Microsoft acknowledged this week a new weakness that allows hacked
Web sites to infect PCs merely displaying specific images in the Internet Explorer
Long the poster boy of Microsoft complacency, Internet Explorer 6 has finally
reached the end of the line.
the end of this year, Internet Explorer 7 will be “pushed” onto tens of
millions of desktops. You’d better be ready.
Readers have asked me, “How quickly is my computer protected after Patch
Tuesday, if I have auto-updates turned on?”
The question arises because most of the patches that Microsoft posted on
Aug. 8 took a lot longer than
usual to download. It appears that Windows Update, when configured to
download and install patches automatically, didn’t start downloading most
patches until three days after Patch Tuesday. Some PCs didn’t auto-install all
of the security patches until nine days had passed.
A sweeping review of 10 security suites published in a major computer magazine
last month featured some very unlikely rankings for this crucial category of products.
After examining the evidence, I’ve found that some material facts were omitted from
the article, rendering its ratings useless.
Windows Live Messenger — the successor to MSN Messenger — hit the stands
a week ago on
Wednesday. That was version 8.0.0787. Ancient history.
Less than two days later, Microsoft released a new version, 8.0.0792. Hooo boy.
Here we go again.
I announced in the July 13 newsletter that Shavlik Technologies, a well-known
patch-management vendor, had released a free and capable
replacement for Microsoft’s Windows Update (WU) service.
The Shavlik program, known as NetChk Protect, is free for
up to one year, can remotely update 1 to 10 PCs from a single PC on a network, and
supports far more programs than Microsoft’s offering does.
In my last issue, I reported that Microsoft’s in-house Windows Update routine
is now likely to download marketing gimmicks such as Windows Genuine Advantage to your
PC. I advised all Windows users, other than novices, to turn off Automatic
The Internet interprets Microsoft as damage and routes around it.
My apologies to John Gilmore for tweaking his famous 1993
quote about censorship. But the above statement just happens to sum up the
alternatives Windows users are adopting ever since Microsoft’s “Windows Genuine
Advantage” (WGA) debacle.
Windows Genuine Advantage — the controversial program Microsoft
auto-installed as a "critical security update" on many PCs starting on Apr. 25 —
not only causes problems for many users but has now been proven to send
personally identifiable information back to Redmond every 24 hours.
This behavior clearly fits any plausible definition of "spyware." Some tech
writers have said categorizing WGA as spyware is arguable. But I have no
hesitation in calling the program a security nightmare that Microsoft should
never have distributed in its present form.
I published a Woody Leonhard column as the top story
last issue while I
was traveling, knowing that he’s opinionated and always gets strong reactions.
Well, he didn’t disappoint me.
Reacting to several mistakes Microsoft made in its Automatic Updates downloads
in April, Woody railed against Redmond’s patching strategy, saying, “Windows
auto-update is for chumps.”