At 07:27 PM 4/26/2004 -0700, Neil Bradley wrote:
>I've only seen one OS level update from MS in 1.5 years, but I've got ∗7∗
>installed on my G4 in the past year that are all OS related.
Since Apple releases incremental version numbers (for example, 10.3.3), and Microsoft releases occasional "service packs" with numerous interim "hotfixes", you're comparing apples to oranges (pun intended, though I'm sure some would say I chose the wrong citrus fruit ;).
I've got ∗13∗ hotfixes installed on my XP service pack 1 box (SP1 was released 2 1/2 years ago). One of these incorporates multiple earlier hotfixes. And I haven't installed several others that apply to services that I don't use. Almost all of the ones I did install are security related. They are:
>Vulnerability in Authenticode Verification Could Allow Remote Code Execution
>Flaw in NetBIOS Could Lead to Information Disclosure
>Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
>A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
>Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
>An ASN.1 vulnerability could allow code execution
>Buffer Overrun in Messenger Service Could Allow Code Execution
>Unchecked Buffer in DirectX Could Enable System Compromise
>An Unchecked Buffer in the Windows Shell Could Permit Your System to Be Compromised
>Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
>Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation
>Buffer Overrun in RPC May Allow Code Execution
>Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
>Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code
>Unchecked Buffer in Windows Redirector May Permit Privilege Elevation
>Unchecked Buffer in Windows Component May Cause Web Server Compromise
>Certificate Validation Flaw Might Permit Identity Spoofing
>Flaw in SMB Signing May Permit Group Policy to Be Modified
>Unchecked Buffer in the Locator Service Might Permit Code to Run
>Buffer Overrun in the HTML Converter Could Allow Code Execution
>Unchecked Buffer in File Decompression Functions May Allow Attacker to Run Code
>Unchecked Buffer in Windows Shell Might Permit System Compromise
>Unchecked Buffer in PPTP Implementation May Permit Denial-of-Service Attacks
>A Buffer Overrun in RPCSS May Allow Code Execution
>Security Update for Microsoft Windows
>Unchecked Buffer in DirectX Could Enable System Compromise
Most if not all of these security flaws are OS level.
The most ridiculous one I saw was that a "specially crafted MIDI file" could "cause an attacker's code to run on the user's computer". This exploit can work via IE, Outlook, or whatever app uses the OS's DirectX API to play the file (like Mozilla & Opera). Scary.
>But it underscores my point, apps are what cause undue risk to the system, not the underlying OS itself.
Unless you're running Windows. Then you don't even need to run an app.
According to www.sans.org:
"The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services."
>people are falsely roped into believing that the operating
>system/platform itself is to blame for something the apps are to blame.
Windows has plenty of security flaws, even if you don't use IE or Outlook. The OS was designed by people who thought that remote code execution was a feature, not a bug, for God's sake!
But Windows is a necessary evil, for me at least, because I do everything from burning EPROMs to processing credit card transactions, which I can't do on the various Unix variants. So I hide behind a firewall, avoid dodgy websites, am careful what I click on, and hope and pray that the Windows updates stay one step ahead of the h4ck3rz. But hey, at least its UI doesn't give me headaches like Mac OS-X!
JDM