A Bad Day In Computing – Of Apple And Microsoft Woes
We already know that Apple was having a lot of issues with their 27 inch iMacs this Christmas. So how are they coming along with that? Turns out, not so good.
Two months on and Apple is still up S___t Creek. And it’s gotten so bad that they’re now offering full refunds plus fifteen percent!
Oops.
It seems that even though a firmware update now theoretically fixes flickering problems (though thorough testing remains to prove it so) there are still yellow screen problems, and supply is still far short of demand.
But it’s not just Apple with their head firmly wedged up their behind. Microsoft is buggering up as well. As usual. Good ‘ol Microsoft…
First, Windows 7 is shortening the battery lives of a lot of laptops out there, of perfectly good batteries, sometimes from 2 1/2 hours under Windows XP down to a mere 1/2 hour on Windows 7! The problem? A new feature that warns you if your battery needs replacing … needs replacing. The “consider replacing your battery” warning is, apparently, very much in need of more work. Microsoft is claiming that the problem is in the way that it reads system firmware, and that they “are investigating this issue in conjunction with our hardware partners.”
Uh huh.
But that ain’t all.
Because what would Microsoft be without Yet Another Internet Explorer Bug Of Doom?
Yes, that’s right folks. As if the last IE bug wasn’t bad enough. Now we’ve got one more, and it has been described as the “public file server” bug. Why? Well simple, because anyone running Windows without Protected Mode turned on (or in the case of older versions like Windows XP that don’t have Protected Mode) and surfing the web with IE – any version of 6, 7, or 8 – have essentially handed their PC over to hackers to use as a public file server, giving free access to any file that you already know the filename of if you visit a malicious website while this vuln remains unfixed. Talk about a security nightmare!
Of course, according to Microsoft, this is merely an “Information Disclosure” bug.
Do you still use Internet Explorer?
K. Brian Kelley:
Based on security threat classification, it is an “information disclosure” bug. That’s the correct classification. Consider, too, the factors that are in play in order to take advantage of the bug:
1) User must be running on XP or Vista/Win7 with UAC or IE protected mode turned off. XP is still a huge install base, so this isn’t that big of a problem. The average home user doesn’t know how to turn off UAC and should be shot if they do. But still, #1 goes to the attackers.
2) Know the exact filename and path of the file they want to grab. So this means you can grab files you can already get normally, but they have to know quite a bit about your setup or have already compromised your system in some other way (which means they don’t need this bug) to get the file.
3) Coerce you to a malicious site.
#2 and #3 are why a lot of security folks aren’t screaming too loudly over this. Yes, it’s a bad issue. But in the scale of things that are out there, it’s not anywhere near the worst folks are dealing with. I think the Adobe vulnerabilities are more worrisome at this point. Especially since most folks don’t update Reader/Flash.
February 8, 2010, 12:46 pmArah:
I think you’d be surprised how many people are turning off Microsoft’s annoying pop-up security. Windows 7 might be a bit more refined there and less annoying, so less likely to drive people to search out how easy it is to disable, but I’d bet there’s a lot of Windows Vista users with minimal security.
And then, as you said, there’s still that giant market of Windows XP hangers-on.
Number three, well, between fake filesharing and pr0n, I think number three is a lot more dangerous to those same home users who disabled their security features. I think it’s a larger base than you give credit to. Oh, sure, mostly corporate is fine because most people aren’t dumb enough to do that at work. But certainly not all.
Number two is the only real mitigating factor. And even still, there’s a bit to worry about there. A smart hacker could gather some real info. But worse than that, this hole combined with other vulns makes possible some rather stealthy attacks that would bypass firewalls with ease. That’s what has me concerned.
Mostly though, it’s just fun to rag on Microsoft.
Especially when they just keep on proving they don’t understand security.
Adobe though has mostly been pretty good at providing updates in a timely manner. True, a lot of people don’t bother updating, and for that they should be slapped. Security doesn’t just happen by default. You’ve got to stay on top of things. And for the most part, it’s pretty easy to these days. Especially with Adobe. But then there was that null-pointer dereferencing browser crash bug that they let slide since 2008. That’s kind of bad.
Of course Microsoft has left a privilege-escalation code-injection vulnerability in all 32-bit versions of Windows for two decades now. Makes Adobe seem rather iron-clad by comparison…
I really do wish Apple would just release Mac OS for PCs. I was hoping that Linux would one day make a Windows competitor, but that just ain’t happening in my lifetime. You’d think that someone, somewhere, has to finally want to compete with MS on an even level. Who wouldn’t want a piece of that pie?
February 9, 2010, 12:42 pm