back to article Microsoft patched more Malware Protection Engine bugs last week

Microsoft has broken out of its usual cycle to patch more Malware Protection Engine bugs notified privately by Google Project Zero. Project Zero's Mateusz Jurczyk didn't turn up just one “crazy bad” bug: while the new bugs are all named either “Microsoft Malware Protection Engine Denial of Service Vulnerability” or “Microsoft …

  1. Anonymous Coward
    Anonymous Coward

    Leaking seive

    Time to ditch windows, if you don't need to run Windows (most people don't). Windows is a steaming pile of real world actual malware infested garbage.

    1. Anonymous Coward
      Anonymous Coward

      Re: Leaking seive

      No security holes in Linux / BSD / Unix then?

      Grow up.

      1. handleoclast

        Re: Leaking seive

        No security holes in Linux / BSD / Unix then?

        Probably around the same number of bugs. But they're a lot cheaper. And you don't get "patches" that force you onto a new version of the OS that's a dog-egg sandwich.

        1. Anonymous Coward
          Anonymous Coward

          Re: Leaking seive

          Chromebook is pretty bulletproof as far as security. You can't download desktop apps (aside from Google app store), but that is kind of part of the security... no downloads of random apps. And yes, yes, I know that it can't run the IDE you want to run, but, if everyone moved to Chromebook, they would probably move it to a browser or light app based architecture. Supply meets demand. Most users are good on a Chromebook. I think the user experience is preferable to Windows if you buy a higher end machine... and it is a lot less costly than Windows, especially if you want 10,000 of them.

          1. Mahhn

            Re: Leaking seive

            if you don't mind all the data you access being monitored by google, sure.

        2. Anonymous Coward
          Anonymous Coward

          Re: Leaking seive

          Probably around the same number of bugs.

          No, demonstrably fewer and of lower impacy, and those that exist tend to be of lesser impact due to the better layered models that anything but Windows uses.

          But they're a lot cheaper.

          Patching is free. The "cheaper" does apply, but more in the amount of effort to keep things stable and safe. We dropped Microsoft years ago, so every time we see another virus fly by it's "yeah, we dodged that one". That said, we have switched away from direct file access for our core systems, so even if someone would install ransomware it won't have much to blackmail us with as it all needs webdav style interaction and that has volume alerts on it.

          1. handleoclast

            Re: Leaking seive

            I wrote "probably around the same number of bugs" to avoid protracted arguments with windows fans about specific numbers.

            I said Linux bugs were cheaper because if Windows has 1,000 bugs and Linux has 1,000 bugs (I'm saying that just to simplify the argument) but Windows costs $100 and Linux is free then Windows bugs are 10¢ each whereas Linux bugs are free.

            To put it another way, if you're going to get 1,000 bugs anyway, would you rather pay $100 for them or nothing for them?

            1. Anonymous Coward
              Anonymous Coward

              Re: Leaking seive

              You've got the wrong equation - the cost that matters is the cost of protecting or repairing your 10cent or free bugs. In either case, not nothing.

              1. handleoclast

                Re: You've got the wrong equation

                You sir (or madam, or gender-neutral-honorific) are suffering from XKCD deficiency.

                Think of me as beret guy, but a bit more surreal.

        3. Bob Camp

          Re: Leaking seive

          Ah yes, Linux. Where kernel updates are discouraged by the #1 distribution because they have a semi-decent chance of breaking your computer. Where there is typically NO virus detection so you can be pwned and not know it. Where security vulnerabilities go for a decade without being patched. Security theater at its finest.

          This new type of virus is ironic, using your malware detector to install malware. I'm sure other third-party AV software have similar bugs in them.

      2. Anonymous Coward
        Anonymous Coward

        Re: Leaking seive

        The world still using windows needs to grow up, the world has moved on, and windows98 style security holes cropping up in modern versions of Windows is very concerning.

        If you don't need windows does, run something​ more secure, pretty much everything is more secure than Windows. I can't recall the last time e I saw non Windows malware in the wild, yet not of an hour goes by when we don't get a windows malware infested box in. Even have repeat customers given up trying to fight it, just bring their Windows PC in every 6 months for an automatic wipe and reinstall, malware is now routine part of Windows basically. Most of those people could use a Chromebook and we would never see them again. But that's bad for business ....

        1. Mark 110

          Re: Leaking seive

          Wednesday, May 10, 2017

          Exploiting the Linux kernel via packet sockets

          Guest blog post, posted by Andrey Konovalov

          https://googleprojectzero.blogspot.co.uk/

          Conclusion

          Right now the Linux kernel has a huge number of poorly tested (from a security standpoint) interfaces and a lot of them are enabled and exposed to unprivileged users in popular Linux distributions like Ubuntu. This is obviously not good and they need to be tested or restricted.

          ==

          Just saying . . .

  2. Anonymous Coward
    Anonymous Coward

    Buy your local Wintel Sysadm a coffee, they will need it after this month.

    1. Anonymous Coward
      Anonymous Coward

      Buy your local Wintel Sysadm a coffee, they will need it after this month

      Out of compassion I will probably buy them beer (or stronger) instead - they'll need it. Not making that a habit, though, as that could get costly with the sheer amount of problems they keep having..

  3. Inventor of the Marmite Laser Silver badge

    How long

    Before there's a megapatch and they call it Windows11?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like