[News] [Rival] Microsoft Kills ActiveX Controls, Except Its Own - Linux

This is a discussion on [News] [Rival] Microsoft Kills ActiveX Controls, Except Its Own - Linux ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft kills more third-party ActiveX controls ,----[ Quote ] | Microsoft Corp. today issued "kill bit" updates for ActiveX controls from HP | and a Washington state developer, the third time it's disabled third-party ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [News] [Rival] Microsoft Kills ActiveX Controls, Except Its Own

  1. [News] [Rival] Microsoft Kills ActiveX Controls, Except Its Own

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Microsoft kills more third-party ActiveX controls

    ,----[ Quote ]
    | Microsoft Corp. today issued "kill bit" updates for ActiveX controls from HP
    | and a Washington state developer, the third time it's disabled third-party
    | add-ons in the last four months.
    |
    | One security researcher linked the release to a new program Microsoft
    | announced last week that's designed to help other vendors find and fix bugs
    | in their own software.
    `----

    http://www.computerworld.com/action/...c=news_ts_head

    Microsoft Windows Event System Privilege Escalation Vulnerabilities

    http://secunia.com/advisories/31417/


    Yesterday:

    Microsoft fixes IE, Office in big month of security updates

    ,----[ Quote ]
    | "People are going to be quite busy with this load," said Jason Miller,
    | security data team leader for Shavlik Technologies, a patch-management
    | software provider in St. Paul, Minnesota.
    `----

    http://www.networkworld.com/news/200...office-in.html


    Bypassing Microsoft Vista's Memory Protection

    ,----[ Quote ]
    | This is huge...
    `----

    http://www.schneier.com/blog/archive...ing_micro.html


    Days ago:

    Microsoft's Patch Tuesday to hit users big and hard

    ,----[ Quote ]
    | Patch Tuesday falls relatively late in the month of August 2008, and
    | Microsoft has a bumper bundle of bulletins up its corporate sleeve, with no
    | less than seven - count 'em, folks, that's seven - critical items.
    `----

    http://www.itwire.com/content/view/19911/1054/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iEYEARECAAYFAkijbOwACgkQU4xAY3RXLo6JmwCffxH5DMZUxU SEt76Ju4g6cUH5
    ieMAniohQq+HrO7wMiI59aI+5hyUcCqz
    =8TFl
    -----END PGP SIGNATURE-----

  2. Re: [Rival] Microsoft Kills ActiveX Controls, Except Its Own

    On Aug 14, 2:23 am, Roy Schestowitz
    wrote:

    > Microsoft kills more third-party ActiveX controls


    > ,----[ Quote ]
    > | Microsoft Corp. today issued "kill bit" updates for ActiveX controls from HP
    > | and a Washington state developer, the third time it's disabled third-party
    > | add-ons in the last four months.


    Every time the "ActiveX makes Windows Swiss Cheese Security" story
    resurfaces, Microsoft puts out an "ActiveX Killer" patch. It wreaks
    havoc on Windows users, and corporate customers and individuals end up
    blocking or backing out the upgrade.

    This absolves Microsoft of liability for the vulnerability. In
    effect, any company that blocks the "ActiveX killer" is effectively
    choosing to disable a critical security patch. As a result, if a
    successful exploit virus wreaks havoc a week later, Microsoft can't be
    sued, because they offered a fix and the victim refused to install it
    or removed it.

    > | One security researcher linked the release to a new program Microsoft
    > | announced last week that's designed to help other vendors find and fix bugs
    > | in their own software.


    Not to mention that Microsoft is not terribly happy with Adobe right
    now, since they have been supporting Linux more aggressively (and seem
    to be quite happy with the decision), A killer like this would keep
    IE users from seeing flash and PDF documents. Of course, FireFox uses
    plug-ins, so the tactic might backfire and drive people to FireFox,
    since this would allow the users to have the security without having
    to sacrifice their favorite features.

    This may be another situation where Microsoft's "damage control" may
    do more damage to Microsoft.

    > http://www.computerworld.com/action/...viewArticleBas...




  3. Re: [Rival] Microsoft Kills ActiveX Controls, Except Its Own

    In comp.os.linux.advocacy, Rex Ballard

    wrote
    on Wed, 13 Aug 2008 17:17:51 -0700 (PDT)
    <6d4d19de-afe1-4e4d-99bb-128d0dc7a01a@c58g2000hsc.googlegroups.com>:
    > On Aug 14, 2:23 am, Roy Schestowitz
    > wrote:
    >
    >> Microsoft kills more third-party ActiveX controls

    >
    >> ,----[ Quote ]
    >> | Microsoft Corp. today issued "kill bit" updates for ActiveX
    >> | controls from HP and a Washington state developer, the third
    >> | time it's disabled third-party add-ons in the last four months.

    >
    > Every time the "ActiveX makes Windows Swiss Cheese Security" story
    > resurfaces, Microsoft puts out an "ActiveX Killer" patch. It wreaks
    > havoc on Windows users, and corporate customers and individuals end up
    > blocking or backing out the upgrade.
    >
    > This absolves Microsoft of liability for the vulnerability. In
    > effect, any company that blocks the "ActiveX killer" is effectively
    > choosing to disable a critical security patch. As a result, if a
    > successful exploit virus wreaks havoc a week later, Microsoft can't be
    > sued, because they offered a fix and the victim refused to install it
    > or removed it.


    If one can call that a repair. One *can* call it a fix,
    as in "the fix is in", of course -- but that's a bit different.

    Nice...but it does more or less indemnify them, AFAICT.
    Not that viruses care; if one kills ActiveX Control XYZZY0,
    then the evil malware manglers simply release ActiveX
    Control XYZZY1.

    If they're really clever, the ActiveX Killer can't key on
    XYZZY to kill all potential viruses, because that would
    kill a very legitimate and desirable ActiveX control
    as well.

    A dimwitted fix for a rather nasty problem, IMO.

    >
    >> | One security researcher linked the release to a new program Microsoft
    >> | announced last week that's designed to help other vendors find and fix bugs
    >> | in their own software.

    >
    > Not to mention that Microsoft is not terribly happy with Adobe right
    > now, since they have been supporting Linux more aggressively (and seem
    > to be quite happy with the decision), A killer like this would keep
    > IE users from seeing flash and PDF documents. Of course, FireFox uses
    > plug-ins, so the tactic might backfire and drive people to FireFox,
    > since this would allow the users to have the security without having
    > to sacrifice their favorite features.


    And then there's the little issue that Firefox is
    encroaching on the 30% usage statistic anyway. Is IE8
    going to be so exciting that we'll abandon Firefox
    en masse? I highly doubt it.

    (I still wonder why IE7 got that GUI facelift. It just confuses me.)

    >
    > This may be another situation where Microsoft's "damage control" may
    > do more damage to Microsoft.
    >
    >> http://www.computerworld.com/action/...viewArticleBas...

    >



    --
    #191, ewill3@earthlink.net
    Useless C++ Programming Idea #110309238:
    item * f(item *p) { if(p = NULL) return new item; else return p; }
    ** Posted from http://www.teranews.com **

+ Reply to Thread