Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Gates Defends Microsoft Patch Efforts
Patrick Gray, SecurityFocus 2004-06-28

SYDNEY, Australia--Microsoft chairman Bill Gates defended the company's handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs.

Comments Mode:
Gates Defends Microsoft Patch Efforts 2004-06-28
rastapong (1 replies)
Why is it that nobody will say the names of the websites that were/are infected? Shouldnt this be a 'right-to-know' issue?

...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-29
Anonymous
if you use google to search for some of the stuff which was in the malicious javascripts a few sites show up - some of these are discussing the exploit, but some are obviously infected with it.

http://www.google.com/search?q=qxco7&hl=en...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-28
Anonymous (3 replies)
Convincing everyone to turn on automatic updates is not as hard as they make it out to be (but it should be on by default)- the problem is it doesn't really do a whole lot of good if you are still on dial-up.......

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-30
Anonymous
The automatic updates use BITS (Background Intelligent Transfer Service) to download the patches with idle bandwidth.

Granted, it's not a magic bullet for dialup connections, but they will still receive the patches....eventually :)....

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-07-01
Anonymous
Well and you got to think about testing of people who have critical applications. Our corp. has had a couple of instances where MS updates have screwed up our apps. The last time it screwed up one of our (microsoft's) vb controls....

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-07-02
Anonymous
exactly... nevermind the fact that some countries ISPs still make you pay for traffic on broadband and as this is a silent download people are gunna wonder where their traffics going.

Also in the past MS patches have caused irreversable damage to systems and subsequently a LOT of engineers do not...

[ more ]  [ reply ]
Gates Lies 2004-06-29
Daniel Convissor (3 replies)
"the average time to fix on an operating system other than Windows is typically ninety to a hundred days,"

I'd love to know exactly what that absurd statistic means and where it came from. Did it come from the fake "think tanks" MS funds?

All of the major open source OS's I know are very pr...

[ more ]  [ reply ]
Gates Lies 2004-06-29
Alejandro (2 replies)
I completely agree with you, Daniel, open source software is more prone to accurate patches, than any other kind of source. Besides, all the people that work in order to achieve this goal, having the most clean open source software, aren't even paid. So the effert they has no comparison....

[ more ]  [ reply ]
Gates Lies 2004-06-29
morning_wood (1 replies)
IMHO they were prompt in handling of my Advisory. 2 months from notice to patch.

---------------

Microsoft was contacted on March 18th, 2004.

A patch has been

produced to correct the vulnerability. They have issued the

following:

Microsoft Security Bulletin MS04-015

Vulnerability i...

[ more ]  [ reply ]
Gates Lies - good example 2004-07-01
Roger
Nice example, morning.

Yes, two months really isn't too bad for a closed source vendor, and certainly has come down from the bad old days. But it's 30 times worse than BG claims, and of course his *average* has to take into account things like the shatter attack, which MS took something like 5 year...

[ more ]  [ reply ]
Gates Lies 2004-06-29
iago (1 replies)
That is exactly the line that stuck out to me. There is no fact in there whatsoever, and that pretty much makes kills the credibility of the rest of his statements....

[ more ]  [ reply ]
Gates Lies 2004-06-29
Malaclypse (1 replies)
I think he got the average by including ALL non-windows OSes... including CP/M, Commodore OSes, Timex-Sinclair OSes, etc. I imagine that would sway the average toward the 100 day range....

[ more ]  [ reply ]
Gates Lies 2004-06-30
Anonymous
Close, but if you look at his wording carefully, ("on average, on an OS other than windows...") you'll see he's talking about ONE OS. He wants you to assume he means a 'typical' or 'average' non-win OS, but he means on average, this other OS takes longer(which one he doesn't say, of course)....

[ more ]  [ reply ]
Gates Lies 2004-06-30
Anonymous
"the average time to fix on an operating system other than Windows is typically ninety to a hundred days,"

???

Average time to fix a bug in operating system is to find where it is... so look at the advisories... and correct coresponding code... and of course TEST IT...

But when Gates says ...

[ more ]  [ reply ]
Here's an example of an update that successfully runs but leaves log failures 2004-07-04
Anonymous
My updates history at the Windows Updates site shows that the Direct X 9a security update KB839643-DirectX9 successfully updated during automatic updates on three occasions.

On each occasion, the update app gives an error for CleanPFR (0x02), and for SetupGetSourceFileLocation for halacpi.dll (0x...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-29
Anonymous
So in order for us to be secure we need to rely on all the thousands of website admins to patch their systems? Yeah, no thanks. I'll use Firefox. Automatic updates won't help either since they STILL don't have a patch yet....

[ more ]  [ reply ]
MS Is Doing Better 2004-06-29
Anonymous
Linux geeks won't want to admit (hey, I am a Linux fan too) but Microsoft's attitude has changed since last year. I think they generally understand now that there is pressure from other Operating Systems and other browsers, and if they don't act fast they will lost market share. A year ago they we...

[ more ]  [ reply ]
The problem isn't patching... 2004-06-29
Joseph W. Shaw, II (1 replies)
The problem is the continued Microsoft 'innovation' that introduces features that are being exploited. Want to get rid of spyware? Get rid of Active X. Oh wait, you can't disable it completely. You can only have it annoy you every time a page sends an Active-X control. How about Outlook's featu...

[ more ]  [ reply ]
The problem isn't patching... 2004-06-30
Anonymous
You are 100% right. That says a lot about M$ and should make a person really ask them self "Do I wont to trust M$ with my money?". It is really unthinkable that they do some of the things they do when writing code. ...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-30
Anonymous
"Convincing its customers to turn on automatic security updates is one thing Microsoft has to do to make an impact on its users' security, Gates added."

Oh yeah, right. Then the malware simply exploits the automatic security update feature to infect everybody's computers! Another great idea the...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-30
Anonymous
Gates is a fool. Open source software

is better in every possible way.

I suggest mozila browser for those of you

still using IE. I still use IE every once in

a while you can make it stonger by doing this.

Setup active-x and java to ask on every use.

This is not for everyone. Before switching

...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Just Some guy (11 replies)
It truly amazes me how everyone is quick to "jump on the bandwagon" when it comes to anything negative about Microsoft. I guess being one of the best selling OS'es causes that.

As for the "less than 48 hours" statement, when does "Storm Linux" automaticly get it's updates? Oh yea, it doesn't. Ho...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous
>If it weren't one of the most used OS'es on the planet

The problem with this old chestnut is the example of Apache vs. IIS. Popularity doesn't have to mean insecurity. Maybe if we can change it in this case to "If IIS was the most used web server on the planet more work would go into securing it...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous (1 replies)
That is a very short sighted statement.

First of all, Linux is more widely deployed as web, mail and DNS servers for Internet facing services than Windows by a large margin. Check the netcraft page www.netcraft.com if you want to see microsoft's margin share in the webserver market.

http://ne...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-06
Just Some Guy
Well put. And I agree Unix/Linux is and always will be more secure than windows. My point was that if MS had 3-10% of the market share and Linux/Unix had the rest, the focus would not BE on microsoft. Then all we'd hear about are Linux/Unix bugs.

I use all 3, true MS is the most of my knowledge, ...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Wckd
The issue is not automatic updates, its the turn around time for patches. I don't think I need to repeat what has already been said on this.

The reason there are so many 'anti-microsoft' comments, is because of the false/misleading comments made here by Gates.

There are strong arguments (none...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous (2 replies)
I'm afraid you don't know what you are talking about. It is probably bet that you remain with microsoft. Ignorance begets ignorance. They do pach, but if you wright the code right the first time, you will not have to pach it....

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-02
Anonymous
nice spellchecker....

...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-06
Just some guy
Way to go with the intelligent conversation there......

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Marc
"BUT (Big BUT) If it weren't one of the most used OS'es on the planet, and Linux (or BeOS, or any other for that matter) was, we'd begin to see people switch from exploiting windows to exploiting whatever else was popular."

That's true, to a point. Windows is an inherently insecure operating sys...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous
So how it come that pache that is a "market leader" in hist field is considered more secure than iis?...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous
Nice strawman. I always hate the, "because Windows is so big, the poor guys are more of a target". With this same arguement, we should really see far more Apache exploits. After all, it dominates the webserver market. However, you don't. "Big" may mean "more of a target", but still isn't...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-06-30
Anonymous
linux will never be a target on the same scale as windows. you'd be hard pressed to find two people running a gnu/linux system with the exact same userland, but with windows you're fucked because every windows system has IE, outlook, netbois, etc.

with linux, it can take hours to get software wor...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-01
Anonymous (1 replies)
> It truly amazes me how everyone is quick to "jump on the bandwagon" when it comes to anything negative about Microsoft. I guess being one of the best selling OS'es causes that.

Or, it could be because it's so bad...

> As for the "less than 48 hours" statement, when does "Storm Linux" automat...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-04
Anonymous
To me, the only OS that's secure out of the box is openbsd. Just because they take so much time checking for human errors at the time of the development.(which to me is the source) I also think that people like being anti=microsoft, just as europeans like being anti=US(i'm european just in case :)....

[ more ]  [ reply ]
Linux Auto Updates 2004-07-01
Levi Aho
Under Debian Linux, using apt-get and cron, you can automatically install security updates if you want to :P...

[ more ]  [ reply ]
Anti-Microsoft FanBoys 2004-07-04
Anonymous
Actually it isnt that windows is the most common OS that leads to its exploits.

It is because it is the most common OS used at home.

Most people have no clue how to secure their system. So hackers exploit that.

How often is Apache hacked? Dunno, how often is IIS hacked? Dunnno. Most tar...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-06-30
Anonymous
Nobody's "jumping on the bandwagon", we have all been sitting in First Class Coach, feet up, sipping our martinis for the past 10 years....

[ more ]  [ reply ]
48 hours??? Okay, been weeks where are the IE patches? 2004-07-01
Anonymous
48 hours??? Okay, it's been weeks now, where are the IE patches?

Do I need to say more? Why isn't the media asking this same exact question of Redmond.

'nuff said....

[ more ]  [ reply ]
Point of Clarification: Gates Defends Microsoft Patch Efforts 2004-07-01
http-equiv (at) excite (dot) com [email concealed]
I do not agree at all that their patching efforts are getting better.

The question posed was whether I believe that they have the capability to create a patch in 48 hours as the company owner claimed. I do believe that because I have seen it. However they are not using that cabaility rather they...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-07-05
PanzerPsycho (at) yahoo (dot) com [email concealed]
Perhaps, if Microsoft spent some time strengthening their weak operating systems intead of expediting their releases things like this might not be so frequent....

[ more ]  [ reply ]
It's still broken 2004-07-07
Anonymous
Guess, what? It's still broken. For as long as it took them to release a workaround, change the exploit HTML by one line, and voila, IE is still owned.

http://www.securityfocus.com/news/9054

How long before they actually fix it?...

[ more ]  [ reply ]
Gates Defends Microsoft Patch Efforts 2004-07-07
Anonymous
MS is getting better (compared to the past), but they really have to stop with the PR BS.

Everyone is wiser now, we're critical of issues that are raised in the world, and BS'ing users with comments about having the ability to deliver patches in 48 hours is nothing but talk.

If they can deli...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus