TechSpot - PC Technology News and Analysis

Microsoft announced on Tuesday that no security patches would be forthcoming this month.

While several new flaws have been announced by researchers, Microsoft said that it is still investigating the issues and doesn't have a patch prepared for December.

Read more: CNet News.

So, which is better, a quick (quick as in Microsoft quick) patch that maybe works on only some systems or a late patch that works 100% you apply after a clean install because some script kiddie nuked your HD while MS was polishing their wormhole plugs?

i still haven't fixed my XP on my work machine after KB828035 crippled it

LoL...

Guess we'll just have to hope that we've got adequate firewalls & such in place, and that noone are very interested in cracking our box...

Status Quo in other words....

On a different note, how does this relate to MS making security top priority? Doesn't this just send a message to crackers that December is the month to exploit machines, since it will not be any patches coming soon?

[EDIT] it would seem vB doesn't like me inserting links manually... Should work now though..[/EDIT]

Has MS & Virus writers declared a truce for Christmas ?

More like MS is on a strategic retreat hoping that if they run away fast enough the bad guys aren't quick enough to come and fill the gap.

Are they just waiting to put all these new fixes in SP2?

If more product flaws are discovered during the holiday season, what about the customers who are going to be affected? Is MS just going to leave them hanging until next year? Somehow, irritating your customer base doesn't work very well...just look at the RIAA

Well there is the other side of that to think about. M$ can pretty much do whatever they want and peopl will still support them because 90% of the population who uses computers, has no idea how to use Linux, or any other OS out there. Even if M$ pisses people off they will still buy their products because it is pretty much the only choice.

While I will agree that MS does play pretty dirty, and they seem to slack off when patching things up, they also are not near as bad as most of you seem to believe they are. As long as MS continues to build an OS that is able to communicate on a network, it will continue to have holes that need to be filled, most of these things weren't even holes till someone decided to figure out a malicious use for it. This would apply to any OS that is used by the majority of the population, just imagine what all would be found in other OSes if they were as widely used as Windows is.
I also believe that a bit of common sense on the part of the user is the best prevention to most of these security holes, as MR. G said.

I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time. I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster.

I agee, however Microsoft does seem to have a new patch every week

Without a doubt, however Im wondering how long its going to be until Microsoft make AV software standard to come with windows. That would be kinda cool and handy [convinent should I say], however at the same time its like MS is just taking another step to domination.

Considering the quality of other "handy" things MS packages with windows, that AV would to more harm than good.

BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc.

You beat me to it...
From what I recall the problem was the the database was outdated by the shipping date, and you had to buy a subscription to update it...

And since it never told you it was outdated (unlike AV's of today which tell you that it's outdated 2 secs after you've updated it, or so it seems) people didn't notice...
They stopped with it around W95 OSR2 iirc...

But if they gave away one which updated itself on a weekly basis, things might be different...

Storm, yes, common sense is the best protection available... Too bad it seems to be in too short supply for most computer users...
(Just can't resist this quote)

But you also bring up a very valid point about how any OS that is able to connect to another machine over a network is susceptible to attacks, no matter who created it... Just look at all the new virii attacking *nix lately..

I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.

I hope youy aren't blaming MS for those problems.
Virii and spyware is not something they can control. The holes that become exploited by some of those things is the only thing MS has an obligation to fix. Beyond that, it is the user's responsibility to use precautions to avoid infestation. This includes(but is not limited to) the use of firewall, properly updated AV software, Spyware removal software(spybot and adaware) as well as a little common sense.

Most security exploits in all desktop operating systems, from XP to 2000 to Linux to MacOS, can be completely prevented via the use of a properly configured hardware firewall. It is our desire for convienance that leads to a lax in security; a $50 investment can protect a slew of PCs in a far superior method than a software patch.

Consider the roots of these operating systems as well. Linux, mimicing UNIX, was designed with security and networking in mind in a multi-user environment. Windows was designed for a single user using no network or closed network.

I agree with StormBringer in that it is primarily up to the user to protect their system and keep themselves up to date.

I think, however, when it comes to updating, Microsoft is on-par with other operating systems. Think RedHats security update or package update management, think Gentoos emerge, think Windows Automatic Updates. It could be a lot worse. (But then again, it could be a lot better!)

Microsoft lied, they just released a new patch

Security Update for Windows XP (KB810217)
Download size: 1.4 MB, < 1 minute
A security issue has been identified in FrontPage Server Extensions. This vulnerability could allow an attacker to run code of their choice on your system. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.

That might have been one that was in the works before December rolled around, and they finally finished it and decided to get it out. I kinda figured they would still release some things.

Also, as it has been said before as much as people rag on M$, it will continue to have problems because unexperienced users ONLY use M$, and if something happens to their system chances are they won't know what to do to fix it, so they are just permanently exploited.

Knowledge is the power you need to prevent.

That may be the same security update that I got last week. I'd have to look to be sure, but I have this machine set to check once a week for updates, last week it found one.

EDIT: This should shed some light on things http://news.com.com/2100-1002_3-5119...l?tag=nefd_top

Well, after reading that piece, it no longer seems so strange the MS decided not to release any new pathces in December...

That they're moving towards a fixed schedule with monthly fixes will make it much easier for most of us to keep our systems (mostly) up-to-date...

Granted, there will be periods where there are known flaws that might affect your system, but now you'll know when the patch is going to be released, instead of signing up to a mailinglist to know when the new patch is going to be released...