Text 11448, 244 rader
Skriven 2006-06-09 19:59:50 av Rich (1:379/45)
Kommentar till text 11446 av Rich Gauszka (1:379/45)
Ärende: Re: Are Windows 9x Explorer users toast security wise?
==============================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_032D_01C68BFF.44FC61F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The article's author's statement is garbage and not supported by the =
supposed quote or by the published Microsoft bulletin. If you want = accurate
information, look to the bulletin at the URL I provided.
Rich
"Rich Gauszka" <gauszka@hotmail.com> wrote in message =
news:448a2d7b@w3.nls.net...
My original subject line said "Are W2k Explorer users toast security =
wise?" . Do you disagree with Christopher Budd or do you think he was =
misquoted by pcworld about 2k and it's security vulnerability and the =
extensive reengineering of a critical core components that would be = needed?
It's the 'extensive reengineering' quote that got my attention
I would bet a good many people that have home networks have port 139 =
open for file and print sharing. Just issuing a blurb to close it seems = a bit
pointless. I also doubt any of those people that are on 98 will = invest in a
perimeter firewall.=20
I would say they are all zombie/trojan candidates but I can't talk =
about them anymore as I am inficted with the wga 'phone home' trojan=20
=20
"Rich" <@> wrote in message news:448a28f2$1@w3.nls.net...
What nonsense! Windows 2000 was updated in the original release =
of http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx. = Windows
9x is not being updated. From the bulletin
If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), =
and Microsoft Windows Millennium Edition (ME) are listed as an affected =
product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements =
were made to the underlying architecture of Windows Explorer. The = Microsoft
Windows 98, Microsoft Windows 98 Second Edition (SE), and = Microsoft Windows
Millennium Edition (ME) Windows Explorer architecture = is much less robust
than the more recent Windows architectures. Due to = these fundamental
differences, after extensive investigation, Microsoft = has found that it is
not feasible to make the extensive changes = necessary to Windows Explorer on
Microsoft Windows 98, Microsoft Windows = 98 Second Edition (SE), and Microsoft
Windows Millennium Edition (ME) to = eliminate the vulnerability. To do so
would require reengineer a = significant amount of a critical core component of
the operating system. = After such a reengineering effort, there would be no
assurance that = applications designed to run on these platforms would continue
to = operate on the updated system.
Microsoft strongly recommends that customers still using Microsoft =
Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft = Windows
Millennium Edition (ME) protect those systems by placing them = behind a
perimeter firewall which is filtering traffic on TCP Port 139. = Such a
firewall will block attacks attempting to exploit this = vulnerability from
outside of the firewall, as discussed in the = workarounds section below.
Rich
"Rich Gauszka" <gauszka@hotmail.com> wrote in message =
news:4489d02a@w3.nls.net...
http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041
Microsoft said it wasn't feasible to make extensive changes to =
Windows=20
Explorer to eliminate a security vulnerability since the =
underlying=20
architecture of Windows 2000 is much less robust, wrote =
Christopher Budd, a=20
program manager with Microsoft's security response center.
"Due to these fundamental differences, these changes would require =
reengineering a significant amount of a critical core component of =
the=20
operating system," Budd said.
As a result, applications may not run on the updated system, he =
said.
------=_NextPart_000_032D_01C68BFF.44FC61F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2873" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> The article's author's =
statement is=20
garbage and not supported by the supposed quote or by the published =
Microsoft=20
bulletin. If you want accurate information, look to = the bulletin
at=20
the URL I provided.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich Gauszka" <<A=20
href=3D"mailto:gauszka@hotmail.com">gauszka@hotmail.com</A>> wrote =
in message=20
<A =
href=3D"news:448a2d7b@w3.nls.net">news:448a2d7b@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>My original subject line said =
"<FONT=20
size=3D2>Are W2k Explorer users toast security wise?" </FONT>. Do =
you=20
disagree with Christopher Budd or do you think he was misquoted =
by=20
pcworld about 2k and it's security vulnerability and the extensive =
<FONT=20
face=3D"Times New Roman" size=3D3>reengineering of a critical =
core components=20
that would be needed?</FONT></FONT></DIV>
<DIV>It's the 'extensive reengineering' quote that got my =
attention</DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would bet a good many people that =
have home=20
networks have port 139 open for file and print sharing. Just =
issuing a=20
blurb to close it seems a bit pointless. I also doubt any of those =
people that=20
are on 98 will invest in a perimeter firewall. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would say they are all =
zombie/trojan candidates=20
but I can't talk about them anymore as I am inficted with the wga =
'phone home'=20
trojan </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:448a28f2$1@w3.nls.net">news:448a28f2$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> What nonsense! =
Windows 2000=20
was updated in the original release of <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx</A>.&nb=
sp;=20
Windows 9x is not being updated. From the =
bulletin</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV><STRONG>If Microsoft Windows 98, Microsoft Windows 98 Second =
Edition=20
(SE), and Microsoft Windows Millennium Edition (ME) are listed as =
an=20
affected product, why is Microsoft not issuing security updates =
for=20
them?<BR></STRONG>During the development of Windows 2000, =
significant=20
enhancements were made to the underlying architecture of Windows =
Explorer.=20
The Microsoft Windows 98, Microsoft Windows 98 Second Edition =
(SE), and=20
Microsoft Windows Millennium Edition (ME) Windows Explorer =
architecture is=20
much less robust than the more recent Windows architectures. Due =
to these=20
fundamental differences, after extensive investigation, Microsoft =
has=20
found that it is not feasible to make the extensive changes =
necessary to=20
Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 =
Second=20
Edition (SE), and Microsoft Windows Millennium Edition (ME) to =
eliminate=20
the vulnerability. To do so would require reengineer a significant =
amount=20
of a critical core component of the operating system. After such a =
reengineering effort, there would be no assurance that =
applications=20
designed to run on these platforms would continue to operate on =
the=20
updated system.<BR><BR>Microsoft strongly recommends that =
customers still=20
using Microsoft Windows 98, Microsoft Windows 98 Second Edition =
(SE), and=20
Microsoft Windows Millennium Edition (ME) protect those systems by =
placing=20
them behind a perimeter firewall which is filtering traffic on TCP =
Port=20
139. Such a firewall will block attacks attempting to exploit this =
vulnerability from outside of the firewall, as discussed in the=20
workarounds section below.</DIV></BLOCKQUOTE>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich Gauszka" <<A=20
href=3D"mailto:gauszka@hotmail.com">gauszka@hotmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:4489d02a@w3.nls.net">news:4489d02a@w3.nls.net</A>...</DIV><B=
R><A=20
=
href=3D"http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041">http:=
//news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041</A><BR>Microsoft=20
said it wasn't feasible to make extensive changes to Windows =
<BR>Explorer=20
to eliminate a security vulnerability since the underlying=20
<BR>architecture of Windows 2000 is much less robust, wrote =
Christopher=20
Budd, a <BR>program manager with Microsoft's security response=20
center.<BR><BR><BR>"Due to these fundamental differences, these =
changes=20
would require <BR>reengineering a significant amount of a critical =
core=20
component of the <BR>operating system," Budd said.<BR><BR><BR>As a =
result,=20
applications may not run on the updated system, he=20
said.<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_032D_01C68BFF.44FC61F0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|