[hugh]

Microsoft on Tuesday released 17 updates that fix 40 separate vulnerabilities, several of which are being exploited in the wild.

Mine's a 46 MB download on Windows 7.

The two critical updates include MS10-090, which fixes seven bugs in Internet Explorer. Every supported version of IE on every supported platform is affected by at least one critical vulnerability, and client versions have at least three.

Hmm, critical security issues with IE. Who would have thought?


Cynicism aside, I moved off of IE several years ago and though I appreciate that other browsers have security issues, I am shocked that MS still produces a browser that has so many issues.

 

[scrooloose]

Firefox has its share of updates too. Lately it seems like every time I start it up it wants to apply an update. Unfortunately, as we expect more and more integration between our browsers and our computers, vulnerabilities are going to increase.

-Mike

 

[hugh]

Mike, but that's not the kool-aid that MS has been selling. MS went to great lengths to tell the media that security was paramount in Windows 7 and the latest versions of IE.

I'm not expecting perfection but 40 vulnerabilities in one month!

 

[Costa]

First; I don't mind using IE, and the updates notifications or process seem to be a lot easier than with other browsers. For the most part, downloading and the actual updates can be done while you're still using everything. So yeah, updates for Microsoft products are pretty much a breeze, and don't take time away from you, until you need to restart (which you could postpone too).

Second; I've never encountered a security issue on my pc through Microsoft products. I'm glad they're always updating their software from new volnurablilites. So yeah, updating vs. fixing.

Finally; the only security issues I've seen, are users being mislead into accepting the wrong 3rd party software, or users hitting
'I agree', yes, or ok, for everything that pops up.

I just downloaded 11 very quick updates.

 

[scrooloose]

Sure, but I tend to look at things as they are. Clearly Microsoft hasn't fixed IE security, but others aren't faring much better. Despite the vulnerabilities, I feel pretty confident about Windows 7 security overall, more than I have with previous Windows operating systems.

Just a few years ago network worms that walked right into your unprotected computer were the main security threat. There hasn't been one of those in a long while, so things are improving generally. The biggest risk today is uneducated computers users, that unknowingly invite the malware in.

-Mike

 

[dm_4u]

Unfortunately it seems to be the way of the world today.

Oppo was praised for having so many updates to their firmware...routers and motherboards continually have updates.

Let's face it folks...manufacturers don't release a finished product anymore...as it helps them get to market quicker.

And really...why would they...ever since we have accepted downloading and installing firmware on everything from TV's...through Receivers to Computer Hardware and Software...the practice of not releasing a finished product has steamrolled.

It's now an accepted practice in our society...that if you are an early adopter...you must accept the fact that you will be downloading and installing firmware...to pretty much every expensive electronic item you purchase...if you want the benefits that the "updates" provide...which most early adopters do.

If you really hate updating a Microsoft product...the easiest thing to do is to wait a year or so before buying it...as most updates are within the first 15-18 months of release.

 

[EricReesor]

Soon XP users will not have this luxury.

The way I see the problem with future Windows vulnerabilities is very simple. The fact that a great many users world wide will soon not have secure updated versions of IE and other OS central script interfaces, there will continue to be Windows bot nets. And other serious security problem caused by Windows software.

Hugh is right 40 known vulnerabilities in a browser in one month is ridiculous.

If it wasn't for the fact that Google, Opera and Firefox are easy to obtain and do keep up with security then the world wide plethora of XP users would by now have made the internet unusable. Because of bot net traffic and hosed attack sites. Remember as you re-install you have no option other than IE 6 ...unless you know how to slipstream re-install, which is another whole stupid software updates issue.

If it were not for Google and the fact that they use very sophisticated internet tracking to enable their search engine to do what it does with a measure of security the internet could quickly become a total train-wreck because of Microsoft's real attitude to user security and IE.

Until Microsoft starts selling updated versions of an OS on the cheap for older computers I will have absolutely no respect for them as a software company.

They have caused so much electronic waste and internet security havoc in the industry that they deserve the slow corporate death of a thousand cuts that they are bringing upon themselves under their current leadership.

 

[blueroomelectro]

Windows7 is a vast improvement over its predecessors, that said it's still a crap shoot. I learned to loth the registry and the inevitable slowdowns the OS incurs after a year or so.
Personally I've switched from Firefox to Chrome, works great plus most of the popular add ins have been ported from Firefox.

 

[dabell]

Read the details a little better - there were not 40 vulnerabilities in the browser, the patches were for the OS, other MS software, browser, etc.

The worst software I deal with these days for updating is Acrobat and Adobe Flash - alot of updates for two pieces of software. The biggest issue is known security holes being exploited and waiting for the updates from the vendor.

Before the blame is all on Microsoft - nearly every software maker is patching and updating more often.

http://www.macworld.co.uk/digitallifestyle/news/?newsid=3252582

This article refers to the 15 vulnerabilities patched in Quicktime for Windows/OSX - on app. November Apple patched 130 vulnerabilities.

I am not trying to bash Apple - I think the bigger issue with software is the update process itself or lack of one for alot of software. With both Windows or OSX - if you have the automatic update features enabled, it's hard to go wrong.

Secunia PSI (free for home use) is a great piece of software to install on your machine - and see what software is requiring security updates.

 

[Exid0r]

If you really hate updating a Microsoft product...the easiest thing to do is to wait a year or so before buying it...as most updates are within the first 15-18 months of release.

Unless there is a Service Pack in the meantime to roll up all those updates, it will still be necessary to install them in order to fix the dozens & dozens of vulnerabilities.

My Windows 7 system has had 93 updates (that's without any Office products) since I installed it on Jan 7, 2010. If I installed/activated a new Windows 7 system today, I assume that most...if not all...of those updates would still need to be installed.

 

[99semaj]

IE and Windows is a house built on sand. Try as one might, it's fundamentally flawed.

Problem is, it's harder to eradicate than herpes.

 

[Nighthawk 1]

Read the details a little better - there were not 40 vulnerabilities in the browser, the patches were for the OS, other MS software, browser, etc.

The worst software I deal with these days for updating is Acrobat and Adobe Flash - alot of updates for two pieces of software. The biggest issue is known security holes being exploited and waiting for the updates from the vendor.

Amen to that. I cannot stand Adobe products, more and more bloated all the time. The Win7 update was seamless and quick, don't mind it at all.

 

[ScaryBob]

Adobe Flash is the worst since it often does not update properly due to locked files. Adobe Reader can be replaced with Foxit Reader. IE can be replaced with Firefox. Windows can be replaced with Linux.

I find that Windows 7 is much better than XP. No OS or other software is perfect. The fact that MS is releasing security updates is a good sign. The time to worry is when security updates are not available. When I check system security status in Secunia Personal Software Inspector (which is highly recommended) I see 3 programs listed as "insecure, no solution." IE has had that status for over two years continuously.

 

[hugh]

The worst software I deal with these days for updating is Acrobat and Adobe Flash - alot of updates for two pieces of software. The biggest issue is known security holes being exploited and waiting for the updates from the vendor.

Amen to that.

 

[grog]

Until Microsoft starts selling updated versions of an OS on the cheap for older computers I will have absolutely no respect for them as a software company.

Oh, please....

Windows 7 runs perfectly fine on older computers and you can get the upgrade or OEM version for a little over $100. I have it running on a 6-year-old laptop with a 1.6 Ghz Pentium M processor (hardly a speed demon) and it's every bit as fast as it was when running XP.