DonationCoder.com Forum
Main Area and Open Discussion => Living Room => Topic started by: thunder7 on June 09, 2006, 06:06 AM
-
Microsoft Windows Genuine Advantage Phones Home Every day
http://www.dailytech.com/article.aspx?newsid=2766 (http://www.dailytech.com/article.aspx?newsid=2766)
I just do not like them on my PC
-
I dont consider this a very big issue at all. The only information given is a hash of the key you are using, and your ip address, nothing personally identifiable. I see people all the time complain about an ip address being transmitted, yet they dont seem to realize that its given out EVERY DAY on EVERY SITE you visit on the web. Just by visiting a website, about a dozen or so (on the average) web servers get your ip address because you download ads from them. Did you accept an agreement to let them load the ads and get your ip? no. Isnt that considered the same behavior microsoft is using here? The only function it phones home for is to check to see if several failed attempts to validate have been detected from your ip address (since some businesses proxy out 1 IP) and gives microsoft a way to disable WGA on that pc so that the issue can be investigated by the sys admins.
Again, this is nothing major, but instead provides a way for microsoft to help a company if there becomes an issue with WGA inside their corporation.
-
I don't like WGA at all, and I don't like the call-home feature either. I think I'll set up some traffic blocking on the companys PIX501 router/firewall :)
-
I don't know much about all this. I was under the impression that my firewall (ZA Free) would notify me if an unauthorized program tried to phone home. I checked, ZA is set to ask permission first before allowing WGA to send information.
It's obviously not that simple, is it?
-
Sounds interesting, mrainey. I wonder if it goes through some nasty hoops to avoid firewalls, or if it only phones home under certain conditions.
Whatever it is, blocking at a hardware firewall network perimeter works :)
-
It is listed in my firewall apps as WGATRAY.EXE
-
Well i look at it this way, "If i wanted ET to Phone." Id call.
I do not want it calling or telling M$ nothing.
Without my direct permission.
That is my right!.
That is your Right as well. If you want them snooping on your PC that is your right.
And as my Right, I do not want them snooping.Period
-
Well i look at it this way, "If i wanted ET to Phone." Id call.
I do not want it calling or telling M$ nothing.
Without my direct permission.
That is my right!.
That is your Right as well. If you want them snooping on your PC that is your right.
And as my Right, I do not want them snooping.Period
-thunder7
What snooping are they doing exactly? They specifically tell you what information is sent in the EULA. They retain your IP and a hash of your product key. Again, I restate, what is the harm in sending an IP address and product key hash? They cant track you down from it, they wont be able to disable your windows installation based on this information, all they can do is (if you are running ingenuine windows) stop you from using MS Update and the MS Download center for certain things. What many fail to realize is that you give your IP out involuntarily every day when you visit websites that either, link to off-domain images or files, or when you visit a website with 3rd party advertisements. Either way, you didnt say "The server's that this site links to can have my IP address and know I've visited this website". To me, the tracking, via url and file access, is far more of a privacy violation. So again, I fail to see what snooping they are doing when they specifically tell you what they are doing in their license agreement that YOU AGREE TO WHEN YOU INSTALL WGA. If you dont want WGA, then you cant use windows update (but you can still get critical updates via auto-update, which microsoft has stated they wont prevent). WGA (in my eyes), shouldnt be an issue if you are running a legit copy of windows. I've only seen people who are running pirated keys and some business customers actually be legitly upset about this.
Again, just as with other sites, I see people yelling and throwing (not at dc.com, but other sites are far more juvenille about this topic, betanews.com for example) a fit over an IP address and a product key hash being sent and then claiming a privacy violation. I fail to see how this is so, if you agreed to let MS install it at windows update.
-
I have a legit copy of windows. 8)
My Girlfriend works as a PC Tech, so I have the newest version of Windows XP on my new machine. If you remember though the "Root-kits" every body thought Sony a big and respected Name Brand (was bending us all over the barrel). If it was not for http://www.sysinternals.com/ (http://www.sysinternals.com/) No-one would be the wiser either.
You do not know All the back doors Microsoft has into a OS. No one but M$ does.
But again if it was not for hackers and other knowledgeable people we would never know what Swiss Cheese of a OS Windows really is.
So When ET is Phoning home what bits and bytes is it telling Home about you and your data, do you think you are safe.
You are not!.
With a router and firewall maybe.
Do you think though that if you really ponder long enough about an OS do you think there are back doors unknown??.
Paranoid, hell yeah,...
My info is my business.
Is not your info data (and dirty Landry your business-what you do on your PC) your business? :o
-
ok, You keep saying that there are all of these backdoors into windows. Please, name one that you have seen or read about or that has even affected you. Windows has so many exploits because hackers want to exploit what is in the MAJORITY OF USE, so they find exploits in windows, since 90% of the users utilize it. I guarantee you that if linux, or mac osx, were in the majority, you would find the same problem. As it is, linux has new exploits found every day, I get a list of them and the list is larger than any windows vulnerability listing I've seen. .
Also, again, you keep saying windows is telling MS about what data is on your system, do you have proof of this? They admitted that they send a PRODUCT KEY HASH and your IP ADDRESS, which isnt hard to obtain at all, heck you give it to many advertising companies simply by loading webpages. So again, please, provide me proof that microsoft is sending more than they claim, show me a backdoor. I've heard these claims before and you know what, they are all unsubstantiated.
-
Try some of these links for stuff on MS Backdoors ...
http://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&meta=cr%3DcountryUK%7CcountryGB&q=Windows%20Microsoft%20Backdoors
I have no proof that MS has backdoors into their software but I would be very surprised if there weren't some! I've seen 'War Games' ... :-[
-
Yes, that was a rumor started by an news reporter after the law officials overseas tried to get MS to PUT a backdoor in vista to decrypt bitlocker volumes. Microsoft has already acknowledged that no backdoor would be provided.
-
Yes, that was a rumor started by an news reporter after the law officials overseas tried to get MS to PUT a backdoor in vista to decrypt bitlocker volumes. Microsoft has already acknowledged that no backdoor would be provided.
-Josh
Well none that they will admit to publicly 8)
If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings - doesn't mean that there aren't backdoors that are only suspected though!
There have been plenty of exmaples of backdoors left in systems by developers as insurance against dismissal that have then caused fun and games when the inevitable happens.
Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues.
-
If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings - doesn't mean that there aren't backdoors that are only suspected though!
There have been plenty of examples of backdoors left in systems by developers as insurance against dismissal that have then caused fun and games when the inevitable happens.
Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues.
If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings Well being Windows is the only OS that so far can handle our digi cams,and other hardware.
It is kind of hard to leave. For example: I am just now figuring out cmd lines. I may have been on the net for 12 years. There is much I do not know yet. That is why I am here to learn, because I do not know everything!.
I just know Windows 95,98,98SE, Windows ME I am slowly learning Windows XP Pro
Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues Well that is why coders have beta testers as myself to test there programs. I know a few programmers with a million, billion lines of code there are error's (Windows Many Errors).
There are many back doors, weather we choose to believe this or not.
-
There are backdoors in that microsoft didnt account for the various possibilities or buffer overflow/underflows. This will hopefully be fixed with Windows vista's new networking stack and memory management code. But, as for intentional backdoors, I dont think microsoft would be stupid enough to leave one in there, especially being that 55% of the win2k source code leaked a few years ago. Someone is probably still analyzing that. Dont you think we would have heard something by now?
-
If you dont want WGA, then you cant use windows update (but you can still get critical updates via auto-update, which microsoft has stated they wont prevent).
-Josh
They are now forcing WGA for autoupdaters too. You can no longer download automatic updates without receiving WGA as your next update. You can download updates after that even if your pc doesn't pass the test, but you will have nags telling you that your OS isn't 'genuine'. I know quite a few people running pirated versions of XP that have had a problem with this recently. Most rolling back to Win2k or moving to linux because of it. (I guess the nags are working?)
Without WGA installed there are no more updates for any XP users.
My past experiences about a year ago with blocking certain Microsoft IP's has resulted in some odd things...mainly related to receiving updates.
In order to download updates from the Windows Update site, you can't block a specific server that it will do a time check with. You will get an error about your clock being wrong and Windows Update will refuse to work properly.
I thought this was kind of odd, but when I unblocked all Microsoft IP's Windows Update site began working properly again.
I tried to unblock them one at a time to find the right combo but that only fixed the problem temporarily, as they keep changing the server they use for the time check. I had to unblock them all eventually.
I can be the paranoid type sometimes and didn't think my OS needed to phone home without me knowing about it or agreeing to it or knowing what for.
I have come across a few things in the past to justify this blocking behavior. Namely the spyware that used to be included with MSN Messenger that they at first claimed wasn't part of their product, that would reinstall itself every time you ran MSN if you tried to disable it. They have since removed this from MSN. (do some research on the history of the mysterious loadqm.exe)
Also there have been some reports/rumors about the WMF exploit being something deliberately written into the WMF specifications by Microsoft in case they ever needed to use it as a backdoor to force install anything they needed/wanted to on a user's pc...by just displaying a graphic on their site...or as an ad on another site....or by other means of getting you to view the graphic.
The fact that some 9x versions of windows are affected by this and Microsoft refuses to issue an update to fix it before the end of life & end of updates this month kind of bothers me. We have been waiting since January for an official fix. Do they have some nasty stuff planned for 9x users to get them to upgrade against their will? Or are they just being lazy? Or by not patching it, do they think older machines will suddenly be able to run a newer version of windows and they can make some more money? I don't know but I am patched against the problem on my WinME machine despite their lack of fix for it.
Now about IP's....Your IP is like the house number on your front door. Just knowing it doesn't give someone a way in. And hiding it is like trying to take the numbers off your door in order to hide your house. It's silly and can have some negative results. Imagine doing that in real life and then ordering a pizza or calling a taxi.
Everything you do online is tied to your IP. Without it you get no web pages...no antivirus updates, nothing. All servers you connect to from the time you log in online till the time you go offline will get your IP...and even more info...like what operating system you use...or what browser you are using and the version of it. If you don't like it, the only solution is to pull the plug on your connection and not have an IP.
There are the paranoid types that think knowing someone's IP means they can crack into your computer. It's not as simple as that. It would be like saying that your house can get robbed if you put a number on the front door and keep the place securely locked but by removing it and leaving the front door unlocked it will somehow save you from being robbed. (It's not the house number that is the problem here.)
But everyday I saw people in my chatroom that were very paranoid about others knowing their IP. We openly displayed it when you entered the room for the purposes of being able to block gross misbehavers and identify impersonators of people we know....and to be able to report peddlers of child pornography to the proper authorities (yes we have seen a few of these in the room)
I have also seen some idiots trying to scare people with the "I got your IP" line, perpetuating that kind of paranoia. So much that I started displaying mine as part of my username in the room just to prove a point. I think quite a few of my admins did too to prove the same point. (one of the guys in the room displayed 127.0.0.1 as part of his username for many years as a joke about us doing it, even after we stopped). We all did notice one strange effect by displaying our IP's so openly...we all got fewer port scans showing up in our firewall logs. :huh:
-
WGA stops you downloading updates but not installing them. If you have access to a legitimate copy of Windows with WGA then you can simply download all the patches manually and move them any other computers you like.
Personally I think WGA is a bigger security risk and won't prohibit piracy. I guess that a lot of patches will appear on P2P networks and cracker sites to avoid WGA and then God alone knows what will be in those payloads! The nasties probably won't just affect the idots downloading them that way but have a knock on effect to the rest of us with new viruses/trojans getting into other people's systems.
-
app103: i must say that is a very well written reply.
In response to you win9x issues, Since Win98 and WinME have reached their end of lifecycle, there will be no more patches for either OS. This is a good thing, in my eyes, since win9x/me were based on an inferior code base. Security wasnt put into mind when designing these os's. Windows NT/2K/XP were built on an entirely different codebase and as such, had a different goal in mind. Now, the WMF bug was code left over from back when the internet was as known, and as such, microsoft didnt add checks for possible buffer overflow/underruns. That is why that exploit became so widespread, because it was designed to work a specific way on an OS that wasnt designed for widespread net use.
-
I'm with Josh here.
Microsoft wouldn't intentionally put a backdoor in windows, it would be too much outrage if it was discovered. And with the 55% win2k source leak and even more of the NT4 source, well, it would have been found out.
As for the WMF problem, I really doubt it was planted intentionally. It looks more like a careless reuse of code to me. Of course nutjobs like Steve Gibson claim otherwise, but they're nutjobs after all.
As for WGA, the data it sends back is "like, whatever". But I don't like any kind of "call back home", whether it sends sensitive data or not. It's simply uncalled for, and while you might say "but it doesn't send any personal info" is a slope of acceptance that'll quickly lead us to a nasty Big Brother situation.
-
app103: i must say that is a very well written reply.
In response to you win9x issues, Since Win98 and WinME have reached their end of lifecycle, there will be no more patches for either OS. This is a good thing, in my eyes, since win9x/me were based on an inferior code base. Security wasnt put into mind when designing these os's. Windows NT/2K/XP were built on an entirely different codebase and as such, had a different goal in mind. -Josh
That doesn't mean that suddenly there will be drivers for all my old hardware that will work with an OS other than Win95/98/ME. (as is the case with my P1)
And don't confuse security with stability, which was the major difference between the 2 code bases.(how it handles memory use) The security differences are from the desk chair point of view, as NT allows you to limit what someone sitting in your chair can do. This was to prevent employee tampering. Something you shouldn't have to worry about at home if you supervise your children like you should be doing.
My choice as a home user was influenced by the sales pitch I was given that said that WinME was better for home use than Win2k, because Win2k was meant for business use where people didn't play games. I was even told that Win2k was deliberately made bad for games, in order to discourage people from playing games when they should be working. This was the sales pitch for WinME and ultimately why I ended up with it on my P3, instead of Win2k like my father had on an identical PC bought at the same time as mine. They could have made a bit more money if they told us the truth, as I would have wanted Win2k instead.
And Microsoft knew that the WMF issue needed to be fixed back in January, and they did fix it for an OS that is just as old as my WinME. (Win2k) End of updates wasn't supposed to happen till June. They still owe us this update as far as I am concerned.
And personally I feel as if they owe WinME users, in particular, updates for as long as they are still supplying updates for Win2k, since the ages of both OS's are the same.
And IE 6 users of all versions of Windows... except 9x... will still get their holes patched. That means that they still plan on supporting IE 6. There should be patches for all versions of Windows that IE 6 can possibly be run on till they decide to no longer support it on any version of Windows....like they did with IE 5. They patched that on all Windows versions till they decided not to patch it on any version. They didn't single out anybody based on OS.
WinME users have always been handed the short end of the stick and cheated by Microsoft. If they were not going to give us what we were due, the least they could have done was give us the option of some steep discounts on an upgrade version of Windows that they planned on really supporting or refund us some of the money we shelled out for WinME...a long time ago.
And I know there are plenty of people that would agree with me on that. Plenty of WinME users feel as though that was the OS that should have been the first OS in history to be recalled, like you recall a bad car or dangerous toy or some other seriously defective merchandise.
btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'. :P
-
btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'. :P
-app103
The NT kernel is a lot more secure than the 9x "kernel", and more stable as well. The security problems come from all the usermode crudd added by the incompetent codemonkeys at MS... it's a shame such a nice kernel is tainted by such lousy code for much of the rest of the OS :)
-
btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'. :P
-app103
The NT kernel is a lot more secure than the 9x "kernel", and more stable as well. The security problems come from all the usermode crudd added by the incompetent codemonkeys at MS... it's a shame such a nice kernel is tainted by such lousy code for much of the rest of the OS :)
-f0dder
I thought I was poking fun at it. (reason for the :P face)
I have been known to make the joke, that if you don't already have all the security software you are going to need in order to safely go get all your updates for 2k/XP, online, then you better install 9x and go get them first.
And while I mean it as a joke, the sad thing is that it's true.
You'd be safer with 9x than running without a firewall & antivirus while you make your way to download an antivirus and real firewall and then hitting Windows Update to download the necessary patches & service packs to protect you.
They say 20 minutes is all that an unprotected copy of 2k/XP needs to end up compromised. I think it's longer for 9x. We can at least get our updates installed without being hit before the download is complete. :P
-
Yup, an unpatched XP or 2k box will unfortunately get hammered *very* quickly. It's amazing that people are still routinely probing wide IP ranges to try and infect people... :(
-
I will post further on your latest reply app, I have to go setup a tent with my wife, but I wanted to hit on the Sasser/Blaster worms that you point out. Those holes were in the RPC code, this has since been patched. Since win9x doesnt have these facilities, of course it is immune. Also, people dont target machines that arent in the majority. Win9x/ME users are the minority. Windows XP is far more targetted since it has wider adaptation.
The NT kernel is far more stable and far more secure than the 9x kernel, that has been proven time and time again. I remember having to reinstall win98 every 3-4 months due to some driver or rogue app that would crash it. In XP and 2k, I have driver rollback, I have system restore, I have a better memory management system. With windows vista, you will see a memory management system that covers the user in case of undiscovered or unpatched buffer exploits (the most common security hole in windows) thanks to the NX coding instruction. IE6 (GOLD RELEASE) support for win9x will cease after July of this year ( http://support.microsoft.com/gp/lifesupsps/ ). So no, they wont receive patches, only win2k/xp will. This is good because the old 9x code bases need to be retired since the XP codebase is proven to be far more stable. While there are more exploits, how many have you been hit by? The only one I was hit by was blaster, and that was an easy patch. Anyways, case and point, 9x is far less used than XP/2K, which is why XP/2K are targetted.
-
Josh no disrespect
However if you really think about it Windows XP Pro holes in it, "Like pouring water into a barrel watching to see where it leaks, wait it will.
I mean no disrespect.
However if WXP was this safe virus's would have nothing to latch on, and hacker would not be able to hack us, etc etc.
A friend of mine said once Oh you mean like my Apple.
I have never been rich enough to afford an Apple so I can not say.
However being Bill Gates Helped Steve Jobs and wow low and behold, Apple can now run Windows XP hmmm,...Intresting. Now why would you want to run XP if Apple is so good.
Because you can one friend of mine said.
Yeah ok!. I can understand, however is that Apple still as safe?
Any Apple users out running a dual OS (Apple & WXP) ???
I really can not believe Windows is so safe.
Because nothing is ever 100% safe.
Not routers not firewalls.
Not Windows XP Pro
-
Just noticed Windows Update: wants to instal this.
Size: 1.6 MB - 4.8 MB
Security issues have been identified that could allow an attacker to remotely compromise a computer running Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
More information for this update can be found at http://go.microsoft.com/fwlink/?LinkId=62568 (http://go.microsoft.com/fwlink/?LinkId=62568)
Swiss Cheese filling a hole in water barrel with many holes
-
thunder7, once you have Service Pack 2 and recent patches installed, your computer can't (for what I know) be remotely exploited just by being connected to the internet - you'd have to use IE to browse some malicious site, run a trojan, whatever.
Fortunately, even if your original XP install media is vanilla without service packs, you can slipstream SP2+updates and burn a new install media. http://www.nliteos.com + http://www.ryanvm.net/msfn makes this process very easy.
It's unfortunately IE has so many exploits, but at least they're being found and fixed.
And really, don't think that other operating systems and programs aren't full of security issues as well. It's just a lot more interesting to attack Microsoft products for two reasons:
1) it's extremely much more widespread than anything else. If you want a botnet, you're not going to try infecting a few hundred machines if you can get a few hundred thousand.
2) it's political. Lots of people hate Microsoft.
As for apple, ho humm. They had this cute ad that basically claimed they were immune to virus attacks. Try googling for "os x exploit", though. And... http://cad-comic.com/comic.php?d=20060513 :)
As for the security update you linked to, it looks to me like it's just a regular "use IE to visit malicious site, *b00m*" - not like a proper "remote exploit".
-
Josh no disrespect
However if you really think about it Windows XP Pro holes in it, "Like pouring water into a barrel watching to see where it leaks, wait it will.
I mean no disrespect.
However if WXP was this safe virus's would have nothing to latch on, and hacker would not be able to hack us, etc etc.
A friend of mine said once Oh you mean like my Apple.
I have never been rich enough to afford an Apple so I can not say.
However being Bill Gates Helped Steve Jobs and wow low and behold, Apple can now run Windows XP hmmm,...Intresting. Now why would you want to run XP if Apple is so good.
Because you can one friend of mine said.
Yeah ok!. I can understand, however is that Apple still as safe?
Any Apple users out running a dual OS (Apple & WXP) ???
I really can not believe Windows is so safe.
Because nothing is ever 100% safe.
Not routers not firewalls.
Not Windows XP Pro
-thunder7
Also, with all due respect, EVERY OS HAS HOLES IN IT. If you subscribe to any decent security mailing list, you will see that linux has several CORE PACKAGES which have exploits every day. I get more daily notifications for patches I need to apply via apt-get dist-upgrade than I do with windows monthly updates. OSX also puts out patches that fix batches and batches of holes. You just dont hear about these because these OS's are in the minority. But again, I also challenge you to write an OS that is used on millions of different hardware combinations with billions of different pieces of software that havent undergone any quality testing, and make it not have bugs or holes. Windows XP is a very decent OS, and the ONLY exploit I have ever been hit by was blaster. Just because these people are finding holes, doesnt mean the OS isnt usable. Microsoft patches the holes, and they do it well, in my opinion. With the advent of XP SP2, I have never had a single problem with winxp that I havent caused by installing a driver that wasnt WHQL certified, or by some oddball software configuration.
I ask you this, how many of these exploits have hit you that werent caused by you installing something, or visiting a site that has "questionable" content? As f0dder says, the main reason windows xp exploits are so widely publicised is that it is used far more than ANY OTHER OS. Another thing I noticed, that link you posted was a patch from APRIL, and you said windows update just now wants to install it. This is a problem, if you arent willing to update regularly (I installed this particular update back in early may), then you are asking to be exploited. A lot of users I see complain about the number of patches microsoft has, then they complain when something hits and that microsoft cant patch fast enough, or that they want to test it to make sure it works. Microsoft is in the unfortunate situation of they're damned if they do, damned if they dont, in the eyes of most tech users.
-
Again no disrespect Josh by any chance do you work for Microsoft???.
I understand everything you are saying however, being I only use my PC for Graphic art
http://thunder7.deviantart.com/ (http://thunder7.deviantart.com/)
http://www.artwanted.com/artist.cfm?ArtID=24645&SetBG=Yes (http://www.artwanted.com/artist.cfm?ArtID=24645&SetBG=Yes)
http://www.artuproar.com/?profile=thunder7 (http://www.artuproar.com/?profile=thunder7)
And they find Windows graphics bug opens backdoor
From this URL http://www.vnunet.com/vnunet/news/2145755/windows-graphics-bug-opens (http://www.vnunet.com/vnunet/news/2145755/windows-graphics-bug-opens)
From a graphic now that is very intresting hmmm,...
Then of course here is all this info http://www.google.co.uk/search?q=Windows+Microsoft+Backdoors&hl=en&lr=&cr=countryUK|countryGB&start=10&sa=N (http://www.google.co.uk/search?q=Windows+Microsoft+Backdoors&hl=en&lr=&cr=countryUK|countryGB&start=10&sa=N)
I believe Carol Haynes Posted I believe.
129,000 Page hits - Windows Microsoft Backdoors.
And I also use my PC to surf the net, my friends call me a "SEEKER" [from Harry Potter] because I have a lot of bookmarks 58,000+ I have everything from A-to-Z. And I keep surfing for more.
I have many categories 'HEALTH' 'FAMILY' 'TECH' 'INTRESTING' 'COOL STUFF' 'AUDIO' 'ART' and many sub folders.
I get lost at times looking thru all the data.
I could spend 12 years showing you ever bookmark I have to prove my point.
I have info from very creditable people known on the net and computer industry.
So I can prove my point.
I am not trying to argue with you here,...
rather open discussion.
-
Again no disrespect Josh by any chance do you work for Microsoft???.
I understand everything you are saying however, being I only use my PC for Graphic art
http://thunder7.deviantart.com/ (http://thunder7.deviantart.com/)
http://www.artwanted.com/artist.cfm?ArtID=24645&SetBG=Yes (http://www.artwanted.com/artist.cfm?ArtID=24645&SetBG=Yes)
http://www.artuproar.com/?profile=thunder7 (http://www.artuproar.com/?profile=thunder7)
And they find Windows graphics bug opens backdoor
From this URL http://www.vnunet.com/vnunet/news/2145755/windows-graphics-bug-opens (http://www.vnunet.com/vnunet/news/2145755/windows-graphics-bug-opens)
From a graphic now that is very intresting hmmm,...
Then of course here is all this info http://www.google.co.uk/search?q=Windows+Microsoft+Backdoors&hl=en&lr=&cr=countryUK|countryGB&start=10&sa=N (http://www.google.co.uk/search?q=Windows+Microsoft+Backdoors&hl=en&lr=&cr=countryUK|countryGB&start=10&sa=N)
I believe Carol Haynes Posted I believe.
129,000 Page hits - Windows Microsoft Backdoors.
-thunder7
No, I do not work for microsoft. I work for the US Military (Army) doing satellite communications, so I am far from a microsoft employee. I do, however, try and keep an open mind about things and not try and get too paranoid about things.
On that note, You keep pointing to the link that carol posted, Which I have already replied to. That backdoor was a RUMOR and people were discussing whether or not microsoft would put one in. This was for the bitlocker drive encryption software that microsoft will be including in Vista. They already stated publicly that they will not put a backdoor in there as it would defeat the purpose of having drive encryption. The British gov't wanted this hole so they could get access to data on a criminal's pc. Again, this was shutdown by MS, which came to the same conclusion that someone would find this and exploit it.
The WMF bug, was patched immediately by microsoft. All of these exploits you list have all been patched by microsoft. And I ask, were you affected by the WMF bug? Did you have a pc crash because of it or were you hacked? You keep evading points I've made or questions I've asked you, please, I ask that you reply to them next time. You keep going to these same exploits and comments that you've already made. If you are so worried about security, why are you just now getting to installing an update that has existed since early may?
Also, please, post links that you have from your library showing these backdoors that you describe (That were proven to exist, and arent just conspiracy theory type articles or comments). I will be more than happy to discuss them with you.
-
I understand everything you are saying however, being I only use my PC for Graphic art
http://thunder7.deviantart.com/
http://www.artwanted.com/artist.cfm?ArtID=24645&SetBG=Yes
http://www.artuproar.com/?profile=thunder7
you've got some great looking fractals going on there, thunder7. :Thmbsup:
(and i love ms windows, just for the record.)
-
The NT kernel is far more stable and far more secure than the 9x kernel, that has been proven time and time again. I remember having to reinstall win98 every 3-4 months due to some driver or rogue app that would crash it. In XP and 2k, I have driver rollback, I have system restore,
-Josh
I didn't have much luck with Win98 either, but ...
I installed WinME about 3+ years ago on my P1...and exposed it to heavy daily around the clock use. (we work in shifts in my house and a computer doesn't get a chance to be idle for longer than it takes for someone to get up and use the bathroom and someone else to jump in the seat) I still haven't formatted it since that install. And WinME also has System Restore, just like XP does....it was the first version of Windows to have it. Win2k does NOT have System Restore, as you implied. Microsoft didn't give 2k users that luxury. Not sure what I would need driver rollback for since I won't be updating them and I have them backed up with Driver Magician any way.
IE6 (GOLD RELEASE) support for win9x will cease after July of this year ( http://support.microsoft.com/gp/lifesupsps/ ). So no, they wont receive patches, only win2k/xp will. This is good because the old 9x code bases need to be retired since the XP codebase is proven to be far more stable.
Updates should continue for IE 6 on all versions of Windows till they retire IE6 for all Windows versions.
If they had no intention on doing this then there shouldn't have been an IE 6 for 9x to begin with.
The WMF bug, was patched immediately by microsoft. All of these exploits you list have all been patched by microsoft. And I ask, were you affected by the WMF bug?
That isn't true. This bug was uncovered back in the beginning of January and I am still waiting for Microsoft to release the patch for my WinME, which is affected. And yes, I have been affected by the bug because I installed a 3rd party patch while waiting for an official one and unregistered the required .dll file. Same patch I put on my XP system while I waited. And I am getting tired of not being able to see thumbnails in Explorer and not being able to open .png files any more while I wait for an official patch that will fix this and let me go back to getting full use of my operating system. Like I said in an earlier post...WinME users keep getting the short end of the stick.
While there are more exploits, how many have you been hit by? The only one I was hit by was blaster, and that was an easy patch.
None. I never have been a victim of any type of exploit while running 9x.
I must be some sort of magician. I have run 9x for years without falling victim to an exploit, without ever being infected with a virus, without any major spyware issues. And my system has been quite stable, not needing a format or reinstall in quite a few years. The last format was to upgrade the OS to WinME. And the only time I reboot is to reset the modem.
And I have used it for EVERYTHING...programming, graphics work, running a web server, hosting a chatroom with 30+ active chatters even. Some have accused me of abusing that poor old pc....pushing it to its limits, constantly....running software I should never have even thought of installing on it. I treated that P1 like it was a P4.
And every day that system gets better & better...more & more stable.
I can't say the same for my XP machine's stability.
Uptime record on 9x was in excess of 65 days straight, online with heavy use. (a major power failure in my neighborhood broke that streak)
Uptime record for XP has been about 3 days...and if you compare system specs between the 2 machines, the XP one hasn't been worked nearly as hard.
-
IE6 Gold release wont receive updates as of the date I posted, however, microsoft considers each update a "new release" of IE. Hence, IE6 SP1 will be a new release, IE6 SP2 (XP) will be a new release. Microsoft will be cutting off security updates for XP GOLD sooner than they will for XP SP2 or SP1 (As you can verify by checking update.microsoft.com where they have a box that says only SP1 and SP2 receive new updates).
While your luck with XP hasnt been as good, I have seen (including my pc) uptimes of over 3 months. My PC uptime record is 2 months, 1 week and 3 days a couple of months back on my old PC before the power supply failed. I've also seen win9x stay up for months at a time, we have pc's at work that have been up for 2 years on win95.
Driver rollback is a very useful feature that lets you rollback to a previously installed driver if an upgrade goes afoul. Its saved me numerous times and I havent had to rely on a third party app.
I didnt intend to imply that 2k had system restore, I retract that implication.
With your saying that you were affected by the WMF bug, I dont consider being affected having to install a 3rd party app (THIS IS JUST MY OWN OPINION, Not saying its everyones), I consider being affected meaning that you have had an exploit hit through the vulnerability that was associated with said filetype. Yes, it impacted your system usage as you had to unregister the wmf shell dll, but I dont consider it as you being "hit" by the vuln.
Anyways, glad to see you are having a good time with WinME, but I must say you are in the minority as I've seen and troubleshot many systems in my previous jobs (as well as the 10 years I've been on irc in efnet's #help) where people have had windows ME installed.
Anyways, I await your reply!
-
thunder7: did you ever use EMF/WMF graphics format? Probably not, as it's largely a (obsolete) print format. The bug was fixed rapidly. It was pretty serious, yes, but a hidden backdoor? Nah.
And google for "Windows Microsoft Backdoors" gives 129,000 hits? "os x exploits" gives 10,300,000. Which is of course ludicruous, but serves to demonstrate that simple google searches don't show the real problems.
App, since you don't have anything negative to say, you're one of the lucky users of WinMe :). People generally either think "it worked just fine" or "it's the worst system Microsoft ever designed". Win98 2nd Ed. worked pretty well (in the mediocre and crashing easily) way across all systems - WinMe either worked okay, or crashed like hell. At my old hischool, we had to roll back ~50 machines to win98se (trading WinMe licenses to win98 licenses) - not fun.
Updates should continue for IE 6 on all versions of Windows till they retire IE6 for all Windows versions.
If they had no intention on doing this then there shouldn't have been an IE 6 for 9x to begin with.
Ho humm. NT and 9x versions of an application have a lot of codebase in common, there's still some differences, and applications have to be extensively tested before release (you might not think they do this, but they do ;)). I can quite understand why 9x support is being dropped.
And yes, I have been affected by the bug because I installed a 3rd party patch while waiting for an official one and unregistered the required .dll file.
You haven't been affected by the patch then, but by unsupported 3rd-party software ;). In reality, an in-memory patch could have been done that would just remove the problem, since the details are well-known. But nutjobs like Steve Gibson don't have the skills to write something like that.
Interesting that you've had 65 days uptime, considering the ~50-day timestamp counter wraparound thing :)
Funny thing with XP is that *a few* people are having really hellish problems with it too. It's not at the scale of the WinMe problems, though, and I think it can generally be attributed to hardware failure or bad drivers - NT does put more strain on the system, and makes bad stuff break easier.
I've never bothered with long uptimes on windows myself, as I (unless something important is running) turn off my box every night for sleep and power reasons. I know that people using hibernate have had insane uptimes, and I've had 14 days easily (with 12 times hard abuse and 12 times "only downloads and computations").
I've always disabled driver rollback and the likes. If I've shafted my system, I reinstall it to get a decent state. That's probably just me that tends to royally shaft my system when it finally happens :)
-
I like Windows to, I just wish it was not so buggy.
It is like you go to buy a car, they ok you bought the car!. You go to drive it home they tell, aaah,... the say you have to get it towed to your house, the engine,trasmission, wheels, bracks we will have to send you when there finished.
If that was so none of us would buy with these conditions.
That just about how Windows is.
But you really do not Own Windows that is on the CD, your renting it. Or so they make it sound.
I was going to buy this awesome graphics program, until I saw this:
http://www.pixarra.com/order.html
TwistedBrush (Version 9.3 - 1 Year License) - $59.95
Take an extra 15% off today with coupon PSK1515B
Electronic Delivery. License valid for 1 year. Free updates for 1 year. License must be renewed after 1 year to continue using the software.
Needless to say I am not buying that program, I do not like it that much
Army huh? Josh.
Well first off I want to Thank you for serving our country
(https://www.donationcoder.com/forum/esmileys/gen0/Medium/you_rock.gif) :beerchug:
And second Like I said my girlfriend for a living she is a computer Tech.
I just got thru asking am I accurate here? She said yes Windows has too many back doors.
And third: I do not know everything nor will I claim I do.
There is a lot I do not know, I have been using Windows for 12 years now, I know all the little lovely problems I have had, and the fun I have had, and wonderful friends I have made.
-
It is like you go to buy a car, they ok you bought the car!. You go to drive it home they tell, aaah,... the say you have to get it towed to your house, the engine,trasmission, wheels, bracks we will have to send you when there finished.
It's more like... it's working fine, but when you start installing a custom engine and a big-ass stereo system, it'll start failing. (that's for XP SP2 anyway, XP vanilla and SP1 were broken wrt. remote exploitability).
-
With a car, if they find a crippling bug, they fix it, just as MS has. They issue a recall. Also, if your g/f is a tech, ask her to give you proof of these backdoors. I guarantee she cant. There hasnt been a single proven backdoor into microsoft software that was intentionally put there, only rumors started by conspiracy theorists that think there are just because it is microsoft.
-
if your g/f is a tech that is like me telling you to send me the army.(https://www.donationcoder.com/forum/esmileys/gen0/Medium/wtf.gif)(https://www.donationcoder.com/forum/esmileys/gen0/Small/blabla_sign.gif)
There is enough proof on the net. You are going to belive what ever you want Josh, I could show you links, I doubt you would believe it.
I am not going bother(https://www.donationcoder.com/forum/esmileys/gen0/Small/blue_screen.gif)
-
thunder7: there's no proof of backdoors. All there is, is conspiracy theories from nutjobs like Steve Gibson. I haven't come across anything yet that looked like it was intended to be a backdoor. The leaked NT4 and Win2k sources didn't contain anything that looked like backdoors.
Sure, a well-crafted backdoor by a smart person would be designed to look like a bug. But the exploitable bugs so far haven't really smelled like backdoors but rather as genuine programming errors.
-
if your g/f is a tech that is like me telling you to send me the army.(https://www.donationcoder.com/forum/esmileys/gen0/Medium/wtf.gif)(https://www.donationcoder.com/forum/esmileys/gen0/Small/blabla_sign.gif)
There is enough proof on the net. You are going to belive what ever you want Josh, I could show you links, I doubt you would believe it.
I am not going bother(https://www.donationcoder.com/forum/esmileys/gen0/Small/blue_screen.gif)
-thunder7
Thunder7
I apologize if you took my comments as a hit against your girlfriend, it was not intended as such. I just wanted to continue the debate by having you or her post links to confirmed backdoors that werent just rumors. I feel, that if a true backdoor were found, it would be much more widely publicized on the news. Anyways, like I said in my private message to you, if you wouldnt mind having her post some links to these backdoors that you mention, I would appreciate it so we can continue this debate. The one posted by Carol Haynes was something the British Gov't WANTED put into windows to give law enforcement a way around the bitlocker encryption for Vista, but Microsoft denied that request saying it would defeat the whole purpose of encryption. That would be like the DoD putting a backdoor into their internal SIPRNet (secure internet) that would allow on the fly decoding. It just wouldnt happen.
-
Aplogie accepted. :D
Thank you.
-
Hey fOdder ...just a question; Why do you keep calling Steve Gibson a 'nutjob'? :huh: Wasn't he the Very Kind soul that GAVE ZoneAlarm to anyone that wanted it? :Thmbsup:
-
sunsound: because of his use of BIG COLORED WORDS, conspiracy theories, generally not understanding exactly what he's dealing with, blowing things (including his own accomplishments) out of proportion, et cetera.
-
gibson seems like a good guy to me but he is a bit out there sometimes.. some controversy over his statements. for example he recently flat out said ms planted backdoor stuff recently but it turned out not to be true..
he does do some entertaining podcasts with leo laporte every week that are worth listening to:
http://grc.com/securitynow.htm
-
Just take the SecurityNow stuff with a grain of salt, dismiss the conspiracy theories, and do your own research before trusting any of it. Then you'll be fine. Gibson isn't a "security expert", he merely digests other people's work, without always understanding it properly.
-
I accepted one issue of the "Genuine Advantage" update, but not the latest one. It was offered as an "Important" update, I think, and I was allowed to say "No. Hide it." Obviously it doesn't do anything useful to me; I bought a licence to use Microsoft Windows XP, and the Genuine Advantage program will either do nothing, or interfere with software that I am entitled to use.
In the meantime, I still get to load other updates. But Windows Update still whines at me that I "hid" an important update. Whiny Microsoft.
Some of my stuff requires MS. But I'll use Linux when and where I can.
-
Just posted another article regarding WGA in another thread. Check out https://www.donationcoder.com/forum/index.php?topic=4010.msg28415#msg28415 if you haven't already.
The interesting thing is that by installing this as a critical update MS have actually gone against their own declared policy on the use of AutoUpdate. When it was first designed MS repeatedly argued that it would only be used for critical updates - no user actually needs WGA at all - it is only for MS's advantage.
-
excuse me if this has already been asked/answered - but is it possible to remove WGA after it has been installed?
-
I think it is not easy. There are no uninstall options and if you delete the file windows simply regenerates it.
The trouble is that you have to let it run occasionally to be able to download updates. According to the article I posted above some people can't get critical updates without WGA (which is another area where MS have fallen down on their stated policy).
-
You cannot remove it from add/remove programs, even when you check "show windows updates". Windows will tell you that this file cannot be removed.
You can use something like SysInternals' AutoRuns to disable the necessary stuff. Iirc there's both a service(!) as well as a Winlogon Notify(!!!) entry. Then you can delete a couple of DLL files with WGA* in their name (Wgatraynotify or something similar sounding, iirc). If you get a "file in use" error, you might need to reboot windows first.
So... yeah, it can be uninstalled, but not by regular end-users.
-
There are something like 10 different documented ways around it now, but it's probably best not to discuss any of the specifics of that here. The info is readily available for those who desire it.
Now, where's the donationware OS? :D
- Oshyan
-
might be of interest http://www.firewallleaktester.com/removewga.htm