When we should learn from history

http://www.prevx.com/blog/167/When-we-should-learn-from-history.html

 

It's an excellent article in my opinion.

As pointed out, Microsoft did provide workarounds... But, what's the real % of Windows users who keep track of such articles?

Reality is, I'd say less than 5%. These 5% are, perhaps, what we call power users/advanced user/geek users... Wouldn't you say so?

What about the other 95% of users who are unaware of this vulnerability/these vulnerabilities They aren't even aware that vulnerabilities exist!!!

Microsoft should be quicker in patching vulnerabilities. This is a joke:

It has got to be a joke, right

 

Hey, Microsoft needs time to properly test updates - remember that their "ecosystem" is very large and diverse: rushing updates for such large and diverse "ecosystem" has the potential of causing other issues or even not fixing the reported issues appropriately.

If the exploits aren't being used widely in the wild, as is the case of the "0-day" described here: you can give Microsoft some more time to fix the underlying issues and relay in the protection of your real-time AV - Microsoft even offers a good one for free, Microsoft Security Essentials.

 

I agree that Microsoft should/must properly test updates, but 17 months

 

All I can say is: Why? I can't understand why not one of those three has been fixed yesterday.

A vuln published on 2010-11-29* fixing until yesterday isn't enough time? An "extremely critical" (secunia rating) vulnerability got to have top priority for the complete MS "ecosystem".
CVE-2010-3971 only affects an application, not the OS itself. If they make a mistake (like with the recent Outlook one) it's not that big of a deal, it's not going to eat your data and blow up the computer. The workarounds have been used for several weeks now, apparently without too much issues. Why can't those be rolled out via automatic updates?

Prevx is way too nice, maybe because they are Gold Certified Microsoft Partner?

Widely used in the wild? That's the criteria now? Tell that those who get hacked and lose trade secrets or worse.
If you ask me, if it's in metasploit it's automatically widely in the wild.

*-http://www.wooyun.org/bugs/wooyun-2010-0885-

 

I don't mind the time it takes MS to test updates so much, as long as they get it right!

 

I agree with Katio. Of course MS needs to test it, but with such severe vulnerabilities they should put more employees on the testing to get the testing done sooner.

 

I find the post content reasonable but the end finishing line doesn't cut it for me...

What started out to be an informational thought-provoking post suddenly turns to the path of advertorial. Look at the heading/title and then read the last line again...it doesn't match. It's understandable marketing-wise but is it really needed, considering that it's already on PrevX blog?

Sometimes, I wish AV vendors can just loosen up a bit and refrain from marketing their product every time they get the chance to. When people see that the intention of the company is more on the side of taking interest in the benefit of the user, it tends to convince and projects an overall better image for the company, even without having to use the word 'free'.

Note that I'm not against PrevX...it's just a suggestion that I want to voice out.

 

Finally patched. Kudos to Marco!
https://www.wilderssecurity.com/showthread.php?t=292635