Re: Does Microsoft take Security Seriously? - Internet Bank hacked - it could happen to you!



It is my experience as a system administrator that it is the users who don't
take security seriously. I have used Microsoft products for year without
ever having a security compromise that led to data loss, but that, like your
own experience, is anecdotal. The fact that Microsoft releases product
security updates on a monthly basis is evidence that they take security
seriously. Moreover, if they did not as you seem to believe, they would
very soon be out of business. How long do you think a shopping mall would
be in business if packs of armed thugs roamed the midway randomly harassing
customers? They would hire security just as Microsoft does in their own
way.

It appears from your post that there are key security measures that you
overlooked. In particular, you make no mention about having a firewall. If
you were running a good firewall, you would not have to worry about attacks
while downloading those updates. Moreover, if you are not running a
firewall, those updates are only of limited usefulness. In other words, you
must take responsibility for your own security.

So the question should come back to you:

Do YOU take security seriously?

BTW: I seriously doubt that Microsoft had anything to do with the security
compromise at the bank. Remember that Microsoft does not run every computer
on earth, and most large business applications run on variations of UNIX.
If your bank was hacked to the point that money was lost from your account,
the bank would be responsible and not you. They would replace your losses
immediately.

Opus

<rajeshk4u@xxxxxxxxxxx> wrote in message
news:1147905789.207673.241080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Does Microsoft take Security seriously? We are constantly being told to
keep your PC up-to-date and to run Windows Update.... yet what happened
to me could happen to anyone.

I had to rebuilt my PC from scratch. I installed Win XP and then
installed SP2 (from disk rather then Windows Update, which would have
put my PC at disk). I also installed Norton Anti-Virus 2006. I was very
careful, everything up to this point was done off-line.

As soon as I connected to the Internet, I did a Windows Update - I
found 45 HIGH PRIORITY updates. But I was NOT allowed to download
because it was pending Windows Activation. This was a hassle because I
had to activate by telephone. After all that I could finally do a
Windows Update. I was worried about security hacks. Because it did take
a while to download & install those 45 updates.

I am furious at Microsoft. If there are 45 HIGH PRIORITY UPDATES after
SP2, I don't understand why Microsoft don't make them available as a
SINGLE DOWNLOADABLE UPDATE or provide customers with a CD. This is the
only safe way to build a new PC. It is madness to take an out-of-date
PC and put it on the Internet, but this is exactly what Microsoft
expects users to do!. Microsoft wants users to use Windows Update so
that they can check they you are using a Genuine version of Windows.
This is all good for them, but what about the poor user?. Sadly, I was
unlucky!.

A couple of weeks later my Internet bank had been hacked.. money was
taken without my knowledge. It is nice that Microsoft can think of
wonderful ways to protect its revenues without thinking of their
customer's pockets or the time wasted in me having to re-install this
PC.

I found a similar issue with Norton. Even though I had Norton 2006,
they don't have a single downloadable update. I had to reboot a couple
few time before I got the all the updates using LiveUpdate.




.



Relevant Pages

  • <>
    ... > Microsoft Security Bulletin Advance Notification issued: ... > Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. ...
    (microsoft.public.windows.server.sbs)
  • Re: KB943460 / Software Distribution Service 3.0 System Restore Pr
    ... Sorry if I seemed coy its simply I had it my head you were a Microsoft ... I suppose it might simply be a rebrand of Windows Update. ... McAfee Security Center or AVG Free. ... KB943460 is not causing your System Restore problems. ...
    (microsoft.public.windowsxp.general)
  • Re: Microsoft Security Bulletins for December 2007
    ... Microsoft released today the following security bulletins. ... high-priority updates and 2007 ... Microsoft Office Service Pack 1 on Microsoft Update and Windows ...
    (microsoft.public.windowsupdate)
  • Re: I Just Head The Entire State Of New York Has A Power Outage
    ... Windows Update flaw 'left PCs open' to MSBlast ... MSBlast, according to Russ Cooper, chief scientist at security company ... their registry and offers them list of patches that have not yet been ... Microsoft did not respond to requests for comment on the Windows Update ...
    (alt.os.linux)
  • Re: cant update XP, Yes I had the vundo
    ... I'd say you've got more work to do (and you should replace McAfee Security Center with a more-robust AV app/security suite). ... NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. ... Support for Windows Update: ... no-charge support is available by calling 1-866-PCSAFETY in the United States and in Canada or by contacting your local Microsoft subsidiary. ...
    (microsoft.public.windowsupdate)