Q323255: Security Update (Windows 98) 495 KB/ Download Time: 1 min This update resolves the "Unchecked buffer in HTML Help can lead to Code Execution" security vulnerability in Windows 98. Download now to prevent a malicious user from running an unauthorized program on your computer.
An unchecked buffer refers to a category of vulnerabilities that result from poor coding. In essence, somewhere in the code being patched (in this case, HTML Help files), an buffer isn't being bounds checked. A malicious piece of code could overflow this buffer and overwrite the return pointer at the end of the buffer, causing the program to jump to any arbitrary piece of code on the stack (such as their backdoor program, or whatever) instead of returning to normal program flow.
Linux is far from free of unchecked buffers. The difference with Linux (and other Free software) is that the code is out in t he open, and many eyes are able to look at all of the code, increasing the likelyhood that someone will discover a security vulnerability and release a patch. A closed-source company like Microsoft does not have this worldwide team of reviewers, nor does it have the impetus to release a patch, as patches are an admission of poor coding, and can cost them money. Microsoft (unlike Free coders) exists to make money, not to write quality code, or helpful programs, or to walk your neighbors dog. They like you to *think* they're looking out for you, but that's so you'll buy more of their product.
Incidentally, Microsoft has a documented history of including nasty code bits into their patches and not telling you about it. If you've stayed up to date with their "security patches", you're probably using a computer that has most of a DRM framework that you never wanted or knew you were getting. Has you the source, you could have prevented this - or even if you yourself didn't check it, someone else probably would have. Why Linux, indeed, eh?
The DRM updates would make a lot of sense. There was a few weeks where I kept getting Windows Media Player 7.0 "Security Updates" which would reset my media file preferences to it. Of course Winamp has an agent to keep music pointed at it, but all my videos were gonna be opened by wmplayer rather than mplayer2.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
branchandroot
(no subject)
Date: 2002-10-03 08:08 am (UTC)Have a look at this textfile for more info: Smashing the Stack for Fun and Profit
Linux is far from free of unchecked buffers. The difference with Linux (and other Free software) is that the code is out in t he open, and many eyes are able to look at all of the code, increasing the likelyhood that someone will discover a security vulnerability and release a patch. A closed-source company like Microsoft does not have this worldwide team of reviewers, nor does it have the impetus to release a patch, as patches are an admission of poor coding, and can cost them money. Microsoft (unlike Free coders) exists to make money, not to write quality code, or helpful programs, or to walk your neighbors dog. They like you to *think* they're looking out for you, but that's so you'll buy more of their product.
Incidentally, Microsoft has a documented history of including nasty code bits into their patches and not telling you about it. If you've stayed up to date with their "security patches", you're probably using a computer that has most of a DRM framework that you never wanted or knew you were getting. Has you the source, you could have prevented this - or even if you yourself didn't check it, someone else probably would have. Why Linux, indeed, eh?
Re: DRM
Date: 2002-10-03 08:18 am (UTC)grrr
P