Thanks Bill, Please Kick Me Again, and Again, and Again

You need a cell phone from Carlos Slim....

He he, yeah I think he means me.....

It's my rant!

Go get your own!!!!!!!!!!

http://annualletter.gatesfoundation.org/#section=home

I'll join your rant Lyn! I found the same issues and finally bit the bullet and purchased McAfee and removed MSE. That solved most of the issues but there's one left that you may be encountering as well. I noticed that things were hanging a lot and at the same time the network was maxed out by a process called DCOM-Launcher. It's part of MS automatic updates. I went into the services section and disabled Automatic Updates but the problem stayed until I also disabled DCOM-Launcher. Things work OK now with the exception that MCAfee will not scan without DCOM running. So I leave DCOM disabled until I want to do a scan, then enable it, scan, disable, reboot. Onward. I'm doing additional investigation into how to do something with DCOM other than disable it. It's "needed" to have some SW check on updates etc. I believe. Hope this helps a little. We decided to stay with XP for now on the business machine since it has SW running that's not easily ported. Working on that too! Seriously thinking about a MAC! If the business SW could be run on Linux I'd be there in a flash!

Get a MAC.....I have one.

If they were doing it on purpose, to get people to change to windows 8.1, it would be bad. What is worse than that is it probably is just incompetence. They are screwing up Windows 8.1 and server 2012 R2 as well.

Windows 8.1 update software: In order to continue receiving security updates after May 13th, you must update to Windows 8.1 update software. Unfortunately, that update software is wreaking havoc.

There is sooooo much incompetence in the SW that's written today!

Heartbleed is a good example. Code reviews, and knowing how to actually design secure code would have prevented that...and most of MS problems as well.

We had an OS at DEC/Compaq/HP that was so secure that DEFCON refused to let us participate after they couldn't hack it! That was because it was designed to be secure!

Sounds like a market for industrial computing to me. Believe me, if I could find an OS built for process control/SCADA, I would jump on it in a New York minute.

If you can make an OS that is secure and stable, you could make Billy boy a pauper!

It's called OpenVMS...

It doesn't seem to cause any problems for my Linux box.

I ran M$ software from DOS 3.0 to Vista and switched to Mac. Went from four hours a week cleaning two machines, to four hours a year, maybe. Now on MAC OS X 10.7 on a Mac Mini Intel Dual Core, does everything Windows can, including running XP on BootCamp, without the Blue Screen of Death. I think you get what you pay for.

If and when I can find the applications that we use that versions that run on a MAC we'll probably do that. Seems like the best solution for the long run.

If Bill's kids can't get it right after 15 years, they're proving themselves frauds.

Who would buy a car that is missing 150 parts, then take it home and find what those missing parts are, and THEN tell the car maker what they are and how to install them??????????????????????????????????????????????????????????????

Then when the electrical systems fails, trouble shoot it for the dealer.

I used Ubuntu for a couple of weeks last year, very, very impressive and well worth a look at if you want to get away from Uncle Bill......but I bought a new Laptop after the old one "collapsed", that had Win7 with it, also a good OS I find....

I used 13.xx, I was very impressed with it, also with the huge amounts of mainly free Software (easily located and downloaded with the onboard Ubuntu software), or at low, low prices.

It is also a possible way to "speed up" an older, slower PC, rather than slow it down further with newer/bigger MS Software....

Ubuntu 14.04 LTS is now available as a free download. Though I have not tried it myself yet, but as a parallel OS it might be well worth having.....I have to check up on that point further.....anyone who has already done that please comment on your findings. Thanks in advance.

I have no financial involvement other than a small donation as a thank you with Ubuntu....

I did some additional investigations and ran a FULL McAfee scan on the system and guess what? It found a nice trojan that was spamming the DCOMlauncher, removed it and all works well now. Of course my son is visiting this weekend and is trying to convince us to swap over to Linux. Good luck with convincing my wife of changing ANYTHING!I have to admit that at this point in our business cycle it would be really really hard.

I think I'll have him setup my older XP box with Linux and see what can be moved there WITHOUT telling the wife.

I used Ubuntu for several weeks last year, I liked it. There is a newer release out, but 13.xxx was pretty good, as was 12.xxx. 14.xxx should be even better......

If it wasn't for my large investment in Windows compatible software, I might have stayed with it.....

You are doing the right thing with a test......

I think it's peculiar that some of the responses to this thread try to sway the average reader (as do most posts about Windows products and anything -IX) to try open-source software (such as LINUX and its may iterations).

Everyone does realize that the Hearbleed only affected OpenSSL, right?...that an "open user" cracked open the SSL encryption layer and basically inserted exploitable flaws.

This is the proof that all software is exploitable, either through deliberate or accidental coding flaws...whether produced by commercial giants or through "geek-friendly" open-source projects.

As if we needed proof. Nothing is foolproof...remember Jurassic Park?

Now, we have OpenBSD trying to give the OpenSSL guys a black eye by calling their developers irresponsible. OpenBSD insists on using the OpenSSH (tunneling) method they developed, yet how long until that layer is cracked wide open?

It won't be long...not long at all.

error in ~/libssl/src/crypto/asn1/a_time.c.diff?r1=1.15;r2=1.16 t->data is not the same as t->data[0] ... it would be the same as *t->data, but that's not what is being tested in the snprintf() and also unlikely it will be tested with date <1950 but the pointer (what's being tested will likely always be > '5')

OpenBSD...when will we ever learn? They (the Canadian development headquarters of OpenBSD) insist that OpenBSD is "secure by default", as if that is some sort of comforting way to have peace of mind.

OpenBSD victimized themselves through IPv6/kernel fractures in the past...regardless of the "two in ten years" boastful claim, it only shows that everyone is vulnerable...from within or without.

There is no one-single-answer...if there were, it would be a no-brainer and we would all be using it.

BTW, If you managed to read this far before commenting...: OpenSSL Valhalla Rampage signs theirs posts "happy hacking!".

That sounds legit...

"secure by default" for code...

...as in intrinsically safe? Is that even possible in the world of software? How would you design in a factor of safety for code?

To be intrinsically safe it would need to be able to continue working even in a corrupted state right up to the point where further corruption will cause a failure.

My experience with software is that it is intolerant of corruption at even the smallest levels. if the code aint right it just stops doing what it is supposed to do.

"My experience with software is that it is intolerant of corruption at even the smallest levels. if the code aint right it just stops doing what it is supposed to do."

Brings up an interesting point, though maybe OT (even though this thread IS interested in the security of software, from a broad view).

To start off, ROOT KITS don't behave this way. (Of course, they are exceptionally well designed software, apparently). I was told before ever having a root kit infestation that if scanning software finds them, and attempts to "fix" them, that they will crash the system, BEFORE a log can be generated (thus keeping their location [read, PATH] from ever being reported). I had one, and it did exactly that, numerous times.

I had to go to a professional service, who don't disclose their methods of finding it, and they then declared my hard drive dead and gone, data unrecoverable (glad I didn't have anything either un-backed-up, or of any further value on it at the time), after saying they DID find it.

I don't know if they ever even really tried to find and fix the root kit, or if I even in fact had one, though everything I had read, or had tried said I did.

But the point is this. The best designed MALWARE keeps doing EXACTLY what it's supposed to do, even when corrupted, or when corruption is attempted (by the anti-malware software). Pretty robust design, I'd say. If it is true that that is how a root kit reacts to corruption attempts, can we co-opt that kid of design for NON-malware?

I used to run a firewall/mail-handler that stopped short of that only in that the physical design precluded being able to re-write any of the rules in any meaningful manner without physical access to the machine. It ran from a write-protected floppy disk, with NO hard-drive even installed in the machine. The only running copy was memory resident, and a cold boot even dumped that. So, if anyone ever got past the ruleset, or modified it, a cold boot immediately restored the entire system to pristine condition.

Would be nice if a package could be designed to recognize an attempt to corrupt it, and reboot itself to original state, no?

Some antivirus software "knows" when it has been changed.

I suspect that they have some sort of "hash" program running in the background, but I do not know this for certain, or exactly how it works.....more guess than fact..

I used Microsoft steady state for a slew of workstations, and it was highly reliable. The kiosk mode ensured that the hard drive OS partition would not be changed.

I am sure that there were some viruses or malware which were designed to break it, but luckily the workstations never encountered it.

Every time the workstations were rebooted they returned to the original state, fresh and clean. The didn't even need defragging.

I hadn't heard of Steady State, but looked it up, and found that it was discontinued in 2010, and not compatible with anything Win7 or later, anyway. But that also lead to a discussion of "Deep Freeze" by Faronics, which does the same thing as Steady State did. I did not see whether Deep Freeze is still extant, or not, but it would seem their is much more availability of robust system protection software than I at first believed.

The software of which I spoke was a Linux Distro from the "Small Router Project", and was designed to perform only the firewall and mail management functions under a Linux kernel stripped to it's most basic components. Fun to configure and use, actually, but more because of the almost bizarre hardware environment in which it ran and the fact that, operating hardware-wise, it was just SO small. I don't know if it still exists, and can't at the moment remember what it was called. But it was pretty cool stuff when Linux was still a pretty young world. Now, probably not so much, since so much has been done with Linux development in the interim.