Re: PSA: Windows PCs face 'huge' virus threat: 1990 - Present

Mij Adyaw wrote:

Why do these vulnerabilities continue to exist and be exploited in Windoze? If I were Bill Gates, I would have a witch-hunt and find who did not plug these holes and as a result, some heads would role.

In a business culture where time to market is everything why do you expect it to be any different?

This potential exploit has lain unnoticed for nearly two decades. It appears to be a quirky prehistoric interface intended to allow some antique version of pre-multitasking Doze to regain control of WMF print job rendering after an error/abort. That it can be subverted was only noticed very recently.

Maybe there would be less holes in the future.

Or more likely a demoralised depleted workforce. Blame cultures never work to enforce or improve quality. They do the exact opposite, encourage production of CYA documents and the best people will leave first. I have seen enterprises go down this route. It isn't pretty.

Blame free culture exists in aerospace where failures are investigated to establish the root cause and prevent it from happening again. That really does help to avoid future disasters by sharing knowledge of usability, design, engineering or operational failure. And even then the suits spend a huge amount of time with lawyers trying to disguise any corporate liability.

Much as I dislike MickeySofts cavalier attitude to software bugs I don't think there was much they could have done about this one. However, it is lamentable that they haven't moved a bit faster to plug the breach or certify one of the unofficial patches now circulating.

I know of corporate sites still wide open to this vulnerability. And lots of Happy New Year msgs with pictures attached will get opened no matter how many warnings get issued. Users assume that their AV will save them but it may not in this particular instance.

Regards,
Martin Brown

"John Steinberg" <seesig@xxxxxxxxxx> wrote in message news:030120061106446611%seesig@xxxxxxxxxxxxx

Phil Wheeler  wrote:

Odd name for a Virus, John :-) 

Touché, Phil.  8^)

More seriously, this isn't a virus but rather a vulnerability.  An open
door, a hole in the OS that can be exploited through the use of
malicious code, if you will.  In an ever increasingly wired world, OS
exploits become gigundous problems, for all of us.

MS details it more comprehensively here:
http://www.microsoft.com/technet/security/advisory/912840.mspx

.

Relevant Pages

  • Re: Im back, with more senseless ramble on engine building!!
    ... diagonal braces in the form of struts. ... As for positioning the cutter on the case... ... case ALREADY has some holes for pistons? ... CIRCULAR plug, it's rectangular, having one dimension narrow enough to ...
    (rec.autos.makers.vw.aircooled)
  • Re: Tourbillon vs. Farfalle
    ... or less will still work), plug one end with clay and then, just above ... Pack the tube with BP composition with a metal in it - ... Insert a piece of blackmatch through the hole. ... Which is good since the holes are diametrically ...
    (rec.pyrotechnics)
  • Re: 2 beeps, + physical video issue model 60
    ... The middle row appears to have a couple of holes missing, and because of this, my monitor is never going to be able to plug in. ... Take a nail of about the diameter of the VGA connector pins (if it goes into one of the other holes it will be fine), ...
    (comp.sys.ibm.ps2.hardware)
  • Re: tapered plug - UPDATE
    ... holes with the Forstner to accept the head of the carriage bolts I used to ... aforementioned holes. ... The problem I'm runnnig into is that the plug just ... the idea popped into my head that my 1" hole ...
    (rec.woodworking)
  • Re: Im back, with more senseless ramble on engine building!!
    ... I never thought of making a plug to center with. ... I know my engine wont be near perfect. ... diagonal braces in the form of struts. ... case ALREADY has some holes for pistons? ...
    (rec.autos.makers.vw.aircooled)