When we should learn from history

Discussion in 'other security issues & news' started by Repne movsb, Jan 12, 2011.

Thread Status:
Not open for further replies.
  1. Repne movsb

    Repne movsb Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    13
    http://www.prevx.com/blog/167/When-we-should-learn-from-history.html
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's an excellent article in my opinion.

    As pointed out, Microsoft did provide workarounds... But, what's the real % of Windows users who keep track of such articles?

    Reality is, I'd say less than 5%. These 5% are, perhaps, what we call power users/advanced user/geek users... Wouldn't you say so?

    What about the other 95% of users who are unaware of this vulnerability/these vulnerabilities o_O They aren't even aware that vulnerabilities exist!!!

    Microsoft should be quicker in patching vulnerabilities. This is a joke:

    It has got to be a joke, right o_O
     
  3. guest

    guest Guest

    Hey, Microsoft needs time to properly test updates - remember that their "ecosystem" is very large and diverse: rushing updates for such large and diverse "ecosystem" has the potential of causing other issues or even not fixing the reported issues appropriately.

    If the exploits aren't being used widely in the wild, as is the case of the "0-day" described here: you can give Microsoft some more time to fix the underlying issues and relay in the protection of your real-time AV - Microsoft even offers a good one for free, Microsoft Security Essentials.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I agree that Microsoft should/must properly test updates, but 17 months o_O

     
  5. katio

    katio Guest

    All I can say is: Why? I can't understand why not one of those three has been fixed yesterday.

    A vuln published on 2010-11-29* fixing until yesterday isn't enough time? An "extremely critical" (secunia rating) vulnerability got to have top priority for the complete MS "ecosystem".
    CVE-2010-3971 only affects an application, not the OS itself. If they make a mistake (like with the recent Outlook one) it's not that big of a deal, it's not going to eat your data and blow up the computer. The workarounds have been used for several weeks now, apparently without too much issues. Why can't those be rolled out via automatic updates?

    Prevx is way too nice, maybe because they are Gold Certified Microsoft Partner? :mad:

    Widely used in the wild? That's the criteria now? Tell that those who get hacked and lose trade secrets or worse.
    If you ask me, if it's in metasploit it's automatically widely in the wild.

    *-http://www.wooyun.org/bugs/wooyun-2010-0885-
     
    Last edited by a moderator: Jan 12, 2011
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,529
    Location:
    Lloegyr
    I don't mind the time it takes MS to test updates so much, as long as they get it right!
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,119
    Location:
    Outer space
    I agree with Katio. Of course MS needs to test it, but with such severe vulnerabilities they should put more employees on the testing to get the testing done sooner.
     
  8. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,779
    I find the post content reasonable but the end finishing line doesn't cut it for me...

    What started out to be an informational thought-provoking post suddenly turns to the path of advertorial. Look at the heading/title and then read the last line again...it doesn't match. It's understandable marketing-wise but is it really needed, considering that it's already on PrevX blog?

    Sometimes, I wish AV vendors can just loosen up a bit and refrain from marketing their product every time they get the chance to. When people see that the intention of the company is more on the side of taking interest in the benefit of the user, it tends to convince and projects an overall better image for the company, even without having to use the word 'free'.

    Note that I'm not against PrevX...it's just a suggestion that I want to voice out. :)
     
  9. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.