thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
So, that TCP/IP issue I mentioned last time in " Computer Security - Anything But Windows. Seriously."?

Microsoft: No TCP/IP patches for you, XP

"We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible," said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP.

So, in other words, Microsoft has forgotten how to maintain the code for Win XP. Either they've dumped too much critical build infrastructure, or it's just "too difficult" to build a patch that goes that deep into the XP kernel.

Either way, it really doesn't speak well for toolchain maintenance, development process and their software architecture (or lack thereof).

Bear in mind, this is for a version of the OS that is not supposed to be end-of-life yet. I have no issue with inability to patch end-of-lifed OS versions - I wouldn't expect to see patches for Win98, for example.

Although the two bugs can be exploited on Windows 2000 and XP, Microsoft downplayed their impact. "A system would become unresponsive due to memory consumption ... [but] a successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases."

In short, Microsoft's other excuse for why they aren't bothering to patch XP is that your Windows XP machine will theoretically hang if it's being attacked, so you're obviously perfectly safe from being hacked. Ahahah. Very funny. At least to me, anyway.

So: Computer Security - Anything But Windows. Seriously. Really, Seriously. Run, don't walk. Try something else.

April 2015

12131415 161718


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags