More Bugs in Outlook and IE

Here are two pieces of news from The Register that dovetail nicely. Three new MS security holes − two nasty describes 3 new bugs in Microsoft’s products.

The first bug affects all recent versions of SQL Server 2000, Windows XP and Internet Explorer 6 and could give access to the local hard drive to an attacker. The attacker would have to know the name of the file and would receive only read privileges. This is a relatively mild attack, but since most people install to default folders, it shouldn’t be too hard to ask for c:\quickenw\qdata.dat and have Microsoft’s flagship security product, Windows XP, hand it over to you.

The second bug is worse because it affects all Internet Explorer version 5.x and higher:

<q>Finally, and worst of all, we have a little problem with VBscript in Internet Explorer 5.1, 5.5, and 6.0 which could allow an attacker to read files on a victim’s local drive, or eavesdrop on his browsing session. The defect essentially allows scripts in one domain to access the contents of another domain in a frame, the MS bulletin explains. </q>

They go to on to explain that this will <strong>also affect your Outlook email client</strong>.

<q>Since you can’t switch off HTML rendering in Outlook and Outlook Express (the spam lobby won’t allow it), you’ll just have to activate Windows Update and fix your browser, which will in turn fix your e-mail client.</q>

The little dig at the spam lobby is justified because it’s obvious that Microsoft cares more about marketing dollars than about providing a secure email client to consumers; hence the lack of an option for disabling HTML rendering in received emails.

The second item, Checkout the OS-free PCs at walmart.com is interesting because it seems the world’s number one corporate juggernaut (they just passed Exxon as the corporation with highest overall revenue) and everyone’s favorite soul-sucking shopping location, is offering Windows-less PCs. As a recent earthli post noted, no computer manufacturer would risk trying to sell a PC without Windows. I stand corrected.

It appears that if you’re a large enough monopoly yourself, you’re not afraid of Microsoft. Also, if your customer base consists mainly of people who won’t realize they bought a machine that doesn’t do anything, then dropping the $200 addition of Windows XP to a machine makes a lot of sense. I mean, look at these prices, eh? Whether people end up pirating Windows to install on those machines doesn’t really concern Walmart. Maybe people will install Linux instead. We’ll stay optimistic.

So if you’re in the market for a new machine, don’t forget to check out Walmart for the basic hardware. The lack of a Windows OS just makes them that much cheaper. With all of the troubles you run into with Microsoft software, it’s time to start to break from them and support software that deserves it.

As if you needed more convincing, even Microsoft Media Player keeps a list of all of the media you’ve played through it, as reported on MSNBC in Microsoft music, movie player….

<q>As part of downloading the information about songs and movies from the Web site, the program also transmits an identifier number unique to each user on the computer. That creates the possibility that user habits could be tracked and sold for marketing purposes. … Privacy experts said they feared the log file could be used by investigators, divorce lawyers, snooping family members, marketing companies or others interested in learning about a person?s entertainment habits. It also could be used to make sure users have paid for the music or movie, and have not made an illegal copy.</q>

This only affects the latest version available with Windows XP (8.0). Still, that’s just about every reason you use a computer, isn’t it? Your browser gives up your local hard drive, your media player divulges your viewing and listening habits and your OS makes it all happen. There are alternatives out there.