Microsoft being proactive

Microsoft being proactive	Collector»NZ
Re: Microsoft being proactive	wogers nemesis
Re: Microsoft being proactive	Mauricio Freitas
Re: Microsoft being proactive	froggy
Re: Microsoft being proactive	Mauricio Freitas
Re: Microsoft being proactive	froggy
Re: Microsoft being proactive	froggy
Re: Microsoft being proactive	David Preece
Re: Microsoft being proactive	mark
Re: Microsoft being proactive	Lawrence D¹Oliveiro
Re: Microsoft being proactive	Dave - Dave.net.nz

From: Collector»NZ Subject: Microsoft being proactive Date: Sun, 23 Jan 2005 21:30:07 +1300 Well I am not a Microsoft Fan boy, but I just saw an advert on TV promoting protecting your pc, it quoted http://protectmypc.co.nz as a URL. This redirects to http://www.microsoft.com/nz/athome/security/default.mspx At last some action by MS to educate users in protecting thier buggy systems. -- >>Follow ups may be set to a single group when appropriate! ====================================================================== | Local 40.9000°S, 174.9830°E | ====================================================================== "I used to jog, but the ice kept bouncing out of my glass." Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it From: wogers nemesis Subject: Re: Microsoft being proactive Date: Sun, 23 Jan 2005 23:24:19 +1300 On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: > Well I am not a Microsoft Fan boy, but I just saw an advert on TV > promoting protecting your pc, it quoted http://protectmypc.co.nz as a > URL. This redirects to > http://www.microsoft.com/nz/athome/security/default.mspx > > At last some action by MS to educate users in protecting thier buggy > systems. heh it should probably redirect to http://www.apple.co.nz It is very hard to educate users in my experience. I've just started to say "you must install all critical updates ASAP or you will lose your internet access". From: Mauricio Freitas Subject: Re: Microsoft being proactive Date: Sun, 23 Jan 2005 23:40:38 +1300 "wogers nemesis" wrote in message news:elkjtqb06wrc.1jj4ujy94683u.dlg@40tude.net... > On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: > >> Well I am not a Microsoft Fan boy, but I just saw an advert on TV >> promoting protecting your pc, it quoted http://protectmypc.co.nz as a >> URL. This redirects to >> http://www.microsoft.com/nz/athome/security/default.mspx >> >> At last some action by MS to educate users in protecting thier buggy >> systems. > > heh it should probably redirect to http://www.apple.co.nz > > It is very hard to educate users in my experience. I've just started to > say "you must install all critical updates ASAP or you will lose your > internet access". "versions of Mac OS X are vulnerable, up to the tested version 10.3.4. Several kernel level bounds checking vulnerabilities were found during an audit of the recent Darwin kernel xnu517.7.7. These vulnerabilities are mostly in user to kernel memory copy operations and also allocation of kernel memory driven by user supplied size value(s)." http://www.geekmac.com/content.asp?contentid=3923 I have to say though that these problem on Mac OS are "local" meaning that physical access is required to exploit. But this is also evidence that there are no 100% OS. All have flaws, and there's no way to be more secure. -- Mauricio Freitas, Microsoft MVP Mobile Devices http://www.geekzone.co.nz http://www.geekmac.com From: froggy Subject: Re: Microsoft being proactive Date: Sun, 23 Jan 2005 23:38:10 +1300 On Sun, 23 Jan 2005 23:40:38 +1300, Mauricio Freitas wrote: > "wogers nemesis" wrote in message > news:elkjtqb06wrc.1jj4ujy94683u.dlg@40tude.net... >> On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: >> >>> Well I am not a Microsoft Fan boy, but I just saw an advert on TV >>> promoting protecting your pc, it quoted http://protectmypc.co.nz as a >>> URL. This redirects to >>> http://www.microsoft.com/nz/athome/security/default.mspx >>> >>> At last some action by MS to educate users in protecting thier buggy >>> systems. >> >> heh it should probably redirect to http://www.apple.co.nz >> >> It is very hard to educate users in my experience. I've just started to >> say "you must install all critical updates ASAP or you will lose your >> internet access". > > "versions of Mac OS X are vulnerable, up to the tested version 10.3.4. > Several kernel level bounds checking vulnerabilities were found during an > audit of the recent Darwin kernel xnu517.7.7. These vulnerabilities are > mostly in user to kernel memory copy operations and also allocation of > kernel memory driven by user supplied size value(s)." > > http://www.geekmac.com/content.asp?contentid=3923 > > I have to say though that these problem on Mac OS are "local" meaning that > physical access is required to exploit. But this is also evidence that there > are no 100% OS. All have flaws, and there's no way to be more secure. I always thought local ( in the context of exploits ) meant local user, as in still able to be executed remotely but only if logged in ( for example via ssh etc) and not physically local From: Mauricio Freitas Subject: Re: Microsoft being proactive Date: Sun, 23 Jan 2005 23:47:03 +1300 "froggy" wrote in message news:pan.2005.01.23.10.38.07.817646@spamgmail.com... > On Sun, 23 Jan 2005 23:40:38 +1300, Mauricio Freitas wrote: > >> "wogers nemesis" wrote in message >> news:elkjtqb06wrc.1jj4ujy94683u.dlg@40tude.net... >>> On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: >>> >>>> Well I am not a Microsoft Fan boy, but I just saw an advert on TV >>>> promoting protecting your pc, it quoted http://protectmypc.co.nz as a >>>> URL. This redirects to >>>> http://www.microsoft.com/nz/athome/security/default.mspx >>>> >>>> At last some action by MS to educate users in protecting thier buggy >>>> systems. >>> >>> heh it should probably redirect to http://www.apple.co.nz >>> >>> It is very hard to educate users in my experience. I've just started to >>> say "you must install all critical updates ASAP or you will lose your >>> internet access". >> >> "versions of Mac OS X are vulnerable, up to the tested version 10.3.4. >> Several kernel level bounds checking vulnerabilities were found during an >> audit of the recent Darwin kernel xnu517.7.7. These vulnerabilities are >> mostly in user to kernel memory copy operations and also allocation of >> kernel memory driven by user supplied size value(s)." >> >> http://www.geekmac.com/content.asp?contentid=3923 >> >> I have to say though that these problem on Mac OS are "local" meaning >> that >> physical access is required to exploit. But this is also evidence that >> there >> are no 100% OS. All have flaws, and there's no way to be more secure. > > I always thought local ( in the context of exploits ) meant local user, > as in still able to be executed remotely but only if logged in ( for > example via ssh etc) and not physically local > Oh, that too... But most users will not have remote access enabled by default on Mac OS, and root is disabled by default as well. You have to really go deep three levels to enable root, what "standard" users will not find easily. -- Mauricio Freitas, Microsoft MVP Mobile Devices http://www.geekzone.co.nz http://www.geekmac.com From: froggy Subject: Re: Microsoft being proactive Date: Sun, 23 Jan 2005 23:54:52 +1300 On Sun, 23 Jan 2005 23:47:03 +1300, Mauricio Freitas wrote: > "froggy" wrote in message > news:pan.2005.01.23.10.38.07.817646@spamgmail.com... >> On Sun, 23 Jan 2005 23:40:38 +1300, Mauricio Freitas wrote: >> >>> "wogers nemesis" wrote in message >>> news:elkjtqb06wrc.1jj4ujy94683u.dlg@40tude.net... >>>> On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: >>>> >>>>> Well I am not a Microsoft Fan boy, but I just saw an advert on TV >>>>> promoting protecting your pc, it quoted http://protectmypc.co.nz as a >>>>> URL. This redirects to >>>>> http://www.microsoft.com/nz/athome/security/default.mspx >>>>> >>>>> At last some action by MS to educate users in protecting thier buggy >>>>> systems. >>>> >>>> heh it should probably redirect to http://www.apple.co.nz >>>> >>>> It is very hard to educate users in my experience. I've just started to >>>> say "you must install all critical updates ASAP or you will lose your >>>> internet access". >>> >>> "versions of Mac OS X are vulnerable, up to the tested version 10.3.4. >>> Several kernel level bounds checking vulnerabilities were found during an >>> audit of the recent Darwin kernel xnu517.7.7. These vulnerabilities are >>> mostly in user to kernel memory copy operations and also allocation of >>> kernel memory driven by user supplied size value(s)." >>> >>> http://www.geekmac.com/content.asp?contentid=3923 >>> >>> I have to say though that these problem on Mac OS are "local" meaning >>> that >>> physical access is required to exploit. But this is also evidence that >>> there >>> are no 100% OS. All have flaws, and there's no way to be more secure. >> >> I always thought local ( in the context of exploits ) meant local user, >> as in still able to be executed remotely but only if logged in ( for >> example via ssh etc) and not physically local >> > > Oh, that too... But most users will not have remote access enabled by > default on Mac OS, and root is disabled by default as well. You have to > really go deep three levels to enable root, what "standard" users will not > find easily. lol.. now you've got me curious about apples way of doing things.. and google is getting a work out.. one thing I've been dying to mention.. but havent found the right opourtunity (sp?) .. steve jobs (owner of apple as you well know ) owns a movie making company that he bought from skywalker something...called Pixar One of the chief programmers for that company has an illustrious past as well (for the linux community ) useless trivia time.. can you name the programmer and can you name his claim to fame in Linux the clock starts...... now! From: froggy Subject: Re: Microsoft being proactive Date: Mon, 24 Jan 2005 07:40:59 +1300 On Sun, 23 Jan 2005 23:54:52 +1300, froggy wrote: > On Sun, 23 Jan 2005 23:47:03 +1300, Mauricio Freitas wrote: > >> "froggy" wrote in message >> news:pan.2005.01.23.10.38.07.817646@spamgmail.com... >>> On Sun, 23 Jan 2005 23:40:38 +1300, Mauricio Freitas wrote: >>> >>>> "wogers nemesis" wrote in message >>>> news:elkjtqb06wrc.1jj4ujy94683u.dlg@40tude.net... >>>>> On Sun, 23 Jan 2005 21:30:07 +1300, Collector»NZ wrote: >>>>> >>>>>> Well I am not a Microsoft Fan boy, but I just saw an advert on TV >>>>>> promoting protecting your pc, it quoted http://protectmypc.co.nz as a >>>>>> URL. This redirects to >>>>>> http://www.microsoft.com/nz/athome/security/default.mspx >>>>>> >>>>>> At last some action by MS to educate users in protecting thier buggy >>>>>> systems. >>>>> >>>>> heh it should probably redirect to http://www.apple.co.nz >>>>> >>>>> It is very hard to educate users in my experience. I've just started to >>>>> say "you must install all critical updates ASAP or you will lose your >>>>> internet access". >>>> >>>> "versions of Mac OS X are vulnerable, up to the tested version 10.3.4. >>>> Several kernel level bounds checking vulnerabilities were found during an >>>> audit of the recent Darwin kernel xnu517.7.7. These vulnerabilities are >>>> mostly in user to kernel memory copy operations and also allocation of >>>> kernel memory driven by user supplied size value(s)." >>>> >>>> http://www.geekmac.com/content.asp?contentid=3923 >>>> >>>> I have to say though that these problem on Mac OS are "local" meaning >>>> that >>>> physical access is required to exploit. But this is also evidence that >>>> there >>>> are no 100% OS. All have flaws, and there's no way to be more secure. >>> >>> I always thought local ( in the context of exploits ) meant local user, >>> as in still able to be executed remotely but only if logged in ( for >>> example via ssh etc) and not physically local >>> >> >> Oh, that too... But most users will not have remote access enabled by >> default on Mac OS, and root is disabled by default as well. You have to >> really go deep three levels to enable root, what "standard" users will not >> find easily. > > lol.. now you've got me curious about apples way of doing things.. and > google is getting a work out.. one thing I've been dying to mention.. but > havent found the right opourtunity (sp?) .. > steve jobs (owner of apple as you well know ) owns a movie making company > that he bought from skywalker something...called Pixar > One of the chief programmers for that company has an illustrious past as > well (for the linux community ) > useless trivia time.. > can you name the programmer > and can you name his claim to fame in Linux > > the clock starts...... > now! times up! it was ( if anyone cared) Bruce Perens has a fair bit to do with Debian (think head developer) From: David Preece Subject: Re: Microsoft being proactive Date: Mon, 24 Jan 2005 09:13:42 +1300 froggy wrote: >>Oh, that too... But most users will not have remote access enabled by >>default on Mac OS, and root is disabled by default as well. > > lol.. now you've got me curious about apples way of doing things.. Users are created as "ordinary" users by default, but you can add "admin rights" from a checkbox on the users dialog. When you do this the user gets added to /etc/sudoers (or whatever it's called) and they can sudo off the command line by entering their password. It's a pain in the arse to make the real root account live and, frankly, I've never seen a need to do it. Oh, and sudoers get a GUI password entering thing for authenticating to install updates, drivers, things like that. Dave From: mark Subject: Re: Microsoft being proactive Date: 24 Jan 2005 04:11:16 GMT David Preece wrote in news:41f40576$1 @clear.net.nz: > Subject: Re: Microsoft being proactive > From: David Preece > Newsgroups: nz.comp > > froggy wrote: >>>Oh, that too... But most users will not have remote access enabled by >>>default on Mac OS, and root is disabled by default as well. >> >> lol.. now you've got me curious about apples way of doing things.. > > Users are created as "ordinary" users by default, but you can add "admin > rights" from a checkbox on the users dialog. When you do this the user > gets added to /etc/sudoers (or whatever it's called) and they can sudo > off the command line by entering their password. It's a pain in the arse > to make the real root account live It is pretty straightforward to do through the GUI. > and, frankly, I've never seen a need to do it. I found it very usefull pre-OS X 10.2, when a number of bugs got my frustration levels close to boiling :-) (eg., changing directory rights in the GUI, and even emptying the trash didn't always work. Ahh... those were the days. > > Oh, and sudoers get a GUI password entering thing for authenticating to > install updates, drivers, things like that. > > Dave From: Lawrence D¹Oliveiro Subject: Re: Microsoft being proactive Date: Mon, 24 Jan 2005 20:36:44 +1300 In article <41f37ede$1@clear.net.nz>, "Mauricio Freitas" wrote: >I have to say though that these problem on Mac OS are "local" meaning that >physical access is required to exploit. Physical-access "exploits" don't count. From: Dave - Dave.net.nz Subject: Re: Microsoft being proactive Date: Mon, 24 Jan 2005 13:02:21 +1300 wogers nemesis wrote: > It is very hard to educate users in my experience. I've just started to > say "you must install all critical updates ASAP or you will lose your > internet access". nice... we've started doing that with some of our customers.