Why not link to the source?

So you group all OSX versions yet separate XP from Vista. LOL. Gotta love the M$ spin.

Score: 0

By Second Shadow

edited Apr 20, 2008 - 4:08 PM

LOL

If you just knew ...
But, just for the record, I'm clearly NOT a Microsoft employee (nor a supplier, shareholder, or even fanboy, for what it's worth ... :) ) I've been posting on this site for several years and my posts aren't precisely pro-Microsoft

The source of the data is publicly available at www.secunia.com , all I did was consolidate that into one spreadsheet. I invite you to go check my numbers at their website.
The picture is a print screen of the original spreadsheet that is obviously in my PC. Took me 5 minutes to do, plus one minute to upload to the image hosting site, I wasn't going to build a special website for that :)

So go look for yourself at www.secunia.com , and THEN come back to accuse me of some bias

Oh, BTW, it's not ME who groups all OS X versions together, it's Secunia. So you might want to drop them a comment while you're at their website checking numbers.

Score: 0

By pitdingo2

posted Apr 20, 2008 - 7:32 PM

funny how i do not see that data on that link you sent. Care to put a link up to that data?

Score: 0

By Second Shadow

posted Apr 21, 2008 - 5:12 AM

Oh, c'mon, give up already, will you? :D

http://secunia.com/product/22/?task=statistics
http://secunia.com/product/13223/?task=statistics
http://secunia.com/product/96/?task=statistics

Enjoy!

Score: 0

By pitdingo2

edited Apr 21, 2008 - 6:14 AM

Here is the first sentence from those links...

"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

LOL. So we have a M$ Employee spinning numbers again. These guys never learn.

And once again, when you read further...

"It should also be noted that some operating systems (e.g. certain Linux distributions) bundle together a large number of software packages, and are therefore affected by vulnerabilities, which do not affect other operating systems (e.g. Microsoft Windows) that don't bundle together a similar amount of software packages."

LOL. At least they realize some OS's like the typical GNU/Linux distro include tons of software, which in the closed, proprietary, M$ world would cost into the thousands. These numbers include all the issues with all included software.

So really, you could say your numbers show how poor Windows security is. If the Linux numbers include the OS and all the apps which come with a distro, Windows which comes with no apps, has a swiss cheese OS. Not like anyone who does not work for M$ thinks differently.

Score: 0

By Second Shadow

posted Apr 21, 2008 - 11:29 AM

At least you make me laugh.

I know, I know, don't feed the troll ... but it's fun! :D

This is my last cookie for you, so make sure you make it last, ok?

I'm going to treat this as if it still was a serious discussion and reply that:

- I'm not comparing any Linux distributions here, or am I? A comparison with the Linux KERNEL would perhaps be suiting, but I'm not gonna do that. I leave it to you to update the graph with that data ;)
- A comparison between XP and Vista is more than appropriate, given that the 2 OS's come from the same vendor and have a similar amount of bundled software packages. You want to leave Mac OS X outside of this comparison? fine with me, the point still remains. Maybe others find the comparison useful

Again, no more cookies for you, so it's bye, adieu, Lebe wohl, addio, sayonara, chauuuuu ....

Score: 0

By pitdingo2

posted Apr 21, 2008 - 12:59 PM

thread summary:

1) M$ employee/fanboi makes up a chart and includes random links to a reputable site.

2) M$ drone says Windows is more secure based on data

3) On independent investigation, the numbers are cooked. All OSX versions summed, however different versions of Windows are kept separate giving the illusion that Windows has fewer vulnerabilities.

4) independent investigation games the M$ drone by playing the same game, which the drone fails to recognize. Introduces GNU/Linux into the fray with no meaningful data and leads the M$ drone to invalidate his first post.

Thanks M$ drone. That was all to easy.

Score: 0

By terminalx

edited Apr 21, 2008 - 4:02 PM

Its apparent you see Microsoft and disregard any other coherent thought as you proved by your latest rant that has NOTHING to do with what he said.

He stated it SEEMS (it was capitalized so you wouldn't miss it) that Vista is more secure then XP and possibly OSX, that was the discussion.

You per usual went on this tirade of emotions about fanboys and employees without reading (or would that be comprehending) the source material.

Then he sited his source and again you go off on this tirade again without knowing what words mean, SEEMS is a matter of his opinion and observation.

So by looking at DATA ONLY it would APPEAR Vista is more secure then XP and MOST LIKELY OSX.

Hope that makes sense

Your friend,

$Term$

PS: I think the dollar sign look marvelous, what do you think, do we have a winner?

Score: 0

By pitdingo2

posted Apr 21, 2008 - 4:07 PM

ok PC_Tool.

Score: 0

By SGD

posted Apr 22, 2008 - 10:26 AM

Ok Dave

Score: 0

By terminalx

posted Apr 21, 2008 - 6:33 PM

too much to digest, huh?

Its ok I'll use smaller words next time.

Score: 0

By PC_Tool

edited Apr 21, 2008 - 4:43 PM

Nope.

Sorry, man. I haven't used my alt in months. :)

Turns out there are actually quite a few people here who are smarter than you. Not that that's much of an accomplishment....

Score: 0

By PC_Tool

posted Apr 20, 2008 - 10:42 AM

So you group all OSX versions yet separate XP from Vista

You mean, 10.2, 10.3, 10.4, and 10.5? One version, multiple updates.

Would you like us to break Windows versions down by Service Pack as well?

LOL. Gotta love the M$ spin.

No spin, just El Dingo being a complete moron again.

Score: 0

By pitdingo2

posted Apr 20, 2008 - 10:54 AM

Huh? Those are different versions, not patches. Why do you post if you have no idea of what you are talking about? Let me suggest you learn before you post such clueless statements:

http://en.wikipedia.org/wiki/Mac_OS_X

10.5.2 is the current version and patch level, or service pack for all the M$ drones, of Leopard.

10.2 is a different version of the OS
10.3 is a different version of the OS
10.4 is a different version of the OS

Score: 0

By xyzcb1

posted Apr 21, 2008 - 7:58 AM

"10.2 is a different version of the OS
10.3 is a different version of the OS
10.4 is a different version of the OS"

LoL. Gotta love fanboi.

Score: 0

By terminalx

edited Apr 20, 2008 - 8:54 PM

Score: 0

By PC_Tool

posted Apr 20, 2008 - 3:35 PM

*laughs*

You didn't get it.

I'd say I'm shocked, but I pretty much knew that'd go right over your head.

C'mon, Dingo... typing "M$" and calling me names isn't the only form of humor in the world, ya know. :)

Score: 0

By pitdingo2

edited Apr 20, 2008 - 7:34 PM

Oh i got it, and so did everyone else; you have no clue what you are talking about. Not that anyone thought you did anyways.

Where did i call you names?

Score: 0

By terminalx

posted Apr 20, 2008 - 8:54 PM

It was a joke at your expense, so you still don't get it.

Score: 0

By pitdingo2

edited Apr 21, 2008 - 6:05 AM

oops. forget to log in under the right account PC_Tool? LOL.

Score: 0

By morriscox

posted Apr 23, 2008 - 1:38 AM

You're starting to remind me of my sister and she's a kook. Wish someone had the authority to bash your skull in so that you'll stop wasting our time with baseless attacks and lousy arguments. Too bad BetaNews didn't have the foresight to use something with some sort of ignore filter so that we wouldn't have to see your useless fluff posts.

Score: 0

By PC_Tool

posted Apr 21, 2008 - 11:10 AM

Well, at least you amuse yourself...

Score: 0

By fewt

posted Apr 19, 2008 - 11:25 PM

You do realize that your image shows Vista being monitored for 1/3 the number of days the rest of the OSs are right?

You know that invalidates the results right?

Score: 0

By Second Shadow

posted Apr 20, 2008 - 4:04 AM

That's EXACTLY why I added the line "Number of days / Total vulnerabilities" and the line "Number of days / (E+H+M)". You *do* see those lines, right? And you *do* see that, not precisely by chance, those are the lines that are in bold, right?
Let me explain further: what I did was a VERY SIMPLE analysis of Secunia's data that shows how often a new vulnerability of any criticality, and how often a new extremely, highly or moderately critical vulnerability, is found for each of the three OS's

The results show that a new vulnerability of any kind is found every 10 days for Windows XP, every 18 days for Windows Vista and every 17 days for Mac OS. And that a new extremely, highly or moderately critical vulnerability is found every 15 days for windows XP, every 31 days for Windows Vista and every 28 days for Mac OS.

I didn't think that the simple arithmetics involved would be so hard for some to get ...

Score: 0

By Nathanm

posted Apr 20, 2008 - 3:27 AM

Times the number of vulnerabilities for Vista by 3.6647 and you get 109.94. Still less than MacOS. So boo yea nigga.

Score: 0

By fewt

posted Apr 20, 2008 - 8:41 AM

You must have missed my comment below about Vista being much better than XP.

Boo yeah nothing.

Thanks.

Score: 0

By phenomnaruto

posted Apr 19, 2008 - 1:55 PM

Been using Vista since Januray, no major problems at ALL ....

too many trolls in here who get off every time Microsoft finds a flaw and works to fix it.

Score: 0

By mjm01010101

posted Apr 20, 2008 - 11:45 AM

You used Vista after they patched hundreds of flaws. How quaint.

Score: 0

By statm1

posted Apr 21, 2008 - 7:51 PM

Using Vista since RTM (nov 06).. Still no problems on a fairly low end system. Whats your comeback now?

Score: 0

By foxfyre

posted Apr 19, 2008 - 2:35 PM

Sorry fanboy, this one is a BIGGIE!

Score: 0

By terminalx

posted Apr 19, 2008 - 6:44 PM

Except MS is the one that found it and it sounds like there have to be a lot of variables for this to work...

Score: 0

By pitdingo2

posted Apr 20, 2008 - 6:11 AM

I realize you are being instructed to astroturf all the M$ postings here from your cube in Redmond, but sorry a flaw is a flaw.

Score: 0

By terminalx

edited Apr 20, 2008 - 2:08 PM

Here you go your fantastic super OS with no problems

to quote you "a flaw is a flaw"

http://it.slashdot.org/a...pl?sid=08/02/10/2011257

a bit older and has been fixed but its been there for quite some time, I know you'll stammer and come up with some witty comment that includes a $ but just so you know no OS is better then the next they all have their uses...

Score: 0

By terminalx

posted Apr 20, 2008 - 1:53 PM

I realize you negated to read the rest of my post, in order for said vulnerability to occur there are a lot of variables involved to execute it.

If the company that made it found the flaw and said people that try to exploit the many weaknesses in windows doesn't know where it is to do so, how is that astroturfing, really?

Score: 0

By SlapShot

posted Apr 20, 2008 - 9:23 AM

ok apple employee, or is it nintendo employee, can't tell

Score: 0

By pitdingo2

posted Apr 19, 2008 - 12:35 PM

Another day another M$ vulnerability....zzzzzzzzzzzzzz

How about BetaNews only run a story when we can go an entire week without a new M$ Windows vulnerability? Oh wait...there would not be anything to post about. forget that.

Score: 0

By SlapShot

posted Apr 20, 2008 - 9:22 AM

and another useless rant by pit$ingo, go watch blues clues

Score: 0

By PC_Tool

posted Apr 22, 2008 - 8:48 AM

Too depressing, he can never figure out the clues. :p

(He always thinks it's got something to do with MSFT)

Score: 0

By terminalx

edited Apr 22, 2008 - 10:43 AM

Don't you mean M$? :D

Score: 0

By PC_Tool

posted Apr 22, 2008 - 11:43 AM

Nah, I'm not 12 years old anymore. ;)

Score: 0

By SGD

posted Apr 19, 2008 - 5:20 PM

If Apple had any where near the pentration that MS does you would see it the other way. Then again that would spoil the trolls day. Apple gains a little ground and guess what, the expoilt list grows, hum go figure.

Score: 0

By pitdingo2

posted Apr 20, 2008 - 6:09 AM

What does Apple have to do with my post? This is a story about M$ and their swiss cheese OS's.

Score: 0

By preinterpost

posted Apr 21, 2008 - 12:39 PM

Which kind of Swiss cheese? Emmenthaler, which common US plebs refers to as such or any other of the 450 varieties?

Score: 0

By PC_Tool

posted Apr 22, 2008 - 8:47 AM

Wow. I've never met a cheese snob before. ;)

Score: 0

By preinterpost

posted Apr 22, 2008 - 10:47 AM

Should get out more ;)

Score: 0

By PC_Tool

posted Apr 22, 2008 - 12:19 PM

Heh...

No thanks. I've seen the news. :p

Score: 0

By SGD

posted Apr 20, 2008 - 9:50 AM

Because you an apple fan boy and hate everything MS. When MS does something good you find a way to attack. That is what I mean.

Score: 0

By fewt

posted Apr 19, 2008 - 9:05 PM

See, it's easy to make bulls*** claims like this when Windows has never not been a monopoly.

If Linux and MacOS were to gain 33% each it would be interesting.

I'd put my money on them still not having virii. The reason I say that? Microsoft was virus king until they decided to clean up their act.

It really was them..

Score: 0

By SGD

posted Apr 19, 2008 - 10:49 PM

What ever you say there.

If wanted to exploit an OS I would attack the market leader you know the one that has the most units out there. I guess that is really to much for some people to understand.

They may have been found guilty of being a monopoly in the past but guess what? That is the past.

Score: 0

By fewt

posted Apr 19, 2008 - 11:23 PM

You'd get more recognition for hitting something that hasn't been hit than you would something that everyone is already attacking.

One virus in a world of 1,000,000,000 viruses isn't even a fly on the wall in the world of recognition.

Sorry, SGD you are just plain wrong. Windows has gotten a whole lot better than it used to be about security, and that's the ONLY reason it's safer to be a Windows user than it used to be.

Think back to a few years ago, before Bill announced that they were going to stop Vista while they cleaned up XP. Think about those key viruses that prompted Microsoft (yeah, that's right Microsoft) to pause and rethink the market share vs bad code concept. They realized it was all about writing better code, and so they did.

http://technet.microsoft...s/library/bb457151.aspx

http://www.news.com/2100-1001-816880.html

http://redmondmag.com/ne...e.asp?EditorialsID=5168

Unfortunately, they haven't gotten good enough to stop all of them (Vista is light years better than XP though)

http://www.avast.com/eng/viruses_in_the_wild.html
http://www.avast.com/eng/summary_of_virus_rep.html

Guess what, they are still a monopoly they just aren't operating an illegal monopoly anymore.

Again, if you wanted to exploit an OS you would attack the target that would give you the most press. Windows is NOT it.

9 out of 10 viruses are variants of other viruses, guess what that means.. it means it's EASY.

Thanks for playing.

Score: 0

By statm1

posted Apr 21, 2008 - 7:47 PM

Its not about being one virus among a million viruses.. Its about which platform will reek the most havoc. Is it a platform that is only 20% of the market or 80% of the market(I know the percentages are wrong), I believe I'll take the 80% platform.

Score: 0

By fewt

posted Apr 22, 2008 - 8:50 AM

"Its about which platform will reek the most havoc."

AKA easy

Score: 0

By terminalx

posted Apr 22, 2008 - 10:45 AM

But no one would bother with Windows if it has 5% of the marketshare, their would be no point to it. No super Zombie PCs

Score: 0

By fewt

edited Apr 22, 2008 - 2:25 PM

There have been viruses since there has been DOS. There was no substantial "market" then, and the OS was still owned over and over and over and ..

Now that XP is more secure and Vista is out, not so much.

That's enough evidence for me (at least it's enough to support my opinion).

Score: 0

By PC_Tool

posted Apr 22, 2008 - 3:17 PM

There have been viruses since there has been DOS. There was no substantial "market" then,

???

DOS grabbed the majority of the computer using public the moment it was released.

Sure, there weren't as many computers back then, but DOS by far had the majority of them damn near the moment it was released.

Score: 0

By fewt

edited Apr 22, 2008 - 3:24 PM

If you want to call it marketshare. I'd guesstimate the number of users then as being less than Linux now by more than 50%.

That would further support my opinion. :-D

Wonder if I could find a real number.

Hmm

Score: 0

By PC_Tool

posted Apr 24, 2008 - 8:40 AM

Heh...

Best of luck. No internet back then. :p At least, not as we know it.

"It's life, Jim..."

Score: 0