Vista 7 Vulnerable to Latest “Critical” Flaws

Dr. Roy Schestowitz

2009-08-13 12:43:41 UTC
Modified: 2009-08-13 12:43:41 UTC

Patches integrated quickly before RTM

Summary: Microsoft uses a familiar stunt to pretend that Vista 7 is more secure and then makes a lot of noise about it

NOTHING will change when it comes to computer security once Vista 7 is finally released. We wrote about the subject in:

Using what Ryan has called a "sneaky" trick, Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.

In his own words: "There's articles describing Windows 7 RTM as safe from the Patch Tuesday vulnerabilities that have been fixed in Vista and XP this month, but that's why Microsoft made 7600.16385 the RTM, they integrated those patches right before they declared it final, then said it was safe from the bugs that affected XP and Vista. 7600.16384 was almost the RTM, but they made a new build just for these."

“Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.”In short, he argues: "They applied all the patches, called that build the RTM, then said the RTM was unaffected. Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too. You wouldn't notice this unless you had been following the Windows 7 build process pretty closely.

"Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can't declare RTM again.

"They're still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you'd expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." ⬆

“Great talker, great liar.”

--French Proverb

Comments

aeshna23

2009-08-13 14:50:53

I'm having trouble following this argument. Isn't our argument that Linux has far few vulnerabilities than Windows, and not that any operating system is going to have zero vulnerabilities for quite a while?

Roy Schestowitz

2009-08-13 15:59:01

I was pointing out Microsoft's dishonesty. GNU/Linux does not play those PR games. It is upfront about deficiencies and there's rarely a question about what's good for shareholders; it's about what's good for users.

Yuhong Bao

2009-08-13 17:12:35

Well, all this means is that 7600.16384 is affected by these security bugs, but the real RTM, 7600.16385, is not. So MS is right in claiming that the RTM is not affected. Normal, I think. "Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can’t declare RTM again." Normal, I think, too. I remember the first patches released for XP RTM right on it's launch on October 25: http://support.microsoft.com/kb/309521 And not just for XP itself. Windows Movie Maker 1.1 and Windows Messenger 4.0 was shipped with XP, but by the time of the launch on October 25, Windows Movie Maker 1.2 and Windows Messenger 4.5 was already available. Here is a list: http://forums.windrivers.com/archive/index.php/t-39574.html http://news.cnet.com/2100-1001-274987.html
Yuhong Bao

2009-08-13 17:36:47

"Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too." That is where the trick probably is.
Yuhong Bao

2009-08-13 17:38:52

"They’re still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you’d expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." That is I think normal too. Sometimes new features introduce new security holes, but this isn't always the case.

Roy Schestowitz

2009-08-13 17:54:01
Sometimes new features introduce new security holes, but this isn’t always the case.

GNU/Linux receives many patches, but:
1. Patches are distributed to all software from the repositories, not just the core O/S and core applications.
2. GNU/Linux distributions are often released once or twice a year. If you look at LTS releases (over time), then your comparison becomes more valid.
Windows XP hardly changes and the number of holes found in it so far is amazing. It was touted as very secure when it was released.

Let's Hope GNU Makes it to 100: Can GNU still be in active use in 2083? Maybe.
GNU is 40, Linux is Just 32: Today it's exactly 40 years since Richard Stallman sent a message regarding GNU
GNU/Linux and Free Software News Mostly in Tux Machines Now: We've split the coverage
Links 27/09/2023: GNOME Raves and Firefox 118: Links for the day
Links 27/09/2023: 3G Phase-Out, Monopolies, and Exit of Rupert Murdoch: Links for the day
IBM Took a Man’s Voice, Pitting Him Against His Own Work, While Companies Profit from Low-Effort Garbage Generated by Bots and “Self-Service”: Reprinted with permission from Ryan Farmer
Links 26/09/2023: KDE, Programming, and More: Links for the day
Mozilla Promotes the Closed Web and Proprietary Webapps That Are Security and Privacy Hazards: This is just another reminder that the people who run Mozilla don't know the history of Firefox, don't understand the Web, and are beholden to "GAFAM", not to Firefox users
Debian More Like an Exploitative Sweatshop Than a Family: Wiltshire is riding a high horse in the UK, talking down to Indians who are "low-level" volunteers in his kingdom of authoritarians, guarded by an army of British lawyers who bully bloggers
Small Computers in Large Numbers: A Pipeline of Open Hardware: They guard and prioritise their "premiums", causing severe price hikes due to supply/demand disparities.
Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up): There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus
Real Life Should be Offline, Not Online, and It Requires Free Software: Resistance means having the guts to say "no!", even in the face of great societal burden and peer pressure
10 Reasons to Permanently Export or Liberate Your Site From WordPress, Drupal, and Other Bloatware: There are certainly more more advantages, but 10 should suffice for now
About 200,000 Objects in Techrights Web Site: This hopefully helps demonstrate just how colossal the migration actually is
Good Teachers Would Tell Kids to Quit Social Control Media Rather Than Participate in It (Teaching Means Education, Not Misinformation): Insist that classrooms offer education to children rather than offer children to corporations
Twitter: From Walled Gardens to Paywalls and/or Amplifiers of Fascism: There's moreover a push to promote politicians who are as scummy as Twitter's owner
The World Wide Web is Being Confiscated From Us (Like Syndication Was Withdrawn About a Decade Ago) and We Need to Fight Back: We're worse off when fewer people promote RSS feeds and instead outsource to social control media (censorship, surveillance, manipulation)
Next Up: Restoring IRC Log Pipelines, Bulletins/Full Text RSS, Wiki (Archived, Static), and Pipelines for Daily Links: There are still many tasks left ahead of us, but we've progressed a lot
An Era of Rotting Technology, Migration Crises, and Cliffhanging: We've covered examples from IBM, resembling the Microsoft world
First Iteration of Techrights as 100% Static Pages Web Site: We want to champion another decade or two of positive impact and opinionated analysis
Links 25/09/2023: Patent News and Coding: some remaining links for today
Steam Deck is Mostly Good in the Sense That It Weakens Microsoft's Dominance (Windows): The Steam Deck is mostly a DRM appliance
SUSE is Just Another Black Cat Working for Proprietary Giants/Monopolies: SUSE's relationship with firms such as these generally means that SUSE works for authority, not for community, and when it comes to cryptography it just follows guidelines from the US government
IBM is Selling Complexity, Not GNU/Linux: It's not about the clients, it's about money
Birthday of Techrights in 6 Weeks (Tux Machines and Techrights Reach Combined Age of 40 in 2025): We've already begun the migration to static
Linux Foundation: We Came, We Saw, We Plundered: Linux Foundation staff uses neither Linux nor Open Source. They're essentially using, exploiting, piggybacking goodwill gestures (altruism of volunteers) while paying themselves 6-figure salaries.
Security Isn't the Goal of Today's Software and Hardware Products: Any newly-added layer represents more attack surface
Linux Too Big to Be Properly Maintained When There's an Incentive to Sell More and More Things (Complexity and Narrow Support Window): They want your money, not your peace of mind. That's a problem.
Modern Web Means Proprietary Trash: Mozilla is financially beholden to Google and thus we cannot expect any pushback or for Firefox to "reclaims the Web" a second time around
Godot 4.2 is Approaching, But After What Happened to Unity All Game Developers Should be Careful: We hope Unity will burn in a massive fire and, as for Godot, we hope it'll get rid of Microsoft
GNU/Linux Has Conquered the World, But Users' Freedom Has Not (Impediments Remain in Hardware): Installing one's system of choice on a device is very hard, sometimes impossible
Another Copyright Lawsuit Against Microsoft (or its Proxy) for Misuse of Large Works by Chatbot: Some people mocked us for saying this day would come; chatbots are a huge disappointment and they're on very shaky legal ground
Privacy is Not a Crime, Reporting Hidden Facts Is Not a Crime Either: the powerful companies/governments/societies get to know everything about everybody, but if anyone out there discovers or shares dark secrets about those powerful companies/governments/societies, that's a "crime"
United Workforce Always Better for the Workers: In the case of technology, it is possible that a lack of collective action is because of relatively high salaries and less physically-demanding jobs
Purge of Software Freedom and Its Voices: Reprinted with permission from Ryan Farmer
GNOME and GTK Taking Freedom Away From Users: Reprinted with permission from Ryan Farmer

Vista 7 Vulnerable to Latest “Critical” Flaws

Comments

Recent Techrights' Posts